Dependabot Version Updates Now Support Bazel

Allison introduces Dependabot’s new capability to manage Bazel dependencies, highlighting collaboration with the Bazel community and outlining technical details for developers.

Dependabot Version Updates Now Support Bazel

Dependabot now supports automatic version updates for Bazel dependencies, giving developers the ability to keep dependencies up to date for both Bzlmod and legacy WORKSPACE-based projects.

Background

Bazel projects rely on two main dependency systems—Bzlmod (using MODULE.bazel files) and WORKSPACE (legacy, but still common). Ensuring that dependencies are current and lockfiles are correctly generated is crucial for reproducible builds and secure software supply chains. Community requests guided improvements in support, particularly around:

• Proper lockfile generation (MODULE.bazel.lock files)
• Support for both *.MODULE.bazel and WORKSPACE dependency definitions

The GitHub and Bazel communities worked closely to deliver accurate support that minimizes risk across complex dependency graphs.

Community Partnership

The Bazel community—especially Fabian Meumertzheim, Yun Peng, and Alex Eagle—were instrumental in providing:

• Deep lockfile semantics and compatibility advice
• Testing and validation data
• File naming conventions

Their contributions, along with wider community testing, helped ensure robust and reliable Dependabot support.

How It Works

1. Dependency Detection: Dependabot analyzes your repository’s MODULE.bazel, *.MODULE.bazel, or WORKSPACE files to determine all Bazel dependencies, checking the Bazel central registry for updates.
2. Lockfile Management: When a change is detected, Dependabot regenerates lockfiles (MODULE.bazel.lock) to maintain a reproducible build.
3. Automated Pull Requests: Updates open as pull requests that include updated dependency declarations, revised lockfiles, and links to release notes and compatibility info.

Getting Started

To enable Bazel support with Dependabot:

• Use Bazel version 7, 8, or 9
• Ensure a MODULE.bazel or WORKSPACE file exists at your repository root
• Engage with the Dependabot open source community for support
• Reference Dependabot documentation for setup details

Learn more about the Bazel build system at bazel.build.

Additional Resources

• Dependabot version updates documentation
• Bazel documentation

Stay engaged with the broader open source community for feedback and further improvements.

This post appeared first on “The GitHub Blog”. Read the entire article here