Bump the global group across 1 directory with 3 updates #79

dependabot · 2025-12-02T07:02:21Z

Bumps the global group with 3 updates in the / directory: github.com/chia-network/go-modules, github.com/spf13/cobra and github.com/spf13/viper.

Updates github.com/chia-network/go-modules from 0.0.9 to 0.1.0

Release notes

Sourced from github.com/chia-network/go-modules's releases.

v0.1.0

What's Changed

Bump the global group with 2 updates by @dependabot[bot] in Chia-Network/go-modules#66

Bump golang.org/x/crypto from 0.31.0 to 0.35.0 by @dependabot[bot] in Chia-Network/go-modules#67

Bump github.com/lestrrat-go/jwx from 1.2.30 to 1.2.31 in the global group by @dependabot[bot] in Chia-Network/go-modules#68

Update Managed Files by @ChiaAutomation in Chia-Network/go-modules#69

Bump github.com/aws/aws-sdk-go from 1.55.6 to 1.55.7 in the global group by @dependabot[bot] in Chia-Network/go-modules#70

Bump golang.org/x/sys from 0.32.0 to 0.33.0 in the global group by @dependabot[bot] in Chia-Network/go-modules#71

Bump golang.org/x/sys from 0.33.0 to 0.34.0 in the global group by @dependabot[bot] in Chia-Network/go-modules#72

Remove Amazon package in favor of AWS SDK by @Starttoaster in Chia-Network/go-modules#74

Bump the global group across 1 directory with 2 updates by @dependabot[bot] in Chia-Network/go-modules#75

Bump actions/checkout from 4 to 5 by @dependabot[bot] in Chia-Network/go-modules#77

Update Managed Files by @ChiaAutomation in Chia-Network/go-modules#76

Update Managed Files by @ChiaAutomation in Chia-Network/go-modules#78

Bump the global group with 2 updates by @dependabot[bot] in Chia-Network/go-modules#79

Bump golang.org/x/sys from 0.36.0 to 0.37.0 in the global group by @dependabot[bot] in Chia-Network/go-modules#80

Bump golang.org/x/sys from 0.37.0 to 0.38.0 in the global group by @dependabot[bot] in Chia-Network/go-modules#81

Bump golang.org/x/crypto from 0.35.0 to 0.45.0 by @dependabot[bot] in Chia-Network/go-modules#82

Full Changelog: Chia-Network/go-modules@v0.0.9...v0.1.0

Commits

19c5893 Bump golang.org/x/crypto from 0.35.0 to 0.45.0 (#82)
3b1b46f Bump golang.org/x/sys from 0.37.0 to 0.38.0 in the global group (#81)
f1af254 Bump golang.org/x/sys from 0.36.0 to 0.37.0 in the global group (#80)
bf7750a Merge pull request #79 from Chia-Network/dependabot/go_modules/global-39d5160de8
7fba94a Bump the global group with 2 updates
bed2910 Update dep-review (#78)
e8d7a2a Update Managed Files (#76)
c3a644e Bump actions/checkout from 4 to 5 (#77)
bcad774 Bump the global group across 1 directory with 2 updates (#75)
f4f1fff Merge pull request #74 from Chia-Network/remove-amazon
Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.9.1 to 1.10.1

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.1

🐛 Fix

chore: upgrade pflags v1.0.9 by @jpmcb in spf13/cobra#2305

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

What's Changed

🚨 Attention!

Bump pflag to 1.0.8 by @tomasaschan in spf13/cobra#2303

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`

or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

More details can be found here: spf13/cobra#2303

✨ Features

Flow context to command in SetHelpFunc by @Frassle in spf13/cobra#2241

The default ShellCompDirective can be customized for a command and its subcommands by @albers in spf13/cobra#2238

🐛 Fix

Upgrade golangci-lint to v2, address findings by @scop in spf13/cobra#2279

🪠 Testing

Test with Go 1.24 by @harryzcy in spf13/cobra#2236

chore: Rm GitHub Action PR size labeler by @jpmcb in spf13/cobra#2256

📝 Docs

Remove traling curlybrace by @yedayak in spf13/cobra#2237

Update command.go by @styee in spf13/cobra#2248

feat: Add security policy by @jpmcb in spf13/cobra#2253

Update Readme (Warp) by @ericdachen in spf13/cobra#2267

Add Periscope to the list of projects using Cobra by @anishathalye in spf13/cobra#2299

New Contributors

@harryzcy made their first contribution in spf13/cobra#2236

@yedayak made their first contribution in spf13/cobra#2237

@Frassle made their first contribution in spf13/cobra#2241

... (truncated)

Commits

7da941c chore: Bump pflag to v1.0.9 (#2305)
51d6751 Bump pflag to 1.0.8 (#2303)
3f3b818 Update README.md with new logo
dcaf42e Add Periscope to the list of projects using Cobra (#2299)
6dec1ae The default ShellCompDirective can be customized for a command and its subcom...
c8289c1 chore(golangci-lint): add some exclusion presets
4af7b64 refactor: apply golangci-lint autofixes, work around false positives
75790e4 chore(golangci-lint): upgrade to v2
db3ddb5 Adding sponsorship to README.md
67171d6 putting sponsorship below header
Additional commits viewable in compare view

Updates github.com/spf13/viper from 1.20.1 to 1.21.0

Release notes

Sourced from github.com/spf13/viper's releases.

v1.21.0

What's Changed

Enhancements 🚀

Add support for flags pflag.BoolSlice, pflag.UintSlice and pflag.Float64Slice by @nmvalera in spf13/viper#2015

feat: use maintained yaml library by @sagikazarmark in spf13/viper#2040

Bug Fixes 🐛

fix(config): get config type from v.configType or config file ext by @GuillaumeBAECHLER in spf13/viper#2003

fix: config type check when loading any config by @sagikazarmark in spf13/viper#2007

Dependency Updates ⬆️

Update dependencies by @sagikazarmark in spf13/viper#1993

build(deps): bump github.com/spf13/cast from 1.7.1 to 1.8.0 by @dependabot[bot] in spf13/viper#2017

build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.3 to 2.2.4 by @dependabot[bot] in spf13/viper#2013

build(deps): bump github.com/sagikazarmark/locafero from 0.8.0 to 0.9.0 by @dependabot[bot] in spf13/viper#2008

build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in /remote by @dependabot[bot] in spf13/viper#2016

build(deps): bump github.com/spf13/cast from 1.8.0 to 1.9.2 by @dependabot[bot] in spf13/viper#2020

build(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by @dependabot[bot] in spf13/viper#2028

build(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 by @dependabot[bot] in spf13/viper#2035

build(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7 by @dependabot[bot] in spf13/viper#2036

build(deps): bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0 by @dependabot[bot] in spf13/viper#2012

build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 by @dependabot[bot] in spf13/viper#2052

build(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in /remote by @dependabot[bot] in spf13/viper#2048

build(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10 by @dependabot[bot] in spf13/viper#2056

chore: update dependencies by @sagikazarmark in spf13/viper#2057

Other Changes

Update update guide with mapstructure package replacement. by @aldas in spf13/viper#2004

refactor: use the built-in max/min to simplify the code by @yingshanghuangqiao in spf13/viper#2029

New Contributors

@GuillaumeBAECHLER made their first contribution in spf13/viper#2003

@aldas made their first contribution in spf13/viper#2004

@nmvalera made their first contribution in spf13/viper#2015

@yingshanghuangqiao made their first contribution in spf13/viper#2029

@ccoVeille made their first contribution in spf13/viper#2046

@spacez320 made their first contribution in spf13/viper#2050

Full Changelog: spf13/viper@v1.20.0...v1.21.0

Commits

394040c ci: build on go 1.25
812f548 chore: update dependencies
d5271ef ci: update stale workflow
dff303b feat: add a stale issue scheduled action
1287976 build(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10
38932cd build(deps): bump github.com/go-viper/mapstructure/v2 in /remote
6d014be build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1
b74c7ee build(deps): bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0
acd05e1 fix: linting issues
ae5a8e2 ci: upgrade golangci-lint
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

dependabot · 2025-12-02T07:02:21Z

Labels

The following labels could not be found: Changed, dependencies, go. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

socket-security · 2025-12-02T07:02:37Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	github.com/spf13/cobra@v1.9.1 ⏵ v1.10.2	⁺¹
	github.com/spf13/viper@v1.20.1 ⏵ v1.21.0	⁺¹
	github.com/chia-network/go-modules@v0.0.9 ⏵ v0.1.0	⁺¹

View full report

socket-security · 2025-12-02T07:02:39Z

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

Bumps the global group with 3 updates in the / directory: [github.com/chia-network/go-modules](https://github.com/chia-network/go-modules), [github.com/spf13/cobra](https://github.com/spf13/cobra) and [github.com/spf13/viper](https://github.com/spf13/viper). Updates `github.com/chia-network/go-modules` from 0.0.9 to 0.1.0 - [Release notes](https://github.com/chia-network/go-modules/releases) - [Commits](Chia-Network/go-modules@v0.0.9...v0.1.0) Updates `github.com/spf13/cobra` from 1.9.1 to 1.10.1 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.9.1...v1.10.1) Updates `github.com/spf13/viper` from 1.20.1 to 1.21.0 - [Release notes](https://github.com/spf13/viper/releases) - [Commits](spf13/viper@v1.20.1...v1.21.0) --- updated-dependencies: - dependency-name: github.com/chia-network/go-modules dependency-version: 0.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: global - dependency-name: github.com/spf13/cobra dependency-version: 1.10.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: global - dependency-name: github.com/spf13/viper dependency-version: 1.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: global ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot force-pushed the dependabot/go_modules/global-045ee5179e branch from 8c13ab7 to bbd9dc4 Compare January 6, 2026 07:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the global group across 1 directory with 3 updates #79

Bump the global group across 1 directory with 3 updates #79

Uh oh!

dependabot bot commented on behalf of github Dec 2, 2025 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Dec 2, 2025

Uh oh!

socket-security bot commented Dec 2, 2025 •

edited

Loading

Uh oh!

socket-security bot commented Dec 2, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the global group across 1 directory with 3 updates #79

Are you sure you want to change the base?

Bump the global group across 1 directory with 3 updates #79

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.1.0

What's Changed

v1.10.1

🐛 Fix

v1.10.0

What's Changed

🚨 Attention!

✨ Features

🐛 Fix

🪠 Testing

📝 Docs

New Contributors

v1.21.0

What's Changed

Enhancements 🚀

Bug Fixes 🐛

Dependency Updates ⬆️

Other Changes

New Contributors

Uh oh!

dependabot bot commented on behalf of github Dec 2, 2025

Labels

Uh oh!

socket-security bot commented Dec 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security bot commented Dec 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Dec 2, 2025 •

edited

Loading

socket-security bot commented Dec 2, 2025 •

edited

Loading

socket-security bot commented Dec 2, 2025 •

edited

Loading