Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump honnef.co/go/tools from 0.3.2 to 0.4.1 #53

Closed

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 14, 2023

Bumps honnef.co/go/tools from 0.3.2 to 0.4.1.

Release notes

Sourced from honnef.co/go/tools's releases.

Staticcheck 2023.1.1 (v0.4.1)

This release fixes a crash, a false positive in U1000 (issue 1360) and improves the way deprecated API is flagged (issue 1318).

When targeting a Go version that is older than the version that deprecated an API, SA1019 will no longer flag the use even if there is already an alternative available in the targeted Go version.

For example, math/rand.Seed has been deprecated in Go 1.20, but an alternative has existed since Go 1.0. In the past, we would flag uses of Seed even if targeting e.g. Go 1.19, to encourage better forwards compatibility. This can lead to unnecessary churn, however, because the correct change may depend on the Go version in use. For example, for Seed before Go 1.20, the alternative is to use a separate instance of math/rand.Rand, whereas in Go 1.20, a possible alternative is to simply drop the call to Seed.

Staticcheck 2023.1 (v0.4.0)

Staticcheck 2023.1 adds support for Go 1.20, brings minor improvements to various checks, and replaces U1000 with a new implementation.

The following checks have been improved:

  • The wording of S1001 has been made clearer for cases involving arrays. Furthermore, it no longer suggests using copy when the function has been shadowed.
  • S1011 now recognizes index-based loops (issue 881).
  • SA1019 no longer flags tests (internal or external) that use deprecated API from the package under test (issue 1285). Furthermore, entire declaration groups (such as groups of constants) can now be marked as deprecated (issue 1313).
  • SA4017 now detects more functions, including those in the time package (issue 1353). Additionally, its wording has been made clearer.
  • SA5010 no longer gets confused by type assertions involving generic types (issue 1354).
  • ST1005 no longer flags errors that start with alpha-numeric acronyms such as P384.
  • Improvements to our intermediate representation may allow various checks to find more problems.

Staticcheck now knows about version 2 of the k8s.io/klog package, in particular which functions abort control flow (issue 1307).

In addition to these minor improvements, U1000 has been rewritten from the ground up, operating on a program representation more suited to the task. In practice this means that there will be fewer false positives and more true positives.

Overall, the rewrite fixes at least eight known bugs, both ones that have been a nuisance for a while, as well as ones newly introduced by generics (issue 507, issue 633, issue 810, issue 812, issue 1199, issue 1249, issue 1282, issue 1333).

Staticcheck 2022.1.2 (v0.3.2)

This release addresses the following false positives, crashes, infinite loops, and performance issues:

  • For certain packages that contain tens of thousands of types and methods, such as those generated by ygot, Staticcheck now finishes much faster.
  • Several infinite loops when handling recursive type parameters have been fixed
  • S1009 no longer mistakes user-defined functions named len for the builtin (issue 1181)
  • ST1015 no longer reorders switch statements if their order is significant due to the use of fallthrough (issue 1188)
  • SA1013 now detects constants more robustly, avoiding both false negatives and false positives. Furthermore, it makes sure that offending methods implement io.Seeker and doesn’t just rely on the name Seek (issue 1213).
  • SA5008 now understands more third-party extensions to json struct tags
  • A crash involving functions named _ has been fixed (issue 1268)
  • A crash involving slicing type parameters of type string | []byte has been fixed (issue 1270)
  • SA1019 now handles imports of deprecated standard library packages in the same way it handles other deprecated API, taking the targeted Go version into consideration (issue 1117)

Additionally it is strongly recommended to use Go 1.18.2 for building Staticcheck, as it fixes further generics-related bugs in the type checker.

Staticcheck 2022.1.1 (v0.3.1)

This release addresses the following false positives, crashes, and infinite loops:

... (truncated)

Commits
  • 22a3f20 Version 2023.1.1 (v0.4.1)
  • c42cb65 website: add 2023.1.1 release notes
  • c1104c2 analysis/facts/nilness: handle generic CompositeValue
  • 68c1c4d SA1019: simplify rules for deprecated standard library API
  • e40dea5 unused: don't track objects in other packages that use us
  • 4970552 Version 2023.1 (v0.4.0)
  • 801a056 website: add 2023.1 release notes
  • c30b155 unused: blank parameters are used
  • 9397796 unused: remove Object.Obj
  • f1a9093 unused: reimplement check using the AST
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [honnef.co/go/tools](https://github.com/dominikh/go-tools) from 0.3.2 to 0.4.1.
- [Release notes](https://github.com/dominikh/go-tools/releases)
- [Commits](dominikh/go-tools@v0.3.2...v0.4.1)

---
updated-dependencies:
- dependency-name: honnef.co/go/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Feb 14, 2023
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 16, 2023

Superseded by #55.

@dependabot dependabot bot closed this Feb 16, 2023
@dependabot dependabot bot deleted the dependabot/go_modules/honnef.co/go/tools-0.4.1 branch February 16, 2023 18:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants