Activity
Yesterday
dmitshur reviewed +2 on golang.org/x/tools/internal/stdlib: update stdlib index for Go 1.27 Release Candidate 18h
dmitshur reviewed +2 on : [release-branch.go1.27] go1.27rc18h
dmitshur reviewed +2 on golang.org/dl/...: add go1.27rc18h
dmitshur reviewed +2 on golang.org/x/pkgsite/static/frontend/api: correct rate limiting docs9h
Thanks.
The mention of these headers is being intentionally removed (in addition to s/40/45/), right?dmitshur commented on golang.org/x/build/cmd/relnote: improve experience for documenting new standard library packages9h
Thanks, feel free to send a CL. See https://go.dev/doc/contribute.dmitshur opened an issue cmd/compile: cmd/compile/internal/gc fails to build (as part of running tests) under GOEXPERIMENT=newinliner9h
As of [CL 792120](https://go.dev/cl/792120), the gotip-linux-amd64-newinliner builder which tests with `GOEXPERIMENT=newinliner` fails to build cmd/compile:
```
FAIL cmd/compile [build failed]
# cmd…dmitshur opened an issue github.com/actions/setup-go: Support release candidate alias ("nextstable"?) as a moving target9h
**Description:**
Currently setup-go supports "stable" and "oldstable" aliases. They are moving targets, so they make it convenient for repositories to target those versions, without needing to edit a…dmitshur commented on golang.org/x/exp/cmd/apidiff: non-deterministic output for "no longer implements"10h
CC @jba, @adonovan.dmitshur commented on math/rand/v2: document PCG and ChaCha8 tradeoffs10h
(1 comment)
The x_tools-gotip-linux-amd64 trybot fails because the parent commit is a bit old. Rebasing this CL should fix it.dmitshur reviewed +2 on golang.org/x/build/main.star: add wasm and arm64 GOEXPERIMENT=simd builders10h
Thanks.dmitshur commented on github.com/go-openapi/testify/v2: didPanic relies on "panic called with nil argument" Error string equality, changes behavior in Go 1.2711h
Thanks very much for resolving this!dmitshur commented on golang.org/x/vuln/cmd/govulncheck: govulncheck v1.4.0 runs into a Panic during scan11h
Thanks for confirming @noahbjohnson. That suggests govulncheck owners may consider temporarily working around by using an older x/tools while #80055 is investigated and resolved.dmitshur closed a change all: [release-branch.go1.27] merge master (ac2b8fc) into release-branch.go1.2711h
Went with 792140 instead.dmitshur opened a change all: [release-branch.go1.27] merge master (ac2b8fc) into release-branch.go1.2712h
Merge List:
+ 2026-06-18 ac2b8fc093 cmd/compile: update default PGO profile
+ 2026-06-18 15929d1085 cmd/compile: fix typo in comment
+ 2026-06-17 96bc97f6a3 go/types, types2: permit function type ar…dmitshur opened a change all: [release-branch.go1.27] merge master (cabdf7f) into release-branch.go1.2712h
Merge List:
+ 2026-06-18 cabdf7fdd0 net/http: validate trailers when writing requests and responses
+ 2026-06-18 ac2b8fc093 cmd/compile: update default PGO profile
+ 2026-06-18 15929d1085 cmd/compil…dmitshur commented on golang.org/x/arch/loong64/loong64asm: TestObjdumpLoong64TestDecodeGoSyntaxdata failures13h
CC @golang/loong64.dmitshur commented on cmd/go: support quotes in `GOENV` file13h
CC @golang/command-line.dmitshur commented on golang.org/x/vuln: Panic during scan13h
If someone who's able to reproduce this wants to try building govulncheck from source, modifying it with `go get golang.org/x/tools@v0.44.0`, please see whether that's enough to make this problem sto…dmitshur commented on golang.org/x/tools/go/ssa: RuntimeTypes panics on a parameterized type boxed in a generic method's closure13h
Thanks for reporting and bisecting this.
CC @golang/tools-team.dmitshur commented on cmd/compile: inconsistent errors for init expr mismatches for vars and consts13h
CC @golang/compiler.dmitshur commented on golang.org/x/vuln: Panic during scan13h
Thanks for reporting.
CC @golang/vulndb.dmitshur reviewed +1 on cmd/go: report an added go directive as added, not downgraded13h
(1 comment)
I suggest adding another Fixes line here:
```suggestion
Fixes #63507
Fixes #70090
```
I believe #70090 is the same underlying issue, unfortunately the two of them weren't de-duplicated…dmitshur opened an issue github.com/go-openapi/testify/v2: didPanic relies on "panic called with nil argument" Error string equality, changes behavior in Go 1.2713h
**Describe the bug**
The `didPanic` function in `internal/assertions/panic.go` seems to try to detect instances of [`*runtime.PanicNilError`](https://pkg.go.dev/runtime#PanicNilError) error by checki…dmitshur commented on net/http: validate trailers when writing requests and responses14h
(1 comment)
I see. Looking across more files, it's less consistent than I thought: [17x "http: "](https://cs.opensource.google/search?q=%22%5C%22http:%20%22&sq=&ss=go%2Fgo:src%2Fnet%2Fhttp%2F) and
…dmitshur commented on net/http: validate trailers when writing requests and responses14h
Thanks for reviewing this change @emmanuel@orijtech.com. It'd be good if one of the net/http package [owners](https://dev.golang.org/owners) at least +1s this CL too. Leaving this thread unresolved f…This Week
dmitshur commented on runtime: possible bug in moveSliceNoCap [1.26 backport]1d
@abtuteja Go minor releases are scheduled monthly, near the beginning of each month. So early July. See https://go.dev/wiki/MinorReleases.dmitshur commented on runtime: version parsing fails1d
Ping @bradfitz.dmitshur commented on golang.org/x/tools/go/analysis/passes: analyzer for removing canonical import comments1d
There's precedent for something along these lines in the "plusbuild" analyzer.
Do you suggest this analyzer should remove import comments only when the import math matches the actual import path of …dmitshur commented on golang.org/x/tools/go/analysis/passes: analyzer for removing canonical import comments1d
CC @adonovan, @matloob, @madelinekalil.dmitshur closed an issue build: build failure on go1.26-linux-amd64-misccompile1d
The LUCI infrastructure ran into a "i/o timeout" while invoking its own APIs. Nothing for Go to do here.dmitshur commented on golang.org/x/pkgsite: transient 500 errors on frontend during DB replica maintenance1d
CC @golang/pkgsite.dmitshur opened a change all: [release-branch.go1.27] merge master (6a1dd03) into release-branch.go1.271d
Merge List:
+ 2026-06-17 6a1dd03423 encoding/json/v2: rename `inline` tag option as `embed`
+ 2026-06-17 22fbb9e5bb cmd/go: adjust test script (fix build)
+ 2026-06-17 9052a2962d crypto/tls: only se…dmitshur commented on encoding/json/v2: rename `inline` tag option as `embed`1d
I believe it is. Please feel free to submit.
This will resolve the last [currently remaining blocker](https://go.dev/issues?q=is%3Aissue%20state%3Aopen%20milestone%3AGo1.27%20label%3Arelease-blocker…dmitshur commented on golang.org/x/build/main.star: include longtest builders in pre-submit in x/vuln1d
Thanks.dmitshur reviewed +2 on golang.org/x/vuln/cmd/govulncheck: fix exit code propagation for wrapped scan errors1d
Thanks.dmitshur commented on golang.org/x/website/_content/doc/go1.27: note flate compression speed and exact bytes1d
Thanks.dmitshur opened an issue cmd/compile: 2.29% regression in Dgeev/Circulant10-16 sec/op on linux/arm64 at 0252b4b1d
Discovered a regression in sec/op of 2.29% for benchmark Dgeev/Circulant10-16.
https://perf.golang.org/dashboard/?benchmark=Dgeev/Circulant10-16&platform=linux/arm64&repository=go&branch=master
http…dmitshur opened an issue cmd/compile: 5.10% regression in RepeatNew-88 sec/op on linux/amd64 at c59ae5c1d
Discovered a regression in sec/op of 5.10% for benchmark RepeatNew-88. Not quite clear which commit.
https://perf.golang.org/dashboard/?benchmark=RepeatNew-88&platform=linux/amd64&repository=go&bran…dmitshur commented on os/signal: TestCtrlBreak failures1d
From triage meeting, @prattmic points out this test has a time.Sleep(1 * time.Second) so this might be a flake due to the subprocess not starting in that constant time.dmitshur commented on cmd/cgo/internal/test:external-g0: Test9400 failures1d
CC @golang/compiler.dmitshur commented on cmd/go: spurious leading blank line before `ok` when a passing test writes unterminated output1d
Thanks for the report. Would you like to send a CL? https://go.dev/doc/contributedmitshur commented on cmd/cgo/internal/test:external-g0: unrecognized failures1d
CC @golang/compiler.dmitshur commented on cmd/cgo/internal/test:auto-pie: Test9400 failures1d
CC @golang/compiler.dmitshur commented on runtime: concurrent map read and map write with sync.RWMutex on ppc64le [1.26 backport]1d
Thanks for making this backport request @Jorropo. It's approved now. Since you're the author of the fix CL, if you don't mind, please create backport CLs for this and #79878 following https://go.dev/…dmitshur reviewed +1 on golang.org/x/pkgsite/deploy: centralize and parameterize Go version management1d
Thanks. Leaving it to Nicholas to +2.dmitshur opened a change syscall: [release-branch.go1.26] add //go:norace to rawSyscall on darwin1d
On darwin, rawSyscall, rawSyscall6, and rawSyscall9 are Go
functions (not assembly as on Linux) that get race-detector
instrumentation. When forkAndExecInChild calls rawSyscall in
the forked child pr…dmitshur commented on golang.org/x/website/_content/doc/go1.27: note flate compression speed and exact bytes1d
(1 comment)
I agree that's an improvement. Thanks.dmitshur fixed an issue all: switch to Go 1.27 as default inside Google1d
In a release meeting, we reviewed this blocker for the public Go 1.27 RC 1 and consider it complete. Closing.dmitshur commented on all: switch to Go 1.27 as default inside Google1d
In a release meeting, we reviewed this blocker for the public Go 1.27 RC 1 and consider it complete. Closing.dmitshur commented on golang.org/x/website/_content/doc/go1.27: note flate compression speed and exact bytes1d
(2 comments)
Done.
Done.dmitshur commented on os/signal: TestCtrlBreak failures1d
CC @golang/runtime.dmitshur commented on golang.org/x/build/internal/task: TestFindGoogleGroupsThread/[security]_golang.org/x/crypto_fix_pre-announcement failures1d
This test reaches out over the internet to a service (Google Groups), runs a search query and checks that the algorithm still works as expected. Every so often it seems the response doesn't include t…dmitshur commented on golang.org/x/tools/go/analysis/passes/modernize: [internal-branch.go1.27-vendor] preserve symbols in reflecttypefor1d
It seems that the internal-branch.go1.27-vendor branch isn't passing all tests at Go tip anymore. Some recent Go 1.27 changes in the main repo involved fixes in x/tools main branch, and they need to …dmitshur opened a change golang.org/x/tools/go/analysis/passes/modernize: [internal-branch.go1.27-vendor] preserve symbols in reflecttypefor1d
The reflecttypefor analyzer rewrites reflect.TypeOf(x) to reflect.TypeFor[T]() when x is side-effect free. Some calls intentionally name a value-level symbol so the check follows future changes to th…dmitshur reopened an issue cmd/fix: reflecttypefor replaced TypeOf(f) with TypeFor[func(...)](), losing relationship with symbol f1d
This is a cmd/fix issue in Go1.27 milestone, but so far it was closed by a CL in the x/tools repo. Reopening to make sure this change makes its way into cmd/fix in time for Go 1.27.0. This still need…dmitshur reopened an issue cmd/fix: reflecttypefor replaced TypeOf(f) with TypeFor[func(...)](), losing relationship with symbol f1d
This is a cmd/fix issue in Go1.27 milestone, but so far it was closed by a CL in the x/tools repo. Reopening to make sure this change makes its way into cmd/fix in time for Go 1.27.0. This still need…dmitshur reviewed +2 on golang.org/x/vuln/cmd/govulncheck: add package pattern to JSON format usage test1d
Thanks.
Noting to confirm my understanding - this is needed now since running govulncheck without a package pattern is newly expected to fail with:
```
govulncheck: no package patterns provided
```…dmitshur reviewed +2 on golang.org/x/vuln/cmd/govulncheck: fix exit code propagation for wrapped scan errors1d
Thanks.
Thanks.
It seems to be catching that TestCommand/common is still failing. If there's more work needed to get everything passing and you prefer to make that a separate CL, then it'd make sen…dmitshur commented on cmd/dist: don't clobber the output when stale dependency is found1d
checkNotStale was added in CL 791620. As I understand, the reason it behaves as it does today is because it's very unexpected to get stale targets, so if the check finds that, it tries to include as …dmitshur reviewed +2 on golang.org/x/build/internal/task: ping fsnotify@v1.9.0 in gopls release process2d
Thanks.dmitshur commented on golang.org/x/build/internal/task: remove -compat=1.19 since minimum version is 1.262d
(2 comments)
Consider doing the same change here. If you prefer to leave it for a future CL instead, that's fine too.
Not for this CL, but noting that another potential future simplification here i…dmitshur reviewed +2 on golang.org/x/build/internal/task: remove -compat=1.19 since minimum version is 1.262d
Thanks.dmitshur commented on golang.org/x/pkgsite/deploy: bump Go version to 1.26.42d
See an inline comment on go.mod. The rest of this change makes sense to me. Thanks for doing this.
I realize that the last time the deploy files in this repository were updated, the go directive was…dmitshur commented on golang.org/x/build: update gopls version requirements as part of the Go toolchain release workflow2d
I think the sections "Why not bump on each minor release?" at [go.dev/design/69095-x-repo-continuous-go#rationale](https://go.dev/design/69095-x-repo-continuous-go#rationale) is moderately relevant. …dmitshur commented on golang.org/x/build: automate maintenance of pinned Go toolchain/runtime versions in Dockerfile and app.yaml files2d
In addition to the 4 x/ repos already mentioned in the original issue, here are some more that also have Dockerfile and/or .yaml files that would benefit from automatic maintenance:
x/vulndb: https:…dmitshur opened a change golang.org/x/website/_content/doc/go1.27: note flate compression speed and exact bytes2d
The improvement to compression speed seems notable enough to be
worth mentioning. (Maybe it can be quantified succinctly enough
for release notes, or otherwise we can point to the issue.)
Even thoug…dmitshur commented on crypto/tls: only set LocalCertificate when a certificate is presented2d
@sin99xx Thanks for sending this change. As noted in https://github.com/golang/go/pull/79968#issuecomment-4684498141, it was successfully imported in Gerrit, and by now there are some review comments…dmitshur commented on golang.org/x/tools/go/packages: TestAdHocOverlays/GO111MODULE=auto failures2d
The failure above happened because package-level timeouts were reached. This was a darwin-arm64 race builder, which normally takes around 10 minutes to run on x/tools (https://ci.chromium.org/ui/p/go…dmitshur commented on crypto/mldsa: Verify accepts uninitialized PublicKey with empty signature2d
Thanks for trying out the package ahead of the release and reporting this finding. CC @golang/security.
Tentatively marking as a release blocker since this package is new to Go 1.27.dmitshur commented on crypto/tls: provide a way to access local certificate used to set up a connection [freeze exception]2d
Issue #79967 reported a problem with the new code. @rolandshoemaker Is it preferable to fix forward and proceed with it for 1.27, instead of reverting and trying again for 1.28? Given it seems like a…dmitshur commented on crypto/tls: LocalCertificate is populated on resumed TLS <=1.2 server connections2d
CC @rolandshoemaker, @golang/security.dmitshur commented on crypto/tls: TLS 1.3 post-handshake alerts not surfaced to the client2d
CC @golang/security.dmitshur commented on cmd/gofmt: comment alignment chunking behaviour different on MacOS vs Linux2d
Thanks for reporting.
It's expected that exact gofmt formatting nuances will change over time, across major Go releases, so a check like `go fmt ./...` needs to be arranged to run with a single cons…dmitshur commented on time: TestAfterQueuing/impl=func failures2d
The test contains a comment:
```Go
// This test flakes out on some systems,
// so we'll try it a few times before declaring it a failure.
const attempts = 5
```
So it seems this failure is expected…dmitshur commented on os/root_test: TestRootConsistencyStat/Lstat failures on XFS2d
Thanks for the report. Please note that Go 1.24 is no longer supported per https://go.dev/doc/devel/release#policy. Does this still happen with Go 1.26/1.25 or at tip?
CC @neild.dmitshur commented on golang.org/x/oauth2/fix: change the snake case endpoint to kebab-case2d
@codyoss@google.com I suspect you intended to start the current trybots via Commit-Queue+1 (see https://go.dev/wiki/GerritAccess#running-trybots-may-start-trybots and https://go.dev/wiki/LUCI#trybots…dmitshur reviewed +2 on golang.org/x/pkgsite/internal/fetch: inherit active tool tags in build context2d
Thanks.
If I understand right, the plan for x/pkgsite deploys will generally be to use a stable release of Go (similar to CL 733341), or a release candidate of the soon-to-become-latest-stable relea…dmitshur commented on golang.org/x/website/_content: fix some broken Markdown links2d
Thanks.dmitshur commented on golang.org/x/tools/go/analysis/passes/modernize: errorsastype rewrites errors.As target interface that does not implement error2d
CC @adonovan, @madelinekalil.dmitshur commented on cmd/cgo: panic in loadDWARF on out-of-bounds __cgo__ symbol index2d
CC @golang/compiler.dmitshur commented on golang.org/x/net/http3: missing header frame size limit allows OOM2d
CC @neild, @nicholashusin.dmitshur commented on net/http: optimize Date header generation to reduce per-request formatting overhead2d
CC @neild, @nicholashusin.dmitshur closed a change golang.org/x/crypto/openpgp/packet: reject too-short decrypted session key in EncryptedKey.Decrypt2d
Thanks for sending this change. Closing because this package is frozen and deprecated. In particular it is documented to be unmaintained except for security fixes. For security issues, please follow …dmitshur closed a change golang.org/x/crypto/openpgp/elgamal: fix index out of range panic in Decrypt when ciphertext is zero2d
Closing, see https://go.dev/issue/79841#issuecomment-4721777542.dmitshur commented on golang.org/x/crypto/openpgp/elgamal: fix index out of range panic in Decrypt when ciphertext is zero2d
I don't think there's anything that to be done here given the package is deprecated and frozen. There isn't anyone we can add to be its reviewer. This isn't the only security issue, as noted in the d…dmitshur closed an issue golang.org/x/crypto/openpgp/elgamal: Decrypt panics on zero ciphertext (DoS)2d
[golang.org/x/crypto/openpgp/elgamal](https://golang.org/x/crypto/openpgp/elgamal) is deprecated too. Its deprecation message notes:
> Deprecated: this package was only provided to support ElGamal e…dmitshur commented on cmd/compile: fix typo in comment2d
(1 comment)
The go/types and cmd/compile/internal/types2 packages are generally kept in sync. Please also apply the same change here:
```suggestion
// not permitted. Checker.funcInst must infer mi…dmitshur commented on cmd/doc: go doc synctest.Wait shows wrong package2d
This problem reproduces in older versions like Go 1.25.11 too, and the fix is localized, so it seems safe for it to happen by RC 1 or RC 2.dmitshur reviewed +2 on golang.org/x/website/_content/doc/go1.27: minor wording edits2d
Thanks.dmitshur reviewed +2 on cmd/cgo: fix TestFortran on Windows2d
Thanks.
Asking to confirm my understanding.
As far as I see CL 787800 didn't make any Windows-specific changes. libExt was "so" on Windows both before and after that change. Is it case that it work…dmitshur commented on all: re-run stringer3d
Agreed. Thanks.dmitshur reviewed +2 on go.dev/wiki: Update minimum requirements for linux/ppc64 target3d
Thanks.dmitshur reviewed +2 on golang.org/x/website/_content/doc/go1.27: add release notes for the new LocalCertificate field3d
Thanks.dmitshur commented on cmd/compile: add align128 compiler marker for 128-bit struct alignment3d
Since we're in release freeze for Go 1.27 and this seems like a new feature, should it have wait-release hashtag added and wait for when the tree reopens for Go 1.28 development?dmitshur commented on crypto/tls: ConnectionState isn't properly initialized until read or write from *tls.Conn3d
CC @golang/security.dmitshur commented on golang.org/x/vuln: add vulnerability-aware fix and dry-run modes to govulncheck3d
CC @golang/vulndb.dmitshur commented on net/http: Client forwards caller-set Proxy-Authorization to a direct origin on a same-host redirect that crosses a proxy boundary3d
CC @neild, @nicholashusin.dmitshur commented on access: join golang/riscv64 maintainer team3d
CC @golang/riscv64. Input from current members of the golang/riscv64 maintainer team would be helpful.dmitshur commented on golang.org/x/website/cmd/golangorg: add <head> tag before </head>3d
(1 comment)
Yeah, thanks for catching that. Normally <aaa/> would be self-closing syntax, but it seems that's not valid for a non-void element like head and it gets treated as a start tag. Fixed …dmitshur reviewed +2 on golang.org/x/perf/...: fix some comments to improve readability3d