From 5b2cce404511cb1fc247f40c0bdb6cca5df7117c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Dec 2025 12:26:45 +0000 Subject: [PATCH 1/4] Bump github.com/spf13/cobra from 1.10.1 to 1.10.2 Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.10.1 to 1.10.2. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-version: 1.10.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index cc4c17fa..82ca8a3e 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/olekukonko/tablewriter v1.1.2 github.com/ory/jsonschema/v3 v3.0.4 github.com/sirupsen/logrus v1.9.3 - github.com/spf13/cobra v1.10.1 + github.com/spf13/cobra v1.10.2 github.com/spf13/pflag v1.0.10 github.com/stretchr/testify v1.11.1 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb diff --git a/go.sum b/go.sum index 49922e7b..c84aa67a 100644 --- a/go.sum +++ b/go.sum @@ -1314,8 +1314,8 @@ github.com/spf13/cobra v0.0.6/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHN github.com/spf13/cobra v0.0.7/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= -github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s= -github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0= +github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= +github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= From 5b396ee59c39c0544e0320f664e8a82d01ad67f9 Mon Sep 17 00:00:00 2001 From: per1234 Date: Fri, 5 Dec 2025 02:21:31 -0800 Subject: [PATCH 2/4] Tidy dependent modules to reflect `github.com/spf13/cobra` bump The bump of the dependency of the project's root `github.com/arduino/arduino-lint` module also requires updates to the Go dependencies metadata of the project's modules which depend on `github.com/arduino/arduino-lint`. --- docsgen/go.mod | 3 ++- docsgen/go.sum | 6 ++++-- ruledocsgen/go.mod | 2 +- ruledocsgen/go.sum | 5 +++-- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/docsgen/go.mod b/docsgen/go.mod index 42076f7c..157af61f 100644 --- a/docsgen/go.mod +++ b/docsgen/go.mod @@ -11,7 +11,7 @@ replace github.com/oleiade/reflections => github.com/oleiade/reflections v1.0.1 require ( github.com/arduino/arduino-lint v0.0.0 - github.com/spf13/cobra v1.10.1 + github.com/spf13/cobra v1.10.2 ) require ( @@ -105,6 +105,7 @@ require ( go.opentelemetry.io/otel/trace v1.18.0 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.9.0 // indirect + go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/crypto v0.45.0 // indirect golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect golang.org/x/mod v0.29.0 // indirect diff --git a/docsgen/go.sum b/docsgen/go.sum index 259c7e05..20c28d6f 100644 --- a/docsgen/go.sum +++ b/docsgen/go.sum @@ -1223,8 +1223,8 @@ github.com/spf13/cobra v0.0.6/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHN github.com/spf13/cobra v0.0.7/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= -github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s= -github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0= +github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= +github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= @@ -1378,6 +1378,8 @@ go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9E go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= +go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= +go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180830192347-182538f80094/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= diff --git a/ruledocsgen/go.mod b/ruledocsgen/go.mod index 6254eded..d4afe92d 100644 --- a/ruledocsgen/go.mod +++ b/ruledocsgen/go.mod @@ -82,7 +82,7 @@ require ( github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/afero v1.10.0 // indirect github.com/spf13/cast v1.5.1 // indirect - github.com/spf13/cobra v1.10.1 // indirect + github.com/spf13/cobra v1.10.2 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.10 // indirect github.com/spf13/viper v1.17.0 // indirect diff --git a/ruledocsgen/go.sum b/ruledocsgen/go.sum index f70b4384..8cb0fe7f 100644 --- a/ruledocsgen/go.sum +++ b/ruledocsgen/go.sum @@ -1227,8 +1227,8 @@ github.com/spf13/cobra v0.0.6/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHN github.com/spf13/cobra v0.0.7/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= -github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s= -github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0= +github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= +github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= @@ -1384,6 +1384,7 @@ go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9E go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= +go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180830192347-182538f80094/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= From aa3e949158f62d817f3b03859d5efb76cbc63aef Mon Sep 17 00:00:00 2001 From: per1234 Date: Fri, 5 Dec 2025 02:28:15 -0800 Subject: [PATCH 3/4] Update dependency license metadata cache for `github.com/spf13/cobra` bump --- .../go/github.com/spf13/cobra.dep.yml | 2 +- .../docsgen/go/github.com/spf13/cobra.dep.yml | 2 +- .../go/github.com/spf13/cobra/doc.dep.yml | 6 +- .../docsgen/go/go.yaml.in/yaml/v3.dep.yml | 80 +++++++++++++++++++ .../go/github.com/spf13/cobra.dep.yml | 2 +- 5 files changed, 86 insertions(+), 6 deletions(-) create mode 100644 .licenses/docsgen/go/go.yaml.in/yaml/v3.dep.yml diff --git a/.licenses/arduino-lint/go/github.com/spf13/cobra.dep.yml b/.licenses/arduino-lint/go/github.com/spf13/cobra.dep.yml