-
Notifications
You must be signed in to change notification settings - Fork 57
chore(deps): update module github.com/google/go-github/v45 to v88 #1622
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -59,7 +59,7 @@ require ( | |
| github.com/google/btree v1.1.3 // indirect | ||
| github.com/google/cel-go v0.28.1 // indirect | ||
| github.com/google/gnostic-models v0.7.1 // indirect | ||
| github.com/google/go-github/v45 v45.2.0 // indirect | ||
| github.com/google/go-github/v88 v88.0.0 // indirect | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [low] logic error After the change, go.mod replaces the v45 indirect dependency with v88, while v84 remains. Since go-github major versions are distinct modules, both v84 and v88 can coexist. However, if a transitive dependency (e.g., ghinstallation/v2 or pipelines-as-code) still requires v45, go mod tidy will restore v45 and the v88 entry may be unnecessary. Suggested fix: Run go mod tidy and verify the resulting go.mod. If v45 reappears, the upstream dependency has not migrated and this change is incorrect. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] incomplete dependency update The diff only modifies go.mod but does not update go.sum. After replacing go-github/v45 with go-github/v88, go.sum still contains checksums for v45 (lines 152-153) and lacks checksums for v88. This will cause build failures because go.sum is inconsistent with go.mod. Suggested fix: Run go mod tidy after the go.mod change so that go.sum is regenerated consistently. If v45 is still transitively required, go mod tidy will re-add it, indicating this replacement is incorrect. The PR should include the updated go.sum file. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [medium] logic error - major version semantics go-github/v45 and go-github/v88 are distinct Go module paths (different major versions). The project already has go-github/v84 as a separate indirect dependency on line 63. Simply replacing the v45 line with v88 is only valid if the transitive dependency that required v45 now requires v88 instead. A Renovate bot performing a naive version bump may not account for Go major-version-as-module-path semantics. Suggested fix: Verify which dependency pulls in go-github/v45 and confirm it has been updated to use v88. Run go mod tidy and go mod graph | grep go-github to validate the dependency graph. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] logic-error The diff replaces the go-github/v45 entry on line 62 with go-github/v88, but go-github/v88 v88.0.0 already exists on line 63. After applying this PR, go.mod will contain two identical lines: github.com/google/go-github/v88 v88.0.0 // indirect. This is a malformed go.mod. The v45 line should be deleted, not replaced, since the v88 dependency is already declared. Suggested fix: Remove line 62 entirely (the github.com/google/go-github/v45 v45.2.0 // indirect line) instead of changing it to v88. Run go mod tidy afterward to clean up go.sum. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] logic-error After this change, go.mod will contain two identical lines: Suggested fix: Remove the v45 line entirely instead of replacing it with v88, since v88 is already present. Run There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] dependency-declaration-duplication After this diff is applied, lines 62 and 63 will both contain github.com/google/go-github/v88 v88.0.0 // indirect. The v88 entry already exists on line 63 of the current go.mod; replacing the v45 entry on line 62 with an identical v88 entry creates a duplicate require directive for the same module path. In Go modules, duplicate require directives cause a parse error, breaking all build and module commands (go build, go mod tidy, etc.). Suggested fix: Remove one of the two duplicate github.com/google/go-github/v88 lines. Since the intent is to replace v45 with v88, the correct fix is to delete the pre-existing v88 line so that only the replacement remains. Then run go mod tidy to clean up go.sum. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] logic-error The diff replaces the go-github/v45 require line with go-github/v88, but go-github/v88 v88.0.0 already exists on line 63. After merging, go.mod will contain two identical github.com/google/go-github/v88 v88.0.0 // indirect entries. Duplicate require directives cause go mod tidy and build commands to fail. Suggested fix: Remove the v45 line entirely (line 62) instead of replacing it with v88, since v88 is already required on line 63. Run go mod tidy to clean up both go.mod and go.sum. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] logic-error The diff replaces the v45 entry on line 62 with github.com/google/go-github/v88 v88.0.0, but line 63 already contains an identical entry. After the patch is applied, go.mod will have two identical lines for go-github/v88, which causes go mod tidy and builds to fail with a duplicate require error. Suggested fix: Remove one of the two duplicate github.com/google/go-github/v88 lines so only one entry remains, then run go mod tidy. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] dependency-duplication After this PR is applied, lines 62 and 63 will both declare github.com/google/go-github/v88 v88.0.0 // indirect. In the base branch, line 62 is go-github/v45 v45.2.0 and line 63 is go-github/v88 v88.0.0. The PR replaces line 62 with an identical v88 entry, producing a duplicate requirement. Go tooling (go build, go mod tidy) will reject this as an error. Since v45 and v88 are distinct major-version module paths, the correct action is to remove the v45 line entirely rather than rewrite it to v88. Suggested fix: Delete the v45 line (line 62) instead of changing it to v88. Run go mod tidy afterward to confirm no transitive dependency still requires v45. If go mod tidy re-adds v45, a transitive dependency still needs it and both entries should coexist with their original versions. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] logic-error After applying this diff, lines 62 and 63 will both contain github.com/google/go-github/v88 v88.0.0 // indirect, creating a duplicate require entry. Go tooling (go mod tidy, go build) will reject or produce warnings for duplicate module paths in the require block. The diff correctly removes v45 by overwriting it, but fails to also remove the pre-existing v88 entry on line 63, resulting in duplication. Suggested fix: Remove one of the two duplicate go-github/v88 lines (either line 62 or line 63 after the diff is applied). Run go mod tidy to ensure the dependency graph is consistent and that v45 is no longer transitively required. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] dependency-declaration-consistency After this diff is applied, go.mod will contain two identical lines: Suggested fix: Remove the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] logic-error The diff replaces the go-github/v45 entry on line 62 with go-github/v88 v88.0.0, but line 63 already contains an identical go-github/v88 v88.0.0 entry. After merging, go.mod will have two identical require entries, which is a parse error (go.mod: duplicate require) that breaks the build. Suggested fix: Remove line 62 entirely (the v45 entry) instead of replacing it with v88. The v88 dependency already exists on line 63. Run go mod tidy afterward to clean up go.sum. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] logic-error After applying the diff, go.mod will contain two identical lines: Suggested fix: Remove one of the duplicate go-github/v88 lines and run There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] dependency-management The diff replaces the go-github/v45 line with go-github/v88, but go-github/v88 already exists on line 63. After applying this patch, go.mod will contain two identical lines: github.com/google/go-github/v88 v88.0.0 // indirect. This is a malformed go.mod. No .go file in the repository directly imports go-github at any version — it is purely an indirect dependency. Suggested fix: Delete the v45 line (line 62) entirely instead of replacing it with v88, since v88 already exists on line 63. Then run go mod tidy to clean up go.sum and verify the dependency graph is consistent. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] logic error After applying this diff, go.mod will contain two identical entries for Suggested fix: Instead of changing the v45 line to v88 (which duplicates the existing v88 line), remove the v45 line entirely since v88 is already present on line 63. Then run go mod tidy to verify the dependency graph is consistent. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] dependency-duplication After applying this diff, go.mod will contain two identical lines: Suggested fix: Remove the v45 line entirely instead of replacing it with v88, since v88 already exists on line 63. Then run There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] dependency-duplication After this PR is applied, go.mod will contain two identical lines: Suggested fix: Remove one of the two duplicate v88 lines. If v45 is still needed by a transitive dependency, keep v45 instead of blindly replacing it. Run There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [medium] api-contract In Go modules, Suggested fix: Run There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [medium] dependency-management-duplication After applying this diff, go.mod will contain two identical lines: github.com/google/go-github/v88 v88.0.0 // indirect. The base branch already has go-github/v88 on line 63 (likely added by a prior dependency update). This PR replaces the v45 entry on line 62 with v88, creating a duplicate require directive. While Go tooling tolerates duplicate require lines and go mod tidy would remove the extra, the resulting go.mod is technically malformed and should be cleaned up. Suggested fix: Run go mod tidy to deduplicate the require entries. If v45 is still transitively needed by another dependency, go mod tidy will re-add it; otherwise only a single v88 line will remain. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] logic-error After applying this diff, go.mod will contain two identical lines: Suggested fix: The diff should remove the v45 line entirely rather than replacing it with v88, since v88 already exists on the next line. Alternatively, run There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] dependency-duplication After applying this diff, github.com/google/go-github/v88 v88.0.0 // indirect will appear on both line 62 and line 63. Go modules forbid duplicate require entries within the same block; go mod tidy and go build will reject or mishandle the file. The current source (pre-merge) already has go-github/v88 v88.0.0 on line 63, so the correct action is to delete the v45 line rather than rewrite it to v88. Suggested fix: Delete the v45 line (line 62) entirely instead of changing it to v88. The v88 entry already exists on line 63. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [low] stale-reference go.sum retains checksum entries for go-github/v45 v45.2.0. If the v45 require line is removed, these become stale. Suggested fix: Run go mod tidy after fixing the duplicate to clean up go.sum. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] dependency-declaration-duplication After applying this diff, go.mod will contain two identical lines: github.com/google/go-github/v88 v88.0.0 // indirect (on lines 62 and 63). The diff changes line 62 from v45 to v88, but line 63 already declares v88. This duplicate require directive will cause go mod tidy or go build to fail with a parse error. In Go modules, v45 and v88 are distinct module paths and can legitimately coexist; the automation incorrectly treated this as a simple in-place version bump. Suggested fix: Remove the duplicate line so that only one github.com/google/go-github/v88 v88.0.0 entry remains. If v45 is still required transitively by another dependency, the original v45 line must be kept alongside v88. Run go mod tidy to verify consistency. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [low] scope-misalignment The PR title frames this as update module github.com/google/go-github/v45 to v88, but in Go modules v45 and v88 are semantically distinct modules (different major versions = different import paths). The automation misclassified this as a simple version bump. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] duplicate-dependency The diff replaces github.com/google/go-github/v45 v45.2.0 on line 62 with github.com/google/go-github/v88 v88.0.0, but line 63 already contains an identical github.com/google/go-github/v88 v88.0.0 entry. After applying this patch, go.mod would contain two identical require directives for the same module path, which Go tooling rejects as invalid. Suggested fix: Remove the v45 line entirely (line 62) instead of replacing its content with v88. The existing v88 entry on line 63 already satisfies the requirement. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [medium] dependency-duplication After applying this diff, go.mod will contain two identical lines: github.com/google/go-github/v88 v88.0.0 // indirect (the replaced line 62 and the pre-existing line 63). The correct fix is to remove the v45 line entirely rather than replacing it with a duplicate v88 line, since v88 already exists on the next line. In Go modules, /v45 and /v88 are distinct module paths, so the pre-diff state (both v45 and v88 present) is valid; the problem is solely the post-diff duplication of v88. Suggested fix: The diff should delete the v45 line without adding a replacement, since v88 is already present. Running 'go mod tidy' should resolve this automatically. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [high] logic-error Applying this diff will produce two identical lines: Suggested fix: Remove the go-github/v45 line entirely (line 62) instead of replacing it with a duplicate go-github/v88 line. Then run go mod tidy to clean up go.sum. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [medium] logic-error The diff replaces github.com/google/go-github/v45 v45.2.0 with github.com/google/go-github/v88 v88.0.0 on line 62, but line 63 already contains github.com/google/go-github/v88 v88.0.0. After the patch is applied, the require block will have two identical entries for the same module. Go tooling (go mod tidy) will flag or fail on this duplicate. Suggested fix: Remove one of the two duplicate github.com/google/go-github/v88 v88.0.0 lines. The correct fix is to delete the old v45 line entirely (rather than replacing it) since the v88 line already exists on the next line. |
||
| github.com/google/go-github/v88 v88.0.0 // indirect | ||
| github.com/google/go-querystring v1.2.0 // indirect | ||
| github.com/google/pprof v0.0.0-20260604005048-7023385849c0 // indirect | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[high] API contract violation
go.mod declares github.com/google/go-github/v88 v88.0.0, but go.sum was not updated: it still contains only v45.2.0 and v84.0.0 checksums with no entry for v88.0.0. The build will fail because Go verifies downloaded modules against go.sum, and the required checksum is missing. This indicates go mod tidy was not run after editing go.mod.
Suggested fix: Run go mod tidy to regenerate go.sum with the correct checksums for v88.0.0. If v88 is not actually required by any transitive dependency, go mod tidy will remove it, which would indicate the version bump is incorrect or unnecessary.