Update module github.com/spf13/cobra to v1

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
github.com/spf13/cobra	require	major	v0.0.7 -> v1.4.0

---

Release Notes

spf13/cobra

v1.4.0

Compare Source

Winter 2022 Release ❄️

Another season, another release!

Goodbye viper! 🐍 🚀

The core Cobra library no longer requires Viper and all of its indirect dependencies. This means that Cobra's dependency tree has been drastically thinned! The Viper dependency was included because of the cobra CLI generation tool. This tool has migrated to spf13/cobra-cli.

It's pretty unlikely you were importing and using the bootstrapping CLI tool as part of your application (after all, it's just a tool to get going with core cobra).

But if you were, replace occurrences of

"github.com/spf13/cobra/cobra"

with

"github.com/spf13/cobra-cli"

And in your go.mod, you'll want to also include this dependency:

github.com/spf13/cobra-cli v1.3.0

Again, the maintainers do not anticipate this being a breaking change to users of the core cobra library, so minimal work should be required for users to integrate with this new release. Moreover, this means the dependency tree for your application using Cobra should no longer require dependencies that were inherited from Viper. Huzzah! 🥳

If you'd like to read more

• issue: https://github.com/spf13/cobra/issues/1597
• PR: https://github.com/spf13/cobra/pull/1604

Documentation 📝

• Update Go Doc link and badge in README: https://github.com/spf13/cobra/pull/1593
• Fix to install command, now targets @latest: https://github.com/spf13/cobra/pull/1576
• Added MAINTAINERS file: https://github.com/spf13/cobra/pull/1545

Other 💭

• Bumped license year to 2022 in golden files: https://github.com/spf13/cobra/pull/1575
• Added Pixie to projects: https://github.com/spf13/cobra/pull/1581
• Updated labeler for new labeling scheme: https://github.com/spf13/cobra/pull/1613 & syntax fix: https://github.com/spf13/cobra/pull/1624

Shoutout to our awesome contributors helping to make this cobra release possible!!
@​spf13 @​marckhouzam @​johnSchnake @​jpmcb @​liggitt @​umarcor @​hiljusti @​marians @​shyim @​htroisi

v1.3.0

Compare Source

v1.3.0 - The Fall 2021 release 🍁

Completion fixes & enhancements 💇🏼

In v1.2.0, we introduced a new model for completions. Thanks to everyone for trying it, giving feedback, and providing numerous fixes! Continue to work with the new model as the old one (as noted in code comments) will be deprecated in a coming release.

• DisableFlagParsing now triggers custom completions for flag names #​1161
• Fixed unbound variables in bash completions causing edge case errors #​1321
• help completion formatting improvements & fixes #​1444
• All completions now follow the help example: short desc are now capitalized and removes extra spacing from long description #​1455
• Typo fixes in bash & zsh completions #​1459
• Fixed mixed tab/spaces indentation in completion scripts. Now just 4 spaces #​1473
• Support for different bash completion options. Bash completions v2 supports descriptions and requires descriptions to be removed for menu-complete, menu-complete-backward and insert-completions. These descriptions are now purposefully removed in support of this model. #​1509
• Fix for invalid shell completions when using ~/.cobra.yaml. Log message Using config file: ~/.cobra.yaml now printed to stderr #​1510
• Removes unnecessary trailing spaces from completion command descriptions #​1520
• Option to hide default completion command #​1541
• Remove __complete command for programs without subcommands #​1563

Generator changes ⚙️

Thanks to @​spf13 for providing a number of changes to the Cobra generator tool, streamlining it for new users!

• The Cobra generator now won't automatically include Viper and cleans up a number of unused imports when not using Viper.
• The Cobra generator's default license is now none
• The Cobra generator now works with Go modules
• Documentation to reflect these changes

New Features ⭐

• License can be specified by their SPDX identifiers #​1159
• MatchAll allows combining several PositionalArgs to work in concert. This now allows for enabling composing PositionalArgs #​896

Bug Fixes 🐛

• Fixed multiple error message from cobra init boilerplates #​1463 #​1552 #​1557

Testing 👀

• Now testing golang 1.16.x and 1.17.x in CI #​1425
• Fix for running diff test to ignore CR for windows #​949
• Added helper functions and reduced code reproduction in args_test #​1426
• Now using official golangci-lint github action #​1477

Security 🔏

• Added GitHub dependabot #​1427
• Now using Viper v1.10.0
  • There is a known CVE in an indirect dependency from viper: https://github.com/spf13/cobra/issues/1538. This will be patched in a future release

Documentation 📝

• Multiple projects added to the projects_using_cobra.md file: #​1377 #​1501 #​1454
• Removed ToC from main readme file as it is now automagically displayed by GitHub #​1429
• Documentation correct for when the --author flag is specified #​1009
• shell_completions.md has an easier to use snippet for copying and pasting shell completions #​1372

Other 💭

• Bump version of cpuguy83/go-md2man to v2.0.1 #​1460
• Removed lesser typo from the GPL-2.0 license #​880
• Fixed spelling errors #​1514

Thank you to all our amazing contributors ⭐🐍🚀

v1.2.1

Compare Source

Bug fixes

• Quickfix for https://github.com/spf13/cobra/issues/1437 after v1.2.0 where parallel use of the cmd.RegisterFlagCompletionFunc() (and subsequent map) now works correctly and flag completions now work again

v1.2.0

Compare Source

🌠 v1.2.0 - The completions release

Welcome to v1.2.0 of Cobra! This release focuses on code completions, several critical bug fixes, some documentation updates, and security bumps. Upgrading should be simple but note please take note of the introduction of completions V2 and their default use. The v1 completions library is still available, but will be deprecated in the future. Please open an issue with any problems!

---

New Features

• Automatically adds completion command for shell completions. If a completion command is already provided, uses that instead. This will automatically provide shell completions for bash, zsh, fish, and PowerShell https://github.com/spf13/cobra/pull/1192
  • Users can configure the command auto creation:
    • disable the creation of the completion command
    • disable completion descriptions
    • disable the --no-descriptions flag for "always on" completion descriptions
• Introduction of bash completions V2, a uniform completion approach which include completion descriptions. The V1 bash completions are still available and will be deprecated in a latter release - https://github.com/spf13/cobra/pull/1146
  • Note that projects providing completion through a different command name (say a command named "complete") will continue to use v1 for their own command but will also provide cobra's implicit "completion" command which will use v2, unless of course, these projects take the time to disable the default "completion" command as noted above.
• Commands now support context being passed to completions - https://github.com/spf13/cobra/pull/1265
  • An example can be found here: https://github.com/spf13/cobra/pull/1265#issuecomment-734551031
• Removed dependency onmitchellh/go-homedir in favor of core Go os.UserHomeDir() - spf13/cobra@8eaca5f

Bug Fixes

• Fix trailing whitespace not being handled in powershell completion scripts https://github.com/spf13/cobra/pull/1342
• Bash completion variable leak fix https://github.com/spf13/cobra/pull/1352
• Fish shell completions correctly ignore trailing empty lines https://github.com/spf13/cobra/pull/1284
• PowerShell completions fix for "no file comp directive" - https://github.com/spf13/cobra/pull/1363
• Custom completions now correctly handle multiple shorthand flags together - https://github.com/spf13/cobra/pull/1258
• zsh completions now correctly handle ShellDirectiveCompletionNoSpace and file completion all the time - https://github.com/spf13/cobra/pull/1213
• Multiple fixes / improvements to the fish shell support - https://github.com/spf13/cobra/pull/1249
• Fix home directory config not loading correctly - https://github.com/spf13/cobra/pull/1282
• Fix for RegisterFlagCompletionFunc as a global var not working in multi-threaded programs: https://github.com/spf13/cobra/pull/1423
• Custom completions correctly do not complete flags after args when interspersed is false #​1308

Testing

• Deprecated Travis CI. Now fully using Github Actions - spf13/cobra@d0f318d
• Added test cases and enhancements (thank you to everyone for taking the time to add tests to your PRs!)
• Shoutout to @​marckhouzam and @​Luap99 for their hard work on a cobra command completions testing library. Check out the repo here!

Security

• Bump viper to 1.8.1. This corrects several issues with vulnerabilities existing in the dependency tree - https://github.com/spf13/cobra/pull/1433

Other

• Add PR labeler with pull_request_target to enable tests to run from forks - https://github.com/spf13/cobra/pull/1338
• CI using MSYS2 windows machines pull latest - https://github.com/spf13/cobra/pull/1366
• Multiple small fixes to spelling / documentation - https://github.com/spf13/cobra/pull/1349 https://github.com/spf13/cobra/pull/1417 https://github.com/spf13/cobra/pull/1434

Thank you to all our amazing contributors 🐍🚀

v1.1.3

Compare Source

• Fix: release-branch.cobra1.1 only: Revert "Deprecate Go < 1.14" to maintain backward compatibility

v1.1.2

Compare Source

Notable Changes

• Bump license year to 2021 in golden files (#​1309) @​Bowbaq
• Enhance PowerShell completion with custom comp (#​1208) @​Luap99
• Update gopkg.in/yaml.v2 to v2.4.0: The previous breaking change in yaml.v2 v2.3.0 has been reverted, see go-yaml/yaml#​670
• Documentation readability improvements (#​1228 etc.) @​zaataylor etc.
• Use golangci-lint: Repair warnings and errors resulting from linting (#​1044) @​umarcor

v1.1.1

Compare Source

• Fix: yaml.v2 2.3.0 contained a unintended breaking change. This release reverts to yaml.v2 v2.2.8 which has recent critical CVE fixes, but does not have the breaking changes. See https://github.com/spf13/cobra/pull/1259 for context.
• Fix: correct internal formatting for go-md2man v2 (which caused man page generation to be broken). See https://github.com/spf13/cobra/issues/1049 for context.

v1.1.0

Compare Source

Notable Changes

• Extend Go completions and revamp zsh comp (#​1070)
• Fix man page doc generation - no auto generated tag when cmd.DisableAutoGenTag = true (#​1104)
• Add completion for help command (#​1136)
• Complete subcommands when TraverseChildren is set (#​1171)
• Fix stderr printing functions (#​894)
• fix: fish output redirection (#​1247)

v1.0.0

Compare Source

v1.0.0

Announcing v1.0.0 of Cobra. 🎉

Notable Changes

• Fish completion (including support for Go custom completion) @​marckhouzam
• API (urgent): Rename BashCompDirectives to ShellCompDirectives @​marckhouzam
• Remove/replace SetOutput on Command - deprecated @​jpmcb
• add support for autolabel stale PR @​xchapter7x
• Add Labeler Actions @​xchapter7x
• Custom completions coded in Go (instead of Bash) @​marckhouzam
• Partial Revert of #​922 @​jharshman
• Add Makefile to project @​jharshman
• Correct documentation for InOrStdin @​desponda
• Apply formatting to templates @​jharshman
• Revert change so help is printed on stdout again @​marckhouzam
• Update md2man to v2.0.0 @​pdf
• update viper to v1.4.0 @​umarcor
• Update cmd/root.go example in README.md @​jharshman

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by Mend Renovate. View repository job log here.

[ghost]

✅ Sider has resolved the errors or warnings via the commit ad4c853! See the analysis result for details.

---

You can turn off such notifications if unnecessary.

[h3poteto]

[Secret Scan] It may be dangerous to commit the AWS secret access key. (view)

AWS secret access key is an important credential that allows you to use AWS programmatically.
Once this leaks, an attacker can access and operate your AWS resources.

See also:

• https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html

Rule	Severity
sider.secrets.aws.secret_access_key	warning

You can close this issue if no need to fix it. Learn more.

I closed this issue. Reason:

• When this is not an AWS secret access key.

[h3poteto]

[Secret Scan] It may be dangerous to commit the AWS secret access key. (view)

AWS secret access key is an important credential that allows you to use AWS programmatically.
Once this leaks, an attacker can access and operate your AWS resources.

See also:

• https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html

Rule	Severity
sider.secrets.aws.secret_access_key	warning

You can close this issue if no need to fix it. Learn more.

I closed this issue. Reason:

• When this is not an AWS secret access key.

[h3poteto]

[Secret Scan] It may be dangerous to commit the AWS secret access key. (view)

AWS secret access key is an important credential that allows you to use AWS programmatically.
Once this leaks, an attacker can access and operate your AWS resources.

See also:

• https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html

Rule	Severity
sider.secrets.aws.secret_access_key	warning

You can close this issue if no need to fix it. Learn more.

I closed this issue. Reason:

• When this is not an AWS secret access key.