index b2b64cb2..b8f0698a 100644 --- a/.licenses/arduino-lint/go/github.com/spf13/cobra.dep.yml +++ b/.licenses/arduino-lint/go/github.com/spf13/cobra.dep.yml @@ -1,6 +1,6 @@ --- name: github.com/spf13/cobra -version: v1.10.1 +version: v1.10.2 type: go summary: Package cobra is a commander providing a simple interface to create powerful modern CLI interfaces. diff --git a/.licenses/docsgen/go/github.com/spf13/cobra.dep.yml b/.licenses/docsgen/go/github.com/spf13/cobra.dep.yml index b2b64cb2..b8f0698a 100644 --- a/.licenses/docsgen/go/github.com/spf13/cobra.dep.yml +++ b/.licenses/docsgen/go/github.com/spf13/cobra.dep.yml @@ -1,6 +1,6 @@ --- name: github.com/spf13/cobra -version: v1.10.1 +version: v1.10.2 type: go summary: Package cobra is a commander providing a simple interface to create powerful modern CLI interfaces. diff --git a/.licenses/docsgen/go/github.com/spf13/cobra/doc.dep.yml b/.licenses/docsgen/go/github.com/spf13/cobra/doc.dep.yml index 16dff156..41020e9e 100644 --- a/.licenses/docsgen/go/github.com/spf13/cobra/doc.dep.yml +++ b/.licenses/docsgen/go/github.com/spf13/cobra/doc.dep.yml @@ -1,12 +1,12 @@ --- name: github.com/spf13/cobra/doc -version: v1.10.1 +version: v1.10.2 type: go summary: homepage: https://pkg.go.dev/github.com/spf13/cobra/doc license: apache-2.0 licenses: -- sources: cobra@v1.10.1/LICENSE.txt +- sources: cobra@v1.10.2/LICENSE.txt text: |2 Apache License Version 2.0, January 2004 @@ -182,6 +182,6 @@ licenses: defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. -- sources: cobra@v1.10.1/README.md +- sources: cobra@v1.10.2/README.md text: Cobra is released under the Apache 2.0 license. See [LICENSE.txt](LICENSE.txt) notices: [] diff --git a/.licenses/docsgen/go/go.yaml.in/yaml/v3.dep.yml b/.licenses/docsgen/go/go.yaml.in/yaml/v3.dep.yml new file mode 100644 index 00000000..7fe89709 --- /dev/null +++ b/.licenses/docsgen/go/go.yaml.in/yaml/v3.dep.yml @@ -0,0 +1,80 @@ +--- +name: go.yaml.in/yaml/v3 +version: v3.0.4 +type: go +summary: Package yaml implements YAML support for the Go language. +homepage: https://pkg.go.dev/go.yaml.in/yaml/v3 +license: other +licenses: +- sources: LICENSE + text: |2 + + This project is covered by two different licenses: MIT and Apache. + + #### MIT License #### + + The following files were ported to Go from C files of libyaml, and thus + are still covered by their original MIT license, with the additional + copyright staring in 2011 when the project was ported over: + + apic.go emitterc.go parserc.go readerc.go scannerc.go + writerc.go yamlh.go yamlprivateh.go + + Copyright (c) 2006-2010 Kirill Simonov + Copyright (c) 2006-2011 Kirill Simonov + + Permission is hereby granted, free of charge, to any person obtaining a copy of + this software and associated documentation files (the "Software"), to deal in + the Software without restriction, including without limitation the rights to + use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies + of the Software, and to permit persons to whom the Software is furnished to do + so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + + ### Apache License ### + + All the remaining project files are covered by the Apache license: + + Copyright (c) 2011-2019 Canonical Ltd + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +- sources: README.md + text: |- + The yaml package is licensed under the MIT and Apache License 2.0 licenses. + Please see the LICENSE file for details. +notices: +- sources: NOTICE + text: |- + Copyright 2011-2016 Canonical Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/.licenses/ruledocsgen/go/github.com/spf13/cobra.dep.yml b/.licenses/ruledocsgen/go/github.com/spf13/cobra.dep.yml index b2b64cb2..b8f0698a 100644 --- a/.licenses/ruledocsgen/go/github.com/spf13/cobra.dep.yml +++ b/.licenses/ruledocsgen/go/github.com/spf13/cobra.dep.yml @@ -1,6 +1,6 @@ --- name: github.com/spf13/cobra -version: v1.10.1 +version: v1.10.2 type: go summary: Package cobra is a commander providing a simple interface to create powerful modern CLI interfaces. From d2194d872e0b5ad0936e41ede0f81491c24751e1 Mon Sep 17 00:00:00 2001 From: per1234 Date: Fri, 5 Dec 2025 02:29:10 -0800 Subject: [PATCH 4/4] Manually define dependency license metadata that was not detected The "Licensed" dependency license checker tool uses the licensee tool to automatically determine the license type based on metadata provided by the dependency author. This must be in a standardized format without any modifications. In cases where that wasn't done, it is necessary to determine the license type and update the dependency license metadata cache in the `.licenses` folder manually. The Licensed tool will check this data whenever the dependency version is updated to make sure the license hasn't changed. --- .licenses/docsgen/go/go.yaml.in/yaml/v3.dep.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.licenses/docsgen/go/go.yaml.in/yaml/v3.dep.yml b/.licenses/docsgen/go/go.yaml.in/yaml/v3.dep.yml index 7fe89709..2b12b601 100644 --- a/.licenses/docsgen/go/go.yaml.in/yaml/v3.dep.yml +++ b/.licenses/docsgen/go/go.yaml.in/yaml/v3.dep.yml @@ -4,7 +4,9 @@ version: v3.0.4 type: go summary: Package yaml implements YAML support for the Go language. homepage: https://pkg.go.dev/go.yaml.in/yaml/v3 -license: other +# Apache-2.0 subsumes MIT +# https://www.gnu.org/licenses/license-compatibility.html#combining +license: apache-2.0 licenses: - sources: LICENSE text: |2