Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade viper to remove CVE found in indeirect dependencies #1538

Closed
cboitel opened this issue Nov 19, 2021 · 7 comments
Closed

Upgrade viper to remove CVE found in indeirect dependencies #1538

cboitel opened this issue Nov 19, 2021 · 7 comments
Labels
kind/upstream Go modules cobra depends on

Comments

@cboitel
Copy link

cboitel commented Nov 19, 2021

This project references viper 1.8.1 which was direct using github.com/bketelsen/crypt v0.0.4 which was imported older versions leading to import github.com/miekg/dns v1.0.14 which suffers a CVE fixed since version 1.1.25 (latest version is v1.1.43).

Upgrading to viper 1.9.0 would remove the dependency to github.com/bketelsen/crypt and the indirectly imported dns module version suffering the CVE.

@jpmcb
Copy link
Collaborator

jpmcb commented Dec 8, 2021

Closed by dependabot #1554

@jpmcb jpmcb closed this as completed Dec 8, 2021
@umarcor
Copy link
Contributor

umarcor commented Dec 8, 2021

Actually, not fixed. viper 1.9.0 does still depend on github.com/miekg/dns v1.0.14. See https://github.com/spf13/cobra/blob/master/go.sum#L207 and #1539. We need viper maintainers to publish a new release in order to fix this issue. That's why #1539 is a draft.

@cboitel
Copy link
Author

cboitel commented Dec 9, 2021

By closing this issue, you send a message "security isn't an issue in this project and anyone concerned by it shouldn't rely on us".

I wouldn't close issue unless you really mean to leave your product with an embedded CVE from dependencies you reference and use to provide. If so, we would all know that this project is not worth relying on since security isn't a concern.

I was expecting to open issues at projects used to request fixes and bump the newer version when ready. At last, if some dependency does not intend to fix the issue, you should remove it by using another one or fork/fix it.

I did open an issue at viper: spf13/viper#1257

@jpmcb jpmcb reopened this Dec 9, 2021
@jpmcb
Copy link
Collaborator

jpmcb commented Dec 9, 2021

Thanks for the heads up! Jumped the gun here!! Now that we have dependabot enabled, we should get that upgrade as soon as Viper pushes a new release.

gcf-merge-on-green bot pushed a commit to googleapis/gapic-showcase that referenced this issue Dec 14, 2021
[![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/spf13/cobra](https://togithub.com/spf13/cobra) | require | minor | `v1.2.1` -> `v1.3.0` |

---

### Release Notes

<details>
<summary>spf13/cobra</summary>

### [`v1.3.0`](https://togithub.com/spf13/cobra/releases/v1.3.0)

[Compare Source](https://togithub.com/spf13/cobra/compare/v1.2.1...v1.3.0)

### v1.3.0 - The Fall 2021 release 🍁

#### Completion fixes & enhancements 💇🏼

In `v1.2.0`, we introduced a new model for completions. Thanks to everyone for trying it, giving feedback, and providing numerous fixes! Continue to work with the new model as the old one (as noted in code comments) will be deprecated in a coming release.

-   `DisableFlagParsing` now triggers custom completions for flag names [#&#8203;1161](https://togithub.com/spf13/cobra/issues/1161)
-   Fixed unbound variables in bash completions causing edge case errors [#&#8203;1321](https://togithub.com/spf13/cobra/issues/1321)
-   `help` completion formatting improvements & fixes [#&#8203;1444](https://togithub.com/spf13/cobra/issues/1444)
-   All completions now follow the `help` example: short desc are now capitalized and removes extra spacing from long description [#&#8203;1455](https://togithub.com/spf13/cobra/issues/1455)
-   Typo fixes in bash & zsh completions [#&#8203;1459](https://togithub.com/spf13/cobra/issues/1459)
-   Fixed mixed tab/spaces indentation in completion scripts. Now just 4 spaces [#&#8203;1473](https://togithub.com/spf13/cobra/issues/1473)
-   Support for different bash completion options. Bash completions v2 supports descriptions and requires descriptions to be removed for `menu-complete`, `menu-complete-backward` and `insert-completions`. These descriptions are now purposefully removed in support of this model. [#&#8203;1509](https://togithub.com/spf13/cobra/issues/1509)
-   Fix for invalid shell completions when using `~/.cobra.yaml`. Log message `Using config file: ~/.cobra.yaml` now printed to stderr [#&#8203;1510](https://togithub.com/spf13/cobra/issues/1510)
-   Removes unnecessary trailing spaces from completion command descriptions [#&#8203;1520](https://togithub.com/spf13/cobra/issues/1520)
-   Option to hid default `completion` command [#&#8203;1541](https://togithub.com/spf13/cobra/issues/1541)
-   Remove `__complete` command for programs without subcommands [#&#8203;1563](https://togithub.com/spf13/cobra/issues/1563)

#### Generator changes ⚙️

Thanks to [@&#8203;spf13](https://togithub.com/spf13) for providing a number of changes to the Cobra generator tool, streamlining it for new users!

-   The Cobra generator now *won't* automatically include Viper and cleans up a number of unused imports when not using Viper.
-   The Cobra generator's default license is now `none`
-   The Cobra generator now works with Go modules
-   Documentation to reflect these changes

#### New Features 

-   License can be specified by their SPDX identifiers [#&#8203;1159](https://togithub.com/spf13/cobra/issues/1159)
-   `MatchAll` allows combining several PositionalArgs to work in concert. This now allows for enabling composing `PositionalArgs` [#&#8203;896](https://togithub.com/spf13/cobra/issues/896)

#### Bug Fixes 🐛

-   Fixed multiple error message from cobra `init` boilerplates [#&#8203;1463](https://togithub.com/spf13/cobra/issues/1463) [#&#8203;1552](https://togithub.com/spf13/cobra/issues/1552) [#&#8203;1557](https://togithub.com/spf13/cobra/issues/1557)

#### Testing 👀

-   Now testing golang 1.16.x and 1.17.x in CI [#&#8203;1425](https://togithub.com/spf13/cobra/issues/1425)
-   Fix for running diff test to ignore CR for windows [#&#8203;949](https://togithub.com/spf13/cobra/issues/949)
-   Added helper functions and reduced code reproduction in `args_test` [#&#8203;1426](https://togithub.com/spf13/cobra/issues/1426)
-   Now using official `golangci-lint` github action [#&#8203;1477](https://togithub.com/spf13/cobra/issues/1477)

#### Security 🔏

-   Added GitHub dependabot [#&#8203;1427](https://togithub.com/spf13/cobra/issues/1427)
-   Now using Viper `v1.10.0`
    -   There is a known CVE in an *indirect* dependency from `viper`: [spf13/cobra#1538. This will be patched in a future release

#### Documentation 📝

-   Multiple projects added to the `projects_using_cobra.md` file: [#&#8203;1377](https://togithub.com/spf13/cobra/issues/1377) [#&#8203;1501](https://togithub.com/spf13/cobra/issues/1501) [#&#8203;1454](https://togithub.com/spf13/cobra/issues/1454)
-   Removed ToC from main readme file as it is now automagically displayed by GitHub [#&#8203;1429](https://togithub.com/spf13/cobra/issues/1429)
-   Documentation correct for when the `--author` flag is specified [#&#8203;1009](https://togithub.com/spf13/cobra/issues/1009)
-   `shell_completions.md` has an easier to use snippet for copying and pasting shell completions [#&#8203;1372](https://togithub.com/spf13/cobra/issues/1372)

#### Other 💭

-   Bump version of  `cpuguy83/go-md2man` to v2.0.1 [#&#8203;1460](https://togithub.com/spf13/cobra/issues/1460)
-   Removed `lesser` typo from the GPL-2.0 license [#&#8203;880](https://togithub.com/spf13/cobra/issues/880)
-   Fixed spelling errors [#&#8203;1514](https://togithub.com/spf13/cobra/issues/1514)

*Thank you to all our amazing contributors* 🐍🚀

</details>

---

### Configuration

📅 **Schedule**: At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

 **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/gapic-showcase).
aviator-app bot pushed a commit to airplanedev/cli that referenced this issue Dec 16, 2021
[![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/gosimple/slug](https://togithub.com/gosimple/slug) | require | minor | `v1.11.2` -> `v1.12.0` |
| [github.com/spf13/cobra](https://togithub.com/spf13/cobra) | require | minor | `v1.2.1` -> `v1.3.0` |

---

### Release Notes

<details>
<summary>gosimple/slug</summary>

### [`v1.12.0`](https://togithub.com/gosimple/slug/releases/v1.12.0)

[Compare Source](https://togithub.com/gosimple/slug/compare/v1.11.2...v1.12.0)

<!-- Optional: add a release summary here -->

#### 🚀 New features and improvements

-   New language: hu/hun/hungarian ([#&#8203;65](https://togithub.com/gosimple/slug/issues/65)) by [@&#8203;theriverman](https://togithub.com/theriverman)
-   Add Indonesia Language ([#&#8203;64](https://togithub.com/gosimple/slug/issues/64)) by [@&#8203;dhi9](https://togithub.com/dhi9)

#### 📝 Documentation updates

-   Fix inconsistent indentation in README.md ([#&#8203;63](https://togithub.com/gosimple/slug/issues/63)) by [@&#8203;thecashewtrader](https://togithub.com/thecashewtrader)

</details>

<details>
<summary>spf13/cobra</summary>

### [`v1.3.0`](https://togithub.com/spf13/cobra/releases/v1.3.0)

[Compare Source](https://togithub.com/spf13/cobra/compare/v1.2.1...v1.3.0)

### v1.3.0 - The Fall 2021 release 🍁

#### Completion fixes & enhancements 💇🏼

In `v1.2.0`, we introduced a new model for completions. Thanks to everyone for trying it, giving feedback, and providing numerous fixes! Continue to work with the new model as the old one (as noted in code comments) will be deprecated in a coming release.

-   `DisableFlagParsing` now triggers custom completions for flag names [#&#8203;1161](https://togithub.com/spf13/cobra/issues/1161)
-   Fixed unbound variables in bash completions causing edge case errors [#&#8203;1321](https://togithub.com/spf13/cobra/issues/1321)
-   `help` completion formatting improvements & fixes [#&#8203;1444](https://togithub.com/spf13/cobra/issues/1444)
-   All completions now follow the `help` example: short desc are now capitalized and removes extra spacing from long description [#&#8203;1455](https://togithub.com/spf13/cobra/issues/1455)
-   Typo fixes in bash & zsh completions [#&#8203;1459](https://togithub.com/spf13/cobra/issues/1459)
-   Fixed mixed tab/spaces indentation in completion scripts. Now just 4 spaces [#&#8203;1473](https://togithub.com/spf13/cobra/issues/1473)
-   Support for different bash completion options. Bash completions v2 supports descriptions and requires descriptions to be removed for `menu-complete`, `menu-complete-backward` and `insert-completions`. These descriptions are now purposefully removed in support of this model. [#&#8203;1509](https://togithub.com/spf13/cobra/issues/1509)
-   Fix for invalid shell completions when using `~/.cobra.yaml`. Log message `Using config file: ~/.cobra.yaml` now printed to stderr [#&#8203;1510](https://togithub.com/spf13/cobra/issues/1510)
-   Removes unnecessary trailing spaces from completion command descriptions [#&#8203;1520](https://togithub.com/spf13/cobra/issues/1520)
-   Option to hid default `completion` command [#&#8203;1541](https://togithub.com/spf13/cobra/issues/1541)
-   Remove `__complete` command for programs without subcommands [#&#8203;1563](https://togithub.com/spf13/cobra/issues/1563)

#### Generator changes ⚙️

Thanks to [@&#8203;spf13](https://togithub.com/spf13) for providing a number of changes to the Cobra generator tool, streamlining it for new users!

-   The Cobra generator now *won't* automatically include Viper and cleans up a number of unused imports when not using Viper.
-   The Cobra generator's default license is now `none`
-   The Cobra generator now works with Go modules
-   Documentation to reflect these changes

#### New Features 

-   License can be specified by their SPDX identifiers [#&#8203;1159](https://togithub.com/spf13/cobra/issues/1159)
-   `MatchAll` allows combining several PositionalArgs to work in concert. This now allows for enabling composing `PositionalArgs` [#&#8203;896](https://togithub.com/spf13/cobra/issues/896)

#### Bug Fixes 🐛

-   Fixed multiple error message from cobra `init` boilerplates [#&#8203;1463](https://togithub.com/spf13/cobra/issues/1463) [#&#8203;1552](https://togithub.com/spf13/cobra/issues/1552) [#&#8203;1557](https://togithub.com/spf13/cobra/issues/1557)

#### Testing 👀

-   Now testing golang 1.16.x and 1.17.x in CI [#&#8203;1425](https://togithub.com/spf13/cobra/issues/1425)
-   Fix for running diff test to ignore CR for windows [#&#8203;949](https://togithub.com/spf13/cobra/issues/949)
-   Added helper functions and reduced code reproduction in `args_test` [#&#8203;1426](https://togithub.com/spf13/cobra/issues/1426)
-   Now using official `golangci-lint` github action [#&#8203;1477](https://togithub.com/spf13/cobra/issues/1477)

#### Security 🔏

-   Added GitHub dependabot [#&#8203;1427](https://togithub.com/spf13/cobra/issues/1427)
-   Now using Viper `v1.10.0`
    -   There is a known CVE in an *indirect* dependency from `viper`: [spf13/cobra#1538. This will be patched in a future release

#### Documentation 📝

-   Multiple projects added to the `projects_using_cobra.md` file: [#&#8203;1377](https://togithub.com/spf13/cobra/issues/1377) [#&#8203;1501](https://togithub.com/spf13/cobra/issues/1501) [#&#8203;1454](https://togithub.com/spf13/cobra/issues/1454)
-   Removed ToC from main readme file as it is now automagically displayed by GitHub [#&#8203;1429](https://togithub.com/spf13/cobra/issues/1429)
-   Documentation correct for when the `--author` flag is specified [#&#8203;1009](https://togithub.com/spf13/cobra/issues/1009)
-   `shell_completions.md` has an easier to use snippet for copying and pasting shell completions [#&#8203;1372](https://togithub.com/spf13/cobra/issues/1372)

#### Other 💭

-   Bump version of  `cpuguy83/go-md2man` to v2.0.1 [#&#8203;1460](https://togithub.com/spf13/cobra/issues/1460)
-   Removed `lesser` typo from the GPL-2.0 license [#&#8203;880](https://togithub.com/spf13/cobra/issues/880)
-   Fixed spelling errors [#&#8203;1514](https://togithub.com/spf13/cobra/issues/1514)

*Thank you to all our amazing contributors* 🐍🚀

</details>

---

### Configuration

📅 **Schedule**: "before 5am on Thursday" in timezone America/New_York.

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

 **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox.
@github-actions
Copy link

github-actions bot commented Feb 8, 2022

This issue is being marked as stale due to a long period of inactivity

@cboitel
Copy link
Author

cboitel commented Feb 9, 2022

Bumping so issue doesn't get closed too early

@jpmcb
Copy link
Collaborator

jpmcb commented Apr 8, 2022

Viper dependency was removed as part of a wider effort to reduce cobra's dependency surface. The cobra-cli is now at https://github.com/spf13/cobra-cli

Ref: #1597

Go mod ref:

cobra/go.mod

Lines 5 to 10 in 9d15fe6

require (
github.com/cpuguy83/go-md2man/v2 v2.0.1
github.com/inconshreveable/mousetrap v1.0.0
github.com/spf13/pflag v1.0.5
gopkg.in/yaml.v2 v2.4.0
)

@jpmcb jpmcb closed this as completed Apr 8, 2022
gcf-merge-on-green bot pushed a commit to GoogleCloudPlatform/alloydb-auth-proxy that referenced this issue May 18, 2022
[![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/spf13/cobra](https://togithub.com/spf13/cobra) | require | minor | `v1.2.1` -> `v1.4.0` |

---

### Release Notes

<details>
<summary>spf13/cobra</summary>

### [`v1.4.0`](https://togithub.com/spf13/cobra/releases/v1.4.0)

[Compare Source](https://togithub.com/spf13/cobra/compare/v1.3.0...v1.4.0)

### Winter 2022 Release ❄️

Another season, another release!

