Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/tools/gopls: extract function action doesn't work if the first line is a comment #54816

Closed
ainar-g opened this issue Sep 1, 2022 · 1 comment
Assignees
Labels
FrozenDueToAge gopls Issues related to the Go language server, gopls. Tools This label describes issues relating to any tools in the x/tools repository.
Milestone

Comments

@ainar-g
Copy link
Contributor

ainar-g commented Sep 1, 2022

gopls version

gopls -v version
Build info
----------
golang.org/x/tools/gopls v0.9.4
    golang.org/x/tools/gopls@v0.9.4 h1:YhHOxVi++ILnY+QnH9FGtRKZZrunSaR7OW8/dCp7bBk=
    github.com/BurntSushi/toml@v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0=
    github.com/google/go-cmp@v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
    github.com/sergi/go-diff@v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
    golang.org/x/exp/typeparams@v0.0.0-20220722155223-a9213eeb770e h1:7Xs2YCOpMlNqSQSmrrnhlzBXIE/bpMecZplbLePTJvE=
    golang.org/x/mod@v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
    golang.org/x/sync@v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
    golang.org/x/sys@v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s=
    golang.org/x/text@v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
    golang.org/x/tools@v0.1.13-0.20220812184215-3f9b119300de h1:b68wxF4nfQjj1XTRHtjVjCximbhAwjztuzDEFGU+n9o=
    golang.org/x/vuln@v0.0.0-20220725105440-4151a5aca1df h1:BkeW9/QJhcigekDUPS9N9bIb0v7gPKKmLYeczVAqr2s=
    honnef.co/go/tools@v0.3.2 h1:ytYb4rOqyp1TSa2EPvNVwtPQJctSELKaMyLfqNP4+34=
    mvdan.cc/gofumpt@v0.3.1 h1:avhhrOmv0IuvQVK7fvwV91oFSGAk5/6Po8GXTzICeu8=
    mvdan.cc/xurls/v2@v2.4.0 h1:tzxjVAj+wSBmDcF6zBB7/myTy3gX9xvi8Tyr28AuQgc=
go: go1.19

go env

GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/ainar/.cache/go-build"
GOENV="/home/ainar/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/ainar/go/pkg/mod"
GONOPROXY="[REMOVED]"
GONOSUMDB="[REMOVED]"
GOOS="linux"
GOPATH="/home/ainar/go"
GOPRIVATE="[REMOVED]"
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/home/ainar/go/go1.19"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/home/ainar/go/go1.19/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.19"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/home/ainar/dev/tmp/go/tmp/go.mod"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build421931401=/tmp/go-build -gno-record-gcc-switches"

What did you do?

package main

func main() {
	// Do one thing.
	println("thing 1")

	// Do other things.
	println("thing 2")
	println("thing 3")
}

Select the line with // Do other things. and two others below it. Show range code actions (vim.lsp.buf.range_code_action() in my case).

What did you expect to see?

The Extract function action being available.

What did you see instead?

No code actions available

If I only select the two code lines, it works as expected.

Editor and settings

NVIM v0.7.2 with the latest nvim-lspconfig.

Logs

[START][2022-09-01 17:54:13] LSP logging initiated
[WARN][2022-09-01 17:54:13] ...lsp/handlers.lua:110	"The language server gopls triggers a registerCapability handler despite dynamicRegistration set to false. Report upstream, this warning is harmless"
[ERROR][2022-09-01 17:54:13] ...lsp/handlers.lua:455	'2022/09/01 17:54:13 analyzer "SA4023" failed: analysis SA4023 for package bitbucket.org/ainar-g/tmp/go/tmp panicked: interface conversion: interface {} is nil, not *nilness.Result\n'
[ERROR][2022-09-01 17:54:13] ...lsp/handlers.lua:455	'2022/09/01 17:54:13 analyzer "SA4023" failed: analysis SA4023 for package bitbucket.org/ainar-g/tmp/go/tmp panicked: interface conversion: interface {} is nil, not *nilness.Result\n'
[ERROR][2022-09-01 17:54:13] ...lsp/handlers.lua:455	'2022/09/01 17:54:13 analyzer "SA4023" failed: analysis SA4023 for package bitbucket.org/ainar-g/tmp/go/tmp panicked: interface conversion: interface {} is nil, not *nilness.Result\n'
[ERROR][2022-09-01 17:54:13] ...lsp/handlers.lua:455	'2022/09/01 17:54:13 analyzer "SA4023" failed: analysis SA4023 for package bitbucket.org/ainar-g/tmp/go/tmp panicked: interface conversion: interface {} is nil, not *nilness.Result\n'
[DEBUG][2022-09-01 17:54:28] .../lua/vim/lsp.lua:1023	"LSP[gopls]"	"client.request"	1	"textDocument/codeAction"	{  context = {    diagnostics = {}  },  range = {    end = {      character = 20,      line = 8    },    start = {      character = 0,      line = 6    }  },  textDocument = {    uri = "file:///home/ainar/dev/tmp/go/tmp/main.go"  }}	<function 1>	1
[DEBUG][2022-09-01 17:54:28] .../vim/lsp/rpc.lua:347	"rpc.send"	{  id = 2,  jsonrpc = "2.0",  method = "textDocument/codeAction",  params = {    context = {      diagnostics = {}    },    range = {      end = {        character = 20,        line = 8      },      start = {        character = 0,        line = 6      }    },    textDocument = {      uri = "file:///home/ainar/dev/tmp/go/tmp/main.go"    }  }}
[DEBUG][2022-09-01 17:54:28] .../vim/lsp/rpc.lua:454	"rpc.receive"	{  jsonrpc = "2.0",  method = "window/logMessage",  params = {    message = '2022/09/01 17:54:28 fixImports(filename="/home/ainar/dev/tmp/go/tmp/main.go"), abs="/home/ainar/dev/tmp/go/tmp/main.go", srcDir="/home/ainar/dev/tmp/go/tmp" ...\n',    type = 3  }}
[INFO][2022-09-01 17:54:28] ...lsp/handlers.lua:459	'2022/09/01 17:54:28 fixImports(filename="/home/ainar/dev/tmp/go/tmp/main.go"), abs="/home/ainar/dev/tmp/go/tmp/main.go", srcDir="/home/ainar/dev/tmp/go/tmp" ...\n'
[DEBUG][2022-09-01 17:54:28] .../vim/lsp/rpc.lua:454	"rpc.receive"	{  jsonrpc = "2.0",  method = "window/logMessage",  params = {    message = '2022/09/01 17:54:28 analyzer "SA4023" failed: analysis SA4023 for package bitbucket.org/ainar-g/tmp/go/tmp panicked: interface conversion: interface {} is nil, not *nilness.Result\n',    type = 1  }}
[ERROR][2022-09-01 17:54:28] ...lsp/handlers.lua:455	'2022/09/01 17:54:28 analyzer "SA4023" failed: analysis SA4023 for package bitbucket.org/ainar-g/tmp/go/tmp panicked: interface conversion: interface {} is nil, not *nilness.Result\n'
[DEBUG][2022-09-01 17:54:28] .../vim/lsp/rpc.lua:454	"rpc.receive"	{  id = 2,  jsonrpc = "2.0"}
[DEBUG][2022-09-01 17:54:31] .../lua/vim/lsp.lua:1023	"LSP[gopls]"	"client.request"	1	"textDocument/codeAction"	{  context = {    diagnostics = {}  },  range = {    end = {      character = 20,      line = 8    },    start = {      character = 0,      line = 7    }  },  textDocument = {    uri = "file:///home/ainar/dev/tmp/go/tmp/main.go"  }}	<function 1>	1
[DEBUG][2022-09-01 17:54:31] .../vim/lsp/rpc.lua:347	"rpc.send"	{  id = 3,  jsonrpc = "2.0",  method = "textDocument/codeAction",  params = {    context = {      diagnostics = {}    },    range = {      end = {        character = 20,        line = 8      },      start = {        character = 0,        line = 7      }    },    textDocument = {      uri = "file:///home/ainar/dev/tmp/go/tmp/main.go"    }  }}
[DEBUG][2022-09-01 17:54:31] .../vim/lsp/rpc.lua:454	"rpc.receive"	{  jsonrpc = "2.0",  method = "window/logMessage",  params = {    message = '2022/09/01 17:54:31 fixImports(filename="/home/ainar/dev/tmp/go/tmp/main.go"), abs="/home/ainar/dev/tmp/go/tmp/main.go", srcDir="/home/ainar/dev/tmp/go/tmp" ...\n',    type = 3  }}
[INFO][2022-09-01 17:54:31] ...lsp/handlers.lua:459	'2022/09/01 17:54:31 fixImports(filename="/home/ainar/dev/tmp/go/tmp/main.go"), abs="/home/ainar/dev/tmp/go/tmp/main.go", srcDir="/home/ainar/dev/tmp/go/tmp" ...\n'
[DEBUG][2022-09-01 17:54:31] .../vim/lsp/rpc.lua:454	"rpc.receive"	{  id = 3,  jsonrpc = "2.0",  result = { {      command = {        arguments = { {            Fix = "extract_function",            Range = {              end = {                character = 20,                line = 8              },              start = {                character = 0,                line = 7              }            },            URI = "file:///home/ainar/dev/tmp/go/tmp/main.go"          } },        command = "gopls.apply_fix",        title = "Extract function"      },      edit = vim.empty_dict(),      kind = "refactor.extract",      title = "Extract function"    } }}
[DEBUG][2022-09-01 17:54:31] .../vim/lsp/rpc.lua:454	"rpc.receive"	{  jsonrpc = "2.0",  method = "window/logMessage",  params = {    message = '2022/09/01 17:54:31 analyzer "SA4023" failed: analysis SA4023 for package bitbucket.org/ainar-g/tmp/go/tmp panicked: interface conversion: interface {} is nil, not *nilness.Result\n',    type = 1  }}
[ERROR][2022-09-01 17:54:32] ...lsp/handlers.lua:455	'2022/09/01 17:54:31 analyzer "SA4023" failed: analysis SA4023 for package bitbucket.org/ainar-g/tmp/go/tmp panicked: interface conversion: interface {} is nil, not *nilness.Result\n'
[INFO][2022-09-01 17:54:34] .../lua/vim/lsp.lua:1392	"exit_handler"	{ {    _on_attach = <function 1>,    attached_buffers = { true },    cancel_request = <function 2>,    commands = {},    config = {      autostart = true,      capabilities = {        callHierarchy = {          dynamicRegistration = false        },        textDocument = {          codeAction = {            codeActionLiteralSupport = {              codeActionKind = {                valueSet = { "", "Empty", "QuickFix", "Refactor", "RefactorExtract", "RefactorInline", "RefactorRewrite", "Source", "SourceOrganizeImports", "quickfix", "refactor", "refactor.extract", "refactor.inline", "refactor.rewrite", "source", "source.organizeImports" }              }            },            dataSupport = true,            dynamicRegistration = false,            resolveSupport = {              properties = { "edit" }            }          },          completion = {            completionItem = {              commitCharactersSupport = false,              deprecatedSupport = false,              documentationFormat = { "markdown", "plaintext" },              preselectSupport = false,              snippetSupport = false            },            completionItemKind = {              valueSet = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25 }            },            contextSupport = false,            dynamicRegistration = false          },          declaration = {            linkSupport = true          },          definition = {            linkSupport = true          },          documentHighlight = {            dynamicRegistration = false          },          documentSymbol = {            dynamicRegistration = false,            hierarchicalDocumentSymbolSupport = true,            symbolKind = {              valueSet = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26 }            }          },          hover = {            contentFormat = { "markdown", "plaintext" },            dynamicRegistration = false          },          implementation = {            linkSupport = true          },          publishDiagnostics = {            relatedInformation = true,            tagSupport = {              valueSet = { 1, 2 }            }          },          references = {            dynamicRegistration = false          },          rename = {            dynamicRegistration = false,            prepareSupport = true          },          signatureHelp = {            dynamicRegistration = false,            signatureInformation = {              activeParameterSupport = true,              documentationFormat = { "markdown", "plaintext" },              parameterInformation = {                labelOffsetSupport = true              }            }          },          synchronization = {            didSave = true,            dynamicRegistration = false,            willSave = false,            willSaveWaitUntil = false          },          typeDefinition = {            linkSupport = true          }        },        window = {          showDocument = {            support = false          },          showMessage = {            messageActionItem = {              additionalPropertiesSupport = false            }          },          workDoneProgress = true        },        workspace = {          applyEdit = true,          configuration = true,          symbol = {            dynamicRegistration = false,            hierarchicalWorkspaceSymbolSupport = true,            symbolKind = {              valueSet = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26 }            }          },          workspaceEdit = {            resourceOperations = { "rename", "create", "delete" }          },          workspaceFolders = true        }      },      cmd = { "gopls" },      cmd_cwd = "/home/ainar/dev/tmp/go/tmp",      filetypes = { "go", "gomod", "gowork", "gotmpl" },      flags = {},      get_language_id = <function 3>,      handlers = <1>{},      init_options = vim.empty_dict(),      log_level = 2,      message_level = 2,      name = "gopls",      on_attach = <function 4>,      on_exit = <function 5>,      on_init = <function 6>,      root_dir = "/home/ainar/dev/tmp/go/tmp",      settings = {        gopls = {          analyses = {            fieldalignment = true,            nilness = true,            shadow = true,            unusedparams = true,            unusedwrite = true          },          annotations = {            bounds = true,            escape = true,            inline = true,            nil = true          },          ["build.directoryFilters"] = { "-client", "-client2", "-node_modules" },          ["formatting.gofumpt"] = true,          staticcheck = true,          ["ui.semanticTokens"] = true,          ["ui.verboseOutput"] = true        }      },      single_file_support = true,      workspace_folders = <2>{ {          name = "/home/ainar/dev/tmp/go/tmp",          uri = "file:///home/ainar/dev/tmp/go/tmp"        } },      <metatable> = <3>{        __tostring = <function 7>      }    },    handlers = <table 1>,    id = 1,    initialized = true,    is_stopped = <function 8>,    messages = {      messages = {},      name = "gopls",      progress = {        ["5577006791947779410"] = {          done = true,          message = "Finished loading packages.",          title = "Setting up workspace"        }      },      status = {}    },    name = "gopls",    notify = <function 9>,    offset_encoding = "utf-16",    request = <function 10>,    request_sync = <function 11>,    requests = {},    resolved_capabilities = {      call_hierarchy = true,      code_action = <4>{        codeActionKinds = { "quickfix", "refactor.extract", "refactor.rewrite", "source.fixAll", "source.organizeImports" }      },      code_lens = true,      code_lens_resolve = false,      completion = true,      declaration = false,      document_formatting = true,      document_highlight = true,      document_range_formatting = false,      document_symbol = true,      execute_command = true,      find_references = true,      goto_definition = true,      hover = true,      implementation = true,      rename = true,      signature_help = true,      signature_help_trigger_characters = <5>{ "(", "," },      text_document_did_change = 2,      text_document_open_close = true,      text_document_save = <6>vim.empty_dict(),      text_document_save_include_text = false,      text_document_will_save = false,      text_document_will_save_wait_until = false,      type_definition = true,      workspace_folder_properties = {        changeNotifications = "workspace/didChangeWorkspaceFolders",        supported = true      },      workspace_symbol = true    },    rpc = {      handle = <userdata 1>,      notify = <function 12>,      pid = 479364,      request = <function 13>    },    server_capabilities = {      callHierarchyProvider = true,      codeActionProvider = <table 4>,      codeLensProvider = vim.empty_dict(),      completionProvider = {        completionItem = vim.empty_dict(),        triggerCharacters = { "." }      },      definitionProvider = true,      documentFormattingProvider = true,      documentHighlightProvider = true,      documentLinkProvider = vim.empty_dict(),      documentOnTypeFormattingProvider = {        firstTriggerCharacter = ""      },      documentSymbolProvider = true,      executeCommandProvider = {        commands = { "gopls.add_dependency", "gopls.add_import", "gopls.apply_fix", "gopls.check_upgrades", "gopls.edit_go_directive", "gopls.gc_details", "gopls.generate", "gopls.generate_gopls_mod", "gopls.go_get_package", "gopls.list_imports", "gopls.list_known_packages", "gopls.regenerate_cgo", "gopls.remove_dependency", "gopls.run_tests", "gopls.run_vulncheck_exp", "gopls.start_debugging", "gopls.test", "gopls.tidy", "gopls.toggle_gc_details", "gopls.update_go_sum", "gopls.upgrade_dependency", "gopls.vendor" }      },      foldingRangeProvider = true,      hoverProvider = true,      implementationProvider = true,      inlayHintProvider = vim.empty_dict(),      referencesProvider = true,      renameProvider = {        prepareProvider = true      },      signatureHelpProvider = {        triggerCharacters = <table 5>      },      textDocumentSync = {        change = 2,        openClose = true,        save = <table 6>      },      typeDefinitionProvider = true,      workspace = {        workspaceFolders = {          changeNotifications = "workspace/didChangeWorkspaceFolders",          supported = true        }      },      workspaceSymbolProvider = true    },    stop = <function 14>,    supports_method = <function 15>,    workspaceFolders = <table 2>,    workspace_did_change_configuration = <function 16>,    workspace_folders = <table 2>  } }
[DEBUG][2022-09-01 17:54:34] .../vim/lsp/rpc.lua:347	"rpc.send"	{  id = 4,  jsonrpc = "2.0",  method = "shutdown"}
[DEBUG][2022-09-01 17:54:34] .../vim/lsp/rpc.lua:454	"rpc.receive"	{  id = 4,  jsonrpc = "2.0"}
[DEBUG][2022-09-01 17:54:34] .../vim/lsp/rpc.lua:347	"rpc.send"	{  jsonrpc = "2.0",  method = "exit"}
[DEBUG][2022-09-01 17:54:34] .../vim/lsp/rpc.lua:454	"rpc.receive"	{  jsonrpc = "2.0",  method = "window/logMessage",  params = {    message = "2022/09/01 17:54:34 Shutdown session\n\tshutdown_session=1\n",    type = 3  }}
[INFO][2022-09-01 17:54:34] ...lsp/handlers.lua:459	"2022/09/01 17:54:34 Shutdown session\n\tshutdown_session=1\n"
@gopherbot gopherbot added Tools This label describes issues relating to any tools in the x/tools repository. gopls Issues related to the Go language server, gopls. labels Sep 1, 2022
@gopherbot gopherbot added this to the Unreleased milestone Sep 1, 2022
@jamalc jamalc modified the milestones: Unreleased, gopls/v0.10.0 Sep 1, 2022
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/351989 mentions this issue: internal/lsp: allow extract func ranges to begin/end with comments

@suzmue suzmue changed the title x/tools/gopls: exctract function action doesn't work if the first line is a comment x/tools/gopls: extract function action doesn't work if the first line is a comment Sep 8, 2022
sywhang pushed a commit to uber-go/gopatch that referenced this issue Jul 6, 2023
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0
to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability
analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting to <code>&quot;Imports&quot;</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
post.</p>
<h2>Support changes</h2>
<p>This release removes support for the
<code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as
described in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a>
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;:
&quot;Imports&quot;</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a>
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using &quot;Run govulncheck to
verify&quot; code actions or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
code lens on <code>go.mod</code> files.</li>
</ul>
<p><a
href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a>
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png"
alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>&quot;Imports&quot;</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
setting controls the presence of code lenses that run the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a>
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a
href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a>
milestone.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a
href="https://github.com/dle8"><code>@​dle8</code></a>, <a
href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a
href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a
href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>:
a new crash during method completion on variables of type
<code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a>
go/ssa/interp: support conversions to slices of named bytes</li>
<li><a
href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a>
gopls/doc/contributing.md: document error handling strategies</li>
<li><a
href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a>
go/packages/gopackages: document -mode flag</li>
<li><a
href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a
href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a
href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a>
gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a
href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a>
Revert &quot;go/analysis: add Sizes that matches gc size
computations&quot;</li>
<li><a
href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a>
go/analysis: add Sizes that matches gc size computations</li>
<li><a
href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a>
go/vcs: delete</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
aviator-app bot pushed a commit to alcionai/corso that referenced this issue Jul 6, 2023
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting to <code>&quot;Imports&quot;</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p>
<h2>Support changes</h2>
<p>This release removes support for the <code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;: &quot;Imports&quot;</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li>
<li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using &quot;Run govulncheck to verify&quot; code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> code lens on <code>go.mod</code> files.</li>
</ul>
<p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p>
<p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>&quot;Imports&quot;</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone.
To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a href="https://github.com/dle8"><code>@​dle8</code></a>, <a href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li>
<li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li>
<li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li>
<li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li>
<li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert &quot;go/analysis: add Sizes that matches gc size computations&quot;</li>
<li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li>
<li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li>
<li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
jazanne pushed a commit to launchdarkly/ld-find-code-refs that referenced this issue Jul 10, 2023
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0
to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability
analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting to <code>&quot;Imports&quot;</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
post.</p>
<h2>Support changes</h2>
<p>This release removes support for the
<code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as
described in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a>
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;:
&quot;Imports&quot;</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a>
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using &quot;Run govulncheck to
verify&quot; code actions or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
code lens on <code>go.mod</code> files.</li>
</ul>
<p><a
href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a>
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png"
alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>&quot;Imports&quot;</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
setting controls the presence of code lenses that run the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a>
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a
href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a>
milestone.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a
href="https://github.com/dle8"><code>@​dle8</code></a>, <a
href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a
href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a
href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>:
a new crash during method completion on variables of type
<code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a>
go/ssa/interp: support conversions to slices of named bytes</li>
<li><a
href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a>
gopls/doc/contributing.md: document error handling strategies</li>
<li><a
href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a>
go/packages/gopackages: document -mode flag</li>
<li><a
href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a
href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a
href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a>
gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a
href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a>
Revert &quot;go/analysis: add Sizes that matches gc size
computations&quot;</li>
<li><a
href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a>
go/analysis: add Sizes that matches gc size computations</li>
<li><a
href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a>
go/vcs: delete</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
bors bot added a commit to xen0n/goubao that referenced this issue Jul 10, 2023
30: build(deps): bump golang.org/x/tools from 0.10.0 to 0.11.0 r=xen0n a=dependabot[bot]

