Developers can now use Dependabot to automatically keep their Bazel dependencies up to date. For projects that use Bazel—either Bzlmod or WORKSPACE—Dependabot version updates can now ensure dependencies stay current with the latest releases.<\/p>\n
A huge thanks to the Bazel team for their contributions and collaboration bringing support to Dependabot.<\/p>\n
The open source community’s top requests for Bazel support for Dependabot<\/a> included:<\/p>\n Bazel uses two dependency systems, both the modern Bzlmod system ( The Bazel community provided critical guidance:<\/p>\n Thank you especially to these folks, and to everyone who tested and provided feedback during our preview support for this ecosystem.<\/p>\n Requirements include:<\/p>\n A Engage with the Dependabot open source community<\/a> on the topic of Bazel support.<\/p>\n<\/li>\n Developers can now use Dependabot to automatically keep their Bazel dependencies up to date. For projects that use Bazel—either Bzlmod or WORKSPACE—Dependabot version updates can now ensure dependencies stay current…<\/p>\n","protected":false},"author":2106,"featured_media":0,"template":"","meta":{"_gh_post_show_toc":"","_gh_post_is_no_robots":"","_gh_post_is_featured":"","_gh_post_is_excluded":"","_gh_post_is_unlisted":"","_gh_post_related_link_1":"","_gh_post_related_link_2":"","_gh_post_related_link_3":"","_gh_post_sq_img":"","_gh_post_sq_img_id":"","_gh_post_cta_title":"","_gh_post_cta_text":"","_gh_post_cta_link":"","_gh_post_cta_button":"","_gh_post_recirc_hide":"","_gh_post_recirc_col_1":"","_gh_post_recirc_col_2":"","_gh_post_recirc_col_3":"","_gh_post_recirc_col_4":"","_featured_video":"","_gh_post_additional_query_params":"","footnotes":"","_links_to":"","_links_to_target":"","primary_cta":"","primary_cta_url":"","secondary_cta":"","secondary_cta_url":""},"label":[3630],"group":[3773],"coauthors":[3100],"class_list":["post-92850","changelog","type-changelog","status-publish","hentry","changelog-type-new-releases","changelog-label-supply-chain-security","changelog-group-12-2025"],"yoast_head":"\n\n
*.MODULE.bazel<\/code> support<\/li>\nMODULE.bazel<\/code> files) and the legacy WORKSPACE system. Community feedback showed many teams still rely on WORKSPACE, so we built support for both. Additionally, Bazel’s MODULE.bazel.lock<\/code> files capture complex transitive dependency graphs, including module extensions and repository rules. Incorrect lockfile generation breaks reproducible builds, so we worked closely with the Bazel community to get this right.<\/p>\nCommunity partnership<\/span><\/a><\/h2>\n
\n
*.MODULE.bazel<\/code> patterns<\/li>\n<\/ul>\nHow it works<\/span><\/a><\/h2>\n
\n
MODULE.bazel<\/code>, *.MODULE.bazel<\/code>, or WORKSPACE files and checks the Bazel central registry for updates. <\/li>\nGetting started<\/span><\/a><\/h2>\n
\n
MODULE.bazel<\/code> or WORKSPACE<\/code> file at the repository root<\/p>\n<\/li>\n