#### Goodbye viper! 🐍 🚀

The core Cobra library no longer requires Viper and all of its indirect dependencies. This means that Cobra's dependency tree has been drastically thinned! The Viper dependency was included because of the `cobra` CLI generation tool. [This tool has migrated to `spf13/cobra-cli`](https://togithub.com/spf13/cobra-cli/releases/tag/v1.3.0).

It's *pretty unlikely* you were importing and using **the bootstrapping CLI tool** as part of your application (after all, it's just a tool to get going with core `cobra`).

But if you were, replace occurrences of

    "github.com/spf13/cobra/cobra"

with

    "github.com/spf13/cobra-cli"

And in your `go.mod`, you'll want to also include this dependency:

    github.com/spf13/cobra-cli v1.3.0

Again, the maintainers *do not anticipate* this being a breaking change to users of the core `cobra` library, so minimal work should be required for users to integrate with this new release. Moreover, this means the dependency tree for your application using Cobra should no longer require dependencies that were inherited from Viper. Huzzah! 🥳

If you'd like to read more

-   issue: [spf13/cobra#1597
-   PR: [spf13/cobra#1604

#### Documentation 📝

-   Update Go Doc link and badge in README: [spf13/cobra#1593
-   Fix to install command, now targets `@latest`: [spf13/cobra#1576
-   Added MAINTAINERS file: [spf13/cobra#1545

#### Other 💭

-   Bumped license year to 2022 in golden files: [spf13/cobra#1575
-   Added Pixie to projects: [spf13/cobra#1581
-   Updated labeler for new labeling scheme: [spf13/cobra#1613 & syntax fix: [spf13/cobra#1624

Shoutout to our awesome contributors helping to make this cobra release possible!!
[@&#8203;spf13](https://togithub.com/spf13) [@&#8203;marckhouzam](https://togithub.com/marckhouzam) [@&#8203;johnSchnake](https://togithub.com/johnSchnake) [@&#8203;jpmcb](https://togithub.com/jpmcb) [@&#8203;liggitt](https://togithub.com/liggitt) [@&#8203;umarcor](https://togithub.com/umarcor) [@&#8203;hiljusti](https://togithub.com/hiljusti) [@&#8203;marians](https://togithub.com/marians) [@&#8203;shyim](https://togithub.com/shyim) [@&#8203;htroisi](https://togithub.com/htroisi)

### [`v1.3.0`](https://togithub.com/spf13/cobra/releases/v1.3.0)

[Compare Source](https://togithub.com/spf13/cobra/compare/v1.2.1...v1.3.0)

### v1.3.0 - The Fall 2021 release 🍁

#### Completion fixes & enhancements 💇🏼

In `v1.2.0`, we introduced a new model for completions. Thanks to everyone for trying it, giving feedback, and providing numerous fixes! Continue to work with the new model as the old one (as noted in code comments) will be deprecated in a coming release.

-   `DisableFlagParsing` now triggers custom completions for flag names [#&#8203;1161](https://togithub.com/spf13/cobra/issues/1161)
-   Fixed unbound variables in bash completions causing edge case errors [#&#8203;1321](https://togithub.com/spf13/cobra/issues/1321)
-   `help` completion formatting improvements & fixes [#&#8203;1444](https://togithub.com/spf13/cobra/issues/1444)
-   All completions now follow the `help` example: short desc are now capitalized and removes extra spacing from long description [#&#8203;1455](https://togithub.com/spf13/cobra/issues/1455)
-   Typo fixes in bash & zsh completions [#&#8203;1459](https://togithub.com/spf13/cobra/issues/1459)
-   Fixed mixed tab/spaces indentation in completion scripts. Now just 4 spaces [#&#8203;1473](https://togithub.com/spf13/cobra/issues/1473)
-   Support for different bash completion options. Bash completions v2 supports descriptions and requires descriptions to be removed for `menu-complete`, `menu-complete-backward` and `insert-completions`. These descriptions are now purposefully removed in support of this model. [#&#8203;1509](https://togithub.com/spf13/cobra/issues/1509)
-   Fix for invalid shell completions when using `~/.cobra.yaml`. Log message `Using config file: ~/.cobra.yaml` now printed to stderr [#&#8203;1510](https://togithub.com/spf13/cobra/issues/1510)
-   Removes unnecessary trailing spaces from completion command descriptions [#&#8203;1520](https://togithub.com/spf13/cobra/issues/1520)
-   Option to hide default `completion` command [#&#8203;1541](https://togithub.com/spf13/cobra/issues/1541)
-   Remove `__complete` command for programs without subcommands [#&#8203;1563](https://togithub.com/spf13/cobra/issues/1563)

#### Generator changes ⚙️

Thanks to [@&#8203;spf13](https://togithub.com/spf13) for providing a number of changes to the Cobra generator tool, streamlining it for new users!

-   The Cobra generator now *won't* automatically include Viper and cleans up a number of unused imports when not using Viper.
-   The Cobra generator's default license is now `none`
-   The Cobra generator now works with Go modules
-   Documentation to reflect these changes

#### New Features 

-   License can be specified by their SPDX identifiers [#&#8203;1159](https://togithub.com/spf13/cobra/issues/1159)
-   `MatchAll` allows combining several PositionalArgs to work in concert. This now allows for enabling composing `PositionalArgs` [#&#8203;896](https://togithub.com/spf13/cobra/issues/896)

#### Bug Fixes 🐛

-   Fixed multiple error message from cobra `init` boilerplates [#&#8203;1463](https://togithub.com/spf13/cobra/issues/1463) [#&#8203;1552](https://togithub.com/spf13/cobra/issues/1552) [#&#8203;1557](https://togithub.com/spf13/cobra/issues/1557)

#### Testing 👀

-   Now testing golang 1.16.x and 1.17.x in CI [#&#8203;1425](https://togithub.com/spf13/cobra/issues/1425)
-   Fix for running diff test to ignore CR for windows [#&#8203;949](https://togithub.com/spf13/cobra/issues/949)
-   Added helper functions and reduced code reproduction in `args_test` [#&#8203;1426](https://togithub.com/spf13/cobra/issues/1426)
-   Now using official `golangci-lint` github action [#&#8203;1477](https://togithub.com/spf13/cobra/issues/1477)

#### Security 🔏

-   Added GitHub dependabot [#&#8203;1427](https://togithub.com/spf13/cobra/issues/1427)
-   Now using Viper `v1.10.0`
    -   There is a known CVE in an *indirect* dependency from `viper`: [spf13/cobra#1538. This will be patched in a future release

#### Documentation 📝

-   Multiple projects added to the `projects_using_cobra.md` file: [#&#8203;1377](https://togithub.com/spf13/cobra/issues/1377) [#&#8203;1501](https://togithub.com/spf13/cobra/issues/1501) [#&#8203;1454](https://togithub.com/spf13/cobra/issues/1454)
-   Removed ToC from main readme file as it is now automagically displayed by GitHub [#&#8203;1429](https://togithub.com/spf13/cobra/issues/1429)
-   Documentation correct for when the `--author` flag is specified [#&#8203;1009](https://togithub.com/spf13/cobra/issues/1009)
-   `shell_completions.md` has an easier to use snippet for copying and pasting shell completions [#&#8203;1372](https://togithub.com/spf13/cobra/issues/1372)

#### Other 💭

-   Bump version of  `cpuguy83/go-md2man` to v2.0.1 [#&#8203;1460](https://togithub.com/spf13/cobra/issues/1460)
-   Removed `lesser` typo from the GPL-2.0 license [#&#8203;880](https://togithub.com/spf13/cobra/issues/880)
-   Fixed spelling errors [#&#8203;1514](https://togithub.com/spf13/cobra/issues/1514)

*Thank you to all our amazing contributors* 🐍🚀

</details>

---

### Configuration

📅 **Schedule**: At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

 **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/GoogleCloudPlatform/alloydb-auth-proxy).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/upstream Go modules cobra depends on
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants