Skip to content

Bump github.com/spf13/cobra from 1.7.0 to 1.10.2#96

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/go_modules/github.com/spf13/cobra-1.10.2
Jul 2, 2026
Merged

Bump github.com/spf13/cobra from 1.7.0 to 1.10.2#96
github-actions[bot] merged 1 commit into
mainfrom
dependabot/go_modules/github.com/spf13/cobra-1.10.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/spf13/cobra from 1.7.0 to 1.10.2.

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

  • chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

🔥✍🏼 Docs

🍂 Refactors

🤗 New Contributors

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

v1.10.1

🐛 Fix

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

What's Changed

🚨 Attention!

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

  • If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`
  • or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

... (truncated)

Commits

@dependabot dependabot Bot added area/dependency Issues or PRs related to dependency changes ok-to-test Indicates a non-member PR verified by an org member that is safe to test. labels Jul 2, 2026
@github-actions github-actions Bot enabled auto-merge (squash) July 2, 2026 06:10
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@dependabot[bot], you've reached your PR review limit, so we couldn't start this review.

Next review available in: 25 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: d1644aae-aeee-423b-bf89-28fd283e0c73

📥 Commits

Reviewing files that changed from the base of the PR and between 4e61bbc and 8708259.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (1)
  • go.mod

Walkthrough

This pull request updates two dependency versions in go.mod: github.com/spf13/cobra from v1.7.0 to v1.10.2, and github.com/spf13/pflag from v1.0.5 to v1.0.9.

Changes

Dependency updates

Layer / File(s) Summary
spf13 version bumps
go.mod
Updates version requirements for github.com/spf13/cobra and github.com/spf13/pflag.

Estimated code review effort: 1 (Trivial) | ~3 minutes

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main dependency upgrade in the PR.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed Only go.mod and go.sum changed; no test files or Ginkgo titles were modified, so no unstable test names were introduced.
Test Structure And Quality ✅ Passed PR only updates go.mod/go.sum for cobra/pflag; no Ginkgo/test files are changed, so the test-structure check is not applicable.
Microshift Test Compatibility ✅ Passed Only go.mod dependency bumps; no test files or new Ginkgo e2e specs were added, so there’s nothing MicroShift-specific to flag.
Single Node Openshift (Sno) Test Compatibility ✅ Passed Only go.mod/go.sum changed for cobra/pflag bumps; no Ginkgo/e2e tests were added or modified, so SNO compatibility check is not applicable.
Topology-Aware Scheduling Compatibility ✅ Passed The PR only updates go.mod dependency versions (cobra/pflag); no manifests, controllers, or scheduling logic were modified.
Ote Binary Stdout Contract ✅ Passed PR only bumps go.mod dependencies; no process-level stdout writes were added, and main.go still only uses log.Fatalf.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed PR only updates go.mod dependency versions; no new Ginkgo e2e tests or network-reliant test code were added.
No-Weak-Crypto ✅ Passed PR only bumps cobra/pflag in go.mod; no new MD5/SHA1/DES/RC4/custom-crypto or secret-comparison code appears in the changed dependency update.
Container-Privileges ✅ Passed PR only bumps Go deps in go.mod; no container/K8s manifests or privilege flags (privileged, hostPID/Network/IPC, SYS_ADMIN, allowPrivilegeEscalation) were found.
No-Sensitive-Data-In-Logs ✅ Passed Only go.mod/go.sum changed for cobra/pflag versions; no logging code or sensitive-data output was added or modified.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/go_modules/github.com/spf13/cobra-1.10.2

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot requested review from clcollins and dustman9000 July 2, 2026 06:11
@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign typeid for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/spf13/cobra-1.10.2 branch from f7e2ec2 to 4e61bbc Compare July 2, 2026 06:24
@codecov-commenter

codecov-commenter commented Jul 2, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.00%. Comparing base (36af4db) to head (8708259).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files
@@          Coverage Diff          @@
##            main     #96   +/-   ##
=====================================
  Coverage   0.00%   0.00%           
=====================================
  Files         34      34           
  Lines       1594    1594           
=====================================
  Misses      1594    1594           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/spf13/cobra-1.10.2 branch from 4e61bbc to 543cc41 Compare July 2, 2026 06:36
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.7.0 to 1.10.2.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](spf13/cobra@v1.7.0...v1.10.2)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-version: 1.10.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/spf13/cobra-1.10.2 branch from 543cc41 to 8708259 Compare July 2, 2026 06:44
@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

@dependabot[bot]: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@github-actions github-actions Bot merged commit 12a81aa into main Jul 2, 2026
5 of 6 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/github.com/spf13/cobra-1.10.2 branch July 2, 2026 06:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/dependency Issues or PRs related to dependency changes ok-to-test Indicates a non-member PR verified by an org member that is safe to test.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant