Jeff Widman

Garry has moved on from the :dependabot: team. I suspect whoever tackles this next will start from a fresh PR, so I'm closing this.

Nudge @rubyist is this something that you could fixup so that native go versioning starts working as expected?

Thanks, not sure when we'll get to it but this is a very reasonable feature request.

This may be caused by a bug in https://github.com/dependabot/dependabot-core/pull/6361... but won't know for sure until follow @deivid-rodriguez 's suggestions. If you want to provide manifest files, best way will be...

Yes. Since the updater runs `go mod tidy`, a common solution is to include a `fake.go` file that "dummy imports" the direct deps so that they won't get pruned by...

@peggy-sun-fp IIRC, you can workaround the `git_dependencies_not_reachable` issue by setting `LOCAL_GITHUB_ACCESS_TOKEN` to an access token that has access to all those repos: https://github.com/dependabot/dependabot-core/blob/d6883339398279a0b60913cb50cfda8011f07653/bin/dry-run.rb#L14-L15 As @deivid-rodriguez points out, the dry run...

Hmm... For Dry run, did you also: * set `GOPRIVATE=*` to bypass the go proxy * clear the go module cache in between runs? Sorry I forgot to mention these...