Go ecosystem fails to update when a dependency is on a newer version
jakecoffman opened this issue · comments
Despite efforts in #9435, Dependabot's Go version still needs to be kept up-to-date. See this report: #9733 (comment)
Dependabot failed to update your dependencies because there was an error resolving your Go dependency files.
Dependabot encountered the following error:
go: loading module retractions for <redacted>@v0.1.0: module <redacted-dependency>@v0.34.0 requires go >= 1.22.3 (running go 1.22.2; GOTOOLCHAIN=local+auto)
[Troubleshoot Dependabot errors](https://docs.github.com/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)
I did some searching and it appears to be an upstream issue: golang/go#66403
The fix appears to be slated for the 1.23 release which is approximately in August, so if we hold out a bit longer it will get fixed 🤞
Otherwise we will need to use the -e
flag to ignore errors, but we rely on the errors to tell when a package truly is unresolvable.
backport for 1.21 and 1.22 has been requested