minor - if you keep 1.22.11 in go.mod you'll need to update here.

Thank you for noticing!! I was trying different versions to check if the vulns would lower down. But I will keep it in 1.22.12. It seems to be all FPs. For more info, check this Slack thread

I'm just curious if it should be 1.22 instead?

If I put 1.22 and run go mod tidy, it automatically adds .0 and the toolchain

@alexeykazakov From what i understand go 1.22 is still a valid version (reference here) but go1.22 < go1.22.0.
"A module’s go line must declare a version greater than or equal to the go version declared by each of the modules listed in require statements." (ref here )
So i'm guessing one of the dependencies have a go version higher than go.122
hope it helps

readme, its mentioned 1.22.12 or higher, so it doesnt make sense to have 1.22.0 here.. ?

I was trying to figure out if we could remove toolchain from the go.mod, but I reverted to included now:

go 1.22.0

toolchain go1.22.12

For my understanding , why toolchain go1.22.12 is being added when we run go mod tidy?

@fbm3307 Go 1.21 introduced the toolchain directive, which allows specifying the minimum Go toolchain version required for your module. While not new in 1.22, it's essential to ensure this directive aligns with your project's requirements, especially when upgrading. That's why it is being added.
Checkout toolchain directive doc here. I also found go directive doc informative

Thanks for the explanation !