Skip to content
Draft
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ require (
github.com/google/btree v1.1.3 // indirect
github.com/google/cel-go v0.28.1 // indirect
github.com/google/gnostic-models v0.7.1 // indirect
github.com/google/go-github/v45 v45.2.0 // indirect
github.com/google/go-github/v88 v88.0.0 // indirect

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] API contract violation

go.mod declares github.com/google/go-github/v88 v88.0.0, but go.sum was not updated: it still contains only v45.2.0 and v84.0.0 checksums with no entry for v88.0.0. The build will fail because Go verifies downloaded modules against go.sum, and the required checksum is missing. This indicates go mod tidy was not run after editing go.mod.

Suggested fix: Run go mod tidy to regenerate go.sum with the correct checksums for v88.0.0. If v88 is not actually required by any transitive dependency, go mod tidy will remove it, which would indicate the version bump is incorrect or unnecessary.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[low] logic error

After the change, go.mod replaces the v45 indirect dependency with v88, while v84 remains. Since go-github major versions are distinct modules, both v84 and v88 can coexist. However, if a transitive dependency (e.g., ghinstallation/v2 or pipelines-as-code) still requires v45, go mod tidy will restore v45 and the v88 entry may be unnecessary.

Suggested fix: Run go mod tidy and verify the resulting go.mod. If v45 reappears, the upstream dependency has not migrated and this change is incorrect.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] incomplete dependency update

The diff only modifies go.mod but does not update go.sum. After replacing go-github/v45 with go-github/v88, go.sum still contains checksums for v45 (lines 152-153) and lacks checksums for v88. This will cause build failures because go.sum is inconsistent with go.mod.

Suggested fix: Run go mod tidy after the go.mod change so that go.sum is regenerated consistently. If v45 is still transitively required, go mod tidy will re-add it, indicating this replacement is incorrect. The PR should include the updated go.sum file.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[medium] logic error - major version semantics

go-github/v45 and go-github/v88 are distinct Go module paths (different major versions). The project already has go-github/v84 as a separate indirect dependency on line 63. Simply replacing the v45 line with v88 is only valid if the transitive dependency that required v45 now requires v88 instead. A Renovate bot performing a naive version bump may not account for Go major-version-as-module-path semantics.

Suggested fix: Verify which dependency pulls in go-github/v45 and confirm it has been updated to use v88. Run go mod tidy and go mod graph | grep go-github to validate the dependency graph.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] logic-error

The diff replaces the go-github/v45 entry on line 62 with go-github/v88, but go-github/v88 v88.0.0 already exists on line 63. After applying this PR, go.mod will contain two identical lines: github.com/google/go-github/v88 v88.0.0 // indirect. This is a malformed go.mod. The v45 line should be deleted, not replaced, since the v88 dependency is already declared.

Suggested fix: Remove line 62 entirely (the github.com/google/go-github/v45 v45.2.0 // indirect line) instead of changing it to v88. Run go mod tidy afterward to clean up go.sum.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] logic-error

After this change, go.mod will contain two identical lines: github.com/google/go-github/v88 v88.0.0 // indirect. The base branch already has go-github/v88 v88.0.0 on line 63. Replacing the v45 entry with another v88 entry creates a duplicate module path in the require block, which is invalid in Go modules and will cause go mod tidy or build commands to error.

Suggested fix: Remove the v45 line entirely instead of replacing it with v88, since v88 is already present. Run go mod tidy to clean up the module file.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] dependency-declaration-duplication

After this diff is applied, lines 62 and 63 will both contain github.com/google/go-github/v88 v88.0.0 // indirect. The v88 entry already exists on line 63 of the current go.mod; replacing the v45 entry on line 62 with an identical v88 entry creates a duplicate require directive for the same module path. In Go modules, duplicate require directives cause a parse error, breaking all build and module commands (go build, go mod tidy, etc.).

Suggested fix: Remove one of the two duplicate github.com/google/go-github/v88 lines. Since the intent is to replace v45 with v88, the correct fix is to delete the pre-existing v88 line so that only the replacement remains. Then run go mod tidy to clean up go.sum.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] logic-error

The diff replaces the go-github/v45 require line with go-github/v88, but go-github/v88 v88.0.0 already exists on line 63. After merging, go.mod will contain two identical github.com/google/go-github/v88 v88.0.0 // indirect entries. Duplicate require directives cause go mod tidy and build commands to fail.

Suggested fix: Remove the v45 line entirely (line 62) instead of replacing it with v88, since v88 is already required on line 63. Run go mod tidy to clean up both go.mod and go.sum.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] logic-error

The diff replaces the v45 entry on line 62 with github.com/google/go-github/v88 v88.0.0, but line 63 already contains an identical entry. After the patch is applied, go.mod will have two identical lines for go-github/v88, which causes go mod tidy and builds to fail with a duplicate require error.

Suggested fix: Remove one of the two duplicate github.com/google/go-github/v88 lines so only one entry remains, then run go mod tidy.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] dependency-duplication

After this PR is applied, lines 62 and 63 will both declare github.com/google/go-github/v88 v88.0.0 // indirect. In the base branch, line 62 is go-github/v45 v45.2.0 and line 63 is go-github/v88 v88.0.0. The PR replaces line 62 with an identical v88 entry, producing a duplicate requirement. Go tooling (go build, go mod tidy) will reject this as an error. Since v45 and v88 are distinct major-version module paths, the correct action is to remove the v45 line entirely rather than rewrite it to v88.

Suggested fix: Delete the v45 line (line 62) instead of changing it to v88. Run go mod tidy afterward to confirm no transitive dependency still requires v45. If go mod tidy re-adds v45, a transitive dependency still needs it and both entries should coexist with their original versions.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] logic-error

After applying this diff, lines 62 and 63 will both contain github.com/google/go-github/v88 v88.0.0 // indirect, creating a duplicate require entry. Go tooling (go mod tidy, go build) will reject or produce warnings for duplicate module paths in the require block. The diff correctly removes v45 by overwriting it, but fails to also remove the pre-existing v88 entry on line 63, resulting in duplication.

Suggested fix: Remove one of the two duplicate go-github/v88 lines (either line 62 or line 63 after the diff is applied). Run go mod tidy to ensure the dependency graph is consistent and that v45 is no longer transitively required.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] dependency-declaration-consistency

After this diff is applied, go.mod will contain two identical lines: github.com/google/go-github/v88 v88.0.0 // indirect (at lines 62 and 63). The diff changes the v45 line to v88, but a v88 line already exists on the next line. A duplicate require directive is malformed; while go mod tidy would deduplicate it, some CI tooling and linters may reject or warn about it.

Suggested fix: Remove the github.com/google/go-github/v45 v45.2.0 line entirely instead of changing it to v88, leaving only the pre-existing v88 line at line 63. Then run go mod tidy to reconcile go.sum.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] logic-error

The diff replaces the go-github/v45 entry on line 62 with go-github/v88 v88.0.0, but line 63 already contains an identical go-github/v88 v88.0.0 entry. After merging, go.mod will have two identical require entries, which is a parse error (go.mod: duplicate require) that breaks the build.

Suggested fix: Remove line 62 entirely (the v45 entry) instead of replacing it with v88. The v88 dependency already exists on line 63. Run go mod tidy afterward to clean up go.sum.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] logic-error

After applying the diff, go.mod will contain two identical lines: github.com/google/go-github/v88 v88.0.0 // indirect. The current file has go-github/v45 on line 62 and go-github/v88 on line 63. The diff replaces the v45 line with v88, producing a duplicate. In Go modules, v45 and v88 are distinct major-version module paths — Renovate incorrectly treated this as a simple version bump. The ghinstallation/v2 v2.19.0 indirect dependency may still transitively require v45, meaning its removal could break builds.

