devel
1 Commits
| Author | SHA256 | Message | Date | |
|---|---|---|---|---|
Robert Munteanu
|
bd8cdbd6bd |
fix CVE-2024-45338
old: utilities/yq new: home:mslacken:branches:utilities/yq rev None Index: vendor.tar.gz =================================================================== Binary files vendor.tar.gz (revision 39) and vendor.tar.gz (revision 3) differ Index: yq.changes =================================================================== --- yq.changes (revision 39) +++ yq.changes (revision 3) @@ -1,4 +1,27 @@ ------------------------------------------------------------------- +Wed Jan 8 16:52:32 UTC 2025 - Christian Goll <cgoll@suse.com> + +- Updated to 4.44.6: + * Fixed deleting items in array bug #2027, #2172; Thanks @jandubois + * Docker image for armv7 / raspberry pi3, Thanks @brianegge + * Fixed no-colors regression #2218 + * Fixed various panic scenarios #2211 + * Bumped dependencies +- Changes from 4.44.5 (4.44.4 was skipped) + * Format comments with a gray foreground (Thanks @gabe565) + * Fixed handling of nulls with sort_by expressions #2164 + * Force no color output when NO_COLOR env presents (Thanks @narqo) + * Fixed array subtraction update bug #2159 + * Fixed index out of range error + * Can traverse straight from parent operator (parent.blah) + * Bumped dependencies + +- Bumped x/net to 0.33.0 to fix CVE-2024-45338 + * add file Bump-golang.org-x-net-from-0.32.0-to-0.33.0.patch + + + +------------------------------------------------------------------- Mon Aug 12 13:18:36 UTC 2024 - Dirk Müller <dmueller@suse.com> - update to 4.44.3: Index: yq.spec =================================================================== --- yq.spec (revision 39) +++ yq.spec (revision 3) @@ -1,7 +1,7 @@ # # spec file for package yq # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,13 +20,14 @@ %global import_path %{provider_prefix} Name: yq -Version: 4.44.3 +Version: 4.44.6 Release: 0 Summary: A portable command-line YAML processor License: MIT URL: https://github.com/mikefarah/yq Source0: https://github.com/mikefarah/yq/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source1: vendor.tar.gz +Patch0: Bump-golang.org-x-net-from-0.32.0-to-0.33.0.patch # conflict with all python3X-yq packages since they install /usr/bin/yq # we need to handle Leap 15.4 specially since the python3dist() is not # generated there @@ -71,7 +72,7 @@ Fish command line completion support for %{name}. %prep -%setup -qa1 +%autosetup -p1 -a1 %build go build -trimpath -buildmode=pie -mod=vendor -o bin/%{name} Index: Bump-golang.org-x-net-from-0.32.0-to-0.33.0.patch =================================================================== --- Bump-golang.org-x-net-from-0.32.0-to-0.33.0.patch (added) +++ Bump-golang.org-x-net-from-0.32.0-to-0.33.0.patch (revision 3) @@ -0,0 +1,56 @@ +From 7efae2dad9f3900a5d4e3ef275735657f0a34d2a Mon Sep 17 00:00:00 2001 +From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> +Date: Thu, 19 Dec 2024 03:23:37 +0000 +Subject: [PATCH] Bump golang.org/x/net from 0.32.0 to 0.33.0 + +Bumps [golang.org/x/net](https://github.com/golang/net) from 0.32.0 to 0.33.0. +- [Commits](https://github.com/golang/net/compare/v0.32.0...v0.33.0) + +--- +updated-dependencies: +- dependency-name: golang.org/x/net + dependency-type: direct:production + update-type: version-update:semver-minor +... + +Signed-off-by: dependabot[bot] <support@github.com> +--- + go.mod | 2 +- + go.sum | 8 ++++---- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/go.mod b/go.mod +index f44bcbbd..56bd2a2c 100644 +--- a/go.mod ++++ b/go.mod +@@ -16,7 +16,7 @@ require ( + github.com/spf13/cobra v1.8.1 + github.com/spf13/pflag v1.0.5 + github.com/yuin/gopher-lua v1.1.1 +- golang.org/x/net v0.32.0 ++ golang.org/x/net v0.33.0 + golang.org/x/text v0.21.0 + gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 + gopkg.in/yaml.v3 v3.0.1 +diff --git a/go.sum b/go.sum +index e8746990..4fec28d7 100644 +--- a/go.sum ++++ b/go.sum +@@ -62,10 +62,10 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT + github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= + github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M= + github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= +-golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= +-golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +-golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= +-golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= ++golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= ++golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= ++golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= ++golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= + golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= + golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= + golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +-- +2.43.0 + Index: yq-4.44.6.tar.gz =================================================================== Binary file yq-4.44.6.tar.gz (revision 3) added Index: yq-4.44.3.tar.gz =================================================================== Binary file yq-4.44.3.tar.gz (revision 39) deleted OBS-URL: https://build.opensuse.org/package/show/utilities/yq?expand=0&rev=40 |