Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade viper to remove CVE found in indeirect dependencies #1538

Closed
cboitel opened this issue Nov 19, 2021 · 7 comments
Closed

Upgrade viper to remove CVE found in indeirect dependencies #1538

cboitel opened this issue Nov 19, 2021 · 7 comments
Labels
kind/upstream Go modules cobra depends on

Comments

@cboitel
Copy link

cboitel commented Nov 19, 2021

This project references viper 1.8.1 which was direct using github.com/bketelsen/crypt v0.0.4 which was imported older versions leading to import github.com/miekg/dns v1.0.14 which suffers a CVE fixed since version 1.1.25 (latest version is v1.1.43).

Upgrading to viper 1.9.0 would remove the dependency to github.com/bketelsen/crypt and the indirectly imported dns module version suffering the CVE.

@jpmcb
Copy link
Collaborator

jpmcb commented Dec 8, 2021

Closed by dependabot #1554

@jpmcb jpmcb closed this as completed Dec 8, 2021
@umarcor
Copy link
Contributor

umarcor commented Dec 8, 2021

Actually, not fixed. viper 1.9.0 does still depend on github.com/miekg/dns v1.0.14. See https://github.com/spf13/cobra/blob/master/go.sum#L207 and #1539. We need viper maintainers to publish a new release in order to fix this issue. That's why #1539 is a draft.

@cboitel
Copy link
Author

cboitel commented Dec 9, 2021

By closing this issue, you send a message "security isn't an issue in this project and anyone concerned by it shouldn't rely on us".

I wouldn't close issue unless you really mean to leave your product with an embedded CVE from dependencies you reference and use to provide. If so, we would all know that this project is not worth relying on since security isn't a concern.

I was expecting to open issues at projects used to request fixes and bump the newer version when ready. At last, if some dependency does not intend to fix the issue, you should remove it by using another one or fork/fix it.

I did open an issue at viper: spf13/viper#1257

@jpmcb jpmcb reopened this Dec 9, 2021
@jpmcb
Copy link
Collaborator

jpmcb commented Dec 9, 2021

Thanks for the heads up! Jumped the gun here!! Now that we have dependabot enabled, we should get that upgrade as soon as Viper pushes a new release.

gcf-merge-on-green bot referenced this issue in googleapis/gapic-showcase Dec 14, 2021
[![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/spf13/cobra](https://github.com/spf13/cobra) | require | minor | `v1.2.1` -> `v1.3.0` |

---

### Release Notes

<details>
<summary>spf13/cobra</summary>

### [`v1.3.0`](https://github.com/spf13/cobra/releases/v1.3.0)

[Compare Source](https://github.com/spf13/cobra/compare/v1.2.1...v1.3.0)

### v1.3.0 - The Fall 2021 release 🍁

#### Completion fixes & enhancements 💇🏼

In `v1.2.0`, we introduced a new model for completions. Thanks to everyone for trying it, giving feedback, and providing numerous fixes! Continue to work with the new model as the old one (as noted in code comments) will be deprecated in a coming release.

-   `DisableFlagParsing` now triggers custom completions for flag names [#&#8203;1161](https://github.com/spf13/cobra/issues/1161)
-   Fixed unbound variables in bash completions causing edge case errors [#&#8203;1321](https://github.com/spf13/cobra/issues/1321)
-   `help` completion formatting improvements & fixes [#&#8203;1444](https://github.com/spf13/cobra/issues/1444)
-   All completions now follow the `help` example: short desc are now capitalized and removes extra spacing from long description [#&#8203;1455](https://github.com/spf13/cobra/issues/1455)
-   Typo fixes in bash & zsh completions [#&#8203;1459](https://github.com/spf13/cobra/issues/1459)
-   Fixed mixed tab/spaces indentation in completion scripts. Now just 4 spaces [#&#8203;1473](https://github.com/spf13/cobra/issues/1473)
-   Support for different bash completion options. Bash completions v2 supports descriptions and requires descriptions to be removed for `menu-complete`, `menu-complete-backward` and `insert-completions`. These descriptions are now purposefully removed in support of this model. [#&#8203;1509](https://github.com/spf13/cobra/issues/1509)
-   Fix for invalid shell completions when using `~/.cobra.yaml`. Log message `Using config file: ~/.cobra.yaml` now printed to stderr [#&#8203;1510](https://github.com/spf13/cobra/issues/1510)
-   Removes unnecessary trailing spaces from completion command descriptions [#&#8203;1520](https://github.com/spf13/cobra/issues/1520)
-   Option to hid default `completion` command [#&#8203;1541](https://github.com/spf13/cobra/issues/1541)
-   Remove `__complete` command for programs without subcommands [#&#8203;1563](https://github.com/spf13/cobra/issues/1563)

#### Generator changes ⚙️

Thanks to [@&#8203;spf13](https://github.com/spf13) for providing a number of changes to the Cobra generator tool, streamlining it for new users!

-   The Cobra generator now *won't* automatically include Viper and cleans up a number of unused imports when not using Viper.
-   The Cobra generator's default license is now `none`
-   The Cobra generator now works with Go modules
-   Documentation to reflect these changes

#### New Features ⭐

-   License can be specified by their SPDX identifiers [#&#8203;1159](https://github.com/spf13/cobra/issues/1159)
-   `MatchAll` allows combining several PositionalArgs to work in concert. This now allows for enabling composing `PositionalArgs` [#&#8203;896](https://github.com/spf13/cobra/issues/896)

#### Bug Fixes 🐛

-   Fixed multiple error message from cobra `init` boilerplates [#&#8203;1463](https://github.com/spf13/cobra/issues/1463) [#&#8203;1552](https://github.com/spf13/cobra/issues/1552) [#&#8203;1557](https://github.com/spf13/cobra/issues/1557)

#### Testing 👀

-   Now testing golang 1.16.x and 1.17.x in CI [#&#8203;1425](https://github.com/spf13/cobra/issues/1425)
-   Fix for running diff test to ignore CR for windows [#&#8203;949](https://github.com/spf13/cobra/issues/949)
-   Added helper functions and reduced code reproduction in `args_test` [#&#8203;1426](https://github.com/spf13/cobra/issues/1426)
-   Now using official `golangci-lint` github action [#&#8203;1477](https://github.com/spf13/cobra/issues/1477)

#### Security 🔏

-   Added GitHub dependabot [#&#8203;1427](https://github.com/spf13/cobra/issues/1427)
-   Now using Viper `v1.10.0`
    -   There is a known CVE in an *indirect* dependency from `viper`: [https://github.com/spf13/cobra/issues/1538](https://github.com/spf13/cobra/issues/1538). This will be patched in a future release

#### Documentation 📝

-   Multiple projects added to the `projects_using_cobra.md` file: [#&#8203;1377](https://github.com/spf13/cobra/issues/1377) [#&#8203;1501](https://github.com/spf13/cobra/issues/1501) [#&#8203;1454](https://github.com/spf13/cobra/issues/1454)
-   Removed ToC from main readme file as it is now automagically displayed by GitHub [#&#8203;1429](https://github.com/spf13/cobra/issues/1429)
-   Documentation correct for when the `--author` flag is specified [#&#8203;1009](https://github.com/spf13/cobra/issues/1009)
-   `shell_completions.md` has an easier to use snippet for copying and pasting shell completions [#&#8203;1372](https://github.com/spf13/cobra/issues/1372)

#### Other 💭

-   Bump version of  `cpuguy83/go-md2man` to v2.0.1 [#&#8203;1460](https://github.com/spf13/cobra/issues/1460)
-   Removed `lesser` typo from the GPL-2.0 license [#&#8203;880](https://github.com/spf13/cobra/issues/880)
-   Fixed spelling errors [#&#8203;1514](https://github.com/spf13/cobra/issues/1514)

*Thank you to all our amazing contributors* ⭐🐍🚀

</details>

---

### Configuration

📅 **Schedule**: At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/gapic-showcase).
@github-actions
Copy link

github-actions bot commented Feb 8, 2022

This issue is being marked as stale due to a long period of inactivity

@cboitel
Copy link
Author

cboitel commented Feb 9, 2022

Bumping so issue doesn't get closed too early

@jpmcb
Copy link
Collaborator

jpmcb commented Apr 8, 2022

Viper dependency was removed as part of a wider effort to reduce cobra's dependency surface. The cobra-cli is now at https://github.com/spf13/cobra-cli

Ref: #1597

Go mod ref:

cobra/go.mod

Lines 5 to 10 in 9d15fe6

require (
github.com/cpuguy83/go-md2man/v2 v2.0.1
github.com/inconshreveable/mousetrap v1.0.0
github.com/spf13/pflag v1.0.5
gopkg.in/yaml.v2 v2.4.0
)

@jpmcb jpmcb closed this as completed Apr 8, 2022
gcf-merge-on-green bot referenced this issue in GoogleCloudPlatform/alloydb-auth-proxy May 18, 2022
[![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/spf13/cobra](https://github.com/spf13/cobra) | require | minor | `v1.2.1` -> `v1.4.0` |

---

### Release Notes

<details>
<summary>spf13/cobra</summary>

### [`v1.4.0`](https://github.com/spf13/cobra/releases/v1.4.0)

[Compare Source](https://github.com/spf13/cobra/compare/v1.3.0...v1.4.0)

### Winter 2022 Release ❄️

Another season, another release!

#### Goodbye viper! 🐍 🚀

The core Cobra library no longer requires Viper and all of its indirect dependencies. This means that Cobra's dependency tree has been drastically thinned! The Viper dependency was included because of the `cobra` CLI generation tool. [This tool has migrated to `spf13/cobra-cli`](https://github.com/spf13/cobra-cli/releases/tag/v1.3.0).

It's *pretty unlikely* you were importing and using **the bootstrapping CLI tool** as part of your application (after all, it's just a tool to get going with core `cobra`).

But if you were, replace occurrences of

    "github.com/spf13/cobra/cobra"

with

    "github.com/spf13/cobra-cli"

And in your `go.mod`, you'll want to also include this dependency:

    github.com/spf13/cobra-cli v1.3.0

Again, the maintainers *do not anticipate* this being a breaking change to users of the core `cobra` library, so minimal work should be required for users to integrate with this new release. Moreover, this means the dependency tree for your application using Cobra should no longer require dependencies that were inherited from Viper. Huzzah! 🥳

If you'd like to read more

-   issue: [https://github.com/spf13/cobra/issues/1597](https://github.com/spf13/cobra/issues/1597)
-   PR: [https://github.com/spf13/cobra/pull/1604](https://github.com/spf13/cobra/pull/1604)

#### Documentation 📝

-   Update Go Doc link and badge in README: [https://github.com/spf13/cobra/pull/1593](https://github.com/spf13/cobra/pull/1593)
-   Fix to install command, now targets `@latest`: [https://github.com/spf13/cobra/pull/1576](https://github.com/spf13/cobra/pull/1576)
-   Added MAINTAINERS file: [https://github.com/spf13/cobra/pull/1545](https://github.com/spf13/cobra/pull/1545)

#### Other 💭

-   Bumped license year to 2022 in golden files: [https://github.com/spf13/cobra/pull/1575](https://github.com/spf13/cobra/pull/1575)
-   Added Pixie to projects: [https://github.com/spf13/cobra/pull/1581](https://github.com/spf13/cobra/pull/1581)
-   Updated labeler for new labeling scheme: [https://github.com/spf13/cobra/pull/1613](https://github.com/spf13/cobra/pull/1613) & syntax fix: [https://github.com/spf13/cobra/pull/1624](https://github.com/spf13/cobra/pull/1624)

Shoutout to our awesome contributors helping to make this cobra release possible!!
[@&#8203;spf13](https://github.com/spf13) [@&#8203;marckhouzam](https://github.com/marckhouzam) [@&#8203;johnSchnake](https://github.com/johnSchnake) [@&#8203;jpmcb](https://github.com/jpmcb) [@&#8203;liggitt](https://github.com/liggitt) [@&#8203;umarcor](https://github.com/umarcor) [@&#8203;hiljusti](https://github.com/hiljusti) [@&#8203;marians](https://github.com/marians) [@&#8203;shyim](https://github.com/shyim) [@&#8203;htroisi](https://github.com/htroisi)

### [`v1.3.0`](https://github.com/spf13/cobra/releases/v1.3.0)

[Compare Source](https://github.com/spf13/cobra/compare/v1.2.1...v1.3.0)

### v1.3.0 - The Fall 2021 release 🍁

#### Completion fixes & enhancements 💇🏼

In `v1.2.0`, we introduced a new model for completions. Thanks to everyone for trying it, giving feedback, and providing numerous fixes! Continue to work with the new model as the old one (as noted in code comments) will be deprecated in a coming release.

-   `DisableFlagParsing` now triggers custom completions for flag names [#&#8203;1161](https://github.com/spf13/cobra/issues/1161)
-   Fixed unbound variables in bash completions causing edge case errors [#&#8203;1321](https://github.com/spf13/cobra/issues/1321)
-   `help` completion formatting improvements & fixes [#&#8203;1444](https://github.com/spf13/cobra/issues/1444)
-   All completions now follow the `help` example: short desc are now capitalized and removes extra spacing from long description [#&#8203;1455](https://github.com/spf13/cobra/issues/1455)
-   Typo fixes in bash & zsh completions [#&#8203;1459](https://github.com/spf13/cobra/issues/1459)
-   Fixed mixed tab/spaces indentation in completion scripts. Now just 4 spaces [#&#8203;1473](https://github.com/spf13/cobra/issues/1473)
-   Support for different bash completion options. Bash completions v2 supports descriptions and requires descriptions to be removed for `menu-complete`, `menu-complete-backward` and `insert-completions`. These descriptions are now purposefully removed in support of this model. [#&#8203;1509](https://github.com/spf13/cobra/issues/1509)
-   Fix for invalid shell completions when using `~/.cobra.yaml`. Log message `Using config file: ~/.cobra.yaml` now printed to stderr [#&#8203;1510](https://github.com/spf13/cobra/issues/1510)
-   Removes unnecessary trailing spaces from completion command descriptions [#&#8203;1520](https://github.com/spf13/cobra/issues/1520)
-   Option to hide default `completion` command [#&#8203;1541](https://github.com/spf13/cobra/issues/1541)
-   Remove `__complete` command for programs without subcommands [#&#8203;1563](https://github.com/spf13/cobra/issues/1563)

#### Generator changes ⚙️

Thanks to [@&#8203;spf13](https://github.com/spf13) for providing a number of changes to the Cobra generator tool, streamlining it for new users!

-   The Cobra generator now *won't* automatically include Viper and cleans up a number of unused imports when not using Viper.
-   The Cobra generator's default license is now `none`
-   The Cobra generator now works with Go modules
-   Documentation to reflect these changes

#### New Features ⭐

-   License can be specified by their SPDX identifiers [#&#8203;1159](https://github.com/spf13/cobra/issues/1159)
-   `MatchAll` allows combining several PositionalArgs to work in concert. This now allows for enabling composing `PositionalArgs` [#&#8203;896](https://github.com/spf13/cobra/issues/896)

#### Bug Fixes 🐛

-   Fixed multiple error message from cobra `init` boilerplates [#&#8203;1463](https://github.com/spf13/cobra/issues/1463) [#&#8203;1552](https://github.com/spf13/cobra/issues/1552) [#&#8203;1557](https://github.com/spf13/cobra/issues/1557)

#### Testing 👀

-   Now testing golang 1.16.x and 1.17.x in CI [#&#8203;1425](https://github.com/spf13/cobra/issues/1425)
-   Fix for running diff test to ignore CR for windows [#&#8203;949](https://github.com/spf13/cobra/issues/949)
-   Added helper functions and reduced code reproduction in `args_test` [#&#8203;1426](https://github.com/spf13/cobra/issues/1426)
-   Now using official `golangci-lint` github action [#&#8203;1477](https://github.com/spf13/cobra/issues/1477)

