[TT-15426]fixed go.mod not having latest graphql-go-tools version

[andrei-tyk]

Description

Fixed go.mod not having latest graphql-go-tools version.

Related Issue

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Refactoring or add test (improvements in base code or adds test coverage to functionality)

Checklist

• I ensured that the documentation is up to date
• I explained why this PR updates go.mod in detail with reasoning why it's required
• I would like a code coverage CI quality gate exception and have explained why

[github-actions]

🚨 Jira Linter Failed

Commit: 38820fc
Failed at: 2025-11-12 06:42:30 UTC

The Jira linter failed to validate your PR. Please check the error details below:

🔍 Click to view error details

failed to validate branch and PR title rules: branch name 'fix/allow-custom-scalars-extended' must contain a valid Jira ticket ID (e.g., ABC-123)

Next Steps

• Ensure your branch name contains a valid Jira ticket ID (e.g., ABC-123)
• Verify your PR title matches the branch's Jira ticket ID
• Check that the Jira ticket exists and is accessible

---

This comment will be automatically deleted once the linter passes.

[github-actions]

🎯 Recommended Merge Targets

Based on JIRA ticket TT-15426: Allow custom scalar values of any kind in Tyk GraphQL Engine

Fix Version: Tyk 5.11.0

⚠️ Warning: Expected release branches not found in repository

Required:

• master - No matching release branches found. Fix will be included in future releases.

---

📋 Workflow

1. Merge this PR to master first

[github-actions]

API Changes

no api changes detected

[probelabs]

🔍 Code Analysis Results

This pull request updates the github.com/TykTechnologies/graphql-go-tools dependency to a more recent version.

Files Changed Analysis

• go.mod: The version of github.com/TykTechnologies/graphql-go-tools is updated.
• go.sum: The checksum for the updated dependency is changed to reflect the new version.

The changes are confined to dependency management files, indicating a version bump of a single library.

Architecture & Impact Assessment

This PR updates a core dependency used for GraphQL functionality within the Tyk Gateway.

• Accomplishment: Brings in the latest changes from the graphql-go-tools library, which likely include bug fixes or minor enhancements.
• Technical Changes: The version of github.com/TykTechnologies/graphql-go-tools is updated from ...c54e73aae17d to ...abfe5c458f3b.
• Affected Components: The change directly impacts Tyk's internal GraphQL engine (graphengine). This component is responsible for parsing, validating, and executing GraphQL requests. Consequently, all features relying on the GraphQL engine, such as GraphQL proxying, complexity analysis, and granular access control, are affected by this update.

graph TD
    A[Tyk Gateway] --> B{GraphQL Middleware};
    B --> C[GraphQL Engine];
    C --> D["graphql-go-tools (dependency)"];
    style D fill:#f9f,stroke:#333,stroke-width:2px

Loading

Scope Discovery & Context Expansion

The modification is limited to go.mod and go.sum, but its impact extends to the entire GraphQL subsystem. The graphql-go-tools library is fundamental to how Tyk processes GraphQL APIs. Any change in this library, even a minor one, could have wide-ranging effects on GraphQL API stability, performance, and correctness. A thorough regression test of GraphQL features is advisable to ensure the new version doesn't introduce unexpected behavior.

Metadata

• Review Effort: 1 / 5
• Primary Label: chore

---

Powered by Visor from Probelabs

Last updated: 2025-11-12T06:44:42.428Z | Triggered by: opened | Commit: 38820fc

💡 TIP: You can chat with Visor using /visor ask <your question>

[probelabs]

🔍 Code Analysis Results

Security Issues (1)

Severity	Location	Issue
🟡 Warning	go.mod:30	The `graphql-go-tools` dependency is updated without a clear description of the changes or a security assessment. Dependency updates can introduce new vulnerabilities or fix existing ones, but without context, the security impact of this change cannot be evaluated. 💡 Suggestion The pull request description should be updated to include a summary of the changes in the new version of the dependency, especially any security-related fixes or features. A link to the changelog or the diff between the two commits (`c54e73aae17d` and `abfe5c458f3b`) in the `github.com/TykTechnologies/graphql-go-tools` repository should be provided. All dependency updates should be checked with a vulnerability scanner before being merged.

Architecture Issues (1)

Severity	Location	Issue
🟡 Warning	go.mod:29	The pull request updates the `graphql-go-tools` dependency to a newer commit-based version without providing any justification. The PR description is empty, and the checklist item for explaining `go.mod` changes is unchecked. Updating dependencies, especially to non-release versions, carries risks of introducing instability, bugs, or breaking changes. Without a clear explanation of what this new version fixes or enables, it's impossible to assess the architectural impact or the necessity of this change. 💡 Suggestion Update the pull request description to detail the reasons for this dependency update. Explain what changes are included in the new version of `graphql-go-tools` and why they are necessary for the `fix/allow-custom-scalars-extended` feature branch. Link to the specific changes in the dependency's repository if possible.

✅ Performance Check Passed

No performance issues found – changes LGTM.

Quality Issues (1)

Severity	Location	Issue
🟡 Warning	go.mod:28	The pull request updates the `graphql-go-tools` dependency version without providing any reasoning or context. The description is minimal, and the checklist item 'I explained why this PR updates go.mod in detail with reasoning why it's required' is unchecked. Updating dependencies without justification introduces risk, as it can bring in breaking changes or new bugs without reviewers understanding the purpose. 💡 Suggestion Update the pull request description to explain why this dependency update is necessary. Clarify if it's for a bug fix, a new feature, or a security patch. Link to the relevant issue or changelog in the `graphql-go-tools` repository if possible.

Dependency Issues (1)

Severity	Location	Issue
🟡 Warning	go.mod:28	This PR updates the `github.com/TykTechnologies/graphql-go-tools` dependency. While this is a dependency-only change, it affects the core GraphQL engine and has downstream implications. Impact Assessment Component Affected: The GraphQL engine is the primary component affected. Based on the source branch name (fix/allow-custom-scalars-extended), this update likely enhances support for custom GraphQL scalars. New Build: This change will result in a new Tyk Gateway Docker image. Required Downstream Updates tyk-charts: The new gateway image tag generated from this change must be updated in the tyk-charts repository to ensure the change is deployed. This action is not part of the current PR and needs to be tracked separately. 💡 Suggestion Create a corresponding PR in the tyk-charts repository to update the Tyk Gateway image tag once this change is merged and a new image is built.

✅ Connectivity Check Passed

No connectivity issues found – changes LGTM.

---

Powered by Visor from Probelabs

Last updated: 2025-11-12T06:44:43.083Z | Triggered by: opened | Commit: 38820fc

💡 TIP: You can chat with Visor using /visor ask <your question>

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud