v0.37.0 - 19 Dec, 2022
This release includes new static analysis features that report known vulnerabilities in your dependencies. These vulncheck analysis tools are backed by Go's vulnerability database and the Go language server's integration of govulncheck
.
Read Go's support for vulnerability management to learn about the Go team's approach to helping Go developers secure their open-source dependencies.
vulncheck.mp4
Changes
- The new "Go: Toggle Vulncheck" command enables/disables imports-based vulnerability analysis. This requires gopls v0.11.0 or newer.
- Test and debug test code lenses are added to some subtests if the test names can be determined. (Issue 2536)
- Gopls settings was updated to match gopls@v0.11.0.
"go.formatTool"
setting accepts a special value"custom"
, which causes the extension to use the custom formatter configured with the setting"go.alternateTools": { "customFormatter": <your custom tool name> }
. (Issue 2503)- The experimental "Go: Run Vulncheck (exp)" command was removed.
- The extension no longer bypasses Delve's Go version check by default. Users must install the delve version compatible with their Go version, or explicitly configure their launch configuration to pass the
--check-go-version=false
flag using thedlvFlags
attribute. (Go Delve Issue 3058)
Fixes
- The editor survey prompt logic was adjusted for uniform sampling. (Issue 2545)
- Fixed the crash bug when handling coverage profiles involving go
//line
-directive. (Issue 2453) - Updated dependencies to address CVE-2022-37603 and CVE-2022-24999.
Thanks
Thank you for your contribution, @devuo, @pjweinbgo, @aarzilli, @tklauser, @hyangah, @suzmue, @jamalc!