pool/yq
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
devel
yq/yq.spec
Robert Munteanu bd8cdbd6bd fix CVE-2024-45338 
old: utilities/yq
new: home:mslacken:branches:utilities/yq rev None
Index: vendor.tar.gz
===================================================================
Binary files vendor.tar.gz (revision 39) and vendor.tar.gz (revision 3) differ
Index: yq.changes
===================================================================
--- yq.changes (revision 39)
+++ yq.changes (revision 3)
@@ -1,4 +1,27 @@
 -------------------------------------------------------------------
+Wed Jan  8 16:52:32 UTC 2025 - Christian Goll <cgoll@suse.com>
+
+- Updated to 4.44.6:
+  * Fixed deleting items in array bug #2027, #2172; Thanks @jandubois
+  * Docker image for armv7 / raspberry pi3, Thanks @brianegge
+  * Fixed no-colors regression #2218
+  * Fixed various panic scenarios #2211
+  * Bumped dependencies
+- Changes from 4.44.5 (4.44.4 was skipped)
+  * Format comments with a gray foreground (Thanks @gabe565)
+  * Fixed handling of nulls with sort_by expressions #2164
+  * Force no color output when NO_COLOR env presents (Thanks @narqo)
+  * Fixed array subtraction update bug #2159
+  * Fixed index out of range error
+  * Can traverse straight from parent operator (parent.blah)
+  * Bumped dependencies
+
+- Bumped x/net to 0.33.0 to fix CVE-2024-45338
+  * add file Bump-golang.org-x-net-from-0.32.0-to-0.33.0.patch
+
+
+
+-------------------------------------------------------------------
 Mon Aug 12 13:18:36 UTC 2024 - Dirk Müller <dmueller@suse.com>
 
 - update to 4.44.3:
Index: yq.spec
===================================================================
--- yq.spec (revision 39)
+++ yq.spec (revision 3)
@@ -1,7 +1,7 @@
 #
 # spec file for package yq
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,13 +20,14 @@
 %global import_path     %{provider_prefix}
 
 Name:           yq
-Version:        4.44.3
+Version:        4.44.6
 Release:        0
 Summary:        A portable command-line YAML processor
 License:        MIT
 URL:            https://github.com/mikefarah/yq
 Source0:        https://github.com/mikefarah/yq/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1:        vendor.tar.gz
+Patch0:         Bump-golang.org-x-net-from-0.32.0-to-0.33.0.patch
 # conflict with all python3X-yq packages since they install /usr/bin/yq
 # we need to handle Leap 15.4 specially since the python3dist() is not
 # generated there
@@ -71,7 +72,7 @@
 Fish command line completion support for %{name}.
 
 %prep
-%setup -qa1
+%autosetup -p1 -a1
 
 %build
 go build -trimpath -buildmode=pie -mod=vendor -o bin/%{name}
Index: Bump-golang.org-x-net-from-0.32.0-to-0.33.0.patch
===================================================================
--- Bump-golang.org-x-net-from-0.32.0-to-0.33.0.patch (added)
+++ Bump-golang.org-x-net-from-0.32.0-to-0.33.0.patch (revision 3)
@@ -0,0 +1,56 @@
+From 7efae2dad9f3900a5d4e3ef275735657f0a34d2a Mon Sep 17 00:00:00 2001
+From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
+Date: Thu, 19 Dec 2024 03:23:37 +0000
+Subject: [PATCH] Bump golang.org/x/net from 0.32.0 to 0.33.0
+
+Bumps [golang.org/x/net](https://github.com/golang/net) from 0.32.0 to 0.33.0.
+- [Commits](https://github.com/golang/net/compare/v0.32.0...v0.33.0)
+
+---
+updated-dependencies:
+- dependency-name: golang.org/x/net
+  dependency-type: direct:production
+  update-type: version-update:semver-minor
+...
+
+Signed-off-by: dependabot[bot] <support@github.com>
+---
+ go.mod | 2 +-
+ go.sum | 8 ++++----
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/go.mod b/go.mod
+index f44bcbbd..56bd2a2c 100644
+--- a/go.mod
++++ b/go.mod
+@@ -16,7 +16,7 @@ require (
+ 	github.com/spf13/cobra v1.8.1
+ 	github.com/spf13/pflag v1.0.5
+ 	github.com/yuin/gopher-lua v1.1.1
+-	golang.org/x/net v0.32.0
++	golang.org/x/net v0.33.0
+ 	golang.org/x/text v0.21.0
+ 	gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473
+ 	gopkg.in/yaml.v3 v3.0.1
+diff --git a/go.sum b/go.sum
+index e8746990..4fec28d7 100644
+--- a/go.sum
++++ b/go.sum
+@@ -62,10 +62,10 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
+ github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+ github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
+ github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
+-golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY=
+-golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+-golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
+-golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
++golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
++golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
++golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
++golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+-- 
+2.43.0
+
Index: yq-4.44.6.tar.gz
===================================================================
Binary file yq-4.44.6.tar.gz (revision 3) added
Index: yq-4.44.3.tar.gz
===================================================================
Binary file yq-4.44.3.tar.gz (revision 39) deleted

OBS-URL: https://build.opensuse.org/package/show/utilities/yq?expand=0&rev=40
2025-01-09 12:31:02 +00:00

119 lines
3.8 KiB
RPMSpec
Raw Permalink Blame History

#
# spec file for package yq
#
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%global provider_prefix github.com/mikefarah/yq
%global import_path %{provider_prefix}
Name: yq
Version: 4.44.6
Release: 0
Summary: A portable command-line YAML processor
License: MIT
URL: https://github.com/mikefarah/yq
Source0: https://github.com/mikefarah/yq/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source1: vendor.tar.gz
Patch0: Bump-golang.org-x-net-from-0.32.0-to-0.33.0.patch
# conflict with all python3X-yq packages since they install /usr/bin/yq
# we need to handle Leap 15.4 specially since the python3dist() is not
# generated there
%if 0%{?suse_version} >= 1550
Conflicts: python3dist(yq)
%else
Conflicts: python3-yq
%endif
BuildRequires: golang(API) = 1.22
%description
A lightweight and portable command-line YAML processor. yq uses jq like syntax
but works with yaml files as well as json. It doesn't yet support everything
jq does - but it does support the most common operations and functions, and more
is being added continuously.
%package bash-completion
Summary: Bash Completion for %{name}
Requires: %{name} = %{version}
Supplements: (%{name} and bash-completion)
BuildArch: noarch
%description bash-completion
Bash command line completion support for %{name}.
%package zsh-completion
Summary: Zsh Completion for %{name}
Requires: %{name} = %{version}
Supplements: (%{name} and zsh)
BuildArch: noarch
%description zsh-completion
Zsh command line completion support for %{name}.
%package fish-completion
Summary: Fish Completion for %{name}
Requires: %{name} = %{version}
Supplements: (%{name} and fish)
BuildArch: noarch
%description fish-completion
Fish command line completion support for %{name}.
%prep
%autosetup -p1 -a1
%build
go build -trimpath -buildmode=pie -mod=vendor -o bin/%{name}
%check
go test ./...
%install
install -D -m 0755 ./bin/%{name} "%{buildroot}/%{_bindir}/%{name}"
mkdir -p %{buildroot}%{_datarootdir}/bash-completion/completions
%{buildroot}/%{_bindir}/%{name} shell-completion bash > %{buildroot}%{_datarootdir}/bash-completion/completions/%{name}
mkdir -p %{buildroot}%{_datarootdir}/zsh_completion.d
%{buildroot}/%{_bindir}/%{name} shell-completion zsh > %{buildroot}%{_datarootdir}/zsh_completion.d/_%{name}
mkdir -p %{buildroot}%{_datadir}/fish/vendor_completions.d
%{buildroot}/%{_bindir}/%{name} shell-completion fish > %{buildroot}%{_datarootdir}/fish/vendor_completions.d/%{name}.fish
%files bash-completion
%defattr(-,root,root)
%dir %{_datarootdir}/bash-completion/completions/
%{_datarootdir}/bash-completion/completions/%{name}
%files zsh-completion
%defattr(-,root,root)
%dir %{_datarootdir}/zsh_completion.d/
%{_datarootdir}/zsh_completion.d/_%{name}
%files fish-completion
%defattr(-,root,root)
%dir %{_datarootdir}/fish
%dir %{_datarootdir}/fish/vendor_completions.d
%{_datarootdir}/fish/vendor_completions.d/%{name}.fish
%files
%{_bindir}/%{name}
%license LICENSE
%doc README.md
%files bash-completion
%defattr(-,root,root)
%dir %{_datarootdir}/bash-completion/completions/
%{_datarootdir}/bash-completion/completions/%{name}
%changelog
Reference in New Issue View Git Blame Copy Permalink