Release notes
Sourced from golang.org/x/tools's releases.
gopls/v0.10.0
This release contains initial support for standalone packages and package renaming. Please see below for more details.
We are also changing our release policy to better align with semver.
Support changes
This version of gopls contains changes to our release policy, deprecates support for some older Go versions, and deprecates support for several experimental features.
New release policy
As described in golang/go#55267, we are tightening our release policy to better follow semver, increase stability, and reduce release-related toil. Significant new features will only be introduced in
*.*.0patch versions, and subsequent patch releases will consist only of bugfixes. For example, this version (v0.10.0) introduces several new features, described below. Subsequent v0.10.* releases will contain only bugfixes.Final support for Go 1.13-1.15
Consistent with the above release policy and our stated support window, the
v0.10.*minor version will be the final set of releases to support being used with Go 1.13-1.15. See golang/go#52982 for details.Gopls will pop up a warning if it resolves a version of the
gocommand that is older than 1.16. Starting with gopls@v0.11.0, gopls will cease to function when used with agocommand with a version older than 1.16.Deprecated experimental features
The following experimental features are deprecated, and will be removed in gopls@v0.11.0:
- experimentalWorkspaceModule
golang/go#52897go.workfiles. See our documentation for information on how to usego.workfiles to work on multiple modules.- experimentalWatchedFileDelay
golang/go#55268workspace/didChangeWatchedFilesnotifications.- experimentalUseInvalidMetadata
golang/go#54180New Features
Support for "standalone packages"
Gopls now recognizes certain files as "standalone main packages", meaning they should be interpreted as main packages consisting of a single file. To do this, gopls looks for packages named
maincontaining a single build constraint that matches one of the tags configured by the newstandaloneTagssetting.This enables cross references and other features when working in a file such as the example below that contains a
//go:build ignorebuild constraint.
(preview) Support for package renaming
golang/go#41567golang/go#56184.To rename a package, initiate a rename request on the package clause of a file in the package:
When this renaming is applied, gopls will adjust other package files accordingly, rename the package directory, and update import paths referencing the current package or any nested package in the renamed directory.
Method information in hover
Hovering over a type now shows a summary of its methods.
... (truncated)
Commits
7261b32gopls/internal/regtest: fix goimports on windows when using vendoring41e4e56gopls/internal/lsp/source/completion: ensuring completion completenessac29460go/ssa: fix bug in writeSignature on external functions3b62e7ego/ssa: use core type within (*builder).receiverf394d45gopls/internal/lsp/cache: compute xrefs and methodsets asynchronously27dbf85go.mod: update golang.org/x dependenciesc6c9830go/types/objectpath: memoize scope lookup in objectpath.Encoder0245e1dgopls/internal/regtest/codelens: set GOWORK=off for go mod vendor85be888go/analysis/passes/defers: add analyser for defer mistakec43232fcmd/digraph: improve examples using go list, mod- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Release notes
Sourced from golang.org/x/tools's releases.
gopls/v0.11.0
This is a small release containing new integrations of vulnerability analysis.
Vulnerability analysis for go.mod files can be enabled by configuring the
"vulncheck"setting to"Imports". For more information on vulnerability management, see the Vulnerability Management for Go blog post.Support changes
This release removes support for the
"experimentalUseInvalidMetadata"setting, as described in the v0.10.0 release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.New Features
Analyzing dependencies for vulnerabilities
This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (https://vuln.go.dev) and complement each other.
- Imports-based scanning, enabled by the
"vulncheck": "Imports"setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.- Integration of the golang.org/x/vuln/cmd/govulncheck command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using "Run govulncheck to verify" code actions or the
"codelenses.run_govulncheck"code lens ongo.modfiles.https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4
Additional checks for the
loopclosureanalyzerThe
loopclosureanalyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests run in parallel with the loop, a mistake that often results in all but the final test case being skipped.
Configuration changes
- The
"vulncheck"setting controls vulnerability analysis based on the Go vulnerability database. If set to"Imports", gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.- The
"codelenses.run_govulncheck"setting controls the presence of code lenses that run the govulncheck command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.Bug fixes
This version of gopls includes fixes to several bugs, notably:
golang/go#57053golang/go#55837golang/go#56450).golang/go#54816A full list of all issues fixed can be found in the gopls/v0.11.0 milestone. To report a new problem, please file a new issue at https://go.dev/issues/new.
Thank you to our contributors
@Arsen6331,@SN9NV,@adonovan,@bcmills,@dle8,@findleyr,@hyangah,@pjweinbgo,@suzmuegopls/v0.10.1
This release contains a fix for golang/go#56505: a new crash during method completion on variables of type
*error.
... (truncated)
Commits
675bf3cgo.mod: update golang.org/x dependenciesad52c1cgo/ssa/interp: support conversions to slices of named bytes14ec3c0gopls/doc/contributing.md: document error handling strategiesc495364go/packages/gopackages: document -mode flag87ad891gopls/internal/lsp/source/typerefs: move test into _test.go27fd94einternal/fastwalk: doc formatting fixes (including godoc links)d362be0gopls/internal/lsp/filecache: reduce GC frequency969078bRevert "go/analysis: add Sizes that matches gc size computations"5aa6acbgo/analysis: add Sizes that matches gc size computations5a89a3bgo/vcs: delete- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Release notes
Sourced from actions/upload-pages-artifact's releases.
v2.0.0
Changelog
- :warning: BREAKING CHANGE: Remove built-in
chmodcommands forv2@JamesMGreene(#69)- Update README for
v2@JamesMGreene(#70)See details of all code changes since previous release.
v1.0.10
Changelog
- readme: fix/improve note about permissions
@tshepang(#65)- Revert
chmodremoval forv1@JamesMGreene(#68)- Add file perms handling
@tsusdere(#64)See details of all code changes since previous release.
v1.0.9
Removed
chmodas we moved towards trusting correct file permissions have been set. In the event this isn't the case then we raise an error in the action related to the file permissions.v1.0.8
Changelog
- Fail if no artifact file is found to upload
@JamesMGreene(#55)- Fix link to releases in README
@waldyrious(#53)- Bump actions/publish-action from 0.2.1 to 0.2.2
@dependabot(#47)- Add Dependabot config for Actions usage updates
@JamesMGreene(#46)See details of all code changes since previous release.
v1.0.7
Changelog
- Don't change file permissions of other files
@KyeRussell(#44)See details of all code changes since previous release.
v1.0.6
Changelog
- Customize artifact name
@yuradanyliuk(#41)- Fix permissions
@yoannchaudet(#42)- Print warnings about changed file permissions in bulk
@TooManyBees(#38)- Update to latest
actions/publish-action@JamesMGreene(#36)See details of all code changes since previous release.
v1.0.5
Changelog
... (truncated)
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Release notes
Sourced from semver's releases.
v5.7.2
5.7.2 (2023-07-10)
Bug Fixes
2f8fd41#585 better handling of whitespace (#585) (@joaomoreno,@lukekarrys)
Changelog
Sourced from semver's changelog.
5.7.2 (2023-07-10)
Bug Fixes
2f8fd41#585 better handling of whitespace (#585) (@joaomoreno,@lukekarrys)5.7
- Add
minVersionmethod5.6
- Move boolean
looseparam to an options object, with backwards-compatibility protection.- Add ability to opt out of special prerelease version handling with the
includePrereleaseoption flag.5.5
- Add version coercion capabilities
5.4
- Add intersection checking
5.3
- Add
minSatisfyingmethod5.2
- Add
prerelease(v)that returns prerelease components5.1
- Add Backus-Naur for ranges
- Remove excessively cute inspection methods
5.0
- Remove AMD/Browserified build artifacts
- Fix ltr and gtr when using the
*range- Fix for range
*with a prerelease identifier
Commits
Maintainer changes
This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/uber-go/fx/network/alerts).
Release notes
Sourced from golang.org/x/tools's releases.
gopls/v0.12.0
This release contains a major rewrite of the way gopls computes and stores package information, with the goal of reducing memory usage and allowing gopls to scale to larger repositories. This change can also significantly reduce startup time when workspaces are reopened, as gopls now uses a file-based cache to persist data across sessions. With these optimizations, gopls is finally able to fully analyze dependencies using the golang.org/x/tools/go/analysis framework, resulting in improved accuracy for analysis diagnostics.
You can install this release with
go install:go install golang.org/x/tools/gopls@v0.12.0Support changes
As gopls matures, we're trying to simplify its configuration so that gopls Just Works in more scenarios, and so that we have fewer configuration combinations to test. This means that we will be gradually deprecating settings that affect the core behavior of gopls.
Removed experimental configuration options
As announced in the v0.10.0 release notes, this release removes support for the
experimentalWorkspaceModuleandexperimentalWatchedFileDelaysettings. TheexperimentalPackageCacheKeysetting is also removed, as it is irrelevant in the new design.The
experimentalWorkspaceModulesetting in particular may still be in use by some users. This setting has been superseded by built-in support for multi-module workspaces in thegocommand, via Go workspaces. To get the equivalent behavior in gopls@v0.12.0, please create ago.workfile in your workspace using all desired modules. To use all modules in your workspace, run:go work use -r .Dropped support for Go 1.13-1.15, deprecated support for Go 1.16-1.17
As announced in the v0.10.0 release notes, this release drops support for Go 1.13-1.15, and in fact does not build with these Go versions.
Additionally,
gopls@v0.12.xwill be the final sequence of versions supporting Go 1.16-1.17, and therefore displays a deprecation notice when used with these Go versions.Supported operating systems
Given that our users are almost entirely on Linux, Windows, or Darwin, we are discussing narrowing our support to focus on those operating systems, in golang/go#59981.
Performance improvements
The banner feature of this release is an internal redesign that significantly improves the way gopls scales in larger codebases. Performance, particularly memory usage, has long been a pain point for our users.
Reduced memory usage
Previous releases of gopls held typed syntax trees for all packages, in memory, all the time. With this release, these large data structures are ephemeral: as soon as they are constructed, an index of information derived from them is saved persistently to a file-based cache, and the data structures are recycled. The index for each package includes the locations of declaring and referring identifiers; the set of exported declarations and their types; the method sets of each interface; and any diagnostics and facts (see below) produced during analysis. The index holds all the information needed to serve global-scope LSP queries such as “references”, “implementations”, and so on.
Moving package information to a file-based cache greatly reduces the amount of RAM gopls uses, by almost an order of magnitude in larger projects. The table below shows the reductions in steady-state memory usage for three open-source Go repositories.
Project Packages In-use bytes v0.11.0 v0.12.0 Change gopls 405 497MB 232MB -53% kubernetes 3137 3090MB 832MB -73% google-cloud-go + submods 7657 5039MB 863MB -83%
... (truncated)
Commits
229f848gopls/internal/lsp/source: enable new defers analyzer2dc7ebago/analysis: use parser.SkipObjectResolutionf91c023go.mod: update golang.org/x dependenciese0783a8internal/gcimporter: remove bug report on objectpath failure75f6f9cgopls/internal/bug: add gopls/bug telemetry counter4b271f9gopls: add gopls/client telemetry countersd0b18e2go/analysis/passes/copylock: fix infinite recursion5b4d426gopls/internal/hooks: clean language version before passing to gofumpt2160c5fgopls/internal/lsp/analysis: fix stubmethods with variadic parameters3d20bbeinternal/gcimporter: add a missing return if objectpath fails- Additional commits viewable in compare view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show