// Update the Go version in go.mod (and related config files) to the latest stable release. Fetches the current latest version from the web, updates all relevant files, runs go mod tidy, and commits.
| name | update-go-version |
| description | Update the Go version in go.mod (and related config files) to the latest stable release. Fetches the current latest version from the web, updates all relevant files, runs go mod tidy, and commits. |
| user-invocable | true |
| disable-model-invocation | true |
| allowed-tools | Read, Write, Edit, Bash, Glob, Grep, WebFetch |
Update all Go module files and CI configuration to the latest stable Go release.
Fetch the current release list from the official Go downloads API:
https://go.dev/dl/?mode=json
Parse the JSON to find the latest stable release — the entry with "stable": true and the highest version number. Extract the version string (e.g. 1.24.1). Also note the minor-only form (e.g. 1.24) for use in go.mod.
Find all Go modules and config files in the repo:
find . -name go.mod -not -path '*/vendor/*'
find . -name '.github' -type d
find . -name '*.yml' -path '*/.github/workflows/*'
find . -name '.nvmrc' # unrelated — skip
Files that typically contain the Go version:
go.mod — go X.Y directive (use minor version, e.g. go 1.24).github/workflows/*.yml — go-version: fields (use full patch version, e.g. 1.24.1)Makefile — GO_VERSION ?= X.Y.Z or similar variablesDockerfile / docker-compose.yml — FROM golang:X.Y.Z.tool-versions (asdf) — golang X.Y.Ztoolchain directive in go.mod — toolchain goX.Y.ZFor each go.mod, read the current go directive. If it is already at the latest version, log that fact for this module and continue to the next module (nothing to do for this one).
For each file identified above, update the Go version string using precise string replacements. Be careful to:
go.mod: update only the go directive line (e.g. go 1.23 → go 1.24). Also update the toolchain directive if present (e.g. toolchain go1.23.5 → toolchain go1.24.1).go-version: value. Match both quoted and unquoted forms.golang: image tag.For each updated go.mod:
cd into the module directory.go mod tidy to update go.sum for the new toolchain.vendor/ directory exists, run go mod vendor.go build ./... to confirm nothing broke.go test ./... — note any failures and whether they are pre-existing.go.mod, go.sum, vendor/ (if present), and any updated config files.chore(go): update Go version to X.Y.Z
https://go.dev/dl/?mode=json — do not hard-code a version.1.24) in go.mod and the full patch version (1.24.1) everywhere else, unless the existing file already uses a different precision.go.mod to a version lower than the current one.toolchain directive, update both go and toolchain.Analyze a GitHub pull request for risk level and generate concrete QA recommendations. Accepts a PR URL or "owner/repo#number" reference. Uses `gh` CLI to fetch the diff and metadata, computes blast radius, scores six risk dimensions, and returns a structured JSON risk assessment. Use when the user invokes /qa-analysis:qa-analysis with a GitHub PR URL or reference, or asks for a PR risk assessment, QA recommendations, or "what should I test?" for a given pull request.
Add an MCP (Model Context Protocol) server to a Mattermost plugin so the Agents plugin can call its tools. Use when implementing cross-plugin MCP, exposing AI tools from a Mattermost plugin to the Agents plugin, or wiring up the `pluginmcp` helper from mattermost-plugin-agents.
Create a new Mattermost plugin from the starter template in the current directory. Use when creating a new plugin from scratch, scaffolding a Mattermost plugin, or bootstrapping a plugin project.
Orchestrates test-driven fixes for Mattermost security tickets (Jira/Atlassian) with a Staff Security Engineer mindset: failing secure-behavior tests first, then implementation, then security review and edge-case loops, then opening a non-draft PR that follows `.github/PULL_REQUEST_TEMPLATE.md` when present, with a vague public description (no exploit detail). Use when the user invokes /security-fix:security-fix with a mattermost.atlassian.net browse URL, MM-* security work, backend permission or authorization bugs, or asks for this security TDD workflow.
Investigate production issues, query logs and metrics, and explore dashboards on the Mattermost Grafana instance at grafana.internal.mattermost.com.
Update all GitHub Actions workflow dependencies (uses: owner/action@vX) to their latest released versions. Fetches current releases from GitHub, updates all workflow YAML files to use SHA pinning with version comments, and commits.