Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/tools/gopls: automated issue report (crash) in golang.org/x/mod/modfile.(*File).Format #55837

Closed
Adam-Jin opened this issue Aug 31, 2022 · 2 comments
Closed

x/tools/gopls: automated issue report (crash) in golang.org/x/mod/modfile.(*File).Format #55837

Adam-Jin opened this issue Aug 31, 2022 · 2 comments
Assignees
@findleyr
Labels
FrozenDueToAge gopls Issues related to the Go language server, gopls. Tools This label describes issues relating to any tools in the x/tools repository.
Milestone
gopls/v0.11.0

Comments

@Adam-Jin
Copy link

gopls version: v0.9.4 (go1.18.4)
gopls flags:
update flags: proxy
extension version: 0.35.2
go version: 1.18.4
environment: Visual Studio Code linux
initialization error: undefined
issue timestamp: Wed, 31 Aug 2022 05:41:34 GMT
restart history:
Wed, 31 Aug 2022 02:54:23 GMT: activation (enabled: true)
Wed, 31 Aug 2022 04:46:47 GMT: manual (enabled: true)

ATTENTION: PLEASE PROVIDE THE DETAILS REQUESTED BELOW.

Describe what you observed.

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x70 pc=0x7fde94]

goroutine 10510 [running]:
golang.org/x/mod/modfile.(*File).Format(0xc001bd2960%3F)
	  rule.go:877  0x14
golang.org/x/tools/internal/lsp/cache.(*importsState).runProcessEnvFunc(0xc000530630, {0x1087b30, 0xc0056f1ad0}, 0xc001ee08c0, 0xc00277b580)
	  imports.go:62  0x1ae
golang.org/x/tools/internal/lsp/cache.(*snapshot).RunProcessEnvFunc(0xc001ee08c0%3F, {0x1087b30%3F, 0xc0056f1ad0%3F}, 0x1087dd0%3F)
	  view.go:370  0x34
golang.org/x/tools/internal/lsp/source.AllImportsFixes({0x1087a88, 0xc001d00180}, {0x10902f0%3F, 0xc001ee08c0}, {0x1087dd0, 0xc00066ab60})
	  format.go:120  0x308
golang.org/x/tools/internal/lsp.(*Server).codeAction(0xcb8440%3F, {0x1087a88, 0xc001d00180}, 0xc004275380)
	  code_action.go:97  0x97b
golang.org/x/tools/internal/lsp.(*Server).CodeAction(0xc0000fc620%3F, {0x1087a88%3F, 0xc001d00180%3F}, 0xcb8440%3F)
	  server_gen.go:16  0x25
golang.org/x/tools/internal/lsp/protocol.serverDispatch({0x1087a88, 0xc001d00180}, {0x10943b0, 0xc0004d66c0}, 0xc0056f1a10, {0x1087d28, 0xc001d00100})
	  tsserver.go:611  0x1ce2
golang.org/x/tools/internal/lsp/protocol.ServerHandler.func1({0x1087a88, 0xc001d00180}, 0xc0056f1a10, {0x1087d28, 0xc001d00100})
	  protocol.go:157  0x90
golang.org/x/tools/internal/lsp/lsprpc.handshaker.func1({0x1087a88, 0xc001d00180}, 0xc0056f1a10, {0x1087d28%3F, 0xc001d00100%3F})
	  lsprpc.go:515  0xa43
golang.org/x/tools/internal/jsonrpc2.MustReplyHandler.func1({0x1087a88, 0xc001d00180}, 0xc002381590, {0x1087d28%3F, 0xc001d00100%3F})
	  handler.go:35  0xf6
golang.org/x/tools/internal/jsonrpc2.AsyncHandler.func1.2()
	  handler.go:103  0xa3
created by golang.org/x/tools/internal/jsonrpc2.AsyncHandler.func1
	  handler.go:100  0x20a
[Error - 1:41:17 PM]

OPTIONAL: If you would like to share more information, you can attach your complete gopls logs.

NOTE: THESE MAY CONTAIN SENSITIVE INFORMATION ABOUT YOUR CODEBASE.
DO NOT SHARE LOGS IF YOU ARE WORKING IN A PRIVATE REPOSITORY.

<OPTIONAL: ATTACH LOGS HERE>
@jamalc jamalc assigned jamalc and findleyr and unassigned jamalc Sep 1, 2022
@hyangah
Copy link
Contributor

hyangah commented Sep 23, 2022

Thanks for the report. Transferring this to gopls issue tracker for investigation by the team.

@hyangah hyangah transferred this issue from golang/vscode-go Sep 23, 2022
@gopherbot gopherbot added the gopls Issues related to the Go language server, gopls. label Sep 23, 2022
@hyangah hyangah changed the title gopls: automated issue report (crash) x/tools/gopls: automated issue report (crash) in golang.org/x/mod/modfile.(*File).Format Sep 23, 2022
@gopherbot gopherbot added the Tools This label describes issues relating to any tools in the x/tools repository. label Sep 23, 2022
@gopherbot gopherbot added this to the Unreleased milestone Sep 23, 2022
@hyangah hyangah added this to the gopls/v0.10.0 milestone Sep 23, 2022
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/447956 mentions this issue: internal/lsp/cache: simplify import mod file hashing logic

sywhang pushed a commit to uber-go/gopatch that referenced this issue Jul 6, 2023
@dependabot
build(deps): bump golang.org/x/tools from 0.10.0 to 0.11.0 (#124)
ca62e03 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0
to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability
analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting to <code>&quot;Imports&quot;</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
post.</p>
<h2>Support changes</h2>
<p>This release removes support for the
<code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as
described in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a>
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;:
&quot;Imports&quot;</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a>
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using &quot;Run govulncheck to
verify&quot; code actions or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
code lens on <code>go.mod</code> files.</li>
</ul>
<p><a
href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a>
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png"
alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>&quot;Imports&quot;</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
setting controls the presence of code lenses that run the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a>
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a
href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a>
milestone.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a
href="https://github.com/dle8"><code>@​dle8</code></a>, <a
href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a
href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a
href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>:
a new crash during method completion on variables of type
<code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a>
go/ssa/interp: support conversions to slices of named bytes</li>
<li><a
href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a>
gopls/doc/contributing.md: document error handling strategies</li>
<li><a
href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a>
go/packages/gopackages: document -mode flag</li>
<li><a
href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a
href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a
href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a>
gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a
href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a>
Revert &quot;go/analysis: add Sizes that matches gc size
computations&quot;</li>
<li><a
href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a>
go/analysis: add Sizes that matches gc size computations</li>
<li><a
href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a>
go/vcs: delete</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
aviator-app bot pushed a commit to alcionai/corso that referenced this issue Jul 6, 2023
@dependabot
⬆️ Bump golang.org/x/tools from 0.10.0 to 0.11.0 in /src (#3760)
597a51c 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting to <code>&quot;Imports&quot;</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p>
<h2>Support changes</h2>
<p>This release removes support for the <code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;: &quot;Imports&quot;</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li>
<li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using &quot;Run govulncheck to verify&quot; code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> code lens on <code>go.mod</code> files.</li>
</ul>
<p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p>
<p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>&quot;Imports&quot;</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone.
To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a href="https://github.com/dle8"><code>@​dle8</code></a>, <a href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li>
<li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li>
<li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li>
<li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li>
<li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert &quot;go/analysis: add Sizes that matches gc size computations&quot;</li>
<li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li>
<li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li>
<li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
jazanne pushed a commit to launchdarkly/ld-find-code-refs that referenced this issue Jul 10, 2023
@dependabot
Bump golang.org/x/tools from 0.10.0 to 0.11.0 (#364)
9d0bd95 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0
to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability
analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting to <code>&quot;Imports&quot;</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
post.</p>
<h2>Support changes</h2>
<p>This release removes support for the
<code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as
described in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a>
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;:
&quot;Imports&quot;</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a>
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using &quot;Run govulncheck to
verify&quot; code actions or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
code lens on <code>go.mod</code> files.</li>
</ul>
<p><a
href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a>
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png"
alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>&quot;Imports&quot;</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
setting controls the presence of code lenses that run the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a>
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a
href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a>
milestone.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a
href="https://github.com/dle8"><code>@​dle8</code></a>, <a
href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a
href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a
href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>:
a new crash during method completion on variables of type
<code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a>
go/ssa/interp: support conversions to slices of named bytes</li>
<li><a
href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a>
gopls/doc/contributing.md: document error handling strategies</li>
<li><a
href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a>
go/packages/gopackages: document -mode flag</li>
<li><a
href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a
href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a
href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a>
gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a
href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a>
Revert &quot;go/analysis: add Sizes that matches gc size
computations&quot;</li>
<li><a
href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a>
go/analysis: add Sizes that matches gc size computations</li>
<li><a
href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a>
go/vcs: delete</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
bors bot added a commit to xen0n/goubao that referenced this issue Jul 10, 2023
@bors @dependabot
Merge #30
f465213 
30: build(deps): bump golang.org/x/tools from 0.10.0 to 0.11.0 r=xen0n a=dependabot[bot]

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting to <code>&quot;Imports&quot;</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p>
<h2>Support changes</h2>
<p>This release removes support for the <code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;: &quot;Imports&quot;</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li>
<li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using &quot;Run govulncheck to verify&quot; code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> code lens on <code>go.mod</code> files.</li>
</ul>
<p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p>
<p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>&quot;Imports&quot;</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone.
To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>`@​Arsen6331</code></a>,` <a href="https://github.com/SN9NV"><code>`@​SN9NV</code></a>,` <a href="https://github.com/adonovan"><code>`@​adonovan</code></a>,` <a href="https://github.com/bcmills"><code>`@​bcmills</code></a>,` <a href="https://github.com/dle8"><code>`@​dle8</code></a>,` <a href="https://github.com/findleyr"><code>`@​findleyr</code></a>,` <a href="https://github.com/hyangah"><code>`@​hyangah</code></a>,` <a href="https://github.com/pjweinbgo"><code>`@​pjweinbgo</code></a>,` <a href="https://github.com/suzmue"><code>`@​suzmue</code></a></p>`
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li>
<li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li>
<li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li>
<li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li>
<li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert &quot;go/analysis: add Sizes that matches gc size computations&quot;</li>
<li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li>
<li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li>
<li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting ``@dependabot` rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- ``@dependabot` rebase` will rebase this PR
- ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it
- ``@dependabot` merge` will merge this PR after your CI passes on it
- ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it
- ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging
- ``@dependabot` reopen` will reopen this PR if it is closed
- ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
sywhang pushed a commit to uber-go/fx that referenced this issue Jul 10, 2023
@dependabot
chore(deps): bump golang.org/x/tools from 0.10.0 to 0.11.0 in /tools (#…
5aa123f 
…1100)

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0
to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability
analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting to <code>&quot;Imports&quot;</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
post.</p>
<h2>Support changes</h2>
<p>This release removes support for the
<code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as
described in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a>
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;:
&quot;Imports&quot;</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a>
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using &quot;Run govulncheck to
verify&quot; code actions or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
code lens on <code>go.mod</code> files.</li>
</ul>
<p><a
href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a>
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png"
alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>&quot;Imports&quot;</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
setting controls the presence of code lenses that run the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a>
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a
href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a>
milestone.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a
href="https://github.com/dle8"><code>@​dle8</code></a>, <a
href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a
href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a
href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>:
a new crash during method completion on variables of type
<code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a>
go/ssa/interp: support conversions to slices of named bytes</li>
<li><a
href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a>
gopls/doc/contributing.md: document error handling strategies</li>
<li><a
href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a>
go/packages/gopackages: document -mode flag</li>
<li><a
href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a
href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a
href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a>
gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a
href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a>
Revert &quot;go/analysis: add Sizes that matches gc size
computations&quot;</li>
<li><a
href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a>
go/analysis: add Sizes that matches gc size computations</li>
<li><a
href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a>
go/vcs: delete</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mergify bot pushed a commit to aws/jsii that referenced this issue Jul 11, 2023
@dependabot
chore(deps): Bump golang.org/x/tools from 0.10.0 to 0.11.0 in /packag…
a23e405 
…es/@jsii/go-runtime-test/project (#4169)

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting to <code>&quot;Imports&quot;</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p>
<h2>Support changes</h2>
<p>This release removes support for the <code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;: &quot;Imports&quot;</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li>
<li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using &quot;Run govulncheck to verify&quot; code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> code lens on <code>go.mod</code> files.</li>
</ul>
<p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>

<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p>
<p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>&quot;Imports&quot;</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone.
To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a href="https://github.com/dle8"><code>@​dle8</code></a>, <a href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li>
<li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li>
<li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li>
<li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li>
<li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert &quot;go/analysis: add Sizes that matches gc size computations&quot;</li>
<li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li>
<li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li>
<li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
mergify bot pushed a commit to aws/jsii that referenced this issue Jul 11, 2023
@dependabot
chore(deps): Bump golang.org/x/tools from 0.10.0 to 0.11.0 in /packag…
c87b684 
…es/@jsii/go-runtime/jsii-runtime-go (#4170)

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting to <code>&quot;Imports&quot;</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p>
<h2>Support changes</h2>
<p>This release removes support for the <code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;: &quot;Imports&quot;</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li>
<li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using &quot;Run govulncheck to verify&quot; code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> code lens on <code>go.mod</code> files.</li>
</ul>
<p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>

<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p>
<p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>&quot;Imports&quot;</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li>
<li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone.
To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a href="https://github.com/dle8"><code>@​dle8</code></a>, <a href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li>
<li><a href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li>
<li><a href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li>
<li><a href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li>
<li><a href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a> Revert &quot;go/analysis: add Sizes that matches gc size computations&quot;</li>
<li><a href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li>
<li><a href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a> go/vcs: delete</li>
<li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
caarlos0 pushed a commit to goreleaser/goreleaser that referenced this issue Jul 12, 2023
@dependabot
feat(deps): bump the gomod-deps group with 3 updates (#4165)
49d6a15 
Bumps the gomod-deps group with 3 updates:
[golang.org/x/crypto](https://github.com/golang/crypto),
[golang.org/x/oauth2](https://github.com/golang/oauth2) and
[golang.org/x/tools](https://github.com/golang/tools).

Updates `golang.org/x/crypto` from 0.10.0 to 0.11.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/crypto/commit/e98487292dcad4efaa6033b245ee014f90d177a2"><code>e984872</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/crypto/commit/183630ada7e00d6d4743f43479b7d4ea51de715e"><code>183630a</code></a>
x509roots: generate a stable sort, for real this time</li>
<li><a
href="https://github.com/golang/crypto/commit/a9e447dde7f8f364232efb5072e3ff89b24308da"><code>a9e447d</code></a>
x509roots/fallback: add //go:build go1.20 to bundle.go</li>
<li><a
href="https://github.com/golang/crypto/commit/64c3993f5c824fe7febbf8561179da523a4e98ea"><code>64c3993</code></a>
ssh: add hmac-sha2-512</li>
<li><a
href="https://github.com/golang/crypto/commit/5fe8145acacf736d52576b87b17c416731e0c4a8"><code>5fe8145</code></a>
x509roots: remove list hash and generation date, change ordering</li>
<li><a
href="https://github.com/golang/crypto/commit/043e94c17aa993f4d1026a2f692b8980e7740df2"><code>043e94c</code></a>
x509roots: fix generate script argument checking</li>
<li><a
href="https://github.com/golang/crypto/commit/0d502d7cd64920c6d2cce3950ead89a5c4eb5e69"><code>0d502d7</code></a>
x509roots: use &quot;generate&quot; build tag</li>
<li><a
href="https://github.com/golang/crypto/commit/0ff60057bbafb685e9f9a97af5261f484f8283d1"><code>0ff6005</code></a>
ssh/test: set a timeout and WaitDelay on sshd subcommands</li>
<li>See full diff in <a
href="https://github.com/golang/crypto/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/oauth2` from 0.9.0 to 0.10.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/oauth2/commit/ec5679f607c139709bdc4c2608494d56b95611fe"><code>ec5679f</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/oauth2/commit/989acb1bfed17be45134185bd228d89675a68f19"><code>989acb1</code></a>
all: update dependencies to their latest versions</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.9.0...v0.10.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/tools` from 0.10.0 to 0.11.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability
analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting to <code>&quot;Imports&quot;</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
post.</p>
<h2>Support changes</h2>
<p>This release removes support for the
<code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as
described in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a>
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;:
&quot;Imports&quot;</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a>
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using &quot;Run govulncheck to
verify&quot; code actions or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
code lens on <code>go.mod</code> files.</li>
</ul>
<p><a
href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a>
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png"
alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>&quot;Imports&quot;</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
setting controls the presence of code lenses that run the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a>
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a
href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a>
milestone.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a
href="https://github.com/dle8"><code>@​dle8</code></a>, <a
href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a
href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a
href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>:
a new crash during method completion on variables of type
<code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a>
go/ssa/interp: support conversions to slices of named bytes</li>
<li><a
href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a>
gopls/doc/contributing.md: document error handling strategies</li>
<li><a
href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a>
go/packages/gopackages: document -mode flag</li>
<li><a
href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a
href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a
href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a>
gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a
href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a>
Revert &quot;go/analysis: add Sizes that matches gc size
computations&quot;</li>
<li><a
href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a>
go/analysis: add Sizes that matches gc size computations</li>
<li><a
href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a>
go/vcs: delete</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
ginglis13 pushed a commit to runfinch/finch that referenced this issue Jul 14, 2023
@dependabot
build(deps): Bump golang.org/x/tools from 0.10.0 to 0.11.0 (#466)
a8b32f9 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0
to 0.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability
analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting to <code>&quot;Imports&quot;</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
post.</p>
<h2>Support changes</h2>
<p>This release removes support for the
<code>&quot;experimentalUseInvalidMetadata&quot;</code> setting, as
described in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a>
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;:
&quot;Imports&quot;</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a>
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using &quot;Run govulncheck to
verify&quot; code actions or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
code lens on <code>go.mod</code> files.</li>
</ul>
<p><a
href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a>
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png"
alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>&quot;vulncheck&quot;</code></a>
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>&quot;Imports&quot;</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>&quot;codelenses.run_govulncheck&quot;</code></a>
setting controls the presence of code lenses that run the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a>
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a
href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a>
milestone.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@​Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@​SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@​adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@​bcmills</code></a>, <a
href="https://github.com/dle8"><code>@​dle8</code></a>, <a
href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@​pjweinbgo</code></a>, <a
href="https://github.com/suzmue"><code>@​suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a
href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>:
a new crash during method completion on variables of type
<code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/675bf3c243d60cbba429fad9924e520e8a86074f"><code>675bf3c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/ad52c1ca35fb661c53eedbdee5f3b0e3c33e54e1"><code>ad52c1c</code></a>
go/ssa/interp: support conversions to slices of named bytes</li>
<li><a
href="https://github.com/golang/tools/commit/14ec3c023fa0003b489ce1abe0484924ea5276f8"><code>14ec3c0</code></a>
gopls/doc/contributing.md: document error handling strategies</li>
<li><a
href="https://github.com/golang/tools/commit/c4953641676aa4639fcbd2ca825c43cedeaa9e8c"><code>c495364</code></a>
go/packages/gopackages: document -mode flag</li>
<li><a
href="https://github.com/golang/tools/commit/87ad891fe35467be3d692a3f37fef9fb5cb08dcd"><code>87ad891</code></a>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a
href="https://github.com/golang/tools/commit/27fd94e099b2bbd4c660f0b140af121af9a943c8"><code>27fd94e</code></a>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a
href="https://github.com/golang/tools/commit/d362be0cdb73ca5215ecaaf1514120c6b8b955e9"><code>d362be0</code></a>
gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a
href="https://github.com/golang/tools/commit/969078be460fb5efe195a1d4c69e3701298e9a21"><code>969078b</code></a>
Revert &quot;go/analysis: add Sizes that matches gc size
computations&quot;</li>
<li><a
href="https://github.com/golang/tools/commit/5aa6acb96f843a0257c5c1c0e52753bcd18b77b3"><code>5aa6acb</code></a>
go/analysis: add Sizes that matches gc size computations</li>
<li><a
href="https://github.com/golang/tools/commit/5a89a3bf267ef12790327b8692c88654845bc78d"><code>5a89a3b</code></a>
go/vcs: delete</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.10.0&new-version=0.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@golang golang locked and limited conversation to collaborators Nov 4, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@findleyr findleyr

Labels
FrozenDueToAge gopls Issues related to the Go language server, gopls. Tools This label describes issues relating to any tools in the x/tools repository.
Projects
None yet
Milestone
gopls/v0.11.0
Development

No branches or pull requests
5 participants
@hyangah @gopherbot @jamalc @Adam-Jin @findleyr