From c87259c404b112108b7e90c955dd0c23384c777c Mon Sep 17 00:00:00 2001
From: David McIntosh <804610+mctofu@users.noreply.github.com>
Date: Thu, 12 Jan 2023 02:27:15 -0800
Subject: [PATCH] Dependabot supports gomod indirect dependency filtering
 (#33884)

Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
---
 .../configuration-options-for-the-dependabot.yml-file.md    | 4 ++--
 data/features/dependabot-updates-gomod-indirect.yml         | 6 ++++++
 2 files changed, 8 insertions(+), 2 deletions(-)
 create mode 100644 data/features/dependabot-updates-gomod-indirect.yml

diff --git a/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md b/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md
index c06b1e9b4c..8a6a4ad527 100644
--- a/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md
+++ b/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md
@@ -174,8 +174,8 @@ Use the `allow` option to customize which dependencies are updated. This applies
   | Dependency types | Supported by package managers | Allow updates |
   |------------------|-------------------------------|--------|
   | `direct` | All | All explicitly defined dependencies. |
-  | `indirect` | `bundler`, `pip`, `composer`, `cargo` | Dependencies of direct dependencies (also known as sub-dependencies, or transient dependencies).|
-  | `all` | All | All explicitly defined dependencies. For `bundler`, `pip`, `composer`, `cargo`, also the dependencies of direct dependencies.|
+  | `indirect` | `bundler`, `pip`, `composer`, `cargo`{% ifversion dependabot-updates-gomod-indirect %}, `gomod`{% endif %} | Dependencies of direct dependencies (also known as sub-dependencies, or transient dependencies).|
+  | `all` | All | All explicitly defined dependencies. For `bundler`, `pip`, `composer`, `cargo`,{% ifversion dependabot-updates-gomod-indirect %} `gomod`,{% endif %} also the dependencies of direct dependencies.|
   | `production` | `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` | Only dependencies in the "Production dependency group". |
   | `development`| `bundler`, `composer`, `mix`, `maven`, `npm`, `pip` | Only dependencies in the "Development dependency group". |
 
diff --git a/data/features/dependabot-updates-gomod-indirect.yml b/data/features/dependabot-updates-gomod-indirect.yml
new file mode 100644
index 0000000000..1f7cb79038
--- /dev/null
+++ b/data/features/dependabot-updates-gomod-indirect.yml
@@ -0,0 +1,6 @@
+# Reference: issue  #9042
+# gomod ecosystem supports indirect dependencies for Dependabot Updates
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.8'