Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/tools/gopls: orphaned file reloading causes unnecessary loads #57053

Closed
findleyr opened this issue Dec 2, 2022 · 2 comments
Closed

x/tools/gopls: orphaned file reloading causes unnecessary loads #57053

findleyr opened this issue Dec 2, 2022 · 2 comments
Labels
FrozenDueToAge gopls Issues related to the Go language server, gopls. Tools This label describes issues relating to any tools in the x/tools repository.
Milestone
gopls/v0.11.0

Comments

@findleyr
Copy link
Contributor

findleyr commented Dec 2, 2022

The current logic of reloadOrphanedFiles causes it to reload irrelevant files in the workspace, once they have been mapped (e.g. because of a branch change).

More generally, we should avoid ever ranging snapshot.files, as it is the set of files previously seen by the snapshot, which is path-dependent and has no intrinsic meaning.

CC @adonovan
@findleyr findleyr added this to the gopls/v0.10.2 milestone Dec 2, 2022
@gopherbot gopherbot added Tools This label describes issues relating to any tools in the x/tools repository. gopls Issues related to the Go language server, gopls. labels Dec 2, 2022
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/454559 mentions this issue: gopls/internal/lsp/cache: narrow reloadOrphanedFiles to open files

gopherbot pushed a commit to golang/tools that referenced this issue Dec 2, 2022
@findleyr @gopherbot
gopls/internal/lsp/cache: narrow reloadOrphanedFiles to open files
4f69bf3 
This CL implements a narrower fix for #57053 than completely removing
orphaned file reloading, as done in CL 454116.

One side-effect of orphaned file reloading that we still depend on is to
ensure we at least try to load each open file. Elsewhere in the code
(for example, in GetCriticalError) we assume that we've tried loading
all open files.

For golang/go#57053

Change-Id: I33b77859b3c2bf1437558b64b8262985730a7215
Reviewed-on: https://go-review.googlesource.com/c/tools/+/454559
Reviewed-by: Alan Donovan <adonovan@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Robert Findley <rfindley@google.com>
gopls-CI: kokoro <noreply+kokoro@google.com>
@findleyr
Copy link
Contributor Author

findleyr commented Dec 5, 2022

I'm going to close this as reloading open files is an acceptable operation. Reloading every known file is not.

It would still be nice to eliminate reloading entirely.

@findleyr findleyr closed this as completed Dec 5, 2022
sywhang pushed a commit to uber-go/gopatch that referenced this issue Jul 6, 2023
@dependabot
build(deps): bump golang.org/x/tools from 0.10.0 to 0.11.0 (#124)
ca62e03 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0
to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability
analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting to <code>&quot;Imports&quot;</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
post.</p>
<h2>Support changes</h2>
<p>This release removes support for the
<code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as
described in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a>
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;:
&quot;Imports&quot;</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a>
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using &quot;Run govulncheck to
verify&quot; code actions or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
code lens on <code>go.mod</code> files.</li>
</ul>
<p><a
href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a>
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png"
alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>&quot;Imports&quot;</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
setting controls the presence of code lenses that run the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a>
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a
href="https://github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a>
milestone.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a
href="https://github.com/dle8"><code>@​dle8</code></a>, <a
href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a
href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a
href="https://github.com/golang/go/issues/56505">golang/go#56505</a>:
a new crash during method completion on variables of type
<code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a>
go/ssa/interp: support conversions to slices of named bytes</li>
<li><a
href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a>
gopls/doc/contributing.md: document error handling strategies</li>
<li><a
href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a>
go/packages/gopackages: document -mode flag</li>
<li><a
href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a
href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a
href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a>
gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a
href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a>
Revert &quot;go/analysis: add Sizes that matches gc size
computations&quot;</li>
<li><a
href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a>
go/analysis: add Sizes that matches gc size computations</li>
<li><a
href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a>
go/vcs: delete</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
aviator-app bot pushed a commit to alcionai/corso that referenced this issue Jul 6, 2023
@dependabot
⬆️ Bump golang.org/x/tools from 0.10.0 to 0.11.0 in /src (#3760)
597a51c 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting to <code>&quot;Imports&quot;</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p>
<h2>Support changes</h2>
<p>This release removes support for the <code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;: &quot;Imports&quot;</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li>
<li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using &quot;Run govulncheck to verify&quot; code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> code lens on <code>go.mod</code> files.</li>
</ul>
<p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p>
<p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>&quot;Imports&quot;</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a href="https://github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone.
To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a href="https://github.com/dle8"><code>@​dle8</code></a>, <a href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a href="https://github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li>
<li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li>
<li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li>
<li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li>
<li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert &quot;go/analysis: add Sizes that matches gc size computations&quot;</li>
<li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li>
<li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li>
<li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
jazanne pushed a commit to launchdarkly/ld-find-code-refs that referenced this issue Jul 10, 2023
@dependabot
Bump golang.org/x/tools from 0.10.0 to 0.11.0 (#364)
9d0bd95 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0
to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability
analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting to <code>&quot;Imports&quot;</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
post.</p>
<h2>Support changes</h2>
<p>This release removes support for the
<code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as
described in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a>
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;:
&quot;Imports&quot;</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a>
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using &quot;Run govulncheck to
verify&quot; code actions or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
code lens on <code>go.mod</code> files.</li>
</ul>
<p><a
href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a>
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png"
alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>&quot;Imports&quot;</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
setting controls the presence of code lenses that run the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a>
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a
href="https://github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a>
milestone.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a
href="https://github.com/dle8"><code>@​dle8</code></a>, <a
href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a
href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a
href="https://github.com/golang/go/issues/56505">golang/go#56505</a>:
a new crash during method completion on variables of type
<code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a>
go/ssa/interp: support conversions to slices of named bytes</li>
<li><a
href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a>
gopls/doc/contributing.md: document error handling strategies</li>
<li><a
href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a>
go/packages/gopackages: document -mode flag</li>
<li><a
href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a
href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a
href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a>
gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a
href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a>
Revert &quot;go/analysis: add Sizes that matches gc size
computations&quot;</li>
<li><a
href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a>
go/analysis: add Sizes that matches gc size computations</li>
<li><a
href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a>
go/vcs: delete</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
bors bot added a commit to xen0n/goubao that referenced this issue Jul 10, 2023
@bors @dependabot
Merge #30
f465213 
30: build(deps): bump golang.org/x/tools from 0.10.0 to 0.11.0 r=xen0n a=dependabot[bot]

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting to <code>&quot;Imports&quot;</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p>
<h2>Support changes</h2>
<p>This release removes support for the <code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;: &quot;Imports&quot;</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li>
<li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using &quot;Run govulncheck to verify&quot; code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> code lens on <code>go.mod</code> files.</li>
</ul>
<p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p>
<p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>&quot;Imports&quot;</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a href="https://github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone.
To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>`@​Arsen6331</code></a>,` <a href="https://github.com/SN9NV"><code>`@​SN9NV</code></a>,` <a href="https://github.com/adonovan"><code>`@​adonovan</code></a>,` <a href="https://github.com/bcmills"><code>`@​bcmills</code></a>,` <a href="https://github.com/dle8"><code>`@​dle8</code></a>,` <a href="https://github.com/findleyr"><code>`@​findleyr</code></a>,` <a href="https://github.com/hyangah"><code>`@​hyangah</code></a>,` <a href="https://github.com/pjweinbgo"><code>`@​pjweinbgo</code></a>,` <a href="https://github.com/suzmue"><code>`@​suzmue</code></a></p>`
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a href="https://github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li>
<li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li>
<li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li>
<li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li>
<li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert &quot;go/analysis: add Sizes that matches gc size computations&quot;</li>
<li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li>
<li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li>
<li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting ``@dependabot` rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- ``@dependabot` rebase` will rebase this PR
- ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it
- ``@dependabot` merge` will merge this PR after your CI passes on it
- ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it
- ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging
- ``@dependabot` reopen` will reopen this PR if it is closed
- ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
sywhang pushed a commit to uber-go/fx that referenced this issue Jul 10, 2023
@dependabot
chore(deps): bump golang.org/x/tools from 0.10.0 to 0.11.0 in /tools (#…
5aa123f 
…1100)

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0
to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability
analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting to <code>&quot;Imports&quot;</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
post.</p>
<h2>Support changes</h2>
<p>This release removes support for the
<code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as
described in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a>
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;:
&quot;Imports&quot;</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a>
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using &quot;Run govulncheck to
verify&quot; code actions or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
code lens on <code>go.mod</code> files.</li>
</ul>
<p><a
href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a>
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png"
alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>&quot;Imports&quot;</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
setting controls the presence of code lenses that run the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a>
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a
href="https://github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a>
milestone.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a
href="https://github.com/dle8"><code>@​dle8</code></a>, <a
href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a
href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a
href="https://github.com/golang/go/issues/56505">golang/go#56505</a>:
a new crash during method completion on variables of type
<code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a>
go/ssa/interp: support conversions to slices of named bytes</li>
<li><a
href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a>
gopls/doc/contributing.md: document error handling strategies</li>
<li><a
href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a>
go/packages/gopackages: document -mode flag</li>
<li><a
href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a
href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a
href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a>
gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a
href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a>
Revert &quot;go/analysis: add Sizes that matches gc size
computations&quot;</li>
<li><a
href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a>
go/analysis: add Sizes that matches gc size computations</li>
<li><a
href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a>
go/vcs: delete</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mergify bot pushed a commit to aws/jsii that referenced this issue Jul 11, 2023
@dependabot
chore(deps): Bump golang.org/x/tools from 0.10.0 to 0.11.0 in /packag…
a23e405 
…es/@jsii/go-runtime-test/project (#4169)

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting to <code>&quot;Imports&quot;</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p>
<h2>Support changes</h2>
<p>This release removes support for the <code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;: &quot;Imports&quot;</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li>
<li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using &quot;Run govulncheck to verify&quot; code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> code lens on <code>go.mod</code> files.</li>
</ul>
<p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>

<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p>
<p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>&quot;Imports&quot;</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a href="https://github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone.
To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a href="https://github.com/dle8"><code>@​dle8</code></a>, <a href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a href="https://github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li>
<li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li>
<li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li>
<li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li>
<li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert &quot;go/analysis: add Sizes that matches gc size computations&quot;</li>
<li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li>
<li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li>
<li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this issue Jul 11, 2023
@dependabot
chore(deps): Bump golang.org/x/tools from 0.10.0 to 0.11.0 in /packag…
c87b684 
…es/@jsii/go-runtime/jsii-runtime-go (#4170)

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting to <code>&quot;Imports&quot;</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p>
<h2>Support changes</h2>
<p>This release removes support for the <code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;: &quot;Imports&quot;</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li>
<li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using &quot;Run govulncheck to verify&quot; code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> code lens on <code>go.mod</code> files.</li>
</ul>
<p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>

<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p>
<p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>&quot;Imports&quot;</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a href="https://github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone.
To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a href="https://github.com/dle8"><code>@​dle8</code></a>, <a href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a href="https://github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li>
<li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li>
<li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li>
<li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li>
<li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert &quot;go/analysis: add Sizes that matches gc size computations&quot;</li>
<li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li>
<li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li>
<li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
caarlos0 pushed a commit to goreleaser/goreleaser that referenced this issue Jul 12, 2023
@dependabot
feat(deps): bump the gomod-deps group with 3 updates (#4165)
49d6a15 
Bumps the gomod-deps group with 3 updates:
[golang.org/x/crypto](https://github.com/golang/crypto),
[golang.org/x/oauth2](https://github.com/golang/oauth2) and
[golang.org/x/tools](https://github.com/golang/tools).

Updates `golang.org/x/crypto` from 0.10.0 to 0.11.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/crypto/commit/e98487292dcad4efaa6033b245ee014f90d177a2"><code>e984872</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/crypto/commit/183630ada7e00d6d4743f43479b7d4ea51de715e"><code>183630a</code></a>
x509roots: generate a stable sort, for real this time</li>
<li><a
href="https://github.com/golang/crypto/commit/a9e447dde7f8f364232efb5072e3ff89b24308da"><code>a9e447d</code></a>
x509roots/fallback: add //go:build go1.20 to bundle.go</li>
<li><a
href="https://github.com/golang/crypto/commit/64c3993f5c824fe7febbf8561179da523a4e98ea"><code>64c3993</code></a>
ssh: add hmac-sha2-512</li>
<li><a
href="https://github.com/golang/crypto/commit/5fe8145acacf736d52576b87b17c416731e0c4a8"><code>5fe8145</code></a>
x509roots: remove list hash and generation date, change ordering</li>
<li><a
href="https://github.com/golang/crypto/commit/043e94c17aa993f4d1026a2f692b8980e7740df2"><code>043e94c</code></a>
x509roots: fix generate script argument checking</li>
<li><a
href="https://github.com/golang/crypto/commit/0d502d7cd64920c6d2cce3950ead89a5c4eb5e69"><code>0d502d7</code></a>
x509roots: use &quot;generate&quot; build tag</li>
<li><a
href="https://github.com/golang/crypto/commit/0ff60057bbafb685e9f9a97af5261f484f8283d1"><code>0ff6005</code></a>
ssh/test: set a timeout and WaitDelay on sshd subcommands</li>
<li>See full diff in <a
href="https://github.com/golang/crypto/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/oauth2` from 0.9.0 to 0.10.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/oauth2/commit/ec5679f607c139709bdc4c2608494d56b95611fe"><code>ec5679f</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/oauth2/commit/989acb1bfed17be45134185bd228d89675a68f19"><code>989acb1</code></a>
all: update dependencies to their latest versions</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.9.0...v0.10.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/tools` from 0.10.0 to 0.11.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability
analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting to <code>&quot;Imports&quot;</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
post.</p>
<h2>Support changes</h2>
<p>This release removes support for the
<code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as
described in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a>
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;:
&quot;Imports&quot;</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a>
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using &quot;Run govulncheck to
verify&quot; code actions or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
code lens on <code>go.mod</code> files.</li>
</ul>
<p><a
href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a>
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png"
alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>&quot;Imports&quot;</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
setting controls the presence of code lenses that run the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a>
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a
href="https://github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a>
milestone.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a
href="https://github.com/dle8"><code>@​dle8</code></a>, <a
href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a
href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a
href="https://github.com/golang/go/issues/56505">golang/go#56505</a>:
a new crash during method completion on variables of type
<code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a>
go/ssa/interp: support conversions to slices of named bytes</li>
<li><a
href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a>
gopls/doc/contributing.md: document error handling strategies</li>
<li><a
href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a>
go/packages/gopackages: document -mode flag</li>
<li><a
href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a
href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a
href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a>
gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a
href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a>
Revert &quot;go/analysis: add Sizes that matches gc size
computations&quot;</li>
<li><a
href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a>
go/analysis: add Sizes that matches gc size computations</li>
<li><a
href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a>
go/vcs: delete</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
ginglis13 pushed a commit to runfinch/finch that referenced this issue Jul 14, 2023
@dependabot
build(deps): Bump golang.org/x/tools from 0.10.0 to 0.11.0 (#466)
a8b32f9 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0
to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability
analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting to <code>&quot;Imports&quot;</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
post.</p>
<h2>Support changes</h2>
<p>This release removes support for the
<code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as
described in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a>
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;:
&quot;Imports&quot;</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a>
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using &quot;Run govulncheck to
verify&quot; code actions or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
code lens on <code>go.mod</code> files.</li>
</ul>
<p><a
href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a>
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png"
alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>&quot;Imports&quot;</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
setting controls the presence of code lenses that run the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a>
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a
href="https://github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a>
milestone.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a
href="https://github.com/dle8"><code>@​dle8</code></a>, <a
href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a
href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a
href="https://github.com/golang/go/issues/56505">golang/go#56505</a>:
a new crash during method completion on variables of type
<code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a>
go/ssa/interp: support conversions to slices of named bytes</li>
<li><a
href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a>
gopls/doc/contributing.md: document error handling strategies</li>
<li><a
href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a>
go/packages/gopackages: document -mode flag</li>
<li><a
href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a
href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a
href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a>
gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a
href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a>
Revert &quot;go/analysis: add Sizes that matches gc size
computations&quot;</li>
<li><a
href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a>
go/analysis: add Sizes that matches gc size computations</li>
<li><a
href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a>
go/vcs: delete</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@golang golang locked and limited conversation to collaborators Dec 5, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge gopls Issues related to the Go language server, gopls. Tools This label describes issues relating to any tools in the x/tools repository.
Projects
None yet
Milestone
gopls/v0.11.0
Development

No branches or pull requests
2 participants
@gopherbot @findleyr