From 8fd2ab950b5fcdc04a7700a439357d13dfa07157 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 6 Feb 2026 08:43:32 +0000
Subject: [PATCH] Upgrade: [dependabot] - bump mikefarah/yq from 4.50.1 to
 4.52.2 (#60)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.50.1 to
4.52.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="/mikefarah/yq/releases">mikefarah/yq's
releases</a>.</em></p>
<blockquote>
<h2>v4.52.2</h2>
<ul>
<li>Fixed bad instructions file breaking go-install (<a
href="https://redirect.github.com/mikefarah/yq/issues/2587">#2587</a>)
Thanks <a
href="/theyoprst"><code>@​theyoprst</code></a></li>
<li>Fixed TOML table scope after comments (<a
href="https://redirect.github.com/mikefarah/yq/issues/2588">#2588</a>)
Thanks <a
href="/tomers"><code>@​tomers</code></a></li>
<li>Multiply uses a readonly context (<a
href="https://redirect.github.com/mikefarah/yq/issues/2558">#2558</a>)</li>
<li>Fixed merge globbing wildcards in keys (<a
href="https://redirect.github.com/mikefarah/yq/issues/2564">#2564</a>)</li>
<li>Fixing TOML subarray parsing issue (<a
href="https://redirect.github.com/mikefarah/yq/issues/2581">#2581</a>)</li>
</ul>
<h2>v4.52.1 - TOML roundtrip and more!</h2>
<ul>
<li>
<p>TOML encoder support - you can now roundtrip! <a
href="https://redirect.github.com/mikefarah/yq/issues/1364">#1364</a></p>
</li>
<li>
<p>Parent now supports negative indices, and added a 'root' command for
referencing the top level document</p>
</li>
<li>
<p>Fixed scalar encoding for HCL</p>
</li>
<li>
<p>Add --yaml-compact-seq-indent / -c flag for compact sequence
indentation (<a
href="https://redirect.github.com/mikefarah/yq/issues/2583">#2583</a>)
Thanks <a href="/jfenal"><code>@​jfenal</code></a></p>
</li>
<li>
<p>Add symlink check to file rename util (<a
href="https://redirect.github.com/mikefarah/yq/issues/2576">#2576</a>)
Thanks <a
href="/Elias-elastisys"><code>@​Elias-elastisys</code></a></p>
</li>
<li>
<p>Powershell fixed default command used for __completeNoDesc alias (<a
href="https://redirect.github.com/mikefarah/yq/issues/2568">#2568</a>)
Thanks <a
href="/teejaded"><code>@​teejaded</code></a></p>
</li>
<li>
<p>Unwrap scalars in shell output mode. (<a
href="https://redirect.github.com/mikefarah/yq/issues/2548">#2548</a>)
Thanks <a
href="/flintwinters"><code>@​flintwinters</code></a></p>
</li>
<li>
<p>Added K8S KYAML output format support (<a
href="https://redirect.github.com/mikefarah/yq/issues/2560">#2560</a>)
Thanks <a
href="/robbat2"><code>@​robbat2</code></a></p>
</li>
<li>
<p>Bumped dependencies</p>
</li>
<li>
<p>Special shout out to <a
href="/ccoVeille"><code>@​ccoVeille</code></a> for
reviewing my PRs!</p>
</li>
</ul>
<p>Thanks to everyone that contributed ❤️</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="/mikefarah/yq/blob/master/release_notes.txt">mikefarah/yq's
changelog</a>.</em></p>
<blockquote>
<p>4.52.2:</p>
<ul>
<li>Fixed bad instructions file breaking go-install (<a
href="https://redirect.github.com/mikefarah/yq/issues/2587">#2587</a>)
Thanks <a
href="/theyoprst"><code>@​theyoprst</code></a></li>
<li>Fixed TOML table scope after comments (<a
href="https://redirect.github.com/mikefarah/yq/issues/2588">#2588</a>)
Thanks <a
href="/tomers"><code>@​tomers</code></a></li>
<li>Multiply uses a readonly context (<a
href="https://redirect.github.com/mikefarah/yq/issues/2558">#2558</a>)</li>
<li>Fixed merge globbing wildcards in keys (<a
href="https://redirect.github.com/mikefarah/yq/issues/2564">#2564</a>)</li>
<li>Fixing TOML subarray parsing issue (<a
href="https://redirect.github.com/mikefarah/yq/issues/2581">#2581</a>)</li>
</ul>
<p>4.52.1:</p>
<ul>
<li>
<p>TOML encoder support - you can now roundtrip! <a
href="https://redirect.github.com/mikefarah/yq/issues/1364">#1364</a></p>
</li>
<li>
<p>Parent now supports negative indices, and added a 'root' command for
referencing the top level document</p>
</li>
<li>
<p>Fixed scalar encoding for HCL</p>
</li>
<li>
<p>Add --yaml-compact-seq-indent / -c flag for compact sequence
indentation (<a
href="https://redirect.github.com/mikefarah/yq/issues/2583">#2583</a>)
Thanks <a href="/jfenal"><code>@​jfenal</code></a></p>
</li>
<li>
<p>Add symlink check to file rename util (<a
href="https://redirect.github.com/mikefarah/yq/issues/2576">#2576</a>)
Thanks <a
href="/Elias-elastisys"><code>@​Elias-elastisys</code></a></p>
</li>
<li>
<p>Powershell fixed default command used for __completeNoDesc alias (<a
href="https://redirect.github.com/mikefarah/yq/issues/2568">#2568</a>)
Thanks <a
href="/teejaded"><code>@​teejaded</code></a></p>
</li>
<li>
<p>Unwrap scalars in shell output mode. (<a
href="https://redirect.github.com/mikefarah/yq/issues/2548">#2548</a>)
Thanks <a
href="/flintwinters"><code>@​flintwinters</code></a></p>
</li>
<li>
<p>Added K8S KYAML output format support (<a
href="https://redirect.github.com/mikefarah/yq/issues/2560">#2560</a>)
Thanks <a
href="/robbat2"><code>@​robbat2</code></a></p>
</li>
<li>
<p>Bumped dependencies</p>
</li>
<li>
<p>Special shout out to <a
href="/ccoVeille"><code>@​ccoVeille</code></a> for
reviewing my PRs!</p>
</li>
</ul>
<p>4.50.1:</p>
<ul>
<li>Added HCL support!</li>
<li>Fixing handling of CRLF <a
href="https://redirect.github.com/mikefarah/yq/issues/2352">#2352</a></li>
<li>Bumped dependencies</li>
</ul>
<p>4.49.2:</p>
<ul>
<li>Fixing escape character bugs :sweat: <a
href="https://redirect.github.com/mikefarah/yq/issues/2517">#2517</a></li>
<li>Fixing snap release pipeline <a
href="https://redirect.github.com/mikefarah/yq/issues/2518">#2518</a>
Thanks <a
href="/aalexjo"><code>@​aalexjo</code></a></li>
</ul>
<p>4.49.1:</p>
<ul>
<li>Added <code>--security</code> flags to disable env and file ops <a
href="https://redirect.github.com/mikefarah/yq/issues/2515">#2515</a></li>
<li>Fixing TOML ArrayTable parsing issues <a
href="https://redirect.github.com/mikefarah/yq/issues/1758">#1758</a></li>
<li>Fixing parsing of escaped characters <a
href="https://redirect.github.com/mikefarah/yq/issues/2506">#2506</a></li>
</ul>
<p>4.48.2:</p>
<ul>
<li>Strip whitespace when decoding base64 <a
href="https://redirect.github.com/mikefarah/yq/issues/2507">#2507</a></li>
<li>Upgraded to go-yaml v4! (thanks <a
href="/ccoVeille"><code>@​ccoVeille</code></a>, <a
href="/ingydotnet"><code>@​ingydotnet</code></a>)</li>
<li>Add linux/loong64 to release target (thanks <a
href="/znley"><code>@​znley</code></a>)</li>
<li>Added --shell-key-separator flag for customizable shell output
format <a
href="https://redirect.github.com/mikefarah/yq/issues/2497">#2497</a>
(thanks <a
href="/rsleedbx"><code>@​rsleedbx</code></a>)</li>
<li>Bumped dependencies</li>
</ul>
<p>4.48.1:</p>
<ul>
<li>Added 'parents' operator, to return a list of all the hierarchical
parents of a node</li>
<li>Added 'first(exp)' operator, to return the first entry matching an
expression in an array</li>
<li>Fixed xml namespace prefixes <a
href="https://redirect.github.com/mikefarah/yq/issues/1730">#1730</a>
(thanks <a
href="/baodrate"><code>@​baodrate</code></a>)</li>
<li>Fixed out of range panic in yaml decoder <a
href="https://redirect.github.com/mikefarah/yq/issues/2460">#2460</a>
(thanks <a
href="/n471d"><code>@​n471d</code></a>)</li>
<li>Bumped dependencies</li>
</ul>
<p>4.47.2:</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="/mikefarah/yq/commit/2be0094729a1006f61e8339ce9934bfb3cbb549f"><code>2be0094</code></a>
Bumping version</li>
<li><a
href="/mikefarah/yq/commit/3c18d5b0354523d886252894e65e86b7a57fb063"><code>3c18d5b</code></a>
Preparing release</li>
<li><a
href="/mikefarah/yq/commit/2dcc2293da6f6081f50c1c8f533db503db2ce491"><code>2dcc229</code></a>
Merge branch 'tomers-fix/toml-comments-table-scope-2588'</li>
<li><a
href="/mikefarah/yq/commit/eb4fde4ef80a4b278fce86117214868777e30629"><code>eb4fde4</code></a>
Pulling out common code</li>
<li><a
href="/mikefarah/yq/commit/06ea4cf62eb3ae45e3c142eb14ba9e08fb62c162"><code>06ea4cf</code></a>
Fixing spelling</li>
<li><a
href="/mikefarah/yq/commit/37089d24afea09e161d874284aa7080fff6ef31a"><code>37089d2</code></a>
Merge branch 'fix/toml-comments-table-scope-2588' of
github.com:tomers/yq int...</li>
<li><a
href="/mikefarah/yq/commit/7cf88a02915e926417380b4a44e50f1500f57895"><code>7cf88a0</code></a>
Add regression test for go install compatibility <a
href="https://redirect.github.com/mikefarah/yq/issues/2587">#2587</a>
(<a
href="https://redirect.github.com/mikefarah/yq/issues/2591">#2591</a>)</li>
<li><a
href="/mikefarah/yq/commit/41adc1ad185d06b41c09f8e25e69e437a24015f3"><code>41adc1a</code></a>
Fixing wrongly named instructions file</li>
<li><a
href="/mikefarah/yq/commit/b4b96f2a68ae49542a4a6178da9cbc0fa19cae12"><code>b4b96f2</code></a>
Fix TOML table parsing after standalone comments</li>
<li><a
href="/mikefarah/yq/commit/2824d66a65b7c1f9ec2c36e336008be85b16dc69"><code>2824d66</code></a>
Multiply uses a readonly context <a
href="https://redirect.github.com/mikefarah/yq/issues/2558">#2558</a></li>
<li>Additional commits viewable in <a
href="/mikefarah/yq/compare/065b200af9851db0d5132f50bc10b1406ea5c0a8...2be0094729a1006f61e8339ce9934bfb3cbb549f">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mikefarah/yq&package-manager=github_actions&previous-version=4.50.1&new-version=4.52.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/quality-checks.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/quality-checks.yml b/.github/workflows/quality-checks.yml
index 5f78ce2..95a84f9 100644
--- a/.github/workflows/quality-checks.yml
+++ b/.github/workflows/quality-checks.yml
@@ -180,7 +180,7 @@ jobs:
           fi
           touch trivy.yaml
       - name: Update trivy config to include dev dependencies
-        uses: mikefarah/yq@065b200af9851db0d5132f50bc10b1406ea5c0a8
+        uses: mikefarah/yq@2be0094729a1006f61e8339ce9934bfb3cbb549f
         with:
           cmd: yq -i '.pkg.include-dev-deps = true' 'trivy.yaml'
       - name: convert python dependencies to requirements.txt