Checking Go Modules direct dependencies for updates

I continue to be “challenged” grep’ing my Golang GitHub repos to check for module updates. I feel my code aging in cold storage and it bugs me.

Golang issues 40364: enable listing direct dependency updates includes this useful solution which filters indirect dependencies and returns a list of direct dependency updates (although presumably only 0–>1 for major versions):

go list -f '{{if not .Indirect}}{{.}}{{end}}' -u -m all

I’ll take what I can get.

I’ve also updated ./github/dependabot.yml to include Go Modules. I’d naively begun using it by copying it from another repo when I first encountered it. I find the instructions confusing since it appears it’s possible to configure it directly through a repo’s “Security” tab but I’ve applied the following and I’ll see what that gives me too:

version: 2
updates:
  # Maintain dependencies for GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"
  # Maintain dependencies for Golang Modules
  - package-ecosystem: "gomod"
    directory: "/"
    schedule:
      interval: "daily"

I regret not having started my current project as a mono repo. Instead it currently comprises about 10 distinct repos and I’m finding it burdensome to check each for Go Modules updates and then apply these changes. In hindsight, I would have preferred to lump everything into one repo and deal with each Modules bump once for the project.

• Go
• Modules
• Dependencies