Bump the extractor-dependencies group in /go/extractor with 2 updates

[dependabot]

Bumps the extractor-dependencies group in /go/extractor with 2 updates: golang.org/x/mod and golang.org/x/tools.

Updates golang.org/x/mod from 0.14.0 to 0.16.0

Commits

• 766dc5d modfile: use new go version string format in WorkFile.add error
• fa1ba42 sumdb: replace globsMatchPath with module.MatchPrefixPatterns
• See full diff in compare view

Updates golang.org/x/tools from 0.15.0 to 0.19.0

Release notes

Sourced from golang.org/x/tools's releases.

gopls/v0.15.2

This release fixes the following regressions in gopls@v0.15.0+.

• golang/go#66109: a crash when encountering a test file excluded via build tags, which also contained an invalid import of a main package. This could occur in a tools_test.go file implementing the common pattern for tool dependencies.
• golang/go#66145: spurious import errors in multi-root workspaces. In some scenarios, the new zero-config logic added in gopls@v0.15.0 resulted in inaccurate errors about missing imports. This could occur when module A has a local replace of module B, and A and B are open as a separate workspace folders.
• golang/go#66195: a crash when working on modules with a go directive of the form go a.b.c, when gopls was compiled with Go 1.20 or earlier.
• golang/go#66090: a crash when SignatureHelp is cancelled (found via telemetry)
• golang/go#66250: a crash in references when one of the package files is missing a package declaration (found via telemetry)

These last two crashes are worth highlighting. Both were found via the (off by default) automated crash reporting added in gopls@v0.15.0. Both were unlikely to get reported via GitHub issues, because they won't happen frequently enough for most LSP clients to notify the user. This is a perfect example of how telemetry can help us deliver a more reliable product than would be possible without automated reporting.

gopls/v0.15.1

This release fixes golang/go#65952, a crash in document highlighting when the cursor is in a return value for a function that has no results, such as the following example:

func f() { // <-- no results
   return 0| // <-- cursor at '|'
}

Thanks very much to @​patrickpichler who both reported and fixed this bug!

We're hopeful that once Go 1.23 is released, the opt-in automated crash reporting added in gopls v0.15.0 will increase the likelihood that these types of crashes are caught before they are released.

Commits

• 7656c4c go.mod: update golang.org/x dependencies
• 5bf7d00 cmd/callgraph: add 'posn' template helper
• 283fce2 x/tools: drop go1.18 support
• 7f348c7 internal/versions: updates the meaning of FileVersions.
• 38b0e9b x/tools: add explicit Unalias operations
• a6c03c8 x/tools: update telemetry import (new Start API)
• 1f7dbdf gopls/internal/cache: add debug assertions for bug report
• 4d4e802 gopls/doc: address additional comments on workspace.md
• abe5874 gopls/internal/analysis: add fill switch cases code action
• fc70354 gopls/internal/test: add test for NPE in control flow highlighting
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Dependabot tried to add @jorgectf/codeql-go as a reviewer to this PR, but received the following error from GitHub:

POST https://api.github.com/repos/jorgectf/codeql/pulls/94/requested_reviewers: 422 - Reviews may only be requested from collaborators. One or more of the teams you specified is not a collaborator of the jorgectf/codeql repository. // See: https://docs.github.com/rest/pulls/review-requests#request-reviewers-for-a-pull-request

[dependabot]

Superseded by #95.