-
Notifications
You must be signed in to change notification settings - Fork 17.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/tools/gopls: extract function action doesn't work if the first line is a comment #54816
Labels
FrozenDueToAge
gopls
Issues related to the Go language server, gopls.
Tools
This label describes issues relating to any tools in the x/tools repository.
Milestone
Comments
gopherbot
added
Tools
This label describes issues relating to any tools in the x/tools repository.
gopls
Issues related to the Go language server, gopls.
labels
Sep 1, 2022
Change https://go.dev/cl/351989 mentions this issue: |
suzmue
changed the title
x/tools/gopls: exctract function action doesn't work if the first line is a comment
x/tools/gopls: extract function action doesn't work if the first line is a comment
Sep 8, 2022
sywhang
pushed a commit
to uber-go/gopatch
that referenced
this issue
Jul 6, 2023
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p> <blockquote> <h2>gopls/v0.11.0</h2> <p>This is a small release containing new integrations of vulnerability analysis.</p> <p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting to <code>"Imports"</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p> <h2>Support changes</h2> <p>This release removes support for the <code>"experimentalUseInvalidMetadata"</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p> <h2>New Features</h2> <h3>Analyzing dependencies for vulnerabilities</h3> <p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p> <ul> <li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck": "Imports"</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li> <li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using "Run govulncheck to verify" code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> code lens on <code>go.mod</code> files.</li> </ul> <p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p> <!-- raw HTML omitted --> <h3>Additional checks for the <code>loopclosure</code> analyzer</h3> <p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p> <p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p> <h2>Configuration changes</h2> <ul> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>"Imports"</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li> </ul> <h2>Bug fixes</h2> <p>This version of gopls includes fixes to several bugs, notably:</p> <ul> <li><code>golang/go#57053</code></li> <li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li> <li><code>golang/go#54816</code></li> </ul> <p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone. To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p> <h2>Thank you to our contributors</h2> <p><a href="https://github.com/Arsen6331"><code>@Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@adonovan</code></a>, <a href="https://github.com/bcmills"><code>@bcmills</code></a>, <a href="https://github.com/dle8"><code>@dle8</code></a>, <a href="https://github.com/findleyr"><code>@findleyr</code></a>, <a href="https://github.com/hyangah"><code>@hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@suzmue</code></a></p> <h2>gopls/v0.10.1</h2> <p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li> <li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li> <li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li> <li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li> <li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li> <li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li> <li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert "go/analysis: add Sizes that matches gc size computations"</li> <li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li> <li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
aviator-app bot
pushed a commit
to alcionai/corso
that referenced
this issue
Jul 6, 2023
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p> <blockquote> <h2>gopls/v0.11.0</h2> <p>This is a small release containing new integrations of vulnerability analysis.</p> <p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting to <code>"Imports"</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p> <h2>Support changes</h2> <p>This release removes support for the <code>"experimentalUseInvalidMetadata"</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p> <h2>New Features</h2> <h3>Analyzing dependencies for vulnerabilities</h3> <p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p> <ul> <li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck": "Imports"</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li> <li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using "Run govulncheck to verify" code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> code lens on <code>go.mod</code> files.</li> </ul> <p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p> <!-- raw HTML omitted --> <h3>Additional checks for the <code>loopclosure</code> analyzer</h3> <p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p> <p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p> <h2>Configuration changes</h2> <ul> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>"Imports"</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li> </ul> <h2>Bug fixes</h2> <p>This version of gopls includes fixes to several bugs, notably:</p> <ul> <li><code>golang/go#57053</code></li> <li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li> <li><code>golang/go#54816</code></li> </ul> <p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone. To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p> <h2>Thank you to our contributors</h2> <p><a href="https://github.com/Arsen6331"><code>@Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@adonovan</code></a>, <a href="https://github.com/bcmills"><code>@bcmills</code></a>, <a href="https://github.com/dle8"><code>@dle8</code></a>, <a href="https://github.com/findleyr"><code>@findleyr</code></a>, <a href="https://github.com/hyangah"><code>@hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@suzmue</code></a></p> <h2>gopls/v0.10.1</h2> <p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li> <li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li> <li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li> <li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li> <li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li> <li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li> <li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert "go/analysis: add Sizes that matches gc size computations"</li> <li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li> <li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
jazanne
pushed a commit
to launchdarkly/ld-find-code-refs
that referenced
this issue
Jul 10, 2023
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p> <blockquote> <h2>gopls/v0.11.0</h2> <p>This is a small release containing new integrations of vulnerability analysis.</p> <p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting to <code>"Imports"</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p> <h2>Support changes</h2> <p>This release removes support for the <code>"experimentalUseInvalidMetadata"</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p> <h2>New Features</h2> <h3>Analyzing dependencies for vulnerabilities</h3> <p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p> <ul> <li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck": "Imports"</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li> <li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using "Run govulncheck to verify" code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> code lens on <code>go.mod</code> files.</li> </ul> <p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p> <!-- raw HTML omitted --> <h3>Additional checks for the <code>loopclosure</code> analyzer</h3> <p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p> <p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p> <h2>Configuration changes</h2> <ul> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>"Imports"</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li> </ul> <h2>Bug fixes</h2> <p>This version of gopls includes fixes to several bugs, notably:</p> <ul> <li><code>golang/go#57053</code></li> <li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li> <li><code>golang/go#54816</code></li> </ul> <p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone. To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p> <h2>Thank you to our contributors</h2> <p><a href="https://github.com/Arsen6331"><code>@Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@adonovan</code></a>, <a href="https://github.com/bcmills"><code>@bcmills</code></a>, <a href="https://github.com/dle8"><code>@dle8</code></a>, <a href="https://github.com/findleyr"><code>@findleyr</code></a>, <a href="https://github.com/hyangah"><code>@hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@suzmue</code></a></p> <h2>gopls/v0.10.1</h2> <p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li> <li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li> <li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li> <li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li> <li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li> <li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li> <li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert "go/analysis: add Sizes that matches gc size computations"</li> <li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li> <li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
bors bot
added a commit
to xen0n/goubao
that referenced
this issue
Jul 10, 2023
30: build(deps): bump golang.org/x/tools from 0.10.0 to 0.11.0 r=xen0n a=dependabot[bot] Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p> <blockquote> <h2>gopls/v0.11.0</h2> <p>This is a small release containing new integrations of vulnerability analysis.</p> <p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting to <code>"Imports"</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p> <h2>Support changes</h2> <p>This release removes support for the <code>"experimentalUseInvalidMetadata"</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p> <h2>New Features</h2> <h3>Analyzing dependencies for vulnerabilities</h3> <p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p> <ul> <li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck": "Imports"</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li> <li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using "Run govulncheck to verify" code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> code lens on <code>go.mod</code> files.</li> </ul> <p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p> <!-- raw HTML omitted --> <h3>Additional checks for the <code>loopclosure</code> analyzer</h3> <p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p> <p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p> <h2>Configuration changes</h2> <ul> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>"Imports"</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li> </ul> <h2>Bug fixes</h2> <p>This version of gopls includes fixes to several bugs, notably:</p> <ul> <li><code>golang/go#57053</code></li> <li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li> <li><code>golang/go#54816</code></li> </ul> <p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone. To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p> <h2>Thank you to our contributors</h2> <p><a href="https://github.com/Arsen6331"><code>`@Arsen6331</code></a>,` <a href="https://github.com/SN9NV"><code>`@SN9NV</code></a>,` <a href="https://github.com/adonovan"><code>`@adonovan</code></a>,` <a href="https://github.com/bcmills"><code>`@bcmills</code></a>,` <a href="https://github.com/dle8"><code>`@dle8</code></a>,` <a href="https://github.com/findleyr"><code>`@findleyr</code></a>,` <a href="https://github.com/hyangah"><code>`@hyangah</code></a>,` <a href="https://github.com/pjweinbgo"><code>`@pjweinbgo</code></a>,` <a