Skip to content

chore(deps): bump golang.org/x/tools from 0.32.0 to 0.48.0 in /generators/go#16997

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/generators/go/golang.org/x/tools-0.48.0
Open

chore(deps): bump golang.org/x/tools from 0.32.0 to 0.48.0 in /generators/go#16997
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/generators/go/golang.org/x/tools-0.48.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps golang.org/x/tools from 0.32.0 to 0.48.0.

Commits
  • 05f9cb5 go.mod: update golang.org/x dependencies
  • 745d7ae gopls: add CompiledAsmFiles in cache.Package
  • 797ee67 go/ssa: make Const(unsafe.Pointer, nil).IsNil() true
  • 9751125 gopls/internal/test: Completion benchmarks use empty range
  • 8786a96 internal/stdlib: update stdlib index for Go 1.27 Release Candidate 2
  • 425085f gopls/internal/server: modify return of parseAction
  • 30c4f87 go/analysis/passes/nilness: skip magic cgo functions
  • 9e6441d gopls/internal/protocol/generate: remove manual rename overwritten
  • df96841 gopls/internal/protocol: use Debug log level
  • 278f062 gopls/internal/protocol: update to LSP 3.18
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Open in Devin Review

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.32.0 to 0.48.0.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](golang/tools@v0.32.0...v0.48.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 9, 2026
@dependabot dependabot Bot requested a review from Swimburger as a code owner July 9, 2026 18:34
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 9, 2026

@nitpickybot nitpickybot Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI Review Summary

Dependabot bump of golang.org/x/tools (and transitively x/mod). The dependency changes look consistent, but the go directive was silently bumped from 1.23.0 to 1.25.0, which is outside the scope of a dependency bump and could break CI/build environments pinned to older toolchains.

  • 🟡 1 warning(s)

Comment thread generators/go/go.mod
module github.com/fern-api/fern-go

go 1.23.0
go 1.25.0

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 warning

The go directive jumped from 1.23.0 to 1.25.0. This is well beyond what a dependency bump requires — x/tools v0.48.0 doesn't mandate Go 1.25. Bumping the minimum Go version can break CI runners and downstream builds pinned to older toolchains. Verify this is intentional; if x/tools only needs 1.24, set it there, otherwise keep 1.23.0.

@github-actions github-actions Bot enabled auto-merge (squash) July 9, 2026 18:34

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 1 potential issue.

View 1 additional finding in Devin Review.

Open in Devin Review

Comment thread generators/go/go.mod
module github.com/fern-api/fern-go

go 1.23.0
go 1.25.0

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Local development environment uses an older Go version than the module now requires

The module's minimum Go version is raised to 1.25.0 (go 1.25.0 at generators/go/go.mod:3) but the project's devbox environment still pins Go 1.23.8 (devbox.json:6), so local builds may fail or silently trigger an unexpected toolchain auto-download.

Impact: Developers using the recommended devbox setup encounter build errors or unintended toolchain downloads when working on the Go generator.

Devbox Go version mismatch with go.mod directive

The devbox.json:6 specifies go@1.23.8 as the pinned Go version for the development environment. The PR bumps generators/go/go.mod:3 from go 1.23.0 to go 1.25.0. Since Go 1.21+, the go directive in go.mod acts as a minimum version requirement.

With GOTOOLCHAIN=auto (the default), Go 1.23.8 would attempt to auto-download Go 1.25.0, which may work but is inconsistent with the devbox philosophy of pinning exact versions. With GOTOOLCHAIN=local, the build fails outright with go.mod requires go >= 1.25.0 (running go 1.23.8; GOTOOLCHAIN=local) — the exact error pattern previously documented in generators/go/sdk/changes/1.34.5/bump-go-toolchain-to-1.26.2.yml:7.

The CI workflow at .github/workflows/go-generator.yml:23 also runs go build ./... without actions/setup-go, relying on the runner's pre-installed Go version.

Prompt for agents
The go.mod now requires Go 1.25.0 but devbox.json still pins go@1.23.8. Either:
1. Update devbox.json to pin a Go version >= 1.25.0 (e.g., go@1.25 or go@1.26) to match the new module requirement, OR
2. Ensure the CI workflow at .github/workflows/go-generator.yml uses actions/setup-go with a version >= 1.25.0.

The devbox.json change is at line 6: "go@1.23.8" should be bumped to at least "go@1.25". The CI workflow at .github/workflows/go-generator.yml lines 17-23 and 25-33 should ideally add a setup-go step.
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

SDK Generation Benchmark Results

Comparing PR branch against median of 5 nightly run(s) on main (latest: 2026-07-09T05:18:32Z).

Full benchmark table (click to expand)
Generator Spec main (generator) main (E2E) PR (generator) Delta
go-sdk square 135s (n=5) 287s (n=5) 145s +10s (+7.4%)

main (generator): generator-only time via --skip-scripts (includes Docker image build, container startup, IR parsing, and code generation — this is the same Docker-based flow customers use via fern generate). main (E2E): full customer-observable time including build/test scripts (nightly baseline, informational). Delta is computed against generator-only baseline.
⚠️ = generation exited with a non-zero exit code (timing may not reflect a successful run).
Baseline from nightly runs on main (latest: 2026-07-09T05:18:32Z). Trigger benchmark-baseline to refresh.
Last updated: 2026-07-09 18:41 UTC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants