Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

all: update standard-library dependencies at the start and end of each development cycle #36905

Open
bcmills opened this issue Jan 30, 2020 · 88 comments
Labels
early-in-cycle A change that should be done early in the 3 month dev cycle. NeedsFix The path to resolution is known, but the work has not been done. recurring Issues that should never be closed, but moved to the next milestone once fixed in the current one. release-blocker
Milestone

Comments

@bcmills
Copy link
Contributor

bcmills commented Jan 30, 2020

The x dependencies vendored into the standard library (via src/go.mod and src/cmd/go.mod) should be updated for each code freeze, so that we can apply any needed fixes to those dependencies without also pulling in unnecessary changes or requiring significant backporting work (see, for example, #36851).

This task, like #11811, #12042, and the API audit (#36167, #32813), should occur regularly in each development cycle. Probably we should update the dependencies at the beginning of each code freeze, and again when we reopen the tree at the end of each code freeze.

CC @golang/osp-team

@bcmills bcmills added this to the Go1.15 milestone Jan 30, 2020
@bcmills bcmills added NeedsFix The path to resolution is known, but the work has not been done. early-in-cycle A change that should be done early in the 3 month dev cycle. labels Jan 30, 2020
@gopherbot
Copy link
Contributor

Change https://golang.org/cl/217517 mentions this issue: all: update module dependencies

@dmitshur
Copy link
Contributor

This issue is currently labeled as early-in-cycle for Go 1.15. That time is now, so friendly ping.

gopherbot pushed a commit that referenced this issue Feb 19, 2020
Updates #36905
Updates #36907

Change-Id: I293dcef67800d5c81ff3a254bbd49309c5880710
Reviewed-on: https://go-review.googlesource.com/c/go/+/217517
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
@bcmills bcmills removed the early-in-cycle A change that should be done early in the 3 month dev cycle. label Feb 19, 2020
@bcmills
Copy link
Contributor Author

bcmills commented Feb 19, 2020

Completed the early-in-cycle update for the 1.15 cycle. Removing the label so we remember to revisit at the close of the cycle.

@gopherbot
Copy link
Contributor

Change https://golang.org/cl/231657 mentions this issue: all: update module dependencies

gopherbot pushed a commit that referenced this issue May 4, 2020
The Go 1.15 code freeze has just started. This is the time to update
all golang.org/x/... module versions that contribute packages to the
std and cmd modules in the standard library to latest master versions.

Those versions have already gone through code review, and now they
will undergo additional testing during the freeze period.
If there are new issues in these dependencies discovered, we have
the freeze period to deal with that. By the end of the freeze period,
we will have confidence that the Go 1.15 release and the dependency
versions it has selected are robust.

If one of the Go 1.15.x minor releases requires changing code in one of
the vendored packages, we'll be able to do so on top of the versions
that are selected here, and not be forced to use versions that came
from different time periods, or try to jump across multiple untested
versions in a minor release.

The dependency versions that are selected in this commit are:

	github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3
	github.com/ianlancetaylor/demangle v0.0.0-20200414190113-039b1ae3a340
	golang.org/x/arch v0.0.0-20200312215426-ff8b605520f4
	golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79
	golang.org/x/mod v0.2.1-0.20200429172858-859b3ef565e2
	golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5
	golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3
	golang.org/x/text v0.3.3-0.20200430171850-afb9336c4530
	golang.org/x/tools v0.0.0-20200504152539-33427f1b0364
	golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543

github.com/ianlancetaylor/demangle is considered in scope and updated.
github.com/google/pprof is out of scope and was not updated.

For #36905.

Change-Id: Icb6996eb0df11f16edd9a42e04434012c0336354
Reviewed-on: https://go-review.googlesource.com/c/go/+/231657
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
@dmitshur
Copy link
Contributor

dmitshur commented May 4, 2020

Completed the start-of-freeze update for the 1.15 cycle in CL 231657. Moving to 1.16 milestone and adding early-in-cycle.

@dmitshur dmitshur modified the milestones: Go1.15, Go1.16 May 4, 2020
@dmitshur dmitshur added the early-in-cycle A change that should be done early in the 3 month dev cycle. label May 4, 2020
@dmitshur dmitshur removed their assignment May 4, 2020
@gopherbot
Copy link
Contributor

Change https://golang.org/cl/234002 mentions this issue: cmd: update golang.org/x/mod to v0.3.0 (same commit)

gopherbot pushed a commit that referenced this issue May 18, 2020
v0.3.0 is a tag on 859b3ef565e2, the version that was already being
used. This change is a no-op, except for letting us use a release
version instead of a pseudo-version.

For #36905

Change-Id: I70b8ce2a3f1451f5602c469501362d7a6a673b12
Reviewed-on: https://go-review.googlesource.com/c/go/+/234002
Run-TryBot: Jay Conrod <jayconrod@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Michael Matloob <matloob@golang.org>
xujianhai666 pushed a commit to xujianhai666/go-1 that referenced this issue May 21, 2020
The Go 1.15 code freeze has just started. This is the time to update
all golang.org/x/... module versions that contribute packages to the
std and cmd modules in the standard library to latest master versions.

Those versions have already gone through code review, and now they
will undergo additional testing during the freeze period.
If there are new issues in these dependencies discovered, we have
the freeze period to deal with that. By the end of the freeze period,
we will have confidence that the Go 1.15 release and the dependency
versions it has selected are robust.

If one of the Go 1.15.x minor releases requires changing code in one of
the vendored packages, we'll be able to do so on top of the versions
that are selected here, and not be forced to use versions that came
from different time periods, or try to jump across multiple untested
versions in a minor release.

The dependency versions that are selected in this commit are:

	github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3
	github.com/ianlancetaylor/demangle v0.0.0-20200414190113-039b1ae3a340
	golang.org/x/arch v0.0.0-20200312215426-ff8b605520f4
	golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79
	golang.org/x/mod v0.2.1-0.20200429172858-859b3ef565e2
	golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5
	golang.org/x/sys v0.0.0-20200501145240-bc7a7d42d5c3
	golang.org/x/text v0.3.3-0.20200430171850-afb9336c4530
	golang.org/x/tools v0.0.0-20200504152539-33427f1b0364
	golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543

github.com/ianlancetaylor/demangle is considered in scope and updated.
github.com/google/pprof is out of scope and was not updated.

For golang#36905.

Change-Id: Icb6996eb0df11f16edd9a42e04434012c0336354
Reviewed-on: https://go-review.googlesource.com/c/go/+/231657
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
@andybons andybons added the recurring Issues that should never be closed, but moved to the next milestone once fixed in the current one. label Jul 30, 2020
@dmitshur
Copy link
Contributor

This issue is currently labeled as early-in-cycle for Go 1.16.
That time is now, so this is a friendly ping so the issue is looked at again.

@dmitshur
Copy link
Contributor

I'm creating a short program that performs this task. Using a program makes it easier to precisely define our update policy, and adjust it over time as needed. It also makes this task less error prone and easier to review. Finally, this can help with #41409 and #36852.

The policy I'm implementing right now is informed by the strategy we used in past manual CLs (e.g., CL 231657), with small adjustments. The policy is for all modules in the GOROOT/src directory (currently, std and cmd), update all direct (not indirect) modules with the import path prefix "golang.org/x/" to their latest tip pseudo-version (which can later become tagged as a release version).

The small adjustment is that the github.com/ianlancetaylor/demangle module won't be automatically updated as part of this process. My rationale is that it's different enough that it probably warrants being updated on its own schedule, when there is an explicit need. /cc @ianlancetaylor

Indirect golang.org/x dependencies are not updated, although they could be. I'm going with the more conservative choice for now. I'm open to feedback on this, and can see pros/cons to both strategies.

I've also considered but left out other modules in the GOROOT tree (e.g., GOROOT/misc) for now.

@dmitshur
Copy link
Contributor

Indirect golang.org/x dependencies are not updated, although they could be. I'm going with the more conservative choice for now. I'm open to feedback on this, and can see pros/cons to both strategies.

Looks like we did update indirect dependencies last time. If we don't, it leaves much fewer dependencies to update, because the go.mod files of golang.org/x modules aren't being updated very often.

Will think more about it and likely go with what we did last time as the next step here.

@gopherbot
Copy link
Contributor

Change https://golang.org/cl/255859 mentions this issue: misc/update: add program to update golang.org/x dependencies

@gopherbot
Copy link
Contributor

Change https://golang.org/cl/255860 mentions this issue: all: update vendored dependencies during Go 1.15 development

@dmitshur dmitshur changed the title all: update standard-library dependencies at the start and end of each code freeze all: update standard-library dependencies at the start and end of each development cycle Sep 18, 2020
@gopherbot
Copy link
Contributor

Change https://golang.org/cl/256357 mentions this issue: cmd/updatestd: add program to maintain standard library modules

gopherbot pushed a commit that referenced this issue Aug 15, 2023
Pull in the latest published version of github.com/google/pprof
as part of the continuous process of keeping Go's dependencies
up to date. Done with:

go get github.com/google/pprof
go mod tidy
go mod vendor

For #36905.

Change-Id: I2a48e912712bc916c9d749acb1550682f919477e
Reviewed-on: https://go-review.googlesource.com/c/go/+/519657
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/536575 mentions this issue: all: update vendored dependencies

gopherbot pushed a commit that referenced this issue Oct 19, 2023
One of the remaining uses of the old +build syntax was in the bundled
copy of golang.org/x/net/http2 in net/http. Pull in a newer version of
bundle with CL 536075 that drops said +build syntax line. Also pull in
newer x/sys and other golang.org/x modules where old +build lines were
recently dropped.

Generated with:

go install golang.org/x/build/cmd/updatestd@latest
go install golang.org/x/tools/cmd/bundle@latest
updatestd -goroot=$(pwd) -branch=master

For #36905.
For #41184.
For #60268.

Change-Id: Ia18d1ce9eadce85b38176058ad1fe38562b004e9
Cq-Include-Trybots: luci.golang.try:gotip-linux-386-longtest,gotip-linux-amd64-longtest,gotip-windows-amd64-longtest
Reviewed-on: https://go-review.googlesource.com/c/go/+/536575
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
yunginnanet pushed a commit to yunginnanet/go that referenced this issue Oct 20, 2023
One of the remaining uses of the old +build syntax was in the bundled
copy of golang.org/x/net/http2 in net/http. Pull in a newer version of
bundle with CL 536075 that drops said +build syntax line. Also pull in
newer x/sys and other golang.org/x modules where old +build lines were
recently dropped.

Generated with:

go install golang.org/x/build/cmd/updatestd@latest
go install golang.org/x/tools/cmd/bundle@latest
updatestd -goroot=$(pwd) -branch=master

For golang#36905.
For golang#41184.
For golang#60268.

Change-Id: Ia18d1ce9eadce85b38176058ad1fe38562b004e9
Cq-Include-Trybots: luci.golang.try:gotip-linux-386-longtest,gotip-linux-amd64-longtest,gotip-windows-amd64-longtest
Reviewed-on: https://go-review.googlesource.com/c/go/+/536575
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
@dmitshur dmitshur self-assigned this Nov 29, 2023
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/546055 mentions this issue: all: update vendored dependencies

gopherbot pushed a commit that referenced this issue Nov 29, 2023
The Go 1.22 code freeze has recently started. This is a time to update
all golang.org/x/... module versions that contribute packages to the
std and cmd modules in the standard library to latest master versions.

Generated with:

go install golang.org/x/build/cmd/updatestd@latest
go install golang.org/x/tools/cmd/bundle@latest
updatestd -goroot=$(pwd) -branch=master

For #36905.

Change-Id: I76525261b9a954ed21a3bd3cb6c4a12e6c031d80
Cq-Include-Trybots: luci.golang.try:gotip-windows-amd64-longtest,gotip-linux-amd64-longtest,gotip-linux-386-longtest
Reviewed-on: https://go-review.googlesource.com/c/go/+/546055
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
@dmitshur
Copy link
Contributor

CL 546055 did the start-of-freeze update for the 1.22 cycle.
Moving to the Go 1.23 milestone and adding early-in-cycle.

@dmitshur dmitshur modified the milestones: Go1.22, Go1.23 Nov 29, 2023
@dmitshur dmitshur added the early-in-cycle A change that should be done early in the 3 month dev cycle. label Nov 29, 2023
@dmitshur dmitshur removed their assignment Nov 29, 2023
@gopherbot
Copy link
Contributor

This issue is currently labeled as early-in-cycle for Go 1.23.
That time is now, so a friendly reminder to look at it again.

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/557457 mentions this issue: all: update vendored dependencies

gopherbot pushed a commit that referenced this issue Jan 22, 2024
The Go 1.23 development tree has opened. This is a time to update
all golang.org/x/... module versions that contribute packages to the
std and cmd modules in the standard library to latest master versions.

Generated with:

go install golang.org/x/build/cmd/updatestd@latest
go install golang.org/x/tools/cmd/bundle@latest
updatestd -goroot=$(pwd) -branch=master

For #36905.

Change-Id: I46a68f27a54f1e3f9e1aa5af4de6ee0b26388f3f
Reviewed-on: https://go-review.googlesource.com/c/go/+/557457
Reviewed-by: Carlos Amedee <carlos@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
@cherrymui
Copy link
Member

CL https://go.dev/cl/557457 submitted for Go 1.23 early-in-cycle. Removed the early-in-cycle label, leave the issue for Go 1.23 end-of-cycle.

@cherrymui cherrymui removed the early-in-cycle A change that should be done early in the 3 month dev cycle. label Jan 22, 2024
awly pushed a commit to tailscale/go that referenced this issue Feb 7, 2024
Generated by:

	go install golang.org/x/tools/cmd/bundle@latest
	go install golang.org/x/build/cmd/updatestd@latest
	updatestd -goroot=$GOROOT -branch=master

For golang#36905.
For golang#55079.

Fixes golang#61174 (vet checkers understanding Go language version).
Fixes golang#61200 (slog InfoCtx -> InfoContext etc).

Change-Id: I4f2c86960ce72d6df06e23da1b1297ab3ff2eecf
Reviewed-on: https://go-review.googlesource.com/c/go/+/509099
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Alan Donovan <adonovan@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/564636 mentions this issue: cmd/pprof: update vendored github.com/google/pprof

gopherbot pushed a commit that referenced this issue Feb 16, 2024
Pull in the latest published version of github.com/google/pprof
as part of the continuous process of keeping Go's dependencies
up to date. Done with:

go get github.com/google/pprof
go mod tidy
go mod vendor

For #36905.
Fixes #65741.

Change-Id: Ice7b085c03ff69be97929cbe47bfd91954907529
Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest
Reviewed-on: https://go-review.googlesource.com/c/go/+/564636
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
ezz-no pushed a commit to ezz-no/go-ezzno that referenced this issue Feb 18, 2024
The Go 1.23 development tree has opened. This is a time to update
all golang.org/x/... module versions that contribute packages to the
std and cmd modules in the standard library to latest master versions.

Generated with:

go install golang.org/x/build/cmd/updatestd@latest
go install golang.org/x/tools/cmd/bundle@latest
updatestd -goroot=$(pwd) -branch=master

For golang#36905.

Change-Id: I46a68f27a54f1e3f9e1aa5af4de6ee0b26388f3f
Reviewed-on: https://go-review.googlesource.com/c/go/+/557457
Reviewed-by: Carlos Amedee <carlos@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
ezz-no pushed a commit to ezz-no/go-ezzno that referenced this issue Feb 18, 2024
Pull in the latest published version of github.com/google/pprof
as part of the continuous process of keeping Go's dependencies
up to date. Done with:

go get github.com/google/pprof
go mod tidy
go mod vendor

For golang#36905.
Fixes golang#65741.

Change-Id: Ice7b085c03ff69be97929cbe47bfd91954907529
Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest
Reviewed-on: https://go-review.googlesource.com/c/go/+/564636
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/589935 mentions this issue: all: update vendored dependencies

gopherbot pushed a commit that referenced this issue Jun 4, 2024
The Go 1.23 code freeze has recently started. This is a time to update
all golang.org/x/... module versions that contribute packages to the
std and cmd modules in the standard library to latest master versions.

For #36905.

[git-generate]
go install golang.org/x/build/cmd/updatestd@latest
go install golang.org/x/tools/cmd/bundle@latest
updatestd -goroot=$(pwd) -branch=master

Change-Id: I9162f547c148809d6fb1e4157f6f504634cef3b7
Reviewed-on: https://go-review.googlesource.com/c/go/+/589935
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
@mknyszek
Copy link
Contributor

mknyszek commented Jun 4, 2024

CL 589935 did the start-of-freeze update for the 1.23 cycle.
Moving to the Go 1.24 milestone and adding early-in-cycle.

@mknyszek mknyszek modified the milestones: Go1.23, Go1.24 Jun 4, 2024
@mknyszek mknyszek added the early-in-cycle A change that should be done early in the 3 month dev cycle. label Jun 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
early-in-cycle A change that should be done early in the 3 month dev cycle. NeedsFix The path to resolution is known, but the work has not been done. recurring Issues that should never be closed, but moved to the next milestone once fixed in the current one. release-blocker
Projects
Status: No status
Development

No branches or pull requests