href="https://github.com/suzmue"><code>`@suzmue</code></a></p>` <h2>gopls/v0.10.1</h2> <p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li> <li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li> <li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li> <li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li> <li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li> <li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li> <li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert "go/analysis: add Sizes that matches gc size computations"</li> <li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li> <li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting ``@dependabot` rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - ``@dependabot` rebase` will rebase this PR - ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it - ``@dependabot` merge` will merge this PR after your CI passes on it - ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it - ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging - ``@dependabot` reopen` will reopen this PR if it is closed - ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
sywhang
pushed a commit
to uber-go/fx
that referenced
this issue
Jul 10, 2023
…1100) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p> <blockquote> <h2>gopls/v0.11.0</h2> <p>This is a small release containing new integrations of vulnerability analysis.</p> <p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting to <code>"Imports"</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p> <h2>Support changes</h2> <p>This release removes support for the <code>"experimentalUseInvalidMetadata"</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p> <h2>New Features</h2> <h3>Analyzing dependencies for vulnerabilities</h3> <p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p> <ul> <li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck": "Imports"</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li> <li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using "Run govulncheck to verify" code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> code lens on <code>go.mod</code> files.</li> </ul> <p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p> <!-- raw HTML omitted --> <h3>Additional checks for the <code>loopclosure</code> analyzer</h3> <p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p> <p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p> <h2>Configuration changes</h2> <ul> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>"Imports"</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li> </ul> <h2>Bug fixes</h2> <p>This version of gopls includes fixes to several bugs, notably:</p> <ul> <li><code>golang/go#57053</code></li> <li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li> <li><code>golang/go#54816</code></li> </ul> <p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone. To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p> <h2>Thank you to our contributors</h2> <p><a href="https://github.com/Arsen6331"><code>@Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@adonovan</code></a>, <a href="https://github.com/bcmills"><code>@bcmills</code></a>, <a href="https://github.com/dle8"><code>@dle8</code></a>, <a href="https://github.com/findleyr"><code>@findleyr</code></a>, <a href="https://github.com/hyangah"><code>@hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@suzmue</code></a></p> <h2>gopls/v0.10.1</h2> <p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li> <li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li> <li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li> <li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li> <li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li> <li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li> <li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert "go/analysis: add Sizes that matches gc size computations"</li> <li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li> <li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mergify bot
pushed a commit
to aws/jsii
that referenced
this issue
Jul 11, 2023
…es/@jsii/go-runtime-test/project (#4169) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p> <blockquote> <h2>gopls/v0.11.0</h2> <p>This is a small release containing new integrations of vulnerability analysis.</p> <p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting to <code>"Imports"</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p> <h2>Support changes</h2> <p>This release removes support for the <code>"experimentalUseInvalidMetadata"</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p> <h2>New Features</h2> <h3>Analyzing dependencies for vulnerabilities</h3> <p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p> <ul> <li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck": "Imports"</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li> <li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using "Run govulncheck to verify" code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> code lens on <code>go.mod</code> files.</li> </ul> <p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p> <h3>Additional checks for the <code>loopclosure</code> analyzer</h3> <p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p> <p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p> <h2>Configuration changes</h2> <ul> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>"Imports"</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li> </ul> <h2>Bug fixes</h2> <p>This version of gopls includes fixes to several bugs, notably:</p> <ul> <li><code>golang/go#57053</code></li> <li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li> <li><code>golang/go#54816</code></li> </ul> <p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone. To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p> <h2>Thank you to our contributors</h2> <p><a href="https://github.com/Arsen6331"><code>@Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@adonovan</code></a>, <a href="https://github.com/bcmills"><code>@bcmills</code></a>, <a href="https://github.com/dle8"><code>@dle8</code></a>, <a href="https://github.com/findleyr"><code>@findleyr</code></a>, <a href="https://github.com/hyangah"><code>@hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@suzmue</code></a></p> <h2>gopls/v0.10.1</h2> <p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li> <li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li> <li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li> <li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li> <li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li> <li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li> <li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert "go/analysis: add Sizes that matches gc size computations"</li> <li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li> <li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
mergify bot
pushed a commit
to aws/jsii
that referenced
this issue
Jul 11, 2023
…es/@jsii/go-runtime/jsii-runtime-go (#4170) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p> <blockquote> <h2>gopls/v0.11.0</h2> <p>This is a small release containing new integrations of vulnerability analysis.</p> <p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting to <code>"Imports"</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p> <h2>Support changes</h2> <p>This release removes support for the <code>"experimentalUseInvalidMetadata"</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p> <h2>New Features</h2> <h3>Analyzing dependencies for vulnerabilities</h3> <p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p> <ul> <li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck": "Imports"</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li> <li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using "Run govulncheck to verify" code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> code lens on <code>go.mod</code> files.</li> </ul> <p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p> <h3>Additional checks for the <code>loopclosure</code> analyzer</h3> <p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p> <p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p> <h2>Configuration changes</h2> <ul> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>"Imports"</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li> </ul> <h2>Bug fixes</h2> <p>This version of gopls includes fixes to several bugs, notably:</p> <ul> <li><code>golang/go#57053</code></li> <li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li> <li><code>golang/go#54816</code></li> </ul> <p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone. To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p> <h2>Thank you to our contributors</h2> <p><a href="https://github.com/Arsen6331"><code>@Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@adonovan</code></a>, <a href="https://github.com/bcmills"><code>@bcmills</code></a>, <a href="https://github.com/dle8"><code>@dle8</code></a>, <a href="https://github.com/findleyr"><code>@findleyr</code></a>, <a href="https://github.com/hyangah"><code>@hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@suzmue</code></a></p> <h2>gopls/v0.10.1</h2> <p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li> <li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li> <li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li> <li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li> <li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li> <li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li> <li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert "go/analysis: add Sizes that matches gc size computations"</li> <li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li> <li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
caarlos0
pushed a commit
to goreleaser/goreleaser
that referenced
this issue
Jul 12, 2023
Bumps the gomod-deps group with 3 updates: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/oauth2](https://github.com/golang/oauth2) and [golang.org/x/tools](https://github.com/golang/tools). Updates `golang.org/x/crypto` from 0.10.0 to 0.11.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/e98487292dcad4efaa6033b245ee014f90d177a2"><code>e984872</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/183630ada7e00d6d4743f43479b7d4ea51de715e"><code>183630a</code></a> x509roots: generate a stable sort, for real this time</li> <li><a href="https://github.com/golang/crypto/commit/a9e447dde7f8f364232efb5072e3ff89b24308da"><code>a9e447d</code></a> x509roots/fallback: add //go:build go1.20 to bundle.go</li> <li><a href="https://github.com/golang/crypto/commit/64c3993f5c824fe7febbf8561179da523a4e98ea"><code>64c3993</code></a> ssh: add hmac-sha2-512</li> <li><a href="https://github.com/golang/crypto/commit/5fe8145acacf736d52576b87b17c416731e0c4a8"><code>5fe8145</code></a> x509roots: remove list hash and generation date, change ordering</li> <li><a href="https://github.com/golang/crypto/commit/043e94c17aa993f4d1026a2f692b8980e7740df2"><code>043e94c</code></a> x509roots: fix generate script argument checking</li> <li><a href="https://github.com/golang/crypto/commit/0d502d7cd64920c6d2cce3950ead89a5c4eb5e69"><code>0d502d7</code></a> x509roots: use "generate" build tag</li> <li><a href="https://github.com/golang/crypto/commit/0ff60057bbafb685e9f9a97af5261f484f8283d1"><code>0ff6005</code></a> ssh/test: set a timeout and WaitDelay on sshd subcommands</li> <li>See full diff in <a href="https://github.com/golang/crypto/compare/v0.10.0...v0.11.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/oauth2` from 0.9.0 to 0.10.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/oauth2/commit/ec5679f607c139709bdc4c2608494d56b95611fe"><code>ec5679f</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/oauth2/commit/989acb1bfed17be45134185bd228d89675a68f19"><code>989acb1</code></a> all: update dependencies to their latest versions</li> <li>See full diff in <a href="https://github.com/golang/oauth2/compare/v0.9.0...v0.10.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/tools` from 0.10.0 to 0.11.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p> <blockquote> <h2>gopls/v0.11.0</h2> <p>This is a small release containing new integrations of vulnerability analysis.</p> <p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting to <code>"Imports"</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p> <h2>Support changes</h2> <p>This release removes support for the <code>"experimentalUseInvalidMetadata"</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p> <h2>New Features</h2> <h3>Analyzing dependencies for vulnerabilities</h3> <p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p> <ul> <li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck": "Imports"</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li> <li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using "Run govulncheck to verify" code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> code lens on <code>go.mod</code> files.</li> </ul> <p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p> <!-- raw HTML omitted --> <h3>Additional checks for the <code>loopclosure</code> analyzer</h3> <p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p> <p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p> <h2>Configuration changes</h2> <ul> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>"Imports"</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li> </ul> <h2>Bug fixes</h2> <p>This version of gopls includes fixes to several bugs, notably:</p> <ul> <li><code>golang/go#57053</code></li> <li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li> <li><code>golang/go#54816</code></li> </ul> <p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone. To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p> <h2>Thank you to our contributors</h2> <p><a href="https://github.com/Arsen6331"><code>@Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@adonovan</code></a>, <a href="https://github.com/bcmills"><code>@bcmills</code></a>, <a href="https://github.com/dle8"><code>@dle8</code></a>, <a href="https://github.com/findleyr"><code>@findleyr</code></a>, <a href="https://github.com/hyangah"><code>@hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@suzmue</code></a></p> <h2>gopls/v0.10.1</h2> <p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li> <li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li> <li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li> <li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li> <li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li> <li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li> <li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert "go/analysis: add Sizes that matches gc size computations"</li> <li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li> <li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
ginglis13
pushed a commit
to runfinch/finch
that referenced
this issue
Jul 14, 2023
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p> <blockquote> <h2>gopls/v0.11.0</h2> <p>This is a small release containing new integrations of vulnerability analysis.</p> <p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting to <code>"Imports"</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p> <h2>Support changes</h2> <p>This release removes support for the <code>"experimentalUseInvalidMetadata"</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p> <h2>New Features</h2> <h3>Analyzing dependencies for vulnerabilities</h3> <p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p> <ul> <li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck": "Imports"</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li> <li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using "Run govulncheck to verify" code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> code lens on <code>go.mod</code> files.</li> </ul> <p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p> <!-- raw HTML omitted --> <h3>Additional checks for the <code>loopclosure</code> analyzer</h3> <p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p> <p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p> <h2>Configuration changes</h2> <ul> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>"Imports"</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li> </ul> <h2>Bug fixes</h2> <p>This version of gopls includes fixes to several bugs, notably:</p> <ul> <li><code>golang/go#57053</code></li> <li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li> <li><code>golang/go#54816</code></li> </ul> <p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone. To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p> <h2>Thank you to our contributors</h2> <p><a href="https://github.com/Arsen6331"><code>@Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@adonovan</code></a>, <a href="https://github.com/bcmills"><code>@bcmills</code></a>, <a href="https://github.com/dle8"><code>@dle8</code></a>, <a href="https://github.com/findleyr"><code>@findleyr</code></a>, <a href="https://github.com/hyangah"><code>@hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@suzmue</code></a></p> <h2>gopls/v0.10.1</h2> <p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li> <li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li> <li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li> <li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li> <li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li> <li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li> <li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert "go/analysis: add Sizes that matches gc size computations"</li> <li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li> <li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
FrozenDueToAge
gopls
Issues related to the Go language server, gopls.
Tools
This label describes issues relating to any tools in the x/tools repository.
gopls version
go env
What did you do?
Select the line with
// Do other things.
and two others below it. Show range code actions (vim.lsp.buf.range_code_action()
in my case).What did you expect to see?
The
Extract function
action being available.What did you see instead?
No code actions available
If I only select the two code lines, it works as expected.
Editor and settings
NVIM v0.7.2
with the latestnvim-lspconfig
.Logs
The text was updated successfully, but these errors were encountered: