[tools] internal/server: trigger vulncheck prompt for go.mod changes

2 views
Skip to first unread message

Ethan Lee (Gerrit)

unread,
Dec 2, 2025, 1:31:02 PM (14 hours ago) Dec 2
to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com

Ethan Lee uploaded new patchset

Ethan Lee uploaded patch set #3 to this change.
Open in Gerrit

Related details

Attention set is empty
Submit Requirements:
  • requirement is not satisfiedCode-Review
  • requirement satisfiedNo-Unresolved-Comments
  • requirement is not satisfiedReview-Enforcement
  • requirement is not satisfiedTryBots-Pass
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: newpatchset
Gerrit-Project: tools
Gerrit-Branch: master
Gerrit-Change-Id: If6f692bc825419dc4d10c997162bb755438f01b4
Gerrit-Change-Number: 722100
Gerrit-PatchSet: 3
Gerrit-Owner: Ethan Lee <etha...@google.com>
unsatisfied_requirement
satisfied_requirement
open
diffy

Robert Findley (Gerrit)

unread,
Dec 2, 2025, 5:50:30 PM (10 hours ago) Dec 2
to Ethan Lee, goph...@pubsubhelper.golang.org, Hongxiang Jiang, golang-co...@googlegroups.com
Attention needed from Ethan Lee and Hongxiang Jiang

Robert Findley added 1 comment

Patchset-level comments
File-level comment, Patchset 3 (Latest):
Robert Findley . resolved

Please let me know if you need my review for these, otherwise I will let Hongxiang review.

Open in Gerrit

Related details

Attention is currently required from:
  • Ethan Lee
  • Hongxiang Jiang
Submit Requirements:
  • requirement is not satisfiedCode-Review
  • requirement satisfiedNo-Unresolved-Comments
  • requirement is not satisfiedReview-Enforcement
  • requirement is not satisfiedTryBots-Pass
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: tools
Gerrit-Branch: master
Gerrit-Change-Id: If6f692bc825419dc4d10c997162bb755438f01b4
Gerrit-Change-Number: 722100
Gerrit-PatchSet: 3
Gerrit-Owner: Ethan Lee <etha...@google.com>
Gerrit-Reviewer: Hongxiang Jiang <hxj...@golang.org>
Gerrit-CC: Robert Findley <rfin...@google.com>
Gerrit-Attention: Hongxiang Jiang <hxj...@golang.org>
Gerrit-Attention: Ethan Lee <etha...@google.com>
Gerrit-Comment-Date: Tue, 02 Dec 2025 22:50:24 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
unsatisfied_requirement
satisfied_requirement
open
diffy

Hongxiang Jiang (Gerrit)

unread,
Dec 2, 2025, 11:57:02 PM (4 hours ago) Dec 2
to Ethan Lee, goph...@pubsubhelper.golang.org, Robert Findley, golang-co...@googlegroups.com
Attention needed from Ethan Lee

Hongxiang Jiang added 7 comments

Commit Message
Line 7, Patchset 3 (Latest):internal/server: trigger vulncheck prompt for go.mod changes
Hongxiang Jiang . unresolved

gopls/internal/server

File gopls/internal/server/vulncheck_prompt.go
Line 29, Patchset 3 (Latest):// computeGoModHash computes the SHA256 hash of the go.mod file's dependencies.
Hongxiang Jiang . unresolved

Let's mention the irrelevant file content is ignored. Only the important part related to dependency is considered when computing the hash.

Line 30, Patchset 3 (Latest):func computeGoModHash(modFile *modfile.File) (string, error) {
Hongxiang Jiang . unresolved

`file`. the type is clear enough.

Line 50, Patchset 3 (Latest):// showMessageRequest causes the client to show a prompt that the user can respond to.
Hongxiang Jiang . unresolved

There is another references in `gopls/internal/server/prompt.go` should we consolidate them? Like calling this function in `gopls/internal/server/prompt.go`?

Line 80, Patchset 3 (Latest):func (s *server) checkGoModDeps(ctx context.Context, change protocol.FileEvent, params *protocol.DidChangeWatchedFilesParams) {
Hongxiang Jiang . unresolved

What is the purpose of this `params` input? AFAIK, this parameter contains a list of protocol.FileEvent, I thought we only care about the one that is relevant to the go.mod file.

Let me know what you think.

Line 99, Patchset 3 (Latest): newContent, err := os.ReadFile(change.URI.Path())
Hongxiang Jiang . unresolved

This bring me another question, the vulncheck is executed based on the file written in disk, have we considered the case where the file is modified in buffer and have not written to disk?

Line 99, Patchset 3 (Latest): newContent, err := os.ReadFile(change.URI.Path())
Hongxiang Jiang . unresolved

Nit: we can re-organize the code to make cleaner, this allow us to focusing on the important part of the code. (Those variables that need to be calculated)

```
var newHash, oldHash ...

{
  // this block of code is to compute the new hash and old hash
}
if newHas != oldHash {
   ...
}
```
Open in Gerrit

Related details

Attention is currently required from:
  • Ethan Lee
Submit Requirements:
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    • requirement is not satisfiedTryBots-Pass
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: tools
    Gerrit-Branch: master
    Gerrit-Change-Id: If6f692bc825419dc4d10c997162bb755438f01b4
    Gerrit-Change-Number: 722100
    Gerrit-PatchSet: 3
    Gerrit-Owner: Ethan Lee <etha...@google.com>
    Gerrit-Reviewer: Hongxiang Jiang <hxj...@golang.org>
    Gerrit-CC: Robert Findley <rfin...@google.com>
    Gerrit-Attention: Ethan Lee <etha...@google.com>
    Gerrit-Comment-Date: Wed, 03 Dec 2025 04:56:55 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    unsatisfied_requirement
    open
    diffy
    Reply all
    Reply to author
    Forward
    0 new messages