golang
diff --git a/‎.github/workflows/release-nightly.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release-nightly.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/test-long-all.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/test-long-all.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/test-long.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/test-long.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/test-smoke.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/test-smoke.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/wiki.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/wiki.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎CHANGELOG.md‎
Lines changed: 23 additions & 1 deletion b/‎CHANGELOG.md‎
Lines changed: 23 additions & 1 deletion
diff --git a/‎docs/commands.md‎
Lines changed: 8 additions & 4 deletions b/‎docs/commands.md‎
Lines changed: 8 additions & 4 deletions
diff --git a/‎docs/features.md‎
Lines changed: 87 additions & 13 deletions b/‎docs/features.md‎
Lines changed: 87 additions & 13 deletions
diff --git a/‎docs/images/vulncheck.gif‎
1.62 MB b/‎docs/images/vulncheck.gif‎
1.62 MB
@@ -23,7 +23,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v3
         with:
-         node-version: '16'
+         node-version: '18'
          cache: 'npm'
 
       - name: Setup Go
 
@@ -43,7 +43,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v3
         with:
-          node-version: '16'
+          node-version: '18'
           cache: 'npm'
 
       - name: get release version
 
@@ -26,7 +26,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v3
         with:
-         node-version: '16'
+         node-version: '18'
          cache: 'npm'
 
       - name: Setup Go
 
@@ -25,7 +25,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v3
         with:
-         node-version: '16'
+         node-version: '18'
          cache: 'npm'
 
       - name: Setup Go
 
@@ -24,7 +24,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v3
         with:
-         node-version: '16'
+         node-version: '18'
          cache: 'npm'
 
       - name: Setup Go
 
@@ -46,7 +46,7 @@ jobs:
           go run ./tools/docs2wiki -w ./docs
           cd ..
           cd wiki
-          diff -ruN --exclude=.git . ../vscode-go/docs > ../mypatch || patch -p3 -E -f < ../mypatch
+          rm -r ./* && cp -r ../vscode-go/docs/* .
           git config --local user.email "[email protected]"
           git config --local user.name "GitHub Action"
           git add .
 
@@ -1,4 +1,26 @@
-## v0.36.0 - 4 Nov, 2022
+## v0.37.0 - 19 Dec, 2022
+
+This release includes new [static analysis features](https://github.com/golang/vscode-go/wiki/features#analyze-vulnerabilities-in-dependencies) that report known vulnerabilities in your dependencies. These vulncheck analysis tools are backed by [Go's vulnerability database](https://go.dev/security/vulndb) and the Go language server's integration of [`govulncheck`](https://golang.org/x/vuln/cmd/govulncheck").
+Read [Go's support for vulnerability management](https://go.dev/blog/vuln) to learn about the Go team's approach to helping Go developers secure their open-source dependencies.
+
+### Changes
+- The new "Go: Toggle Vulncheck" command enables/disables imports-based vulnerability analysis. This requires gopls v0.11.0 or newer.
+- Test and debug test code lenses are added to some subtests if the test names can be determined. ([Issue 2536](https://github.com/golang/vscode-go/issues/2536))
+- Gopls settings was updated to match [email protected].
+- `"go.formatTool"` setting accepts a special value `"custom"`, which causes the extension to use the custom formatter configured with the setting `"go.alternateTools": { "customFormatter": <your custom tool name> }`. ([Issue 2503](https://github.com/golang/vscode-go/issues/2503))
+- The experimental "Go: Run Vulncheck (exp)" command was removed.
+- The extension no longer bypasses Delve's Go version check by default. Users must install the delve version compatible with their Go version, or explicitly configure their launch configuration to pass the `--check-go-version=false` flag using the `dlvFlags` attribute. ([Go Delve Issue 3058](https://github.com/go-delve/delve/issues/3058))
+
+### Fixes
+- The editor survey prompt logic was adjusted for uniform sampling. ([Issue 2545](https://github.com/golang/vscode-go/issues/2545))
+- Fixed the crash bug when handling coverage profiles involving go `//line`-directive. ([Issue 2453](https://github.com/golang/vscode-go/issues/2453))
+- Updated dependencies to address [CVE-2022-37603](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37603) and [CVE-2022-24999](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24999).
+
+### Thanks
+
+Thank you for your contribution, @devuo, @pjweinbgo, @aarzilli, @tklauser, @hyangah, @suzmue, @jamalc!
+
+## v0.36.0 - 7 Nov, 2022
 A list of all issues and changes can be found in the [v0.36.0 milestone](https://github.com/golang/vscode-go/milestone/52) and [commit history](https://github.com/golang/vscode-go/compare/v0.35.2...v0.36.0).
 
 ### Changes
 
@@ -47,6 +47,10 @@ Runs a unit test at the cursor if one is found, otherwise re-runs the last execu
 
 Runs a sub test at the cursor.
 
+### `Go: Debug Subtest At Cursor`
+
+Debug a sub test at the cursor.
+
 ### `Go: Benchmark Function At Cursor`
 
 Runs a benchmark at the cursor.
@@ -151,6 +155,10 @@ install/update the required go packages
 
 Toggles between file in current active editor and the corresponding test file.
 
+### `Go: Toggle Vulncheck`
+
+Toggle the display of vulnerability analysis in dependencies.
+
 ### `Go: Add Tags To Struct Fields`
 
 Add tags configured in go.addTags setting to selected struct using gomodifytags
@@ -266,7 +274,3 @@ Edit the Go Env for the active workspace.
 ### `Go: Reset Workspace Env`
 
 Reset the Go Env for the active workspace.
-
-### `Go: Run Vulncheck (Preview)`
-
-Run vulnerability check. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck for more details about the analysis.
 
@@ -16,6 +16,7 @@ This document describes the features supported by this extension.
   * [Document outline](#document-outline)
   * [Toggle between code and tests](#toggle-between-code-and-tests)
 * [Syntax Highlighting](#syntax-highlighting)
+* [Inlay Hints](#inlay-hints)
 * [Code Editing](#code-editing)
   * [Snippets](#snippets)
   * [Format and organize imports](#format-and-organize-imports)
@@ -29,8 +30,10 @@ This document describes the features supported by this extension.
   * [Fill struct literals](#fill-struct-literals)
 * [Diagnostics](#diagnostics)
   * [Build errors](#build-errors)
-  * [Vet errors](#vet-errors)
+  * [Vet and extra analyses](#vet-and-extra-analyses)
   * [Lint errors](#lint-errors)
+  * [Vulnerabilities in dependencies](#analyze-vulnerabilities-in-dependencies)
+* [Code Lenses](#code-lenses)
 * [Run and test in the editor](#run-and-test-in-the-editor)
   * [Run your code](#run-your-code)
   * [Test and benchmark](#test-and-benchmark)
@@ -105,7 +108,6 @@ Quickly toggle between a file and its corresponding test file by using the [`Go:
 
 <div style="text-align: center;"><img src="images/toggletestfile.gif" alt="Toggle between reverse.go and reverse_test.go" style="width: 75%"> </div>
 
-
 ## Syntax Highlighting
 
 The default syntax highlighting for Go files is implemented in Visual Studio Code using TextMate grammar, not by this extension.
@@ -118,6 +120,55 @@ When `gopls`'s semantic tokens feature is enabled, `gopls` also provides semanti
 
 <div style="text-align: center;"><img src="images/gotmpl.gif" alt="Enable Go template language support by changing the language ID" style="width: 75%"> </div>
 
+## Inlay Hints
+
+Inlay hints render additional inline information to source code to help you understand what the code does.
+They can be enabled/disabled with the `editor.inlayHints.enabled` setting in combination with settings to enable inlay hints types.
+
+### Variable types in assign statements
+
+```go
+	i/* int*/, j/* int*/ := 0, len(r)-1
+```
+
+### Variable types in range statements
+```go
+	for k/* int*/, v/* string*/ := range []string{} {
+		fmt.Println(k, v)
+	}
+```
+### Composite literal field names
+```go
+	{/*in: */"Hello, world", /*want: */"dlrow ,olleH"}
+```
+
+### Composite literal types
+```go
+	for _, c := range []struct {
+		in, want string
+	}{
+		/*struct{ in string; want string }*/{"Hello, world", "dlrow ,olleH"},
+	}
+```
+### Constant values
+```go
+	const (
+		KindNone   Kind = iota/* = 0*/
+		KindPrint/*  = 1*/
+		KindPrintf/* = 2*/
+		KindErrorf/* = 3*/
+	)
+```
+### Function type parameters
+```go
+	myFoo/*[int, string]*/(1, "hello")
+```
+
+### Parameter names
+```go
+	parseInt(/* str: */ "123", /* radix: */ 8)
+```
+
 ## Code Editing
 
 ### [Snippets](https://code.visualstudio.com/docs/editor/userdefinedsnippets)
@@ -140,6 +191,11 @@ The extension organizes imports automatically and can add missing imports if the
 
 <div style="text-align: center;"><img src="images/addimport.gif" alt="Add byte import to Go file" style="width: 75%"> </div>
 
+#### Custom formatter
+
+In addition to the default `gofmt`-style formatter, the Go language server supports `gofumpt`-style formatting. You can enable `gofumpt` formatting by setting `"gopls.formatting.gofumpt"`.
+You can  also configure to use other custom formatter by using the `"go.formatTool"` setting. The custom formatter must operate on file contents from STDIN, and output the formatted result to STDOUT.
+
 ### [Rename symbol](https://code.visualstudio.com/docs/editor/refactoring#_rename-symbol)
 
 Rename all occurrences of a symbol in your workspace.
@@ -185,29 +241,47 @@ Use the [`Go: Fill struct`](commands.md#fill-struct) command to automatically fi
 
 <div style="text-align: center;"><img src="images/fillstructliterals.gif" alt="Fill struct literals" style="width: 75%"> </div>
 
-## Diagnostics
+## Diagnostics 
 
-Learn more about [diagnostic errors](tools.md#diagnostics).
+The extension, powered by the Go language server (`gopls`), offers various diagnostics and analyses features,
+and often with quick fixes to address detected issues.
 
 ### Build errors
 
-Build errors can be shown as you type or on save. Configure this behavior through the [`"go.buildOnSave"`](settings.md#go.buildOnSave) setting.
+Compile and type errors are shown as you type by default. This works not only Go source code, but also `go.mod`, `go.work`, and Go template files.
 
-By default, code is compiled using the `go` command (`go build`), but build errors as you type are provided by the [`gotype-live`](tools.md#diagnostics) tool.
+### Vet and extra analyses
 
-### Vet errors
+The Go language server (`gopls`) reports [`vet`](https://pkg.go.dev/cmd/vet) errors and runs many useful analyzers as you type. A full list of analyzers that `gopls` uses can be found in the [analyses  settings section](https://github.com/golang/vscode-go/wiki/settings#uidiagnosticanalyses).
 
-Vet errors can be shown on save. The vet-on-save behavior can also be configured through the [`"go.vetOnSave"`](settings.md#go.vetOnSave) setting.
+### Lint errors
 
-The vet tool used is the one provided by the `go` command: [`go vet`](https://golang.org/cmd/vet/).
+You can configure an extra linter to run on file save. This behavior is configurable through the [`"go.lintOnSave"`](settings.md#go.lintOnSave) setting.
 
-### Lint errors
+The default lint tool is [`staticcheck`]. Popular alternative linters such as [`golint`], [`golangci-lint`] and [`revive`] can be used instead by configuring the [`"go.lintTool"`](settings.md#go.lintTool) setting. For a complete overview of linter options, see the [documentation for diagnostic tools](tools.md#diagnostics).
+
+### Analyze vulnerabilities in dependencies
+
+The extension checks the 3rd party dependencies in your code and surfaces vulnerabilities known to the [Go vulnerability database](https://vuln.go.dev). There are two modes that complement each other.
+
+* Import-based analysis: this can be enabled using the [`"go.diagnostic.vulncheck": "Imports"`](settings.md#go.diagnostic.vulncheck) setting. You can turn on and off this analysis conveniently with the ["Go: Toggle Vulncheck"](commands.md#go-toggle-vulncheck) command. In this mode, `gopls` reports vulnerabilities that affect packages directly and indirectly used by your code. The diagnostics are reported in the `go.mod` file along with quick fixes to help upgrading vulnerable modules.
+
+* `Govulncheck` analysis: this is based on the [`golang.org/x/vuln/cmd/govulncheck`](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck) tool, which is embedded in `gopls`. This provides a low-noise, reliable way to inspect known vulnerabilities. This only surfaces vulnerabilities that actually affect your code, based on which functions in your code are transitively calling vulnerable functions. This can be accessible by the `gopls` [`run_govulncheck`](settings.md#uicodelenses) code lens. The import-based analysis result also provides the `"Run govulncheck to verify"` option as a quick fix. 
+
+<div style="text-align: center;"><img src="images/vulncheck.gif" alt="Vulncheck">
+<em>Go: Toggle Vulncheck</em> <a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">(vulncheck.mp4)</a> </div>
+
+These features require _`gopls` v0.11.0 or newer_.
 
-Much like vet errors, lint errors can also be shown on save. This behavior is configurable through the [`"go.lintOnSave"`](settings.md#go.lintOnSave) setting.
+Please share your feedback at https://go.dev/s/vsc-vulncheck-feedback.
+Report a bug and feature request in [our issue tracker](https://github.com/golang/vscode-go/issues/new).
 
-The default lint tool is [`staticcheck`]. However, custom lint tools can be easily used instead by configuring the [`"go.lintTool"`](settings.md#go.lintTool) setting. [`golint`], [`golangci-lint`], and [`revive`] are also supported.
+**Notes and Caveats**
 
-For a complete overview of linter options, see the [documentation for diagnostic tools](tools.md#diagnostics).
+- The import-based analysis uses the list of packages in the workspace modules, which may be different from what you see from `go.mod` files if `go.work` or module `replace`/`exclude` is used.
+- The govulncheck analysis result can become stale as you modify code or the Go vulnerability database is updated. In order to invalidate the analysis results manually, use the [`"Reset go.mod diagnostics"`] codelens shown on the top of the `go.mod` file. Otherwise, the result will be automatically invalidated after an hour.
+- These features currently don't report vulnerabilities in the standard libraries or tool chains. We are still investigating UX on where to surface the findings and how to help users handle the issues.
+- The extension does not scan private packages nor send any information on private modules. All the analysis is done by pulling a list of known vulnerable modules from the Go vulnerability database and then computing the intersection locally.
 
 ## Run and test in the editor