Update module github.com/spf13/cobra to v1.3.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
github.com/spf13/cobra	require	minor	v1.1.3 -> v1.3.0

---

Release Notes

spf13/cobra

v1.3.0

Compare Source

v1.3.0 - The Fall 2021 release 🍁

Completion fixes & enhancements 💇🏼

In v1.2.0, we introduced a new model for completions. Thanks to everyone for trying it, giving feedback, and providing numerous fixes! Continue to work with the new model as the old one (as noted in code comments) will be deprecated in a coming release.

• DisableFlagParsing now triggers custom completions for flag names #​1161
• Fixed unbound variables in bash completions causing edge case errors #​1321
• help completion formatting improvements & fixes #​1444
• All completions now follow the help example: short desc are now capitalized and removes extra spacing from long description #​1455
• Typo fixes in bash & zsh completions #​1459
• Fixed mixed tab/spaces indentation in completion scripts. Now just 4 spaces #​1473
• Support for different bash completion options. Bash completions v2 supports descriptions and requires descriptions to be removed for menu-complete, menu-complete-backward and insert-completions. These descriptions are now purposefully removed in support of this model. #​1509
• Fix for invalid shell completions when using ~/.cobra.yaml. Log message Using config file: ~/.cobra.yaml now printed to stderr #​1510
• Removes unnecessary trailing spaces from completion command descriptions #​1520
• Option to hid default completion command #​1541
• Remove __complete command for programs without subcommands #​1563

Generator changes ⚙️

Thanks to @​spf13 for providing a number of changes to the Cobra generator tool, streamlining it for new users!

• The Cobra generator now won't automatically include Viper and cleans up a number of unused imports when not using Viper.
• The Cobra generator's default license is now none
• The Cobra generator now works with Go modules
• Documentation to reflect these changes

New Features ⭐

• License can be specified by their SPDX identifiers #​1159
• MatchAll allows combining several PositionalArgs to work in concert. This now allows for enabling composing PositionalArgs #​896

Bug Fixes 🐛

• Fixed multiple error message from cobra init boilerplates #​1463 #​1552 #​1557

Testing 👀

• Now testing golang 1.16.x and 1.17.x in CI #​1425
• Fix for running diff test to ignore CR for windows #​949
• Added helper functions and reduced code reproduction in args_test #​1426
• Now using official golangci-lint github action #​1477

Security 🔏

• Added GitHub dependabot #​1427
• Now using Viper v1.10.0
  • There is a known CVE in an indirect dependency from viper: https://github.com/spf13/cobra/issues/1538. This will be patched in a future release

Documentation 📝

• Multiple projects added to the projects_using_cobra.md file: #​1377 #​1501 #​1454
• Removed ToC from main readme file as it is now automagically displayed by GitHub #​1429
• Documentation correct for when the --author flag is specified #​1009
• shell_completions.md has an easier to use snippet for copying and pasting shell completions #​1372

Other 💭

• Bump version of cpuguy83/go-md2man to v2.0.1 #​1460
• Removed lesser typo from the GPL-2.0 license #​880
• Fixed spelling errors #​1514

Thank you to all our amazing contributors ⭐🐍🚀

v1.2.1

Compare Source

Bug fixes

• Quickfix for https://github.com/spf13/cobra/issues/1437 after v1.2.0 where parallel use of the cmd.RegisterFlagCompletionFunc() (and subsequent map) now works correctly and flag completions now work again

v1.2.0

Compare Source

🌠 v1.2.0 - The completions release

Welcome to v1.2.0 of Cobra! This release focuses on code completions, several critical bug fixes, some documentation updates, and security bumps. Upgrading should be simple but note please take note of the introduction of completions V2 and their default use. The v1 completions library is still available, but will be deprecated in the future. Please open an issue with any problems!

---

New Features

• Automatically adds completion command for shell completions. If a completion command is already provided, uses that instead. This will automatically provide shell completions for bash, zsh, fish, and PowerShell https://github.com/spf13/cobra/pull/1192
  • Users can configure the command auto creation:
    • disable the creation of the completion command
    • disable completion descriptions
    • disable the --no-descriptions flag for "always on" completion descriptions
• Introduction of bash completions V2, a uniform completion approach which include completion descriptions. The V1 bash completions are still available and will be deprecated in a latter release - https://github.com/spf13/cobra/pull/1146
  • Note that projects providing completion through a different command name (say a command named "complete") will continue to use v1 for their own command but will also provide cobra's implicit "completion" command which will use v2, unless of course, these projects take the time to disable the default "completion" command as noted above.
• Commands now support context being passed to completions - https://github.com/spf13/cobra/pull/1265
  • An example can be found here: https://github.com/spf13/cobra/pull/1265#issuecomment-734551031
• Removed dependency onmitchellh/go-homedir in favor of core Go os.UserHomeDir() - spf13/cobra@8eaca5f

Bug Fixes

• Fix trailing whitespace not being handled in powershell completion scripts https://github.com/spf13/cobra/pull/1342
• Bash completion variable leak fix https://github.com/spf13/cobra/pull/1352
• Fish shell completions correctly ignore trailing empty lines https://github.com/spf13/cobra/pull/1284
• PowerShell completions fix for "no file comp directive" - https://github.com/spf13/cobra/pull/1363
• Custom completions now correctly handle multiple shorthand flags together - https://github.com/spf13/cobra/pull/1258
• zsh completions now correctly handle ShellDirectiveCompletionNoSpace and file completion all the time - https://github.com/spf13/cobra/pull/1213
• Multiple fixes / improvements to the fish shell support - https://github.com/spf13/cobra/pull/1249
• Fix home directory config not loading correctly - https://github.com/spf13/cobra/pull/1282
• Fix for RegisterFlagCompletionFunc as a global var not working in multi-threaded programs: https://github.com/spf13/cobra/pull/1423
• Custom completions correctly do not complete flags after args when interspersed is false #​1308

Testing

• Deprecated Travis CI. Now fully using Github Actions - spf13/cobra@d0f318d
• Added test cases and enhancements (thank you to everyone for taking the time to add tests to your PRs!)
• Shoutout to @​marckhouzam and @​Luap99 for their hard work on a cobra command completions testing library. Check out the repo here!

Security

• Bump viper to 1.8.1. This corrects several issues with vulnerabilities existing in the dependency tree - https://github.com/spf13/cobra/pull/1433

Other

• Add PR labeler with pull_request_target to enable tests to run from forks - https://github.com/spf13/cobra/pull/1338
• CI using MSYS2 windows machines pull latest - https://github.com/spf13/cobra/pull/1366
• Multiple small fixes to spelling / documentation - https://github.com/spf13/cobra/pull/1349 https://github.com/spf13/cobra/pull/1417 https://github.com/spf13/cobra/pull/1434

Thank you to all our amazing contributors 🐍🚀

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[h3poteto]

[Secret Scan] It may be dangerous to commit the AWS secret access key. (view)

AWS secret access key is an important credential that allows you to use AWS programmatically.
Once this leaks, an attacker can access and operate your AWS resources.

See also:

• https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html

Rule	Severity
sider.secrets.aws.secret_access_key	warning

You can close this issue if no need to fix it. Learn more.

I closed this issue. Reason:

• When this is not an AWS secret access key.

[h3poteto]

[Secret Scan] It may be dangerous to commit the AWS secret access key. (view)

AWS secret access key is an important credential that allows you to use AWS programmatically.
Once this leaks, an attacker can access and operate your AWS resources.

See also:

• https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html

Rule	Severity
sider.secrets.aws.secret_access_key	warning

You can close this issue if no need to fix it. Learn more.

I closed this issue. Reason:

• When this is not an AWS secret access key.

[h3poteto]

[Secret Scan] It may be dangerous to commit the AWS secret access key. (view)

AWS secret access key is an important credential that allows you to use AWS programmatically.
Once this leaks, an attacker can access and operate your AWS resources.

See also:

• https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html

Rule	Severity
sider.secrets.aws.secret_access_key	warning

You can close this issue if no need to fix it. Learn more.

I closed this issue. Reason:

• When this is not an AWS secret access key.