#### Security 🔏

-   Added GitHub dependabot [#&#8203;1427](https://github.com/spf13/cobra/issues/1427)
-   Now using Viper `v1.10.0`
    -   There is a known CVE in an *indirect* dependency from `viper`: [https://github.com/spf13/cobra/issues/1538](https://github.com/spf13/cobra/issues/1538). This will be patched in a future release

#### Documentation 📝

-   Multiple projects added to the `projects_using_cobra.md` file: [#&#8203;1377](https://github.com/spf13/cobra/issues/1377) [#&#8203;1501](https://github.com/spf13/cobra/issues/1501) [#&#8203;1454](https://github.com/spf13/cobra/issues/1454)
-   Removed ToC from main readme file as it is now automagically displayed by GitHub [#&#8203;1429](https://github.com/spf13/cobra/issues/1429)
-   Documentation correct for when the `--author` flag is specified [#&#8203;1009](https://github.com/spf13/cobra/issues/1009)
-   `shell_completions.md` has an easier to use snippet for copying and pasting shell completions [#&#8203;1372](https://github.com/spf13/cobra/issues/1372)

#### Other 💭

-   Bump version of  `cpuguy83/go-md2man` to v2.0.1 [#&#8203;1460](https://github.com/spf13/cobra/issues/1460)
-   Removed `lesser` typo from the GPL-2.0 license [#&#8203;880](https://github.com/spf13/cobra/issues/880)
-   Fixed spelling errors [#&#8203;1514](https://github.com/spf13/cobra/issues/1514)

*Thank you to all our amazing contributors* ⭐🐍🚀

</details>

---

### Configuration

📅 **Schedule**: At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/GoogleCloudPlatform/alloydb-auth-proxy).
ti-chi-bot bot referenced this issue in PingCAP-QE/ee-apps Dec 9, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/spf13/cobra](https://github.com/spf13/cobra) | require |
minor | `v1.1.3` -> `v1.8.0` |

---

### Release Notes

<details>
<summary>spf13/cobra (github.com/spf13/cobra)</summary>

### [`v1.8.0`](https://github.com/spf13/cobra/releases/tag/v1.8.0)

[Compare
Source](https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0)

#### ✨ Features

- Support usage as plugin for tools like kubectl by
[@&#8203;nirs](https://github.com/nirs) in
[https://github.com/spf13/cobra/pull/2018](https://github.com/spf13/cobra/pull/2018)
- this means that programs that utilize a "plugin-like" structure have
much better support and usage (like for completions, command paths,
etc.)
- Move documentation sources to site/content by
[@&#8203;umarcor](https://github.com/umarcor) in
[https://github.com/spf13/cobra/pull/1428](https://github.com/spf13/cobra/pull/1428)
- Add 'one required flag' group by
[@&#8203;marevers](https://github.com/marevers) in
[https://github.com/spf13/cobra/pull/1952](https://github.com/spf13/cobra/pull/1952)
- this includes a new `MarkFlagsOneRequired` API for flags which can be
used to mark a flag group as required and cause command failure if at
least one is not used when invoked.
- Customizable error message prefix by
[@&#8203;5ouma](https://github.com/5ouma) in
[https://github.com/spf13/cobra/pull/2023](https://github.com/spf13/cobra/pull/2023)
- This adds the `SetErrPrefix` and `ErrPrefix` APIs on the `Command`
struct to allow for setting a custom prefix for errors
- feat: add getters for flag completions by
[@&#8203;avirtopeanu-ionos](https://github.com/avirtopeanu-ionos) in
[https://github.com/spf13/cobra/pull/1943](https://github.com/spf13/cobra/pull/1943)
- Feature: allow running persistent run hooks of all parents by
[@&#8203;vkhoroz](https://github.com/vkhoroz) in
[https://github.com/spf13/cobra/pull/2044](https://github.com/spf13/cobra/pull/2044)
- Improve API to get flag completion function by
[@&#8203;marckhouzam](https://github.com/marckhouzam) in
[https://github.com/spf13/cobra/pull/2063](https://github.com/spf13/cobra/pull/2063)

#### 🐛 Bug fixes

- Fix typo in fish completions by
[@&#8203;twpayne](https://github.com/twpayne) in
[https://github.com/spf13/cobra/pull/1945](https://github.com/spf13/cobra/pull/1945)
- Fix grammar: 'allows to' by
[@&#8203;supertassu](https://github.com/supertassu) in
[https://github.com/spf13/cobra/pull/1978](https://github.com/spf13/cobra/pull/1978)
- powershell: escape variable with curly brackets by
[@&#8203;Luap99](https://github.com/Luap99) in
[https://github.com/spf13/cobra/pull/1960](https://github.com/spf13/cobra/pull/1960)
- Don't complete --help flag when flag parsing disabled by
[@&#8203;marckhouzam](https://github.com/marckhouzam) in
[https://github.com/spf13/cobra/pull/2061](https://github.com/spf13/cobra/pull/2061)
- Replace all non-alphanumerics in active help env var program prefix by
[@&#8203;scop](https://github.com/scop) in
[https://github.com/spf13/cobra/pull/1940](https://github.com/spf13/cobra/pull/1940)

#### 🔧 Maintenance

- build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/spf13/cobra/pull/1971](https://github.com/spf13/cobra/pull/1971)
- build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/spf13/cobra/pull/1976](https://github.com/spf13/cobra/pull/1976)
- build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/spf13/cobra/pull/2021](https://github.com/spf13/cobra/pull/2021)
- build(deps): bump actions/setup-go from 3 to 4 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/spf13/cobra/pull/1934](https://github.com/spf13/cobra/pull/1934)
- build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.2 to 2.0.3
by [@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/spf13/cobra/pull/2047](https://github.com/spf13/cobra/pull/2047)
- build(deps): bump actions/checkout from 3 to 4 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/spf13/cobra/pull/2028](https://github.com/spf13/cobra/pull/2028)
- command: temporarily disable G602 due to
[securego/gosec#1005](https://github.com/securego/gosec/issues/1005)
by [@&#8203;umarcor](https://github.com/umarcor) in
[https://github.com/spf13/cobra/pull/2022](https://github.com/spf13/cobra/pull/2022)

#### 🧪 Testing & CI/CD

- test: make fish_completions_test more robust by
[@&#8203;branchvincent](https://github.com/branchvincent) in
[https://github.com/spf13/cobra/pull/1980](https://github.com/spf13/cobra/pull/1980)
- golangci: enable 'unused' and disable deprecated replaced by it by
[@&#8203;umarcor](https://github.com/umarcor) in
[https://github.com/spf13/cobra/pull/1983](https://github.com/spf13/cobra/pull/1983)
- cleanup: minor corrections to unit tests by
[@&#8203;JunNishimura](https://github.com/JunNishimura) in
[https://github.com/spf13/cobra/pull/2003](https://github.com/spf13/cobra/pull/2003)
- ci: test golang 1.21 by
[@&#8203;nunoadrego](https://github.com/nunoadrego) in
[https://github.com/spf13/cobra/pull/2024](https://github.com/spf13/cobra/pull/2024)
- Fix linter errors by
[@&#8203;marckhouzam](https://github.com/marckhouzam) in
[https://github.com/spf13/cobra/pull/2052](https://github.com/spf13/cobra/pull/2052)
- Add tests for flag completion registration by
[@&#8203;marckhouzam](https://github.com/marckhouzam) in
[https://github.com/spf13/cobra/pull/2053](https://github.com/spf13/cobra/pull/2053)

#### ✏️ Documentation

- doc: fix typo, Deperecated -> Deprecated by
[@&#8203;callthingsoff](https://github.com/callthingsoff) in
[https://github.com/spf13/cobra/pull/2000](https://github.com/spf13/cobra/pull/2000)
- Add notes to doc about the execution condition of \*PreRun and
\*PostRun functions by
[@&#8203;haoming29](https://github.com/haoming29) in
[https://github.com/spf13/cobra/pull/2041](https://github.com/spf13/cobra/pull/2041)

