Bump pflag to 1.0.8 #2303
Bump pflag to 1.0.8 #2303
Conversation
In pflag, we recently made a breaking change in naming to be more inclusive. This change, while doing nothing to address the same uninclusive naming in cobra itself, adjusts to those changes to ensure automatic bumps (if you do them) can continue uninterrupted.
|
|
|
Until this is merged, those running into issues can use this go.mod workaround: // Needed until PR fix is merged:
// https://github.com/spf13/cobra/pull/2303
replace github.com/spf13/cobra => github.com/tomasaschan/cobra v1.9.2-0.20250831200618-527c4d0e1829 |
|
@nadeemc curious why someone would need a workaround since I assume cobra will only break if pointing to the new pflag? Maybe for projects that directly include pflag as well as cobra? |
There was a problem hiding this comment.
I like that such names are being updated.
Thanks for being proactive and opening this PR.
Although I would like to make a similar change for cobra, our policy is to be completely backwards compatible, so for the moment at least, I donβt think we should go beyond this current PR
Hi @marckhouzam! Thanks for getting this merged! For me, and others (spf13/pflag#445), running a go mod update and tidy, even though the spf13/cobra version remained at v1.9.1, did break builds because of the pflag bump. Glad it was a very temporary workaround ;) |
|
Is this merge good enough or do we need a cobra release for this? I still donβt quite get when things breakβ¦ |
|
@marckhouzam It will need a release to bump spf13/cobra to v1.9.2 or v1.10.0. Otherwise, anyone using require (
github.com/spf13/cobra v1.9.1
)
require (
- github.com/spf13/pflag v1.0.7 // indirect
+ github.com/spf13/pflag v1.0.8 // indirect
)Which will break the build without spf13/cobra also having a version bump and being picked up by the |
|
Fwiw I tagged v1.0.9 of pflag to avoid breaking users of Cobra until this is in a tagged release, so it is less urgent now than it was. But we would still like to remove these old names eventually (likely before 2.0), and tagging a Cobra release that includes this patch (and, potentially but not necessarily, further bumps of pflag) will be a prerequisite for us to do that without causing the same kind of breakage across the ecosystem again. |
@marckhouzam - yes, this is exactly the scenario that would break downstream consumers of both The blast radius of this was quite large actually: I got pinged by some people that In the past, cobra has probably been overly cautious about taking any kind of breaking change since there are just so many projects that use it: the APIs are stable and assumed to be non-breaking. Doing anything that breaks that semver contract erodes alot of trust in the library (and us as maintainers). |
As you can probably tell from my original PR message, I had no idea the blast radius of that change in pflag would be this massive. Basically, I (incorrectly) assumed that Cobra users wouldn't notice unless they explicitly tried to upgrade pflag, but of course I realized Cobra itself would need a few small changes to be able to keep rolling forward - hence this PR. The immediate issues have been resolved now with v1.0.9 which restores the removed names, so anything that got bitten by some autobump thingy should also be fixed by the same autobump thingy without further action required. That said, it also seems that anything important that broke because of the pflag change used pflag indirectly through Cobra. If you'd like, I'd be happy to include (but not author... PRs welcome!) a set of integration tests on the pflag side to ensure that any change merged there does not have this type of effect downstream. |
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [github.com/spf13/cobra](https://github.com/spf13/cobra) | `v1.9.1` -> `v1.10.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>spf13/cobra (github.com/spf13/cobra)</summary> ### [`v1.10.1`](https://github.com/spf13/cobra/releases/tag/v1.10.1) [Compare Source](spf13/cobra@v1.10.0...v1.10.1) ##### π Fix - chore: upgrade pflags v1.0.9 by [@​jpmcb](https://github.com/jpmcb) in [#​2305](spf13/cobra#2305) v1.0.9 of pflags brought back `ParseErrorsWhitelist` and marked it as deprecated **Full Changelog**: <spf13/cobra@v1.10.0...v1.10.1> ### [`v1.10.0`](https://github.com/spf13/cobra/releases/tag/v1.10.0) [Compare Source](spf13/cobra@v1.9.1...v1.10.0) #### What's Changed ##### π¨ Attention! - Bump pflag to 1.0.8 by [@​tomasaschan](https://github.com/tomasaschan) in [#​2303](spf13/cobra#2303) This version of `pflag` carried a breaking change: it renamed `ParseErrorsWhitelist` to `ParseErrorsAllowlist` which can break builds if both `pflag` and `cobra` are dependencies in your project. - If you use both `pflag and `cobra`, upgrade `pflag`to 1.0.8 and`cobra`to`1.10.0\` - ***or*** use the newer, fixed version of `pflag` v1.0.9 which keeps the deprecated `ParseErrorsWhitelist` More details can be found here: [#​2303 (comment)](spf13/cobra#2303 (comment)) ##### β¨ Features - Flow context to command in SetHelpFunc by [@​Frassle](https://github.com/Frassle) in [#​2241](spf13/cobra#2241) - The default ShellCompDirective can be customized for a command and its subcommands by [@​albers](https://github.com/albers) in [#​2238](spf13/cobra#2238) ##### π Fix - Upgrade golangci-lint to v2, address findings by [@​scop](https://github.com/scop) in [#​2279](spf13/cobra#2279) ##### πͺ Testing - Test with Go 1.24 by [@​harryzcy](https://github.com/harryzcy) in [#​2236](spf13/cobra#2236) - chore: Rm GitHub Action PR size labeler by [@​jpmcb](https://github.com/jpmcb) in [#​2256](spf13/cobra#2256) ##### π Docs - Remove traling curlybrace by [@​yedayak](https://github.com/yedayak) in [#​2237](spf13/cobra#2237) - Update command.go by [@​styee](https://github.com/styee) in [#​2248](spf13/cobra#2248) - feat: Add security policy by [@​jpmcb](https://github.com/jpmcb) in [#​2253](spf13/cobra#2253) - Update Readme (Warp) by [@​ericdachen](https://github.com/ericdachen) in [#​2267](spf13/cobra#2267) - Add Periscope to the list of projects using Cobra by [@​anishathalye](https://github.com/anishathalye) in [#​2299](spf13/cobra#2299) #### New Contributors - [@​harryzcy](https://github.com/harryzcy) made their first contribution in [#​2236](spf13/cobra#2236) - [@​yedayak](https://github.com/yedayak) made their first contribution in [#​2237](spf13/cobra#2237) - [@​Frassle](https://github.com/Frassle) made their first contribution in [#​2241](spf13/cobra#2241) - [@​styee](https://github.com/styee) made their first contribution in [#​2248](spf13/cobra#2248) - [@​ericdachen](https://github.com/ericdachen) made their first contribution in [#​2267](spf13/cobra#2267) - [@​albers](https://github.com/albers) made their first contribution in [#​2238](spf13/cobra#2238) - [@​anishathalye](https://github.com/anishathalye) made their first contribution in [#​2299](spf13/cobra#2299) - [@​tomasaschan](https://github.com/tomasaschan) made their first contribution in [#​2303](spf13/cobra#2303) **Full Changelog**: <spf13/cobra@v1.9.1...v1.9.2> </details> --- ### Configuration π **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC). π¦ **Automerge**: Disabled by config. Please merge this manually once you are satisfied. β» **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. π **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45MS4yIiwidXBkYXRlZEluVmVyIjoiNDEuOTEuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiS2luZC9DaG9yZSIsInJ1bi1lbmQtdG8tZW5kLXRlc3RzIl19--> <!--start release-notes-assistant--> <!--URL:https://code.forgejo.org/forgejo/runner--> - other - [PR](https://code.forgejo.org/forgejo/runner/pulls/930): <!--number 930 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3NwZjEzL2NvYnJhIHRvIHYxLjEwLjE=-->Update module github.com/spf13/cobra to v1.10.1<!--description--> <!--end release-notes-assistant--> Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/930 Reviewed-by: earl-warren <[email protected]> Co-authored-by: Renovate Bot <[email protected]> Co-committed-by: Renovate Bot <[email protected]>
In pflag, we recently made a breaking change in naming to be more inclusive. This change, while doing nothing to address the same uninclusive naming in cobra itself, adjusts to those changes to ensure automatic bumps (if you do them) can continue uninterrupted.