⬆️ Bump golang.org/x/tools from 0.10.0 to 0.11.0 in /src (#3760)

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting to <code>&quot;Imports&quot;</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p>
<h2>Support changes</h2>
<p>This release removes support for the <code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;: &quot;Imports&quot;</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li>
<li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using &quot;Run govulncheck to verify&quot; code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> code lens on <code>go.mod</code> files.</li>
</ul>
<p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p>
<p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>&quot;Imports&quot;</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone.
To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@adonovan</code></a>, <a href="https://github.com/bcmills"><code>@bcmills</code></a>, <a href="https://github.com/dle8"><code>@dle8</code></a>, <a href="https://github.com/findleyr"><code>@findleyr</code></a>, <a href="https://github.com/hyangah"><code>@hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="675bf3c243"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li>
<li><a href="ad52c1ca35"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li>
<li><a href="14ec3c023f"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li>
<li><a href="c495364167"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li>
<li><a href="87ad891fe3"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a href="27fd94e099"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a href="d362be0cdb"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a href="969078be46"><code>969078b</code></a> Revert &quot;go/analysis: add Sizes that matches gc size computations&quot;</li>
<li><a href="5aa6acb96f"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li>
<li><a href="5a89a3bf26"><code>5a89a3b</code></a> go/vcs: delete</li>
<li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

This commit is contained in:

dependabot[bot]

2023-07-06 17:45:51 +00:00

committed by

GitHub

parent 24c590040b

commit 597a51c6bc

No known key found for this signature in database

GPG Key ID: 4AEE18F83AFDEB23

2 changed files with 6 additions and 6 deletions

									
										4

src/go.mod
									
											View File
											
				@ -34,7 +34,7 @@ require (

					go.uber.org/zap v1.24.0

					golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb

					golang.org/x/time v0.3.0

					golang.org/x/tools v0.10.0

					golang.org/x/tools v0.11.0

				)

				require (

				@ -116,7 +116,7 @@ require (

					go.uber.org/atomic v1.10.0 // indirect

					go.uber.org/multierr v1.11.0 // indirect

					golang.org/x/crypto v0.11.0 // indirect

					golang.org/x/mod v0.11.0 // indirect

					golang.org/x/mod v0.12.0 // indirect

					golang.org/x/net v0.12.0

					golang.org/x/sync v0.3.0 // indirect

					golang.org/x/sys v0.10.0 // indirect

8

src/go.sum

View File

 @ -490,8 +490,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
 golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 @ -672,8 +672,8 @@ golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg=
 golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM=
 golang.org/x/tools v0.11.0 h1:EMCa6U9S2LtZXLAMoWiR/R8dAQFRqbAitmbJ2UKhoi8=
 golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

⬆️ Bump golang.org/x/tools from 0.10.0 to 0.11.0 in /src (#3760)

4 src/go.mod Unescape Escape View File

8 src/go.sum Unescape Escape View File

4

src/go.mod

View File

8

src/go.sum

View File