***

Thank you everyone who contributed to this release and all your hard
work! Cobra and this community would never be possible without all of
you!!!! 🐍

**Full Changelog**:
spf13/cobra@v1.7.0...v1.8.0

### [`v1.7.0`](https://github.com/spf13/cobra/releases/tag/v1.7.0)

[Compare
Source](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0)

##### ✨ Features

- Allow to preserve ordering of completions in `bash`, `zsh`, `pwsh`, &
`fish`: [@&#8203;h4ck3rk3y](https://github.com/h4ck3rk3y)
[#&#8203;1903](https://github.com/spf13/cobra/issues/1903)
- Add support for PowerShell 7.2+ in completions:
[@&#8203;oldium](https://github.com/oldium)
[#&#8203;1916](https://github.com/spf13/cobra/issues/1916)
- Allow sourcing zsh completion script:
[@&#8203;marckhouzam](https://github.com/marckhouzam)
[#&#8203;1917](https://github.com/spf13/cobra/issues/1917)

##### 🐛 Bug fixes

- Don't remove flag values that match sub-command name:
[@&#8203;brianpursley](https://github.com/brianpursley)
[#&#8203;1781](https://github.com/spf13/cobra/issues/1781)
- Fix powershell completions not returning single word:
[@&#8203;totkeks](https://github.com/totkeks)
[#&#8203;1850](https://github.com/spf13/cobra/issues/1850)
- Remove masked `template` import variable name:
[@&#8203;yashLadha](https://github.com/yashLadha)
[#&#8203;1879](https://github.com/spf13/cobra/issues/1879)
- Correctly detect completions with dash in argument:
[@&#8203;oncilla](https://github.com/oncilla)
[#&#8203;1817](https://github.com/spf13/cobra/issues/1817)

##### 🧪 Testing & CI/CD

- Deprecate Go 1.15 in CI:
[@&#8203;umarcor](https://github.com/umarcor)
[#&#8203;1866](https://github.com/spf13/cobra/issues/1866)
- Deprecate Go 1.16 in CI:
[@&#8203;umarcor](https://github.com/umarcor)
[#&#8203;1926](https://github.com/spf13/cobra/issues/1926)
- Add testing for Go 1.20 in CI:
[@&#8203;umarcor](https://github.com/umarcor)
[#&#8203;1925](https://github.com/spf13/cobra/issues/1925)
- Add tests to illustrate unknown flag bug:
[@&#8203;brianpursley](https://github.com/brianpursley)
[#&#8203;1854](https://github.com/spf13/cobra/issues/1854)

##### 🔧 Maintenance

- Update main image to better handle dark backgrounds:
[@&#8203;Deleplace](https://github.com/Deleplace) and
[@&#8203;marckhouzam](https://github.com/marckhouzam)
[#&#8203;1883](https://github.com/spf13/cobra/issues/1883)
- Fix `stale.yaml` mispellings:
[@&#8203;enrichman](https://github.com/enrichman)
[#&#8203;1863](https://github.com/spf13/cobra/issues/1863)
- Remove stale bot from GitHub actions:
[@&#8203;jpmcb](https://github.com/jpmcb)
[#&#8203;1908](https://github.com/spf13/cobra/issues/1908)
- Add makefile target for installing dependencies:
[@&#8203;umarcor](https://github.com/umarcor)
[#&#8203;1865](https://github.com/spf13/cobra/issues/1865)
- Add Sia to projects using Cobra:
[@&#8203;mike76-dev](https://github.com/mike76-dev)
[#&#8203;1844](https://github.com/spf13/cobra/issues/1844)
- Add `Vitess` and `Arewefastyet` to projects using cobra:
[@&#8203;frouioui](https://github.com/frouioui)
[#&#8203;1932](https://github.com/spf13/cobra/issues/1932)
- Fixup for Kubescape github org:
[@&#8203;dwertent](https://github.com/dwertent)
[#&#8203;1874](https://github.com/spf13/cobra/issues/1874)
- Fix route for GitHub workflows badge:
[@&#8203;sh-cho](https://github.com/sh-cho)
[#&#8203;1884](https://github.com/spf13/cobra/issues/1884)
- Fixup for GoDoc style documentation:
[@&#8203;yashLadha](https://github.com/yashLadha)
[#&#8203;1885](https://github.com/spf13/cobra/issues/1885)
- Various bash scripting improvements for completion:
[@&#8203;scop](https://github.com/scop)
[#&#8203;1702](https://github.com/spf13/cobra/issues/1702)
- Add Constellation to projects using Cobra:
[@&#8203;datosh](https://github.com/datosh)
[#&#8203;1829](https://github.com/spf13/cobra/issues/1829)

##### ✏️ Documentation

- Add documentation about disabling completion descriptions:
[@&#8203;Shihta](https://github.com/Shihta)
[#&#8203;1901](https://github.com/spf13/cobra/issues/1901)
- Improve `MarkFlagsMutuallyExclusive` example in user guide:
[@&#8203;janhn](https://github.com/janhn)
[#&#8203;1904](https://github.com/spf13/cobra/issues/1904)
- Update `shell_completions.md`:
[@&#8203;gusega](https://github.com/gusega)
[#&#8203;1907](https://github.com/spf13/cobra/issues/1907)
- Update copywrite year: [@&#8203;umarcor](https://github.com/umarcor)
[#&#8203;1927](https://github.com/spf13/cobra/issues/1927)
- Document suggested layout of subcommands:
[@&#8203;lcarva](https://github.com/lcarva)
[#&#8203;1930](https://github.com/spf13/cobra/issues/1930)
- Replace deprecated ExactValidArgs with MatchAll in doc:
[@&#8203;doniacld](https://github.com/doniacld)
[#&#8203;1836](https://github.com/spf13/cobra/issues/1836)

***

This release contains several long running fixes, improvements to
powershell completions, and further optimizations for completions.

Thank you everyone who contributed to this release and all your hard
work! Cobra and this community would never be possible without all of
you! 🐍

Full changelog:  spf13/cobra@v1.6.1...v1.7.0

### [`v1.6.1`](https://github.com/spf13/cobra/releases/tag/v1.6.1)

[Compare
Source](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1)

##### Bug fixes 🐛

- Fixes a panic when `AddGroup` isn't called before
`AddCommand(my-sub-command)` is executed. This can happen within more
complex cobra file structures that have many different `init`s to be
executed. Now, the check for groups has been moved to `ExecuteC` and
provides more flexibility when working with grouped commands -
[@&#8203;marckhouzam](https://github.com/marckhouzam) (and shout out
to [@&#8203;aawsome](https://github.com/aawsome),
[@&#8203;andig](https://github.com/andig) and
[@&#8203;KINGSABRI](https://github.com/KINGSABRI) for a deep
investigation into this! 👏🏼)

### [`v1.6.0`](https://github.com/spf13/cobra/releases/tag/v1.6.0)

[Compare
Source](https://github.com/spf13/cobra/compare/v1.5.0...v1.6.0)

##### Summer 2022 Release

Some exciting changes make their way to Cobra! Command completions
continue to get better and better (including adding `--help` and
`--version` automatic flags to the completions list). Grouping is now
possible in your help output as well! And you can now use the
`OnFinalize` method to cleanup things when all "work" is done. Checkout
the full changelog below:

