Merge branch 'main' into svanburen/lsp-edition-2024

Author: stefanvanburen

.gitattributes

@@ -9,3 +9,7 @@
 **/corpus/** linguist-generated=true
 **/usage.gen.go linguist-generated=true
 /private/gen/** linguist-generated=true
+
+# Use union merge for CHANGELOG to avoid conflicts when multiple branches
+# add entries under [Unreleased]
+CHANGELOG.md merge=union

.github/workflows/back-to-development.yaml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Get GitHub app token
-        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
         id: app_token
         with:
           app-id: ${{ env.APP_ID }}

.github/workflows/build-and-draft-release.yaml

@@ -20,7 +20,7 @@ jobs:
           VERSION="${{ github.event.inputs.version || github.head_ref}}"
           echo "VERSION=${VERSION##*/v}" >> $GITHUB_ENV
       - name: Get GitHub app token
-        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
         id: app_token
         with:
           app-id: ${{ env.APP_ID }}

.github/workflows/create-release-pr.yaml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Get GitHub app token
-        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
         id: app_token
         with:
           app-id: ${{ env.APP_ID }}

.github/workflows/make-upgrade.yaml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Get GitHub app token
-        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
         id: app_token
         with:
           app-id: ${{ env.APP_ID }}

.golangci.yml

@@ -51,7 +51,7 @@ linters:
       forbid:
         # Use private/pkg/thread.Parallelize
         - pattern: ^errgroup\.
-        # Use private/pkg/standard/xos/xexec
+        # Use buf.build/go/standard/xos/xexec
         - pattern: ^exec\.Cmd$
         - pattern: ^exec\.Command$
         - pattern: ^exec\.CommandContext$
@@ -132,11 +132,6 @@ linters:
         # This is a legacy usage of os.Getwd we're not bothering to port yet.
         path: cmd/buf/internal/command/alpha/protoc/protoc_test.go
         text: os.Getwd
-      - linters:
-          - dogsled
-        # One function call doesn't care about most of the returned destructured values. The
-        # dogsled linter complains about it. (Value of this linter is unclear...)
-        path: cmd/buf/internal/command/curl/curl.go
       - linters:
           - forbidigo
         # This is a legacy usage of os.Getwd we're not bothering to port yet.
@@ -153,11 +148,6 @@ linters:
         # trip this off.
         path: private/buf/bufcli/env.go
         text: "G101:"
-      - linters:
-          - gosec
-        # G404 checks for use of the ordinary non-CPRNG.
-        path: private/buf/buflsp/progress.go
-        text: "G404:"
       - linters:
           - gosec
         # G115 checks for use of truncating conversions.
@@ -173,11 +163,6 @@ linters:
         # G115 checks for use of truncating conversions.
         path: private/buf/buflsp/image.go
         text: "G115:"
-      - linters:
-          - gosec
-        # G115 checks for use of truncating conversions.
-        path: private/buf/buflsp/report.go
-        text: "G115:"
       - linters:
           - gosec
         # G115 checks for use of truncating conversions.
@@ -213,6 +198,16 @@ linters:
         # G115 checks for use of truncating conversions.
         path: private/buf/buflsp/organize_imports.go
         text: "G115:"
+      - linters:
+          - gosec
+        # G115 checks for use of truncating conversions.
+        path: private/buf/buflsp/buf_yaml.go
+        text: "G115:"
+      - linters:
+          - gosec
+        # G115 checks for use of truncating conversions.
+        path: private/buf/buflsp/buf_yaml_hover.go
+        text: "G115:"
       - linters:
           - containedctx
         # Type must implement an interface whose methods do not accept context. But this
@@ -224,6 +219,11 @@ linters:
         # We verify manually so that we can emit verbose output while doing so.
         path: private/buf/bufcurl/tls.go
         text: "G402:"
+      - linters:
+          - gosec
+        # InsecureSkipVerify mirrors the value of the --insecure flag chosen by the user.
+        path: cmd/buf/internal/command/curl/curl.go
+        text: "G402:"
       - linters:
           - paralleltest
         # This test shouldn't run in parallel as it needs osext.Getwd.
@@ -262,43 +262,16 @@ linters:
           - containedctx
         # we actually want to embed a context here
         path: private/bufpkg/bufmodule/module_set_builder.go
-      - linters:
-          - containedctx
-        # we actually want to embed a context here
-        path: private/pkg/standard/xos/xexec/process.go
       - linters:
           - gochecknoinits
         # we actually want to use init here
         path: private/bufpkg/bufmodule/paths.go
-      - linters:
-          - forbidigo
-        # we want to use errgroup here
-        path: private/bufpkg/bufremoteplugin/bufremoteplugindocker/docker.go
-        text: use of `errgroup
-      - linters:
-          - forbidigo
-        # this is one of two files we want to allow exec.Cmd functions in
-        path: private/pkg/standard/xos/xexec/xexec.go
-      - linters:
-          - forbidigo
-        # this is one of two files we want to allow exec.Cmd functions in
-        path: private/pkg/standard/xos/xexec/process.go
-      - linters:
-          - gosec
-        # G204 checks that exec.Command is not called with non-constants.
-        path: private/pkg/standard/xos/xexec/xexec.go
-        text: "G204:"
       - linters:
           - gosec
         # We should be able to use net/http/cgi in a unit test, in addition the CVE mentions
         # only versions of go < 1.6.3 are affected.
         path: private/pkg/git/git_test.go
         text: "G504:"
-      - linters:
-          - wastedassign
-        # netrc/internal is a library largely copied in from an external repository with attribution.
-        # We try to make minimal edits.
-        path: private/pkg/netrc/internal/internal.go
       - linters:
           - forbidigo
         # We cache os.Getwd in osext, osext is the entrypoint.
@@ -309,23 +282,11 @@ linters:
         # We cache os.Getwd in osext, osext has a Chdir that clears the cache.
         path: private/pkg/osext/osext.go
         text: os.Chdir
-      - linters:
-          - forbidigo
-        # We're going to move xfilepath out.
-        path: private/pkg/standard/xpath/xfilepath/xfilepath.go
-        text: os.Getwd
       - linters:
           - gochecknoinits
         # protoencoding calls detrand.Disable via go:linkname and and init function. See the comments
         # in the file for more details.
         path: private/pkg/protoencoding/detrand.go
-      - linters:
-          - errcheck
-        # headers.go has casts with values from contexts that should fail if there
-        # is no error, but it would be very unidiomatic to return an error from
-        # the functions that do these casts, and we completely control the
-        # context values within this file
-        path: private/pkg/rpc/headers.go
       - linters:
           - forbidigo
         # we use os.Rename here to rename files in the same directory
@@ -337,37 +298,18 @@ linters:
         # connCtx is cancelled when the connection is done; the context lifetime is
         # tied to the struct, not passed per-call.
         path: private/buf/buflsp/buflsp.go
-      - linters:
-          - containedctx
-        # we actually want to embed a context here
-        path: private/pkg/transport/grpc/grpcclient/client_conn_provider.go
       - linters:
           - forbidigo
         # we actually want to use errgroup when starting an HTTP server
         path: private/pkg/transport/http/httpserver/httpserver.go
       - linters:
           - staticcheck
         text: "ST1005:"
-      - linters:
-          - gochecknoinits
-        # we actually want to use this init
-        path: private/usage/usage.go
-      - linters:
-          - staticcheck
-        # We deprecated all the definitions in plugin.proto but we still implement them.
-        text: buf/alpha/registry/v1alpha1/plugin.proto is marked as deprecated
-      - linters:
-          - staticcheck
-        # We deprecated all the definitions in generate.proto but we still implement them.
-        text: buf/alpha/registry/v1alpha1/generate.proto is marked as deprecated
       - linters:
           - staticcheck
         # This greatly simplifies creation of descriptors, and it's safe enough since
         # it's just test code.
         text: GetDeprecatedLegacyJsonFieldConflicts is deprecated
-      - linters:
-          - forcetypeassert
-        path: private/bufpkg/bufimage/source_retention_options_test\.go
       - linters:
           - paralleltest
         # The LsModules tests call chdir and cannot be parallelized.
@@ -476,18 +418,67 @@ linters:
         # to set the source path for the location, this operation should be safe.
         path: private/bufpkg/bufcheck/bufcheckserver/internal/buflintvalidate/predefined_rules.go
         text: "G115:"
-      - linters:
-          - govet
-        # We print command.Short to markdown, which is controlled and set by each command
-        # and should be considered safe.
-        path: private/bufpkg/bufcobra/markdown.go
-        text: "printf: non-constant format string in call to p"
       - linters:
           - gosec
         # This converts slice indexes in a FileDescriptorProto to int32,
         # which are not an actual risk of overflow.
         path: private/bufpkg/bufimage/bufimageutil/image_filter.go
         text: "G115:"
+      - linters:
+          - gosec
+        # G115: int32->uint32 reinterpretation (same width, no data loss) passed
+        # to binary.LittleEndian.PutUint32 to encode protobuf source path elements
+        # as a byte-string map key. gosec flags same-width signed->unsigned casts.
+        path: private/bufpkg/bufimage/bufimagemodify/internal/marksweeper.go
+        text: "G115:"
+      - linters:
+          - gosec
+        # G115: same int32->uint32 reinterpretation as marksweeper.go above.
+        path: private/bufpkg/bufprotosource/location_store.go
+        text: "G115:"
+      - linters:
+          - gosec
+        # G115: uintptr->int conversion for passing a terminal file descriptor
+        # to term.IsTerminal/term.ReadPassword, which require int. Safe on all
+        # supported platforms; fd values fit in int.
+        path: private/buf/bufcli/prompt.go
+        text: "G115:"
+      - linters:
+          - gosec
+        # G115: uintptr->int conversion to pass a writer's file descriptor to
+        # term.IsTerminal. Safe on all supported platforms.
+        path: private/pkg/slogapp/console.go
+        text: "G115:"
+      - linters:
+          - gosec
+        # G602: false positive — the loop index i is bounded by the length of
+        # both slices, which are verified equal before the loop.
+        path: private/bufpkg/bufimage/build_image_test.go
+        text: "G602:"
+      - linters:
+          - gosec
+        # G602: false positive — the loop index i is bounded by the length of
+        # both slices, which are verified equal before the loop.
+        path: private/pkg/slogapp/console_test.go
+        text: "G602:"
+      - linters:
+          - gosec
+        # G117: the Password field is intentionally marshaled — this struct
+        # exists specifically to encode Docker registry credentials for the
+        # X-Registry-Auth header.
+        path: private/bufpkg/bufremoteplugin/bufremoteplugindocker/registry_auth_config.go
+        text: "G117:"
+      - linters:
+          - gosec
+        # G117: test for registry_auth_config.go; same reasoning as above.
+        path: private/bufpkg/bufremoteplugin/bufremoteplugindocker/registry_auth_config_test.go
+        text: "G117:"
+      - linters:
+          - gosec
+        # G703: the filename comes from walking the filesystem with os.Stat,
+        # not from user input, so path traversal is not a realistic risk here.
+        path: private/pkg/licenseheader/cmd/license-header/main.go
+        text: "G703:"
 
 issues:
   max-same-issues: 0

CHANGELOG.md

@@ -2,9 +2,24 @@
 
 ## [Unreleased]
 
+- Add LSP document links for `buf.yaml` dep entries, making each dependency a clickable link to its BSR module page.
+- Add LSP code lenses for `buf.yaml` files to update all dependencies (`buf.dep.updateAll`) or check for available updates (`buf.dep.checkUpdates`).
+- Improve shell completions for `buf` flags with fixed value sets and file/directory arguments.
+- Add `buf curl` URL path shell completions (service and method names) via
+  server reflection, `--schema`, or the local buf module.
+- Add support for Edition 2024 syntax to `buf format`.
+- Fix `buf generate --clean` deleting files from nested plugin output directories.
+
+## [v1.67.0] - 2026-04-01
+
+- Fix LSP not skipping `buf.build/docs` links for lint rules from check plugins and policies.
+- Fix `buf dep graph --format json` silently dropping dependencies when a dependency was already seen.
 - Add support for `--rbs_out` as a `protoc_builtin` plugin (requires protoc v34.0+).
 - Add relevant links from CEL LSP hover documentation to either <celbyexample.com> or <protovalidate.com>
+- Add OpenBSD and FreeBSD release binaries for amd64 and arm64.
 - Skip writing unchanged output files in `buf generate` to preserve modification times
+- Update `buf beta registry plugin delete` to prompt the user for deletion, matching the UX of the other deletion commands.
+  Use `--force` to restore the old behavior.
 
 ## [v1.66.1] - 2026-03-09
 
@@ -1502,7 +1517,8 @@ buf check breaking proto --against .git#branch=master,subdir=proto
 
 Initial beta release.
 
-[Unreleased]: https://github.com/bufbuild/buf/compare/v1.66.1...HEAD
+[Unreleased]: https://github.com/bufbuild/buf/compare/v1.67.0...HEAD
+[v1.67.0]: https://github.com/bufbuild/buf/compare/v1.66.1...v1.67.0
 [v1.66.1]: https://github.com/bufbuild/buf/compare/v1.66.0...v1.66.1
 [v1.66.0]: https://github.com/bufbuild/buf/compare/v1.65.0...v1.66.0
 [v1.65.0]: https://github.com/bufbuild/buf/compare/v1.64.0...v1.65.0

README.md

@@ -1,4 +1,4 @@
-![The Buf logo](./.github/buf-logo.svg)
+![The Buf logo](https://raw.githubusercontent.com/bufbuild/buf/main/.github/buf-logo.svg)
 
 # Buf
 
@@ -102,14 +102,14 @@ After completing the tour, check out the remainder of the [docs] for your specif
 
 The following is a breakdown of the binaries by CPU architecture and operating system available through our [releases]:
 
-|  | Linux | MacOS | Windows |
-| --- | --- | --- | --- |
-| x86 (64-bit) | ✅ | ✅ | ✅ |
-| ARM (64-bit) | ✅ | ✅ | ✅ |
-| ARMv7 (32-bit) | ✅ | ❌ | ❌ |
-| RISC-V (64-bit) | ✅ | ❌ | ❌ |
-| ppc64le | ✅ | ❌ | ❌ |
-| s390x | ✅ | ❌ | ❌ |
+|  | Linux | MacOS | Windows | OpenBSD | FreeBSD |
+| --- | --- | --- | --- | --- | --- |
+| x86 (64-bit) | ✅ | ✅ | ✅ | ✅ | ✅ |
+| ARM (64-bit) | ✅ | ✅ | ✅ | ✅ | ✅ |
+| ARMv7 (32-bit) | ✅ | ❌ | ❌ | ❌ | ❌ |
+| RISC-V (64-bit) | ✅ | ❌ | ❌ | ❌ | ❌ |
+| ppc64le | ✅ | ❌ | ❌ | ❌ | ❌ |
+| s390x | ✅ | ❌ | ❌ | ❌ | ❌ |
 
 ## Community
 

cmd/buf/buf.go

@@ -462,7 +462,14 @@ func newRootCommand(name string) *appcmd.Command {
 		},
 		ModifyCobra: func(cobraCommand *cobra.Command) error {
 			cobraCommand.AddCommand(bufcobra.NewWebpagesCommand("webpages", cobraCommand))
-			return nil
+			return cobraCommand.RegisterFlagCompletionFunc(
+				"log-format",
+				cobra.FixedCompletions([]string{
+					appext.LogFormatText.String(),
+					appext.LogFormatColor.String(),
+					appext.LogFormatJSON.String(),
+				}, cobra.ShellCompDirectiveNoFileComp|cobra.ShellCompDirectiveKeepOrder),
+			)
 		},
 	}
 }

cmd/buf/internal/command/alpha/protoc/protoc.go

@@ -219,7 +219,7 @@ func run(
 				return err
 			}
 		}
-		if err := responseWriter.Close(); err != nil {
+		if err := responseWriter.Close(ctx); err != nil {
 			return err
 		}
 		return nil