Suggested fix: Remove one of the duplicate go-github/v88 lines and run go mod tidy to let Go resolve the correct dependency set. If ghinstallation/v2 v2.19.0 still transitively depends on go-github/v45, that entry must be retained.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] dependency-management

The diff replaces the go-github/v45 line with go-github/v88, but go-github/v88 already exists on line 63. After applying this patch, go.mod will contain two identical lines: github.com/google/go-github/v88 v88.0.0 // indirect. This is a malformed go.mod. No .go file in the repository directly imports go-github at any version — it is purely an indirect dependency.

Suggested fix: Delete the v45 line (line 62) entirely instead of replacing it with v88, since v88 already exists on line 63. Then run go mod tidy to clean up go.sum and verify the dependency graph is consistent.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] logic error

After applying this diff, go.mod will contain two identical entries for github.com/google/go-github/v88 v88.0.0: the changed line 62 and the pre-existing line 63. The current file already has v88 on line 63 (as a separate indirect dependency from v45 on line 62). Changing line 62 from v45 to v88 creates an exact duplicate. Duplicate require entries make go.mod invalid and will cause build failures.

Suggested fix: Instead of changing the v45 line to v88 (which duplicates the existing v88 line), remove the v45 line entirely since v88 is already present on line 63. Then run go mod tidy to verify the dependency graph is consistent.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] dependency-duplication

After applying this diff, go.mod will contain two identical lines: github.com/google/go-github/v88 v88.0.0 // indirect on lines 62 and 63. The diff replaces the v45 entry with v88, but v88 already exists on the immediately following line. This will cause go mod tidy to fail or produce errors due to the duplicate require directive. Additionally, go.sum still retains entries for v45 even though no Go source file imports v45, confirming that go mod tidy was not run.

Suggested fix: Remove the v45 line entirely instead of replacing it with v88, since v88 already exists on line 63. Then run go mod tidy to clean up stale entries in go.sum.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] dependency-duplication

After this PR is applied, go.mod will contain two identical lines: github.com/google/go-github/v88 v88.0.0 // indirect (at lines 62 and 63). The Go toolchain treats duplicate require directives as an error. Running go mod tidy or go build will fail or produce warnings about duplicate requirements.

Suggested fix: Remove one of the two duplicate v88 lines. If v45 is still needed by a transitive dependency, keep v45 instead of blindly replacing it. Run go mod tidy to let the toolchain determine the correct set of indirect requirements.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[medium] api-contract

In Go modules, go-github/v45 and go-github/v88 are distinct module paths (different major versions). The PR removes v45 but go.sum still contains v45 checksums, indicating a transitive dependency may still require v45. If so, the build will fail with a missing module error. No direct imports of either version exist in this repository's source files — both are pulled in transitively.

Suggested fix: Run go mod graph | grep go-github/v45 to identify which dependency requires v45. Either upgrade that transitive dependency or keep v45 in go.mod. Run go mod tidy to reconcile.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[medium] dependency-management-duplication

After applying this diff, go.mod will contain two identical lines: github.com/google/go-github/v88 v88.0.0 // indirect. The base branch already has go-github/v88 on line 63 (likely added by a prior dependency update). This PR replaces the v45 entry on line 62 with v88, creating a duplicate require directive. While Go tooling tolerates duplicate require lines and go mod tidy would remove the extra, the resulting go.mod is technically malformed and should be cleaned up.

Suggested fix: Run go mod tidy to deduplicate the require entries. If v45 is still transitively needed by another dependency, go mod tidy will re-add it; otherwise only a single v88 line will remain.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] logic-error

After applying this diff, go.mod will contain two identical lines: github.com/google/go-github/v88 v88.0.0 // indirect on consecutive lines (62 and 63). The current go.mod already has v88 on line 63, and the diff replaces v45 on line 62 with v88, creating a duplicate. While go mod tidy can clean this up rather than failing outright, the PR as-is produces an invalid go.mod with a duplicate require entry.

Suggested fix: The diff should remove the v45 line entirely rather than replacing it with v88, since v88 already exists on the next line. Alternatively, run go mod tidy after applying the change to deduplicate automatically.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] dependency-duplication

After applying this diff, github.com/google/go-github/v88 v88.0.0 // indirect will appear on both line 62 and line 63. Go modules forbid duplicate require entries within the same block; go mod tidy and go build will reject or mishandle the file. The current source (pre-merge) already has go-github/v88 v88.0.0 on line 63, so the correct action is to delete the v45 line rather than rewrite it to v88.

Suggested fix: Delete the v45 line (line 62) entirely instead of changing it to v88. The v88 entry already exists on line 63.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[low] stale-reference

go.sum retains checksum entries for go-github/v45 v45.2.0. If the v45 require line is removed, these become stale.

Suggested fix: Run go mod tidy after fixing the duplicate to clean up go.sum.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] dependency-declaration-duplication

After applying this diff, go.mod will contain two identical lines: github.com/google/go-github/v88 v88.0.0 // indirect (on lines 62 and 63). The diff changes line 62 from v45 to v88, but line 63 already declares v88. This duplicate require directive will cause go mod tidy or go build to fail with a parse error. In Go modules, v45 and v88 are distinct module paths and can legitimately coexist; the automation incorrectly treated this as a simple in-place version bump.

Suggested fix: Remove the duplicate line so that only one github.com/google/go-github/v88 v88.0.0 entry remains. If v45 is still required transitively by another dependency, the original v45 line must be kept alongside v88. Run go mod tidy to verify consistency.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[low] scope-misalignment

The PR title frames this as update module github.com/google/go-github/v45 to v88, but in Go modules v45 and v88 are semantically distinct modules (different major versions = different import paths). The automation misclassified this as a simple version bump.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] duplicate-dependency

The diff replaces github.com/google/go-github/v45 v45.2.0 on line 62 with github.com/google/go-github/v88 v88.0.0, but line 63 already contains an identical github.com/google/go-github/v88 v88.0.0 entry. After applying this patch, go.mod would contain two identical require directives for the same module path, which Go tooling rejects as invalid.

Suggested fix: Remove the v45 line entirely (line 62) instead of replacing its content with v88. The existing v88 entry on line 63 already satisfies the requirement.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[medium] dependency-duplication

After applying this diff, go.mod will contain two identical lines: github.com/google/go-github/v88 v88.0.0 // indirect (the replaced line 62 and the pre-existing line 63). The correct fix is to remove the v45 line entirely rather than replacing it with a duplicate v88 line, since v88 already exists on the next line. In Go modules, /v45 and /v88 are distinct module paths, so the pre-diff state (both v45 and v88 present) is valid; the problem is solely the post-diff duplication of v88.

Suggested fix: The diff should delete the v45 line without adding a replacement, since v88 is already present. Running 'go mod tidy' should resolve this automatically.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[high] logic-error

Applying this diff will produce two identical lines: github.com/google/go-github/v88 v88.0.0 // indirect. The file already contains go-github/v88 v88.0.0 on line 63, and this PR changes the go-github/v45 entry on line 62 into a second go-github/v88 entry instead of removing it. Duplicate require entries will cause go mod tidy to fail or produce unexpected behavior.

Suggested fix: Remove the go-github/v45 line entirely (line 62) instead of replacing it with a duplicate go-github/v88 line. Then run go mod tidy to clean up go.sum.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[medium] logic-error

The diff replaces github.com/google/go-github/v45 v45.2.0 with github.com/google/go-github/v88 v88.0.0 on line 62, but line 63 already contains github.com/google/go-github/v88 v88.0.0. After the patch is applied, the require block will have two identical entries for the same module. Go tooling (go mod tidy) will flag or fail on this duplicate.

Suggested fix: Remove one of the two duplicate github.com/google/go-github/v88 v88.0.0 lines. The correct fix is to delete the old v45 line entirely (rather than replacing it) since the v88 line already exists on the next line.

github.com/google/go-github/v88 v88.0.0 // indirect
github.com/google/go-querystring v1.2.0 // indirect
github.com/google/pprof v0.0.0-20260604005048-7023385849c0 // indirect
Expand Down
Loading