So far we've only had to deal with the common case where a security fix
applies to all versions that are going as part of a monthly Go release.
At some point we'll run into a case where some security…
@gopherbot Please consider this for backport. It's a test-only fix needed to get this test passing on release branches.
CC @nicholashusin, @golang/release.
This has been working well for the "two minor releases" relui workflow.
Continue by making it available in "next RC" relui workflow next.
For golang/go#79037.
I understand this should be fixed by https://go.dev/cl/794120 and https://go.dev/cl/794121 (CC @prattmic), closing. [internal/sync.TestConcurrentCache on gotip-linux-amd64-noopt](https://ci.chromium.…
I understand this should be fixed by https://go.dev/cl/794120 and https://go.dev/cl/794121 (CC @prattmic), closing. [internal/sync.TestConcurrentCache on gotip-linux-amd64-noopt](https://ci.chromium.…
We'll be able to pull it in once there's a stable GLFW release that includes that change. PR glfw/glfw#2833 is added to 3.5 milestone, so I understand it will be released in in a future GLFW 3.5 rele…
(1 comment)
Yes, the other Gerrit footers are usually kept - this is covered at https://go.dev/wiki/MinorReleases#making-cherry-pick-cls:
> In the popup enter the branch name (like release-branch.g…
A concern is that proposal conflicts (significantly overlaps) with an already-accepted but not yet implemented one at #54312. That proposal went through an analysis of the ecosystem as part of arrivi…
(1 comment)
Noting here that it should also be possible to take advantage of this fmt printing behavior:
> 2. If an operand implements the [Formatter](https://pkg.go.dev/fmt#Formatter) interface, i…
In the example provided, the phrasing "a fuller description of a Thing than [Thing.String]" seems more distinct than I'd expect from the description for the `GoString() string` method given at https:…
Thanks, using `go tool` for this is very interesting.
I'm a bit hesitant to actually switch to this because it would mean we deviate more from the approach that's supported by the LUCI team. It woul…
The legacy trybots aren't supported anymore, so stopping this empty run. We'll remove the gerrit vote soon to avoid confusion. Currently supported trybots are triggered via the Commit-Queue+1 vote as…
A few notes Gerrit-related notes: @emmanuel@orijtech.com, please note that when starting trybots via the 'Choose Tryjobs' dialog, since this CL is inside the golang.org/x/arch repository, the builder…
(1 comment)
(Any leftover generated CLs can also be found and cleaned up via a query like https://go-review.googlesource.com/q/owner:gobot@golang.org+is:open.)
Thanks.
Noting that clTitle needed to be defined as a variable in part because it needed to be used in multiple places, including for the "past open CL" check. Now that it's only being used in the o…
These were missed in CL 324270. These files aren't needed,
and can be safely removed. This way they won't become out
of date, and they won't invite maintenance.
(1 comment)
If I understand correctly, this is an intentionally shortened version of a similar explanatory comment used in other repos:
https://cs.opensource.google/search?q=file:.gitattributes&sq=…
@kidnamedcudilovedrake-dot You've been posting on many issues recently. The issue tracker is used for discussing the issue, code changes are better handled as part of CLs (which is where a [CLA](http…
As of [CL 792120](https://go.dev/cl/792120), the gotip-linux-amd64-newinliner builder which tests with `GOEXPERIMENT=newinliner` fails to build cmd/compile/internal/gc:
```
FAIL cmd/compile [build f…
**Description:**
Currently setup-go supports "stable" and "oldstable" aliases. They are moving targets, so they make it convenient for repositories to target those versions, without needing to edit a…
Thanks for confirming @noahbjohnson. That suggests govulncheck owners may consider temporarily working around by using an older x/tools while #80055 is investigated and resolved.
If someone who's able to reproduce this wants to try building govulncheck from source, modifying it with `go get golang.org/x/tools@v0.44.0` (plus v0.45.0 is worth trying too), please see whether tha…
**Describe the bug**
The `didPanic` function in `internal/assertions/panic.go` seems to try to detect instances of [`*runtime.PanicNilError`](https://pkg.go.dev/runtime#PanicNilError) error by checki…
There's precedent for something along these lines in the "plusbuild" analyzer.
Do you suggest this analyzer should remove import comments only when the import math matches the actual import path of …
Discovered a regression in sec/op of 2.29% for benchmark Dgeev/Circulant10-16.
https://perf.golang.org/dashboard/?benchmark=Dgeev/Circulant10-16&platform=linux/arm64&repository=go&branch=master
http…
Discovered a regression in sec/op of 5.10% for benchmark RepeatNew-88. Not quite clear which commit.
https://perf.golang.org/dashboard/?benchmark=RepeatNew-88&platform=linux/amd64&repository=go&bran…
From a triage meeting, @prattmic points out this test has a time.Sleep(1 * time.Second) so this might be a flake due to the subprocess not starting in that constant time.
Thanks for making this backport request @Jorropo. It's approved now. Since you're the author of the fix CL, if you don't mind, please create backport CLs for this and #79878 following https://go.dev/…
This test reaches out over the internet to a service (Google Groups), runs a search query and checks that the algorithm still works as expected. Every so often it seems the response doesn't include t…
This is a cmd/fix issue in Go1.27 milestone, but so far it was closed by a CL in the x/tools repo. Reopening to make sure this change makes its way into cmd/fix in time for Go 1.27.0. This still need…
I think the sections "Why not bump on each minor release?" at [go.dev/design/69095-x-repo-continuous-go#rationale](https://go.dev/design/69095-x-repo-continuous-go#rationale) is moderately relevant. …
In addition to the 4 x/ repos already mentioned in the original issue, here are some more that also have Dockerfile and/or .yaml files that would benefit from automatic maintenance:
x/vulndb: https:…
@sin99xx Thanks for sending this change. As noted in https://github.com/golang/go/pull/79968#issuecomment-4684498141, it was successfully imported in Gerrit, and by now there are some review comments…
The failure above happened because package-level timeouts were reached. This was a darwin-arm64 race builder, which normally takes around 10 minutes to run on x/tools (https://ci.chromium.org/ui/p/go…
Thanks for trying out the package ahead of the release and reporting this finding. CC @golang/security.
Tentatively marking as a release blocker since this package is new to Go 1.27.
Issue #79967 reported a problem with the new code. @rolandshoemaker Is it preferable to fix forward and proceed with it for 1.27, instead of reverting and trying again for 1.28? Given it seems like a…
Thanks for reporting.
It's expected that exact gofmt formatting nuances will change over time, across major Go releases, so a check like `go fmt ./...` needs to be arranged to run with a single cons…
The test contains a comment:
```Go
// This test flakes out on some systems,
// so we'll try it a few times before declaring it a failure.
const attempts = 5
```
So it seems this failure is expected…
Thanks for the report. Please note that Go 1.24 is no longer supported per https://go.dev/doc/devel/release#policy. Does this still happen with Go 1.26/1.25 or at tip?
CC @neild.