Backport of deps: Switch from mitchellh/cli to hashicorp/cli into release/1.9.x #24719
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This PR is auto-generated from #19321 to be assessed for backporting due to the inclusion of the label backport/1.9.x.
🚨
The person who merged in the original PR is:
@jrasell
This person should manually cherry-pick the original PR into a new backport PR,
and close this one when the manual backport PR is merged in.
The below text is copied from the body of the original PR.
Thanks @angrycub!
This PR switches from the achieved
mitchellh/cli
to the internally maintainedhashicorp/cli
. A semgrep rule is included to stop usage of this library in the future.The change is like-for-like, therefore my plan is to backport this to all active release branches. Additionally, backporting CLI bug fixes might be painful without this. If any reviewers think this is a bad idea, please let me know.
The remaining indirect reference is due to
github.com/hashicorp/go-secure-stdlib/listenerutil
which has migrated the library on main, but not released this version. I have submitted a request for a release via hashicorp/go-secure-stdlib#151. Once released, we can followup with a dependency update PR to remove the indirect dependency.Overview of commits