-
Notifications
You must be signed in to change notification settings - Fork 17.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
all: update standard-library dependencies at the start and end of each development cycle #36905
Comments
Change https://golang.org/cl/217517 mentions this issue: |
This issue is currently labeled as early-in-cycle for Go 1.15. That time is now, so friendly ping. |
Updates #36905 Updates #36907 Change-Id: I293dcef67800d5c81ff3a254bbd49309c5880710 Reviewed-on: https://go-review.googlesource.com/c/go/+/217517 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Completed the early-in-cycle update for the 1.15 cycle. Removing the label so we remember to revisit at the close of the cycle. |
Change https://golang.org/cl/231657 mentions this issue: |
The Go 1.15 code freeze has just started. This is the time to update all golang.org/x/... module versions that contribute packages to the std and cmd modules in the standard library to latest master versions. Those versions have already gone through code review, and now they will undergo additional testing during the freeze period. If there are new issues in these dependencies discovered, we have the freeze period to deal with that. By the end of the freeze period, we will have confidence that the Go 1.15 release and the dependency versions it has selected are robust. If one of the Go 1.15.x minor releases requires changing code in one of the vendored packages, we'll be able to do so on top of the versions that are selected here, and not be forced to use versions that came from different time periods, or try to jump across multiple untested versions in a minor release. The dependency versions that are selected in this commit are: github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3 github.com/ianlancetaylor/demangle v0.0.0-20200414190113-039b1ae3a340 golang.org/x/arch v0.0.0-20200312215426-ff8b605520f4 golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79 golang.org/x/mod v0.2.1-0.20200429172858-859b3ef565e2 golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5 golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3 golang.org/x/text v0.3.3-0.20200430171850-afb9336c4530 golang.org/x/tools v0.0.0-20200504152539-33427f1b0364 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 github.com/ianlancetaylor/demangle is considered in scope and updated. github.com/google/pprof is out of scope and was not updated. For #36905. Change-Id: Icb6996eb0df11f16edd9a42e04434012c0336354 Reviewed-on: https://go-review.googlesource.com/c/go/+/231657 Reviewed-by: Bryan C. Mills <bcmills@google.com> Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Completed the start-of-freeze update for the 1.15 cycle in CL 231657. Moving to 1.16 milestone and adding early-in-cycle. |
Change https://golang.org/cl/234002 mentions this issue: |
v0.3.0 is a tag on 859b3ef565e2, the version that was already being used. This change is a no-op, except for letting us use a release version instead of a pseudo-version. For #36905 Change-Id: I70b8ce2a3f1451f5602c469501362d7a6a673b12 Reviewed-on: https://go-review.googlesource.com/c/go/+/234002 Run-TryBot: Jay Conrod <jayconrod@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Michael Matloob <matloob@golang.org>
The Go 1.15 code freeze has just started. This is the time to update all golang.org/x/... module versions that contribute packages to the std and cmd modules in the standard library to latest master versions. Those versions have already gone through code review, and now they will undergo additional testing during the freeze period. If there are new issues in these dependencies discovered, we have the freeze period to deal with that. By the end of the freeze period, we will have confidence that the Go 1.15 release and the dependency versions it has selected are robust. If one of the Go 1.15.x minor releases requires changing code in one of the vendored packages, we'll be able to do so on top of the versions that are selected here, and not be forced to use versions that came from different time periods, or try to jump across multiple untested versions in a minor release. The dependency versions that are selected in this commit are: github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3 github.com/ianlancetaylor/demangle v0.0.0-20200414190113-039b1ae3a340 golang.org/x/arch v0.0.0-20200312215426-ff8b605520f4 golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79 golang.org/x/mod v0.2.1-0.20200429172858-859b3ef565e2 golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5 golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3 golang.org/x/text v0.3.3-0.20200430171850-afb9336c4530 golang.org/x/tools v0.0.0-20200504152539-33427f1b0364 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 github.com/ianlancetaylor/demangle is considered in scope and updated. github.com/google/pprof is out of scope and was not updated. For golang#36905. Change-Id: Icb6996eb0df11f16edd9a42e04434012c0336354 Reviewed-on: https://go-review.googlesource.com/c/go/+/231657 Reviewed-by: Bryan C. Mills <bcmills@google.com> Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
This issue is currently labeled as early-in-cycle for Go 1.16. |
I'm creating a short program that performs this task. Using a program makes it easier to precisely define our update policy, and adjust it over time as needed. It also makes this task less error prone and easier to review. Finally, this can help with #41409 and #36852. The policy I'm implementing right now is informed by the strategy we used in past manual CLs (e.g., CL 231657), with small adjustments. The policy is for all modules in the GOROOT/src directory (currently, The small adjustment is that the github.com/ianlancetaylor/demangle module won't be automatically updated as part of this process. My rationale is that it's different enough that it probably warrants being updated on its own schedule, when there is an explicit need. /cc @ianlancetaylor Indirect golang.org/x dependencies are not updated, although they could be. I'm going with the more conservative choice for now. I'm open to feedback on this, and can see pros/cons to both strategies. I've also considered but left out other modules in the GOROOT tree (e.g., GOROOT/misc) for now. |
Looks like we did update indirect dependencies last time. If we don't, it leaves much fewer dependencies to update, because the go.mod files of golang.org/x modules aren't being updated very often. Will think more about it and likely go with what we did last time as the next step here. |
Change https://golang.org/cl/255859 mentions this issue: |
Change https://golang.org/cl/255860 mentions this issue: |
Change https://golang.org/cl/256357 mentions this issue: |
This issue is currently labeled as early-in-cycle for Go 1.24. |
Change https://go.dev/cl/600535 mentions this issue: |
The Go 1.24 development tree has opened. This is a time to update all golang.org/x/... module versions that contribute packages to the std and cmd modules in the standard library to latest master versions. For #36905. [git-generate] go install golang.org/x/build/cmd/updatestd@latest go install golang.org/x/tools/cmd/bundle@latest updatestd -goroot=$(pwd) -branch=master Change-Id: I5a012af9f041f79ab4d5b30569a154e0c2d1617e Reviewed-on: https://go-review.googlesource.com/c/go/+/600535 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Change https://go.dev/cl/600596 mentions this issue: |
Pull in the latest published version of github.com/google/pprof as part of the continuous process of keeping Go's dependencies up to date. For #36905. [git-generate] cd src/cmd go get github.com/google/pprof@v0.0.0-20240722153945-304e4f0156b8 go mod tidy go mod vendor Change-Id: If009cff7f2d99ec58315102963cbe07b6739c09a Reviewed-on: https://go-review.googlesource.com/c/go/+/600596 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Change https://go.dev/cl/623821 mentions this issue: |
A part of the keeping Go's vendored dependencies and generated code up to date. For #36905. [git-generate] cd src go get golang.org/x/sys@v0.26.1-0.20241105152852-e0753d469443 go mod tidy go mod vendor cd cmd go get golang.org/x/sys@v0.26.1-0.20241105152852-e0753d469443 go mod tidy go mod vendor go generate syscall internal/syscall/... Change-Id: Ia84505f8934399f7c4518c6218892b81d30e5c17 Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest Reviewed-on: https://go-review.googlesource.com/c/go/+/623821 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com>
Change https://go.dev/cl/631035 mentions this issue: |
A part of the keeping Go's vendored dependencies and generated code up to date. This updates h2_bundle.go with unencrypted HTTP/2 support. For #36905. For #67816. [git-generate] cd src go get golang.org/x/net@v0.31.0 go mod tidy go mod vendor cd cmd go get golang.org/x/net@v0.31.0 go mod tidy go mod vendor go generate -run=bundle std Change-Id: I2b77f651b990f260fbe7d551c7a819518f1c983f Reviewed-on: https://go-review.googlesource.com/c/go/+/631035 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Change https://go.dev/cl/631336 mentions this issue: |
The Go 1.24 code freeze has recently started. This is a time to update all golang.org/x/... module versions that contribute packages to the std and cmd modules in the standard library to latest master versions. For #36905. [git-generate] go install golang.org/x/build/cmd/updatestd@latest go install golang.org/x/tools/cmd/bundle@latest updatestd -goroot=$(pwd) -branch=master Change-Id: I1b2e3b63ccc1137256d80c882b99ed26a66cbf6b Reviewed-on: https://go-review.googlesource.com/c/go/+/631336 Reviewed-by: Cherry Mui <cherryyz@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org>
Change https://go.dev/cl/634041 mentions this issue: |
I can't currently make progress on this because of an unexpected new vendored dependency, golang.org/x/sys/unix. This was added in CL 632816 and contradicts an explicit decision in the past to not vendor this package ((#32102). (Thanks goes to @dmitshur for figuring this out and cross-referencing everything.) We either need to roll back that CL or change the policy. CC @ianlancetaylor |
Also, I think that this is currently blocking the RC. |
If we want to unblock the RC, we probably can vendor to the commit right before that CL for the RC? That is probably still recent enough, so we get most of the updates in the x reops? |
That's fine with me, but do we have tooling to do this? Or would this have to happen manually? AFAICT |
Anything other "pick latest versions of all x/ repos" does need some manual intervention. You could still use updatestd, just followed by a |
I think I am coming to the conclusion that I'd rather roll back the x/net changes. The longer we wait to do so, if we decide not to change the policy, the harder it becomes to revert everything. |
Reverts landed and I'm unblocked. |
The Go 1.24 RC is due for next week. This is a time to once again update all golang.org/x/... module versions that contribute packages to the std and cmd modules in the standard library to latest master versions. For #36905. [git-generate] go install golang.org/x/build/cmd/updatestd@latest go install golang.org/x/tools/cmd/bundle@latest updatestd -goroot=$(pwd) -branch=master Change-Id: If4fd03a18590ff3b6e701a9698370c57c69979c2 Reviewed-on: https://go-review.googlesource.com/c/go/+/634041 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Michael Knyszek <mknyszek@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
CL 634041, CL 631336, and CL 626995 took care of the start-of-freeze updates for the Go 1.24 cycle. There may still be more updates to the vendored packages if they're needed to resolve release-blocking issues, but there aren't regularly scheduled updates in scope of this issue left. @mknyszek Okay to move this to the Go 1.25 milestone, and add early-in-cycle? |
Yes, I think we're good. |
The
x
dependencies vendored into the standard library (viasrc/go.mod
andsrc/cmd/go.mod
) should be updated for each code freeze, so that we can apply any needed fixes to those dependencies without also pulling in unnecessary changes or requiring significant backporting work (see, for example, #36851).This task, like #11811, #12042, and the API audit (#36167, #32813), should occur regularly in each development cycle. Probably we should update the dependencies at the beginning of each code freeze, and again when we reopen the tree at the end of each code freeze.
CC @golang/osp-team
The text was updated successfully, but these errors were encountered: