1.2.0 deps explosion?

[blacktop]

diff --git a/go.mod b/go.mod
index dd30bb8..d1b8e17 100644
--- a/go.mod
+++ b/go.mod
@@ -12,25 +12,41 @@ require (
        github.com/blacktop/go-plist v1.0.0
        github.com/blacktop/lzss v0.1.1
        github.com/blacktop/ranger v1.0.3
+       github.com/coreos/bbolt v1.3.2 // indirect
+       github.com/coreos/etcd v3.3.13+incompatible // indirect
+       github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e // indirect
+       github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f // indirect
+       github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect
        github.com/dustin/go-humanize v1.0.0
        github.com/fatih/color v1.12.0 // indirect
        github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa
        github.com/gocolly/colly/v2 v2.1.0
+       github.com/gorilla/websocket v1.4.2 // indirect
+       github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 // indirect
+       github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
        github.com/hashicorp/go-version v1.3.0
        github.com/hinshun/vt10x v0.0.0-20180809195222-d55458df857c // indirect
        github.com/jinzhu/gorm v1.9.16
+       github.com/jonboulle/clockwork v0.1.0 // indirect
        github.com/kr/pty v1.1.8 // indirect
        github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
        github.com/mitchellh/go-homedir v1.1.0
+       github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
        github.com/olekukonko/tablewriter v0.0.5
        github.com/pkg/errors v0.9.1
-       github.com/spf13/cobra v1.1.3
+       github.com/prometheus/client_golang v0.9.3 // indirect
+       github.com/soheilhy/cmux v0.1.4 // indirect
+       github.com/spf13/cobra v1.2.0
        github.com/spf13/pflag v1.0.5
        github.com/spf13/viper v1.8.1
        github.com/therootcompany/xz v1.0.1
+       github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5 // indirect
        github.com/vbauerster/mpb/v5 v5.4.0
+       github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect
+       go.etcd.io/bbolt v1.3.2 // indirect
        golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e
        golang.org/x/net v0.0.0-20210614182718-04defd469f4e
        golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
        golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c
+       gopkg.in/resty.v1 v1.12.0 // indirect
 )

Why does upgrading a CLI lib to 1.2.0 include a database and SO much web stuff? 😱 🤮 Is this now a web-framework??

[umarcor]

That is because of spf13/viper, which is a dependency of the cobra CLI tool (not the library). See #1138 and #1240.

[jpmcb]

As @umarcor said, the dependencies aren't in a great state right now since the CLI tool and library are under a single go module. Closing this for now, but in the next release, we will re-visit splitting the modules up.

[jpmcb]

Also note that almost all of these dependencies are not directly used by the cobra CLI tool or the library. They are simply indirect dependencies related to dependencies in viper.

❯ cd cobra
❯ go mod why github.com/coreos/bbolt
# github.com/coreos/bbolt
(main module does not need package github.com/coreos/bbolt)

[liggitt]

I opened #1597 as a proposal for splitting the modules again to avoid those indirect dependencies in a way that avoids the problems of #1139