As an abc developer, I want dependabot to be able to automatically upgrade insecure dependencies in my go.mod.
Currently, if a template outputs a go.mod file, dependabot will send a PR that tries to update go.mod, but that PR may fail the golden-test presubmit. The golden-test verify command expects an exact match of the template output with the recorded "snapshot" in the testdata directory. That snapshot still expects the old (insecure) version of the dependency.
I don't know if there's a way to address this other than manually running abc templates golden-test record for each dependabot PR. It would be neat if we could configure dependabot to run a script to re-record golden tests and commit the result into its PR. I don't know enough about dependabot to know if that's possible.
As an abc developer, I want dependabot to be able to automatically upgrade insecure dependencies in my go.mod.
Currently, if a template outputs a go.mod file, dependabot will send a PR that tries to update go.mod, but that PR may fail the golden-test presubmit. The
golden-test verifycommand expects an exact match of the template output with the recorded "snapshot" in thetestdatadirectory. That snapshot still expects the old (insecure) version of the dependency.I don't know if there's a way to address this other than manually running
abc templates golden-test recordfor each dependabot PR. It would be neat if we could configure dependabot to run a script to re-record golden tests and commit the result into its PR. I don't know enough about dependabot to know if that's possible.