***

##### Features 🌠

- Add groups for commands in help:
[@&#8203;aawsome](https://github.com/aawsome)
[@&#8203;marckhouzam](https://github.com/marckhouzam)
[#&#8203;1003](https://github.com/spf13/cobra/issues/1003)
- Support for case-insensitive command names:
[@&#8203;YuviGold](https://github.com/YuviGold)
[#&#8203;1802](https://github.com/spf13/cobra/issues/1802)
- Expose `ValidateRequiredFlags` and `ValidateFlagGroups`:
[@&#8203;skeetwu](https://github.com/skeetwu)
[#&#8203;1760](https://github.com/spf13/cobra/issues/1760)
- Add `--version` flag to help output:
[@&#8203;fnickels](https://github.com/fnickels)
[#&#8203;1707](https://github.com/spf13/cobra/issues/1707)
- Add `--help` and `--version` flag in completions:
[@&#8203;marckhouzam](https://github.com/marckhouzam)
[#&#8203;1813](https://github.com/spf13/cobra/issues/1813)
- Add `OnFinalize` method:
[@&#8203;yann-soubeyrand](https://github.com/yann-soubeyrand)
[#&#8203;1788](https://github.com/spf13/cobra/issues/1788)
- Allow user to add completion for powershell alias:
[@&#8203;marckhouzam](https://github.com/marckhouzam)
[#&#8203;1621](https://github.com/spf13/cobra/issues/1621)
- Make `InitDefaultcompletionCmd` public:
[@&#8203;gssbzn](https://github.com/gssbzn)
[#&#8203;1467](https://github.com/spf13/cobra/issues/1467)

##### Deprecation 👎🏼

- `ExactValidArgs` is deprecated (but not being removed entirely). This
is abit nuanced, so checkout
[#&#8203;1643](https://github.com/spf13/cobra/issues/1643) for further
information and the [updated
`user_guide.md`](https://github.com/spf13/cobra/blob/main/user_guide.md)
on how this may affect you (and how you can take advantage of the
*correct* behavior in the validators):
[@&#8203;umarcor](https://github.com/umarcor)
[#&#8203;1643](https://github.com/spf13/cobra/issues/1643)

##### Bug fixes 🐛

- Fix (bash-v2) `activeHelp` length check syntax:
[@&#8203;scop](https://github.com/scop)
[#&#8203;1762](https://github.com/spf13/cobra/issues/1762)
- Fix correct command path in `see_also` for yaml documentation:
[@&#8203;zregvart](https://github.com/zregvart)
[#&#8203;1771](https://github.com/spf13/cobra/issues/1771)
- Fix showing flags that shadow parent persistent flag in child help
messaging: [@&#8203;brianpursley](https://github.com/brianpursley)
[#&#8203;1776](https://github.com/spf13/cobra/issues/1776)

##### Dependencies 🗳️

- Upgrade to use `gopkg.in/yaml.v3`:
[@&#8203;tklauser](https://github.com/tklauser)
[#&#8203;1766](https://github.com/spf13/cobra/issues/1766)

##### Testing 🤔

- Test on Golang 1.19: [@&#8203;umarcor](https://github.com/umarcor) &
[@&#8203;jpmcb](https://github.com/jpmcb)
[#&#8203;1782](https://github.com/spf13/cobra/issues/1782)
- Renamed powershell completion tests:
[@&#8203;marckhouzam](https://github.com/marckhouzam)
[#&#8203;1803](https://github.com/spf13/cobra/issues/1803)
- Use `action/setup-go` cache:
[@&#8203;umarcor](https://github.com/umarcor)
[#&#8203;1783](https://github.com/spf13/cobra/issues/1783)
- Add `workflow_dispatch` to CI actions:
[@&#8203;umarcor](https://github.com/umarcor)
[#&#8203;1387](https://github.com/spf13/cobra/issues/1387)
- Add minimum GitHub token permissions for workflows:
[@&#8203;varunsh-coder](https://github.com/varunsh-coder)
[#&#8203;1792](https://github.com/spf13/cobra/issues/1792)

##### Docs ✏️

- Fixup spelling for GitHub CLI:
[@&#8203;eltociear](https://github.com/eltociear)
[#&#8203;1744](https://github.com/spf13/cobra/issues/1744)
- Clarify `SetContext` documentation:
[@&#8203;katexochen](https://github.com/katexochen)
[#&#8203;1748](https://github.com/spf13/cobra/issues/1748)
- Instruct user to `go install` for binary:
[@&#8203;marckhouzam](https://github.com/marckhouzam)
[#&#8203;1726](https://github.com/spf13/cobra/issues/1726)
- User guide cleanup:
[@&#8203;marckhouzam](https://github.com/marckhouzam)
[#&#8203;1656](https://github.com/spf13/cobra/issues/1656)
- Document option to hide the default completion command:
[@&#8203;marckhouzam](https://github.com/marckhouzam)
[#&#8203;1779](https://github.com/spf13/cobra/issues/1779)

##### Misc 💭

- Add KubeVirt, CloudQuery, Cilium, Okteto, Zitadel, Allero to projects
using cobra: [@&#8203;maiqueb](https://github.com/maiqueb)
[#&#8203;1741](https://github.com/spf13/cobra/issues/1741),
[@&#8203;yevgenypats](https://github.com/yevgenypats)
[#&#8203;1742](https://github.com/spf13/cobra/issues/1742),
[@&#8203;tklauser](https://github.com/tklauser)
[#&#8203;1745](https://github.com/spf13/cobra/issues/1745),
[@&#8203;jLopezbarb](https://github.com/jLopezbarb)
[#&#8203;1759](https://github.com/spf13/cobra/issues/1759),
[@&#8203;fforootd](https://github.com/fforootd)
[#&#8203;1772](https://github.com/spf13/cobra/issues/1772),
[@&#8203;dimabru](https://github.com/dimabru)
[#&#8203;1819](https://github.com/spf13/cobra/issues/1819)
- Use correct stale action `exempt` yaml keys:
[@&#8203;jpmcb](https://github.com/jpmcb)
[#&#8203;1800](https://github.com/spf13/cobra/issues/1800)
- Add missing license headers:
[@&#8203;umarcor](https://github.com/umarcor)
[#&#8203;1809](https://github.com/spf13/cobra/issues/1809)

*Note:* Per
[#&#8203;1804](https://github.com/spf13/cobra/issues/1804), we will be
moving away from "seasonal" releases and doing more generic point
release targets. Continue to track the milestones and issues in the
`spf13/cobra` GitHub repository for more information!

Great work everyone! Cobra would never be possible without your
contributions! 🐍

**Full Changelog**:
spf13/cobra@v1.5.0...v1.6.0

### [`v1.5.0`](https://github.com/spf13/cobra/releases/tag/v1.5.0)

[Compare
Source](https://github.com/spf13/cobra/compare/v1.4.0...v1.5.0)

#### Spring 2022 Release 🌥️

Hello everyone! Welcome to another release of cobra. Completions
continue to get better and better. This release adds a few really cool
new features. We also continue to patch versions of our dependencies as
they become available via dependabot. Happy coding!

#### Active help 👐🏼

Shout out to [@&#8203;marckhouzam](https://github.com/marckhouzam) for
a big value add: Active Help
[https://github.com/spf13/cobra/pull/1482](https://github.com/spf13/cobra/pull/1482).
With active help, a program can provide some inline warnings or hints
for users as they hit tab. Now, your CLIs can be even more intuitive to
use!

Currently active help is only supported for bash V2 and zsh. Marc wrote
a whole guide on how to do this, so make sure to give it a good read to
learn how you can add this to your cobra code!
https://github.com/spf13/cobra/blob/master/active_help.md

#### Group flags 🧑🏼‍🤝‍🧑🏼

Cobra now has the ability to mark flags as required or exclusive as a
***group***. Shout out to our newest maintainer
[@&#8203;johnSchnake](https://github.com/johnSchnake) for this!
[https://github.com/spf13/cobra/pull/1654](https://github.com/spf13/cobra/pull/1654)
Let's say you have a `username` flag that ***MUST*** be partnered with a
`password` flag. Well, now, you can enforce those as being required
together:

```go
rootCmd.Flags().StringVarP(&u, "username", "u", "", "Username (required if password is set)")
rootCmd.Flags().StringVarP(&pw, "password", "p", "", "Password (required if username is set)")
rootCmd.MarkFlagsRequiredTogether("username", "password")
```

Flags may also be marked as "mutally exclusive" with the
`MarkFlagsMutuallyExclusive(string, string ... )` command API. Refer to
our [user guide
documentation](https://github.com/spf13/cobra/blob/master/user_guide.md)
for further info!

#### Completions 👀

- Add backwards-compatibility tests for legacyArgs() by
[@&#8203;marckhouzam](https://github.com/marckhouzam) in
[https://github.com/spf13/cobra/pull/1547](https://github.com/spf13/cobra/pull/1547)
- feat: Add how to load completions in your current zsh session by
[@&#8203;ondrejsika](https://github.com/ondrejsika) in
[https://github.com/spf13/cobra/pull/1608](https://github.com/spf13/cobra/pull/1608)
- Introduce FixedCompletions by
[@&#8203;emersion](https://github.com/emersion) in
[https://github.com/spf13/cobra/pull/1574](https://github.com/spf13/cobra/pull/1574)
- Add shell completion to flag groups by
[@&#8203;marckhouzam](https://github.com/marckhouzam) in
[https://github.com/spf13/cobra/pull/1659](https://github.com/spf13/cobra/pull/1659)
- Modify brew prefix path in macOS system by
[@&#8203;imxw](https://github.com/imxw) in
[https://github.com/spf13/cobra/pull/1719](https://github.com/spf13/cobra/pull/1719)
- perf(bash-v2): use backslash escape string expansion for tab by
[@&#8203;scop](https://github.com/scop) in
[https://github.com/spf13/cobra/pull/1682](https://github.com/spf13/cobra/pull/1682)
- style(bash-v2): out is not an array variable, do not refer to it as
such by [@&#8203;scop](https://github.com/scop) in
[https://github.com/spf13/cobra/pull/1681](https://github.com/spf13/cobra/pull/1681)
- perf(bash-v2): standard completion optimizations by
[@&#8203;scop](https://github.com/scop) in
[https://github.com/spf13/cobra/pull/1683](https://github.com/spf13/cobra/pull/1683)
- style(bash): out is not an array variable, do not refer to it as such
by [@&#8203;scop](https://github.com/scop) in
[https://github.com/spf13/cobra/pull/1684](https://github.com/spf13/cobra/pull/1684)
- perf(bash-v2): short-circuit descriptionless candidate lists by
[@&#8203;scop](https://github.com/scop) in
[https://github.com/spf13/cobra/pull/1686](https://github.com/spf13/cobra/pull/1686)
- perf(bash-v2): speed up filtering entries with descriptions by
[@&#8203;scop](https://github.com/scop) in
[https://github.com/spf13/cobra/pull/1689](https://github.com/spf13/cobra/pull/1689)
- perf(bash-v2): speed up filtering menu-complete descriptions by
[@&#8203;scop](https://github.com/scop) in
[https://github.com/spf13/cobra/pull/1692](https://github.com/spf13/cobra/pull/1692)
- fix(bash-v2): skip empty completions when filtering descriptions by
[@&#8203;scop](https://github.com/scop) in
[https://github.com/spf13/cobra/pull/1691](https://github.com/spf13/cobra/pull/1691)
- perf(bash-v2): read directly to COMPREPLY on descriptionless short
circuit by [@&#8203;scop](https://github.com/scop) in
[https://github.com/spf13/cobra/pull/1700](https://github.com/spf13/cobra/pull/1700)
- fix: Don't complete \_command on zsh by
[@&#8203;twpayne](https://github.com/twpayne) in
[https://github.com/spf13/cobra/pull/1690](https://github.com/spf13/cobra/pull/1690)
- Improve fish_completions code quality by
[@&#8203;t29kida](https://github.com/t29kida) in
[https://github.com/spf13/cobra/pull/1515](https://github.com/spf13/cobra/pull/1515)
- Fix handling of descriptions for bash v3 by
[@&#8203;marckhouzam](https://github.com/marckhouzam) in
[https://github.com/spf13/cobra/pull/1735](https://github.com/spf13/cobra/pull/1735)
- undefined or nil Args default to ArbitraryArgs by
[@&#8203;umarcor](https://github.com/umarcor) in
[https://github.com/spf13/cobra/pull/1612](https://github.com/spf13/cobra/pull/1612)
- Add Command.SetContext by
[@&#8203;joshcarp](https://github.com/joshcarp) in
[https://github.com/spf13/cobra/pull/1551](https://github.com/spf13/cobra/pull/1551)
- Wrap printf tab with quotes by
[@&#8203;PapaCharlie](https://github.com/PapaCharlie) in
[https://github.com/spf13/cobra/pull/1665](https://github.com/spf13/cobra/pull/1665)

#### Documentation 📝

- Fixed typos in completions docs -
[@&#8203;cuishuang](https://github.com/cuishuang)
[https://github.com/spf13/cobra/pull/1625](https://github.com/spf13/cobra/pull/1625)
- Removed `CHANGELOG.md` as it isn't updated -
[@&#8203;johnSchnake](https://github.com/johnSchnake)
[https://github.com/spf13/cobra/pull/1634](https://github.com/spf13/cobra/pull/1634)
- Minor typo fix in `shell_completion.md` -
[@&#8203;danieldn](https://github.com/danieldn)
[https://github.com/spf13/cobra/pull/1678](https://github.com/spf13/cobra/pull/1678)
- Changed branch name in the cobra generator link to 'main' -
[@&#8203;skywalker2909](https://github.com/skywalker2909)
[https://github.com/spf13/cobra/pull/1645](https://github.com/spf13/cobra/pull/1645)
- Fix Command.Context comment by
[@&#8203;katexochen](https://github.com/katexochen) in
[https://github.com/spf13/cobra/pull/1639](https://github.com/spf13/cobra/pull/1639)
- Change appropriate links from http:// to https:// where applicable -
[@&#8203;deining](https://github.com/deining)
[https://github.com/spf13/cobra/pull/1695](https://github.com/spf13/cobra/pull/1695)

#### Testing & CI ⚙️

- Test on Golang 1.18 - [@&#8203;umarcor](https://github.com/umarcor)
[https://github.com/spf13/cobra/pull/1635](https://github.com/spf13/cobra/pull/1635)
- Use `RICHGO_FORCE_COLOR` -
[@&#8203;umarcor](https://github.com/umarcor)
[https://github.com/spf13/cobra/pull/1647](https://github.com/spf13/cobra/pull/1647)
- Adds size labeler GitHub action by
[@&#8203;jpmcb](https://github.com/jpmcb) in
[https://github.com/spf13/cobra/pull/1610](https://github.com/spf13/cobra/pull/1610)
- Update `stale-bot` settings -
[@&#8203;jpmcb](https://github.com/jpmcb)
[https://github.com/spf13/cobra/pull/1609](https://github.com/spf13/cobra/pull/1609)

#### Beep boop, bot commits 🤖

- Bumped golangci/golangci-lint-action from 3.1.0 to 3.2.0 -
[@&#8203;dependabot](https://github.com/dependabot)
[https://github.com/spf13/cobra/pull/1697](https://github.com/spf13/cobra/pull/1697)
- Bump codelytv/pr-size-labeler from 1.8.0 to 1.8.1 -
[@&#8203;dependabot](https://github.com/dependabot)
[https://github.com/spf13/cobra/pull/1661](https://github.com/spf13/cobra/pull/1661)
- Bump actions/stale from 1 to 5 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/spf13/cobra/pull/1618](https://github.com/spf13/cobra/pull/1618)
- Bump actions/cache from 2 to 3 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/spf13/cobra/pull/1640](https://github.com/spf13/cobra/pull/1640)
- Bump actions/labeler from 3 to 4 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/spf13/cobra/pull/1620](https://github.com/spf13/cobra/pull/1620)
- Bump golangci/golangci-lint-action from 2 to 3.1.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/spf13/cobra/pull/1615](https://github.com/spf13/cobra/pull/1615)
- Bump actions/checkout from 2 to 3 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/spf13/cobra/pull/1619](https://github.com/spf13/cobra/pull/1619)
- Bump github.com/cpuguy83/go-md2man/v2 from 2.0.1 to 2.0.2 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/spf13/cobra/pull/1688](https://github.com/spf13/cobra/pull/1688)
- Bump actions/setup-go from 2 to 3 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/spf13/cobra/pull/1660](https://github.com/spf13/cobra/pull/1660)

#### Misc 💭

- Use `errors.Is()` to check for errors -
[@&#8203;Luap99](https://github.com/Luap99)
[https://github.com/spf13/cobra/pull/1730](https://github.com/spf13/cobra/pull/1730)
- Prefer ReplaceAll instead of Replace(..., -1) by
[@&#8203;WhyNotHugo](https://github.com/WhyNotHugo) in
[https://github.com/spf13/cobra/pull/1530](https://github.com/spf13/cobra/pull/1530)
- Add Kubescape to projects -
[@&#8203;avinashupadhya99](https://github.com/avinashupadhya99)
[https://github.com/spf13/cobra/pull/1642](https://github.com/spf13/cobra/pull/1642)
- Add Pulumi as a project using cobra by
[@&#8203;iwahbe](https://github.com/iwahbe) in
[https://github.com/spf13/cobra/pull/1720](https://github.com/spf13/cobra/pull/1720)
- Add Polygon Edge as a project using Cobra by
[@&#8203;zivkovicmilos](https://github.com/zivkovicmilos) in
[https://github.com/spf13/cobra/pull/1672](https://github.com/spf13/cobra/pull/1672)

Shoutout to *ALL* our contributors (and all the new first time
contributors!!) - great work everyone!! Cobra and it's huge impact
wouldn't be possible without you 👏🏼 🚀 🐍

**Full Changelog**:
spf13/cobra@v1.4.0...v1.5.0

### [`v1.4.0`](https://github.com/spf13/cobra/releases/tag/v1.4.0)

[Compare
Source](https://github.com/spf13/cobra/compare/v1.3.0...v1.4.0)

### Winter 2022 Release ❄️

Another season, another release!

#### Goodbye viper! 🐍 🚀

The core Cobra library no longer requires Viper and all of its indirect
dependencies. This means that Cobra's dependency tree has been
drastically thinned! The Viper dependency was included because of the
`cobra` CLI generation tool. [This tool has migrated to
`spf13/cobra-cli`](https://github.com/spf13/cobra-cli/releases/tag/v1.3.0).

It's *pretty unlikely* you were importing and using **the bootstrapping
CLI tool** as part of your application (after all, it's just a tool to
get going with core `cobra`).

But if you were, replace occurrences of

    "github.com/spf13/cobra/cobra"

with

    "github.com/spf13/cobra-cli"

And in your `go.mod`, you'll want to also include this dependency:

    github.com/spf13/cobra-cli v1.3.0

Again, the maintainers *do not anticipate* this being a breaking change
to users of the core `cobra` library, so minimal work should be required
for users to integrate with this new release. Moreover, this means the
dependency tree for your application using Cobra should no longer
require dependencies that were inherited from Viper. Huzzah! 🥳

If you'd like to read more

- issue:
[https://github.com/spf13/cobra/issues/1597](https://github.com/spf13/cobra/issues/1597)
- PR:
[https://github.com/spf13/cobra/pull/1604](https://github.com/spf13/cobra/pull/1604)

#### Documentation 📝

- Update Go Doc link and badge in README:
[https://github.com/spf13/cobra/pull/1593](https://github.com/spf13/cobra/pull/1593)
- Fix to install command, now targets `@latest`:
[https://github.com/spf13/cobra/pull/1576](https://github.com/spf13/cobra/pull/1576)
- Added MAINTAINERS file:
[https://github.com/spf13/cobra/pull/1545](https://github.com/spf13/cobra/pull/1545)

#### Other 💭

- Bumped license year to 2022 in golden files:
[https://github.com/spf13/cobra/pull/1575](https://github.com/spf13/cobra/pull/1575)
- Added Pixie to projects:
[https://github.com/spf13/cobra/pull/1581](https://github.com/spf13/cobra/pull/1581)
- Updated labeler for new labeling scheme:
[https://github.com/spf13/cobra/pull/1613](https://github.com/spf13/cobra/pull/1613)
& syntax fix:
[https://github.com/spf13/cobra/pull/1624](https://github.com/spf13/cobra/pull/1624)

Shoutout to our awesome contributors helping to make this cobra release
possible!!
[@&#8203;spf13](https://github.com/spf13)
[@&#8203;marckhouzam](https://github.com/marckhouzam)
[@&#8203;johnSchnake](https://github.com/johnSchnake)
[@&#8203;jpmcb](https://github.com/jpmcb)
[@&#8203;liggitt](https://github.com/liggitt)
[@&#8203;umarcor](https://github.com/umarcor)
[@&#8203;hiljusti](https://github.com/hiljusti)
[@&#8203;marians](https://github.com/marians)
[@&#8203;shyim](https://github.com/shyim)
[@&#8203;htroisi](https://github.com/htroisi)

### [`v1.3.0`](https://github.com/spf13/cobra/releases/tag/v1.3.0)

[Compare
Source](https://github.com/spf13/cobra/compare/v1.2.1...v1.3.0)

### v1.3.0 - The Fall 2021 release 🍁

#### Completion fixes & enhancements 💇🏼

In `v1.2.0`, we introduced a new model for completions. Thanks to
everyone for trying it, giving feedback, and providing numerous fixes!
Continue to work with the new model as the old one (as noted in code
comments) will be deprecated in a coming release.

- `DisableFlagParsing` now triggers custom completions for flag names
[#&#8203;1161](https://github.com/spf13/cobra/issues/1161)
- Fixed unbound variables in bash completions causing edge case errors
[#&#8203;1321](https://github.com/spf13/cobra/issues/1321)
- `help` completion formatting improvements & fixes
[#&#8203;1444](https://github.com/spf13/cobra/issues/1444)
- All completions now follow the `help` example: short desc are now
capitalized and removes extra spacing from long description
[#&#8203;1455](https://github.com/spf13/cobra/issues/1455)
- Typo fixes in bash & zsh completions
[#&#8203;1459](https://github.com/spf13/cobra/issues/1459)
- Fixed mixed tab/spaces indentation in completion scripts. Now just 4
spaces [#&#8203;1473](https://github.com/spf13/cobra/issues/1473)
- Support for different bash completion options. Bash completions v2
supports descriptions and requires descriptions to be removed for
`menu-complete`, `menu-complete-backward` and `insert-completions`.
These descriptions are now purposefully removed in support of this
model. [#&#8203;1509](https://github.com/spf13/cobra/issues/1509)
- Fix for invalid shell completions when using `~/.cobra.yaml`. Log
message `Using config file: ~/.cobra.yaml` now printed to stderr
[#&#8203;1510](https://github.com/spf13/cobra/issues/1510)
- Removes unnecessary trailing spaces from completion command
descriptions
[#&#8203;1520](https://github.com/spf13/cobra/issues/1520)
- Option to hide default `completion` command
[#&#8203;1541](https://github.com/spf13/cobra/issues/1541)
- Remove `__complete` command for programs without subcommands
[#&#8203;1563](https://github.com/spf13/cobra/issues/1563)

#### Generator changes ⚙️

Thanks to [@&#8203;spf13](https://github.com/spf13) for providing a
number of changes to the Cobra generator tool, streamlining it for new
users!

- The Cobra generator now *won't* automatically include Viper and cleans
up a number of unused imports when not using Viper.
-   The Cobra generator's default license is now `none`
-   The Cobra generator now works with Go modules
-   Documentation to reflect these changes

#### New Features ⭐

- License can be specified by their SPDX identifiers
[#&#8203;1159](https://github.com/spf13/cobra/issues/1159)
- `MatchAll` allows combining several PositionalArgs to work in concert.
This now allows for enabling composing `PositionalArgs`
[#&#8203;896](https://github.com/spf13/cobra/issues/896)

#### Bug Fixes 🐛

- Fixed multiple error message from cobra `init` boilerplates
[#&#8203;1463](https://github.com/spf13/cobra/issues/1463)
[#&#8203;1552](https://github.com/spf13/cobra/issues/1552)
[#&#8203;1557](https://github.com/spf13/cobra/issues/1557)

#### Testing 👀

- Now testing golang 1.16.x and 1.17.x in CI
[#&#8203;1425](https://github.com/spf13/cobra/issues/1425)
- Fix for running diff test to ignore CR for windows
[#&#8203;949](https://github.com/spf13/cobra/issues/949)
- Added helper functions and reduced code reproduction in `args_test`
[#&#8203;1426](https://github.com/spf13/cobra/issues/1426)
- Now using official `golangci-lint` github action
[#&#8203;1477](https://github.com/spf13/cobra/issues/1477)

#### Security 🔏

- Added GitHub dependabot
[#&#8203;1427](https://github.com/spf13/cobra/issues/1427)
-   Now using Viper `v1.10.0`
- There is a known CVE in an *indirect* dependency from `viper`:
[https://github.com/spf13/cobra/issues/1538](https://github.com/spf13/cobra/issues/1538).
This will be patched in a future release

#### Documentation 📝

- Multiple projects added to the `projects_using_cobra.md` file:
[#&#8203;1377](https://github.com/spf13/cobra/issues/1377)
[#&#8203;1501](https://github.com/spf13/cobra/issues/1501)
[#&#8203;1454](https://github.com/spf13/cobra/issues/1454)
- Removed ToC from main readme file as it is now automagically displayed
by GitHub [#&#8203;1429](https://github.com/spf13/cobra/issues/1429)
- Documentation correct for when the `--author` flag is specified
[#&#8203;1009](https://github.com/spf13/cobra/issues/1009)
- `shell_completions.md` has an easier to use snippet for copying and
pasting shell completions
[#&#8203;1372](https://github.com/spf13/cobra/issues/1372)

#### Other 💭

- Bump version of `cpuguy83/go-md2man` to v2.0.1
[#&#8203;1460](https://github.com/spf13/cobra/issues/1460)
- Removed `lesser` typo from the GPL-2.0 license
[#&#8203;880](https://github.com/spf13/cobra/issues/880)
- Fixed spelling errors
[#&#8203;1514](https://github.com/spf13/cobra/issues/1514)

*Thank you to all our amazing contributors* ⭐🐍🚀

### [`v1.2.1`](https://github.com/spf13/cobra/releases/tag/v1.2.1)

[Compare
Source](https://github.com/spf13/cobra/compare/v1.2.0...v1.2.1)

##### Bug fixes

- Quickfix for
[https://github.com/spf13/cobra/issues/1437](https://github.com/spf13/cobra/issues/1437)
after v1.2.0 where parallel use of the
`cmd.RegisterFlagCompletionFunc()` (and subsequent map) now works
correctly and flag completions now work again

### [`v1.2.0`](https://github.com/spf13/cobra/releases/tag/v1.2.0): -
The completions release

[Compare
Source](https://github.com/spf13/cobra/compare/v1.1.3...v1.2.0)

### 🌠 v1.2.0 - The completions release

Welcome to v1.2.0 of Cobra! This release focuses on code completions,
several critical bug fixes, some documentation updates, and security
bumps. Upgrading should be simple but please take note of the
introduction of bash completions V2 and their default use. The v1
completions library is still available, but will be *deprecated* in the
future. Please open an issue with any problems!

***

#### New Features

- Automatically adds a `completion` command for shell completions. If a
`completion` command is already provided, uses that instead. This will
*automatically* provide shell completions for bash, zsh, fish, and
PowerShell
[https://github.com/spf13/cobra/pull/1192](https://github.com/spf13/cobra/pull/1192)
    -   Users can configure the command auto creation:
        -   disable the creation of the completion command
        -   disable completion descriptions
- disable the `--no-descriptions` flag for "always on" completion
descriptions
- Introduction of bash completions V2, a uniform completion approach
which include completion descriptions. The V1 bash completions are still
available *but will be deprecated* in a later release -
[https://github.com/spf13/cobra/pull/1146](https://github.com/spf13/cobra/pull/1146)
- Note that projects providing completion through a different command
name (say a command named "complete") will continue to use v1 for their
own command but will also provide cobra's implicit "completion" command
which will use v2, unless of course, these projects take the time to
disable the default "completion" command as noted above.
- Commands now support context being passed to completions -
[https://github.com/spf13/cobra/pull/1265](https://github.com/spf13/cobra/pull/1265)
- An example can be found here:
[https://github.com/spf13/cobra/pull/1265#issuecomment-734551031](https://github.com/spf13/cobra/pull/1265#issuecomment-734551031)
- Removed dependency on`mitchellh/go-homedir` in favor of core Go
`os.UserHomeDir()` -
spf13/cobra@8eaca5f

#### Bug Fixes

- Fix trailing whitespace not being handled in powershell completion
scripts
[https://github.com/spf13/cobra/pull/1342](https://github.com/spf13/cobra/pull/1342)
- Bash completion variable leak fix
[https://github.com/spf13/cobra/pull/1352](https://github.com/spf13/cobra/pull/1352)
- Fish shell completions correctly ignore trailing empty lines
[https://github.com/spf13/cobra/pull/1284](https://github.com/spf13/cobra/pull/1284)
- PowerShell completions fix for "no file comp directive" -
[https://github.com/spf13/cobra/pull/1363](https://github.com/spf13/cobra/pull/1363)
- Custom completions now correctly handle multiple shorthand flags
together -
[https://github.com/spf13/cobra/pull/1258](https://github.com/spf13/cobra/pull/1258)
- zsh completions now correctly handle `ShellDirectiveCompletionNoSpace`
and file completion all the time -
[https://github.com/spf13/cobra/pull/1213](https://github.com/spf13/cobra/pull/1213)
- Multiple fixes / improvements to the fish shell support -
[https://github.com/spf13/cobra/pull/1249](https://github.com/spf13/cobra/pull/1249)
- Fix home directory config not loading correctly -
[https://github.com/spf13/cobra/pull/1282](https://github.com/spf13/cobra/pull/1282)
- Fix for `RegisterFlagCompletionFunc` as a global var not working in
multi-threaded programs:
[https://github.com/spf13/cobra/pull/1423](https://github.com/spf13/cobra/pull/1423)
- Custom completions correctly do not complete flags after args when
interspersed is false
[#&#8203;1308](https://github.com/spf13/cobra/issues/1308)

#### Testing

- Deprecated Travis CI. Now fully using Github Actions -
spf13/cobra@d0f318d
- Added test cases and enhancements (thank you to everyone for taking
the time to add tests to your PRs!)
- Shoutout to [@&#8203;marckhouzam](https://github.com/marckhouzam)
and [@&#8203;Luap99](https://github.com/Luap99) for their hard work on
a cobra command completions testing library. [Check out the repo
here!](https://github.com/marckhouzam/cobra-completion-testing)

#### Security

- Bump viper to 1.8.1. This corrects several issues with vulnerabilities
existing in the dependency tree -
[https://github.com/spf13/cobra/pull/1433](https://github.com/spf13/cobra/pull/1433)

#### Other

- Add PR labeler with pull_request_target to enable tests to run from
forks -
[https://github.com/spf13/cobra/pull/1338](https://github.com/spf13/cobra/pull/1338)
- CI using MSYS2 windows machines pull latest -
[https://github.com/spf13/cobra/pull/1366](https://github.com/spf13/cobra/pull/1366)
- Multiple small fixes to spelling / documentation -
[https://github.com/spf13/cobra/pull/1349](https://github.com/spf13/cobra/pull/1349)
[https://github.com/spf13/cobra/pull/1417](https://github.com/spf13/cobra/pull/1417)
[https://github.com/spf13/cobra/pull/1434](https://github.com/spf13/cobra/pull/1434)

**Thank you to *all* our amazing contributors 🐍🚀**

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/PingCAP-QE/ee-apps).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44Ny4yIiwidXBkYXRlZEluVmVyIjoiMzcuODcuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/upstream Go modules cobra depends on
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants