Which GO dependency is bumping the version?

Today i was reviewing a PR at work which updated various dependencies. One of them was bumping our go version from 1.20 to 1.23 and i couldnt review one by one as they were a lot.

Thanks to reddit i found this little snippet that allows to “pin” the go version.

go mod tidy -go=1.20

Now with the output, i can trace why this is needed

go: github.com/DataDog/go-libddwaf/v3@v3.5.3 requires go@1.23, but 1.20 is requested

go mod graph | rg "github.com/DataDog/go-libddwaf"

As you may guessed this is only for myself, thats why the title is what i was asking at the moment.