Commit Graph

1077 Commits

Author SHA1 Message Date
Mike Farah
69e1a9e468 add build check to PRs 2021-11-10 13:27:55 +11:00
Matthieu MOREL
e7d4dc9581 Update go.yml 2021-11-09 08:25:26 +11:00
Matthieu MOREL
b086bee7c3 Update dependabot.yml 2021-11-09 08:25:26 +11:00
dependabot[bot]
e650883cb6 Bump github.com/spf13/cobra from 1.1.3 to 1.2.1
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.3 to 1.2.1.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.3...v1.2.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-09 08:25:26 +11:00
dependabot[bot]
8b2c036eba Bump github.com/fatih/color from 1.10.0 to 1.13.0
Bumps [github.com/fatih/color](https://github.com/fatih/color) from 1.10.0 to 1.13.0.
- [Release notes](https://github.com/fatih/color/releases)
- [Commits](https://github.com/fatih/color/compare/v1.10.0...v1.13.0)

---
updated-dependencies:
- dependency-name: github.com/fatih/color
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-09 08:25:26 +11:00
dependabot[bot]
543da3ac2b Bump github.com/jinzhu/copier from 0.2.8 to 0.3.2
Bumps [github.com/jinzhu/copier](https://github.com/jinzhu/copier) from 0.2.8 to 0.3.2.
- [Release notes](https://github.com/jinzhu/copier/releases)
- [Commits](https://github.com/jinzhu/copier/compare/v0.2.8...v0.3.2)

---
updated-dependencies:
- dependency-name: github.com/jinzhu/copier
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-09 08:25:26 +11:00
dependabot[bot]
b175260731 Bump github.com/goccy/go-yaml from 1.8.9 to 1.9.4
Bumps [github.com/goccy/go-yaml](https://github.com/goccy/go-yaml) from 1.8.9 to 1.9.4.
- [Release notes](https://github.com/goccy/go-yaml/releases)
- [Changelog](https://github.com/goccy/go-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/goccy/go-yaml/compare/v1.8.9...v1.9.4)

---
updated-dependencies:
- dependency-name: github.com/goccy/go-yaml
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-09 08:25:26 +11:00
dependabot[bot]
bf02a865bd Bump actions/setup-go from 1 to 2.1.4
* Bump actions/setup-go from 1 to 2.1.4

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 1 to 2.1.4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v1...v2.1.4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthieu MOREL <mmorel-35@users.noreply.github.com>
2021-11-09 08:25:26 +11:00
dependabot[bot]
9f9590d5c0 Bump actions/create-release from 1.0.0 to 1.1.4
Bumps [actions/create-release](https://github.com/actions/create-release) from 1.0.0 to 1.1.4.
- [Release notes](https://github.com/actions/create-release/releases)
- [Commits](https://github.com/actions/create-release/compare/v1.0.0...v1.1.4)

---
updated-dependencies:
- dependency-name: actions/create-release
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-11-09 08:25:26 +11:00
Matthieu MOREL
241d0d768c Create dependabot.yml 2021-11-09 08:25:26 +11:00
Mike Farah
40ec63cb56 github action no longer uses data1.yml 2021-11-03 22:37:07 +11:00
Mike Farah
86c75f6837 Updating release instructions 2021-11-03 22:37:07 +11:00
Mike Farah
8343ff6a59 Tweaking docs 2021-11-03 22:37:07 +11:00
Mike Farah
b1292270bb Updating README 2021-11-03 22:37:07 +11:00
Mike Farah
0557439765 Update document generation script 2021-11-03 22:37:07 +11:00
Mike Farah
de90b3e85e gitbook wip 2021-11-03 22:37:07 +11:00
Mike Farah
2ace48c70d Bumping version 2021-10-30 14:08:13 +11:00
Mike Farah
d4b9781ee6 Fixed acceptance tests 2021-10-30 14:00:28 +11:00
Mike Farah
08fc058934 Fix JSON encoding removing null #985 2021-10-30 13:37:21 +11:00
Mike Farah
2b3d0552a6 Refactored command logic 2021-10-30 13:04:05 +11:00
Mike Farah
0b2688c0f1 Split printer 2021-10-30 10:04:41 +11:00
Mike Farah
65fd001575 Improving docs 2021-10-28 09:15:28 +11:00
Mike Farah
d508ac3fa4 Fixed flatten error message 2021-10-26 15:43:43 +11:00
Mike Farah
80084e89cc Added flatten operator 2021-10-26 15:42:25 +11:00
Mike Farah
2491051fd9 Added group_by operator 2021-10-26 15:13:26 +11:00
Mike Farah
d390fdc641 better docs 2021-10-26 14:33:57 +11:00
Mike Farah
91717b3c5d Can specify indent in encode ops 2021-10-24 11:35:40 +11:00
Mike Farah
587af7f722 Fixed newline handling in encoder/decoder 2021-10-22 15:21:01 +11:00
Mike Farah
a1af1b95d0 better docs 2021-10-22 14:55:58 +11:00
Mike Farah
b1e64a0d80 Fixed newline handling when decoding/encoding 2021-10-22 14:53:39 +11:00
Mike Farah
7288d34778 Added decoder op 2021-10-22 12:37:47 +11:00
Mike Farah
cdc5ef7b15 Added encoder op 2021-10-22 12:00:47 +11:00
Mike Farah
7d0376b8ee Removing no longer needed github action 2021-10-21 20:09:47 +11:00
Mike Farah
57f058555c Bumping version 2021-10-21 20:08:32 +11:00
Mike Farah
d22de94e8c Updated github action release to generate man page 2021-10-21 19:59:35 +11:00
Mike Farah
e8b30b1dbf Man page release workflow wip 2021-10-20 19:22:53 +11:00
Mike Farah
9c98d3effe Man page release workflow wip 2021-10-20 18:45:14 +11:00
Mike Farah
ee376fdfd2 Man page release workflow wip 2021-10-20 15:01:08 +11:00
Mike Farah
e5f389d0c2 Added test release flow 2021-10-20 11:11:52 +11:00
Mike Farah
7b92aa0fcf Bumping go-lang, docker versions 2021-10-20 10:58:54 +11:00
Mike Farah
5819dd0853 Fixed expression parsing bug #970 2021-10-18 11:47:03 +11:00
Mike Farah
bc04873292 Man page 2021-10-18 11:03:53 +11:00
Mike Farah
7fdd205858 Updated Readme 2021-10-15 11:47:54 +11:00
Mike Farah
67541a2fe9 Keep flag, it is needed in corner cases 2021-10-15 11:47:00 +11:00
Mike Farah
0064b68ed9 Revert "Removed leadingContentPreProcessing flag - header preprocessing is stable"
This reverts commit 4ce9433468.
2021-10-15 11:47:00 +11:00
Mike Farah
e741e6d52f Man page wip 2021-10-15 10:39:33 +11:00
Mike Farah
948399f163 Man page wip 2021-10-15 09:59:08 +11:00
Mike Farah
0436b77d91 Man page wip 2021-10-15 09:51:42 +11:00
Mike Farah
4ce9433468 Removed leadingContentPreProcessing flag - header preprocessing is stable 2021-10-15 08:53:00 +11:00
Peter Matseykanets
dd259b4957 Make deepMatch report in linear time
The current implementation of the deepMatch() has the exponential runtime.
Given the long enough input and the pattern with multiple wildcards
it takes a while if ever to complete which can potentially be used
maliciously to cause a denial of service (cpu and memory consumption).

E.g. running this in the root of this repository
time yq eval '.jobs.publishDocker.steps.[] | select (.run == "****outputs")' .github/workflows/release.yml
gives on my laptop
25.11s user 0.06s system 99% cpu 25.182 total

Whereas the updated implementation gives
0.01s user 0.01s system 36% cpu 0.049 total

There are numerous similar CVEs reported for glob evaluation in
different shells/ftp-servers/libraries.

The replacement implementation with the linear runtime is shamelessly taken
verbatim from the briliant article by Russ Cox https://research.swtch.com/glob
2021-10-14 18:45:25 +11:00