Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency charmbracelet/gum to v0.15.0 #9561

Merged
merged 1 commit into from
Jan 14, 2025
Merged

chore(deps): update dependency charmbracelet/gum to v0.15.0 #9561

merged 1 commit into from
Jan 14, 2025

Conversation

uniget-bot
Copy link

This PR contains the following updates:

Package Update Change
charmbracelet/gum minor 0.14.5 -> 0.15.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

charmbracelet/gum (charmbracelet/gum)

v0.15.0

Compare Source

No longer a sticky situation

This release contains a small boatload of fixes and quality-of-life features across the board by the great @​caarlos0 and some awesome contributors.

Most importantly we detangled Gum and Huh. The two libraries were too tightly coupled creating a difficult environment to maintain. With this separation, Gum much easier to maintain, especially for contributors. Chew on that!

General Stuff

No more weird ANSI: gum now strips ANSI sequences by default. Want ‘em back? just add --no-strip-ansi.

We fixed some bugs with existing timeouts + they can now be used in confirm, choose, file, filter, input, pager, and spin. You can specify the units, i.e. --timeout=750ms, --timeout=1m30s

Choose

Sometimes you want the user-facing choice to be different than the outputted value. Now you can do that with --label-delimiter:

$ printf 'Pocky:0\nRamen:1\nShrimp Chips:2\n' | gum choose --label-delimiter=':'

Want to select all options by default? Use --select='*'.

$ printf 'Pocky\nRamen\nShrimp Chips\n' | gum choose  --select='*'

Confirm

No you can print the chosen value with --show-output:

$ gum confirm --show-output 'Do you agree?'
Do you agree? No
exit status 1

File

You can now add a header to your filepickers with the --header set of flags.

gum file --header="Whatcha gonna pick?"

file

For details see gum file --help.

Filter

Better delimiters, select all, and so on

Press ctrl+a to select all choices, esc to unfocus the filter field.

Want some defaults? Use --selected to preselect choices. You can also use --input-delimiter and --output-delimiter for more flexibility around input and output.

$ echo "JS|Android|iOS" | gum filter --selected='*' --input-delimiter="|" --no-limit --output-delimiter=","
Freeform input

Filter's --no-strict allows you to create a new option if no matches are found; it's essentially a free input field. Go crazy!

Sort: we fixed it

Filter's --sort would sort by score which was causing some confusion for users. To clarify this behaviour, --sort is deprecated in favour of --[no]-fuzzy-sort.

Want to sort alphabetically? Leverage the sort command in a pipeline:

$ cat input.txt | sort | gum filter --no-sort

Log

Now you can set a minimum log level with GUM_LOG_LEVEL. Valid values are debug, info, warn, error, and fatal.

Spin

You can now use --show-stdout and --show-stderr to print output:

$ gum spin --show-stdout --title "Running command..." -- sleep 10 && echo hello

Table

We expanded the table API to allow users to control more fields in csv.Reader through gum. This includes --lazy-quotes and --fields-per-record. This should fix issues with gum struggling to read CSV files properly. For details see gum table --help.

We also made a bunch of rendering improvements such as growing the table rows based on --columns, settings sane defaults widths, ignoring BOMs (byte order marks), and so on.

Changelog

New!
Fixed
Other Stuff

New Contributors

Full Changelog: charmbracelet/gum@v0.14.5...v0.15.0

Verifying the artifacts

First, download the checksums.txt file, for example, with wget:

wget 'https://github.com/charmbracelet/gum/releases/download/v0.15.0/checksums.txt'

Then, verify it using cosign:

cosign verify-blob \
  --certificate-identity 'https://github.com/charmbracelet/meta/.github/workflows/goreleaser.yml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --cert 'https://github.com/charmbracelet/gum/releases/download/v0.15.0/checksums.txt.pem' \
  --signature 'https://github.com/charmbracelet/gum/releases/download/v0.15.0/checksums.txt.sig' \
  ./checksums.txt

If the output is Verified OK, you can safely use it to verify the checksums of other artifacts you downloaded from the release using sha256sum:

sha256sum --ignore-missing -c checksums.txt

Done! You artifacts are now verified!

The Charm logo

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

nicholasdille-bot
nicholasdille-bot approved these changes Jan 14, 2025
View reviewed changes
Copy link

@nicholasdille-bot nicholasdille-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved because label type/renovate is present.

@github-actions GitHub Actions
Copy link

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/gum:0.15.0

📦 Image Reference ghcr.io/uniget-org/tools/gum:0.15.0
digestsha256:45f7d1792f6b8cba6a45584bbea1aa6e86f22d5b1b549a56863619aeadcb1789
vulnerabilitiescritical: 0 high: 1 medium: 0 low: 0
platformlinux/amd64
size4.4 MB
packages40
critical: 0 high: 1 medium: 0 low: 0 golang.org/x/net 0.27.0 (golang)

pkg:golang/golang.org/x/[email protected]

high 8.7: CVE--2024--45338 Allocation of Resources Without Limits or Throttling

Affected range<0.33.0
Fixed version0.33.0
CVSS Score8.7
CVSS VectorCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Description

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

@github-actions GitHub Actions
Copy link

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/12759566175.

@github-actions GitHub Actions
Copy link

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/12759566175.

@github-actions github-actions bot merged commit 6c8247f into main Jan 14, 2025
10 of 11 checks passed
@github-actions github-actions bot deleted the renovate/charmbracelet-gum-0.x branch January 14, 2025 01:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicholasdille-bot nicholasdille-bot nicholasdille-bot approved these changes

Assignees
No one assigned
Labels
bump/minor type/renovate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@uniget-bot @nicholasdille-bot @renovate-bot