build(deps): update CLI framework and security dependencies#1822
Open
sameerforge wants to merge 1 commit intocarvel-dev:developfrom
Open
build(deps): update CLI framework and security dependencies#1822sameerforge wants to merge 1 commit intocarvel-dev:developfrom
sameerforge wants to merge 1 commit intocarvel-dev:developfrom
Conversation
Signed-off-by: Sameer <sameer.khan@broadcom.com>
sameerforge
force-pushed
the
fix/dependency-consolidation
branch
from
d45d381 to
9ff04d3
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
This PR updates several core dependencies to align with modern Go patterns and address security patches. It also consolidates the internal reference for carvel.dev/kapp-controller to the stable v0.59.8 release tag.
Dependency Changes:
github.com/spf13/cobra(v1.9.1 → v1.10.2): Modernizes CLI context handling and removes deprecated YAML dependencies.github.com/spf13/pflag(v1.0.6 → v1.0.10): Standard library patch for improved flag parsing safety.golang.org/x/crypto(v0.45.0 → v0.50.0): Security-mandated update for cryptographic primitives.carvel.dev/kapp-controller: Aligned internal module references to stable release v0.59.8.Validation Results
The following verification steps were performed to ensure no regressions in CLI logic or controller reconciliation:
1. Compilation & Static Analysis
Verified that the project compiles under Go 1.25.7 and that cobra context signatures are correctly implemented.
Controller:
go build -v ./cmd/controller/...CLI:
go build -v -o kctrl ./cmd/kctrl/...2. Unit & Functional Testing
All package-level tests were executed to validate core logic, specifically around credential handling and CLI command execution.
Command:
go test -v ./pkg/...Result: All tests passed (including Helm schema generation and kctrl release runners).
3. CLI Integration & Signal Handling
Verified the functional integrity of the kctrl binary with the updated cobra and pflag versions.
Command:
./kctrl package deploy --helpResult: Verified correct flag rendering and help-text generation.
4. Dependency Integrity
Validated the state of the vendor/ directory and module checksums.
Command:
go mod verifyResult: All modules verified; hashes match go.sum.
Checklist
[x] Verified builds and tests pass locally.
[x] Updated
vendor/directory viago mod vendor.[x] Followed Carvel Contributor Guide.