Skip to content

Automated Dependency Updates for Go Modules

Renovate supports updating Go Modules dependencies.

File Matching

By default, Renovate will check any files matching the following regular expression: (^|/)go\.mod$.

For details on how to extend a manager's fileMatch value, please follow this link.

Supported datasources

This manager supports extracting the following datasources: go, golang-version.

Default config

{
  "fileMatch": [
    "(^|/)go\\.mod$"
  ]
}

Additional Information

You might be interested in the following postUpdateOptions:

  1. gomodTidy - if you'd like Renovate to run go mod tidy after every update before raising the PR.
  2. This is implicitly enabled for major updates if the user has enabled the option gomodUpdateImportPaths
  3. gomodTidy1.17 - if you'd like Renovate to run go mod tidy -compat=1.17 after every update before raising the PR.
  4. gomodUpdateImportPaths - if you'd like Renovate to update your source import paths on major updates before raising the PR.
  5. gomodMassage - to enable massaging of all replace statements prior to running go so that they will be ignored.

When Renovate is running using binarySource=docker (such as in the hosted Mend Renovate app) then it will pick the latest compatible version of Go to run, i.e. the latest 1.x release. Even if the go.mod has a version like go 1.14, Renovate will treat it as a ^1.14 constraint and not =1.14.

Open feature requests

  • Add support for "Compare Source" + change summary to go.mod based repos #2939
  • Go modules private repos: support well-known hosts: gitlab.com, bitbucket.org #3496
  • Link to compare in table #4154
  • Support Bazel go_repository "sum" field #4402
  • Golang dependencies on generated code #4490
  • Support private go modules on custom GitLab EE host #4601
  • ignore "empty" Go module updates #5123
  • Set GOCACHE when updating go artifacts #6225
  • lockfile maintenance for go.mod files #9578
  • Indirect dependencies in dependent go modules need to be updated #12999
  • gomod: Update transitive dependencies (with security vulnerabilities) #13958
  • Support Go Workspaces #15071
  • Support go versioning #18480

Open bug reports

  • Renovate does not add +incompatible tag when upgrading Golang packages from v1 to v2 #3557
  • Cannot update go.sum when corresponding go.mod has replace statement with relative path #6647
  • Errors resolving digest for go modules with +nocompatible #8305
  • Version detection for Go modules hosted in Gitlab subgroups broken for versions >v24.114.0 #10218
  • Go sub-modules incorrectly bumped to root module version #11778
  • Major version update of Go module is not detected when GOPROXY is set #16663
  • Renovate doesn't understand custom domains for go modules #18396

The above list of features and bugs were current when this page was generated on December 08, 2022.