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting to <code>&quot;Imports&quot;</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p>
<h2>Support changes</h2>
<p>This release removes support for the <code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;: &quot;Imports&quot;</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li>
<li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using &quot;Run govulncheck to verify&quot; code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> code lens on <code>go.mod</code> files.</li>
</ul>
<p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p>
<p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>&quot;Imports&quot;</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone.
To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>`@​Arsen6331</code></a>,` <a href="https://github.com/SN9NV"><code>`@​SN9NV</code></a>,` <a href="https://github.com/adonovan"><code>`@​adonovan</code></a>,` <a href="https://github.com/bcmills"><code>`@​bcmills</code></a>,` <a href="https://github.com/dle8"><code>`@​dle8</code></a>,` <a href="https://github.com/findleyr"><code>`@​findleyr</code></a>,` <a href="https://github.com/hyangah"><code>`@​hyangah</code></a>,` <a href="https://github.com/pjweinbgo"><code>`@​pjweinbgo</code></a>,` <a href="https://github.com/suzmue"><code>`@​suzmue</code></a></p>`
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li>
<li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li>
<li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li>
<li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li>
<li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert &quot;go/analysis: add Sizes that matches gc size computations&quot;</li>
<li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li>
<li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li>
<li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting ``@dependabot` rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- ``@dependabot` rebase` will rebase this PR
- ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it
- ``@dependabot` merge` will merge this PR after your CI passes on it
- ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it
- ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging
- ``@dependabot` reopen` will reopen this PR if it is closed
- ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
sywhang pushed a commit to uber-go/fx that referenced this issue Jul 10, 2023
…1100)

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0
to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability
analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting to <code>&quot;Imports&quot;</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
post.</p>
<h2>Support changes</h2>
<p>This release removes support for the
<code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as
described in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a>
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;:
&quot;Imports&quot;</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a>
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using &quot;Run govulncheck to
verify&quot; code actions or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
code lens on <code>go.mod</code> files.</li>
</ul>
<p><a
href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a>
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png"
alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>&quot;Imports&quot;</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
setting controls the presence of code lenses that run the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a>
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a
href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a>
milestone.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a
href="https://github.com/dle8"><code>@​dle8</code></a>, <a
href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a
href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a
href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>:
a new crash during method completion on variables of type
<code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a>
go/ssa/interp: support conversions to slices of named bytes</li>
<li><a
href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a>
gopls/doc/contributing.md: document error handling strategies</li>
<li><a
href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a>
go/packages/gopackages: document -mode flag</li>
<li><a
href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a
href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a
href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a>
gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a
href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a>
Revert &quot;go/analysis: add Sizes that matches gc size
computations&quot;</li>
<li><a
href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a>
go/analysis: add Sizes that matches gc size computations</li>
<li><a
href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a>
go/vcs: delete</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mergify bot pushed a commit to aws/jsii that referenced this issue Jul 11, 2023
…es/@jsii/go-runtime-test/project (#4169)

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting to <code>&quot;Imports&quot;</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p>
<h2>Support changes</h2>
<p>This release removes support for the <code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;: &quot;Imports&quot;</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li>
<li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using &quot;Run govulncheck to verify&quot; code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> code lens on <code>go.mod</code> files.</li>
</ul>
<p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>

<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p>
<p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>&quot;Imports&quot;</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone.
To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a href="https://github.com/dle8"><code>@​dle8</code></a>, <a href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li>
<li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li>
<li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li>
<li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li>
<li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert &quot;go/analysis: add Sizes that matches gc size computations&quot;</li>
<li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li>
<li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li>
<li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this issue Jul 11, 2023
…es/@jsii/go-runtime/jsii-runtime-go (#4170)

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting to <code>&quot;Imports&quot;</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p>
<h2>Support changes</h2>
<p>This release removes support for the <code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;: &quot;Imports&quot;</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li>
<li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using &quot;Run govulncheck to verify&quot; code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> code lens on <code>go.mod</code> files.</li>
</ul>
<p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>

<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p>
<p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>&quot;Imports&quot;</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone.
To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a href="https://github.com/dle8"><code>@​dle8</code></a>, <a href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li>
<li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li>
<li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li>
<li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li>
<li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert &quot;go/analysis: add Sizes that matches gc size computations&quot;</li>
<li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li>
<li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li>
<li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
caarlos0 pushed a commit to goreleaser/goreleaser that referenced this issue Jul 12, 2023
Bumps the gomod-deps group with 3 updates:
[golang.org/x/crypto](https://github.com/golang/crypto),
[golang.org/x/oauth2](https://github.com/golang/oauth2) and
[golang.org/x/tools](https://github.com/golang/tools).

Updates `golang.org/x/crypto` from 0.10.0 to 0.11.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/crypto/commit/e98487292dcad4efaa6033b245ee014f90d177a2"><code>e984872</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/crypto/commit/183630ada7e00d6d4743f43479b7d4ea51de715e"><code>183630a</code></a>
x509roots: generate a stable sort, for real this time</li>
<li><a
href="https://github.com/golang/crypto/commit/a9e447dde7f8f364232efb5072e3ff89b24308da"><code>a9e447d</code></a>
x509roots/fallback: add //go:build go1.20 to bundle.go</li>
<li><a
href="https://github.com/golang/crypto/commit/64c3993f5c824fe7febbf8561179da523a4e98ea"><code>64c3993</code></a>
ssh: add hmac-sha2-512</li>
<li><a
href="https://github.com/golang/crypto/commit/5fe8145acacf736d52576b87b17c416731e0c4a8"><code>5fe8145</code></a>
x509roots: remove list hash and generation date, change ordering</li>
<li><a
href="https://github.com/golang/crypto/commit/043e94c17aa993f4d1026a2f692b8980e7740df2"><code>043e94c</code></a>
x509roots: fix generate script argument checking</li>
<li><a
href="https://github.com/golang/crypto/commit/0d502d7cd64920c6d2cce3950ead89a5c4eb5e69"><code>0d502d7</code></a>
x509roots: use &quot;generate&quot; build tag</li>
<li><a
href="https://github.com/golang/crypto/commit/0ff60057bbafb685e9f9a97af5261f484f8283d1"><code>0ff6005</code></a>
ssh/test: set a timeout and WaitDelay on sshd subcommands</li>
<li>See full diff in <a
href="https://github.com/golang/crypto/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/oauth2` from 0.9.0 to 0.10.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/oauth2/commit/ec5679f607c139709bdc4c2608494d56b95611fe"><code>ec5679f</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/oauth2/commit/989acb1bfed17be45134185bd228d89675a68f19"><code>989acb1</code></a>
all: update dependencies to their latest versions</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.9.0...v0.10.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/tools` from 0.10.0 to 0.11.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability
analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting to <code>&quot;Imports&quot;</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
post.</p>
<h2>Support changes</h2>
<p>This release removes support for the
<code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as
described in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a>
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;:
&quot;Imports&quot;</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a>
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using &quot;Run govulncheck to
verify&quot; code actions or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
code lens on <code>go.mod</code> files.</li>
</ul>
<p><a
href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a>
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png"
alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>&quot;Imports&quot;</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
setting controls the presence of code lenses that run the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a>
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a
href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a>
milestone.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a
href="https://github.com/dle8"><code>@​dle8</code></a>, <a
href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a
href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a
href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>:
a new crash during method completion on variables of type
<code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a>
go/ssa/interp: support conversions to slices of named bytes</li>
<li><a
href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a>
gopls/doc/contributing.md: document error handling strategies</li>
<li><a
href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a>
go/packages/gopackages: document -mode flag</li>
<li><a
href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a
href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a
href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a>
gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a
href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a>
Revert &quot;go/analysis: add Sizes that matches gc size
computations&quot;</li>
<li><a
href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a>
go/analysis: add Sizes that matches gc size computations</li>
<li><a
href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a>
go/vcs: delete</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
ginglis13 pushed a commit to runfinch/finch that referenced this issue Jul 14, 2023
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0
to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability
analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting to <code>&quot;Imports&quot;</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
post.</p>
<h2>Support changes</h2>
<p>This release removes support for the
<code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as
described in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a>
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;:
&quot;Imports&quot;</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a>
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using &quot;Run govulncheck to
verify&quot; code actions or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
code lens on <code>go.mod</code> files.</li>
</ul>
<p><a
href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a>
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png"
alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>&quot;Imports&quot;</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
setting controls the presence of code lenses that run the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a>
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a
href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a>
milestone.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a
href="https://github.com/dle8"><code>@​dle8</code></a>, <a
href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a
href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a
href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>:
a new crash during method completion on variables of type
<code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a>
go/ssa/interp: support conversions to slices of named bytes</li>
<li><a
href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a>
gopls/doc/contributing.md: document error handling strategies</li>
<li><a
href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a>
go/packages/gopackages: document -mode flag</li>
<li><a
href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a
href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a
href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a>
gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a
href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a>
Revert &quot;go/analysis: add Sizes that matches gc size
computations&quot;</li>
<li><a
href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a>
go/analysis: add Sizes that matches gc size computations</li>
<li><a
href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a>
go/vcs: delete</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@golang golang locked and limited conversation to collaborators Sep 19, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FrozenDueToAge gopls Issues related to the Go language server, gopls. Tools This label describes issues relating to any tools in the x/tools repository.
Projects
None yet
Development

No branches or pull requests

4 participants