{"id":29480,"name":"jqlang/jq","ecosystem":"docker","repository_url":null,"issues_count":7,"created_at":"2025-06-07T06:11:31.984Z","updated_at":"2025-06-07T06:11:31.984Z","purl":"pkg:docker/jqlang/jq","unique_repositories_count":3,"unique_repositories_count_past_30_days":3,"recent_issues":[{"uuid":"3207527631","node_id":"PR_kwDONDwe4M6dro2B","number":21,"state":"open","title":"Bump jqlang/jq from 1.8.0 to 1.8.1","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-07T04:45:15.000Z","updated_at":"2025-07-07T04:59:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jqlang/jq","old_version":"1.8.0","new_version":"1.8.1","repository_url":"https://github.com/jqlang/jq"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jqlang/jq](https://github.com/jqlang/jq) from 1.8.0 to 1.8.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jqlang/jq/releases\"\u003ejqlang/jq's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ejq 1.8.1\u003c/h2\u003e\n\u003cp\u003eThis is a patch release to fix security, performance, and build issues found in 1.8.0.\nFull commit log can be found at \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\"\u003ehttps://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-49014: Fix heap use after free in \u003ccode\u003ef_strftime\u003c/code\u003e, \u003ccode\u003ef_strflocaltime\u003c/code\u003e.\n\u003ca href=\"https://github.com/wader\"\u003e\u003ccode\u003e@​wader\u003c/code\u003e\u003c/a\u003e 499c91bca9d4d027833bc62787d1bb075c03680e\u003c/li\u003e\n\u003cli\u003eGHSA-f946-j5j2-4w5m: Fix stack overflow in \u003ccode\u003enode_min_byte_len\u003c/code\u003e of oniguruma.\n\u003ca href=\"https://github.com/wader\"\u003e\u003ccode\u003e@​wader\u003c/code\u003e\u003c/a\u003e 5e159b34b179417e3e0404108190a2ac7d65611c\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix assertion failure when syntax error happens at the end of the query. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3350\"\u003e#3350\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges to existing functions\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix portability of \u003ccode\u003estrptime/1\u003c/code\u003e especially for Windows. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3342\"\u003e#3342\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eLanguage changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert the change of \u003ccode\u003ereduce\u003c/code\u003e/\u003ccode\u003eforeach\u003c/code\u003e state variable in 1.8.0 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3205\"\u003e#3205\u003c/a\u003e).\nThis change was reverted due to serious performance regression. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3349\"\u003e#3349\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd LICENSE notice of NetBSD's \u003ccode\u003estrptime()\u003c/code\u003e to COPYING. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3344\"\u003e#3344\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBuild improvements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix build on old Mac with old sed. \u003ca href=\"https://github.com/qianbinbin\"\u003e\u003ccode\u003e@​qianbinbin\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3336\"\u003e#3336\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/4467af7068b1bcd7f882defff6e7ea674c5357f4\"\u003e\u003ccode\u003e4467af7\u003c/code\u003e\u003c/a\u003e Update NEWS.md and AUTHORS for 1.8.1 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3353\"\u003e#3353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/98a1176cffa726c1d18db42c76b53169d8c27d7c\"\u003e\u003ccode\u003e98a1176\u003c/code\u003e\u003c/a\u003e build(deps): bump pyyaml from 6.0.1 to 6.0.2 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3363\"\u003e#3363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/205b3a2d75c7dec0e9c71f262e76219b44176b01\"\u003e\u003ccode\u003e205b3a2\u003c/code\u003e\u003c/a\u003e build(deps): bump lxml from 5.4.0 to 6.0.0 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3362\"\u003e#3362\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d21e506d5283511b5b310fffe37a7b2dea6b410a\"\u003e\u003ccode\u003ed21e506\u003c/code\u003e\u003c/a\u003e build(deps): bump markdown from 3.8 to 3.8.2 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3361\"\u003e#3361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/11f43e9d93dec278bdd470bf25214cba614de2dc\"\u003e\u003ccode\u003e11f43e9\u003c/code\u003e\u003c/a\u003e Fixed minor typo in docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3359\"\u003e#3359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/2e6987967e9cbea933619c4a5f78b226acb49c13\"\u003e\u003ccode\u003e2e69879\u003c/code\u003e\u003c/a\u003e Use jv_mem_alloc to allocate dtoa_context in tsd_dtoa_context_get (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3356\"\u003e#3356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/0b1ef469734f0621283a056aa1e8f2080110b493\"\u003e\u003ccode\u003e0b1ef46\u003c/code\u003e\u003c/a\u003e Add oniguruma library path to link jq program\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/5e159b34b179417e3e0404108190a2ac7d65611c\"\u003e\u003ccode\u003e5e159b3\u003c/code\u003e\u003c/a\u003e Fix GHSA-f946-j5j2-4w5m stack-overflow by limit regex parse depth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/499c91bca9d4d027833bc62787d1bb075c03680e\"\u003e\u003ccode\u003e499c91b\u003c/code\u003e\u003c/a\u003e Fixes CVE-2025-49014 which was introduced in 1.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/edbc1da8093f55f8e7e68f29e93abcf2e19c5aa0\"\u003e\u003ccode\u003eedbc1da\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;fix: reduce/foreach state variable should not be reset each iteration...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jqlang/jq\u0026package-manager=docker\u0026previous-version=1.8.0\u0026new-version=1.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/omec-project/aether-cni/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/omec-project%2Faether-cni/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"},{"uuid":"2634446658","node_id":"PR_kwDONbgMPc6dBndC","number":22,"state":"open","title":"Bump jqlang/jq from 1.8.0 to 1.8.1","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":["hexa2k9"],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-02T06:36:17.000Z","updated_at":"2025-07-02T06:36:18.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jqlang/jq","old_version":"1.8.0","new_version":"1.8.1","repository_url":"https://github.com/jqlang/jq"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jqlang/jq](https://github.com/jqlang/jq) from 1.8.0 to 1.8.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jqlang/jq/releases\"\u003ejqlang/jq's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ejq 1.8.1\u003c/h2\u003e\n\u003cp\u003eThis is a patch release to fix security, performance, and build issues found in 1.8.0.\nFull commit log can be found at \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\"\u003ehttps://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-49014: Fix heap use after free in \u003ccode\u003ef_strftime\u003c/code\u003e, \u003ccode\u003ef_strflocaltime\u003c/code\u003e.\n\u003ca href=\"https://github.com/wader\"\u003e\u003ccode\u003e@​wader\u003c/code\u003e\u003c/a\u003e 499c91bca9d4d027833bc62787d1bb075c03680e\u003c/li\u003e\n\u003cli\u003eGHSA-f946-j5j2-4w5m: Fix stack overflow in \u003ccode\u003enode_min_byte_len\u003c/code\u003e of oniguruma.\n\u003ca href=\"https://github.com/wader\"\u003e\u003ccode\u003e@​wader\u003c/code\u003e\u003c/a\u003e 5e159b34b179417e3e0404108190a2ac7d65611c\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix assertion failure when syntax error happens at the end of the query. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3350\"\u003e#3350\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges to existing functions\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix portability of \u003ccode\u003estrptime/1\u003c/code\u003e especially for Windows. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3342\"\u003e#3342\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eLanguage changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert the change of \u003ccode\u003ereduce\u003c/code\u003e/\u003ccode\u003eforeach\u003c/code\u003e state variable in 1.8.0 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3205\"\u003e#3205\u003c/a\u003e).\nThis change was reverted due to serious performance regression. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3349\"\u003e#3349\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd LICENSE notice of NetBSD's \u003ccode\u003estrptime()\u003c/code\u003e to COPYING. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3344\"\u003e#3344\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBuild improvements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix build on old Mac with old sed. \u003ca href=\"https://github.com/qianbinbin\"\u003e\u003ccode\u003e@​qianbinbin\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3336\"\u003e#3336\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/4467af7068b1bcd7f882defff6e7ea674c5357f4\"\u003e\u003ccode\u003e4467af7\u003c/code\u003e\u003c/a\u003e Update NEWS.md and AUTHORS for 1.8.1 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3353\"\u003e#3353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/98a1176cffa726c1d18db42c76b53169d8c27d7c\"\u003e\u003ccode\u003e98a1176\u003c/code\u003e\u003c/a\u003e build(deps): bump pyyaml from 6.0.1 to 6.0.2 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3363\"\u003e#3363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/205b3a2d75c7dec0e9c71f262e76219b44176b01\"\u003e\u003ccode\u003e205b3a2\u003c/code\u003e\u003c/a\u003e build(deps): bump lxml from 5.4.0 to 6.0.0 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3362\"\u003e#3362\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d21e506d5283511b5b310fffe37a7b2dea6b410a\"\u003e\u003ccode\u003ed21e506\u003c/code\u003e\u003c/a\u003e build(deps): bump markdown from 3.8 to 3.8.2 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3361\"\u003e#3361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/11f43e9d93dec278bdd470bf25214cba614de2dc\"\u003e\u003ccode\u003e11f43e9\u003c/code\u003e\u003c/a\u003e Fixed minor typo in docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3359\"\u003e#3359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/2e6987967e9cbea933619c4a5f78b226acb49c13\"\u003e\u003ccode\u003e2e69879\u003c/code\u003e\u003c/a\u003e Use jv_mem_alloc to allocate dtoa_context in tsd_dtoa_context_get (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3356\"\u003e#3356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/0b1ef469734f0621283a056aa1e8f2080110b493\"\u003e\u003ccode\u003e0b1ef46\u003c/code\u003e\u003c/a\u003e Add oniguruma library path to link jq program\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/5e159b34b179417e3e0404108190a2ac7d65611c\"\u003e\u003ccode\u003e5e159b3\u003c/code\u003e\u003c/a\u003e Fix GHSA-f946-j5j2-4w5m stack-overflow by limit regex parse depth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/499c91bca9d4d027833bc62787d1bb075c03680e\"\u003e\u003ccode\u003e499c91b\u003c/code\u003e\u003c/a\u003e Fixes CVE-2025-49014 which was introduced in 1.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/edbc1da8093f55f8e7e68f29e93abcf2e19c5aa0\"\u003e\u003ccode\u003eedbc1da\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;fix: reduce/foreach state variable should not be reset each iteration...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jqlang/jq\u0026package-manager=docker\u0026previous-version=1.8.0\u0026new-version=1.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/hexa2k9/jenkns-runner/pull/22","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hexa2k9%2Fjenkns-runner/issues/22","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/22/packages"},{"uuid":"2633137122","node_id":"PR_kwDOBwcGbc6c8nvi","number":172,"state":"closed","title":"build(deps): bump jqlang/jq from 1.8.0 to 1.8.1 in /tools/py-dev","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-07-01T17:16:13.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-01T17:14:27.000Z","updated_at":"2025-07-01T17:16:13.000Z","time_to_close":106,"merged_at":"2025-07-01T17:16:13.000Z","merged_by":"github-actions[bot]","closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"jqlang/jq","old_version":"1.8.0","new_version":"1.8.1","repository_url":"https://github.com/jqlang/jq"}],"path":"/tools/py-dev","ecosystem":"docker"},"body":"Bumps [jqlang/jq](https://github.com/jqlang/jq) from 1.8.0 to 1.8.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jqlang/jq/releases\"\u003ejqlang/jq's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ejq 1.8.1\u003c/h2\u003e\n\u003cp\u003eThis is a patch release to fix security, performance, and build issues found in 1.8.0.\nFull commit log can be found at \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\"\u003ehttps://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-49014: Fix heap use after free in \u003ccode\u003ef_strftime\u003c/code\u003e, \u003ccode\u003ef_strflocaltime\u003c/code\u003e.\n\u003ca href=\"https://github.com/wader\"\u003e\u003ccode\u003e@​wader\u003c/code\u003e\u003c/a\u003e 499c91bca9d4d027833bc62787d1bb075c03680e\u003c/li\u003e\n\u003cli\u003eGHSA-f946-j5j2-4w5m: Fix stack overflow in \u003ccode\u003enode_min_byte_len\u003c/code\u003e of oniguruma.\n\u003ca href=\"https://github.com/wader\"\u003e\u003ccode\u003e@​wader\u003c/code\u003e\u003c/a\u003e 5e159b34b179417e3e0404108190a2ac7d65611c\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix assertion failure when syntax error happens at the end of the query. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3350\"\u003e#3350\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges to existing functions\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix portability of \u003ccode\u003estrptime/1\u003c/code\u003e especially for Windows. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3342\"\u003e#3342\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eLanguage changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert the change of \u003ccode\u003ereduce\u003c/code\u003e/\u003ccode\u003eforeach\u003c/code\u003e state variable in 1.8.0 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3205\"\u003e#3205\u003c/a\u003e).\nThis change was reverted due to serious performance regression. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3349\"\u003e#3349\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd LICENSE notice of NetBSD's \u003ccode\u003estrptime()\u003c/code\u003e to COPYING. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3344\"\u003e#3344\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBuild improvements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix build on old Mac with old sed. \u003ca href=\"https://github.com/qianbinbin\"\u003e\u003ccode\u003e@​qianbinbin\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3336\"\u003e#3336\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/4467af7068b1bcd7f882defff6e7ea674c5357f4\"\u003e\u003ccode\u003e4467af7\u003c/code\u003e\u003c/a\u003e Update NEWS.md and AUTHORS for 1.8.1 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3353\"\u003e#3353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/98a1176cffa726c1d18db42c76b53169d8c27d7c\"\u003e\u003ccode\u003e98a1176\u003c/code\u003e\u003c/a\u003e build(deps): bump pyyaml from 6.0.1 to 6.0.2 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3363\"\u003e#3363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/205b3a2d75c7dec0e9c71f262e76219b44176b01\"\u003e\u003ccode\u003e205b3a2\u003c/code\u003e\u003c/a\u003e build(deps): bump lxml from 5.4.0 to 6.0.0 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3362\"\u003e#3362\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d21e506d5283511b5b310fffe37a7b2dea6b410a\"\u003e\u003ccode\u003ed21e506\u003c/code\u003e\u003c/a\u003e build(deps): bump markdown from 3.8 to 3.8.2 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3361\"\u003e#3361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/11f43e9d93dec278bdd470bf25214cba614de2dc\"\u003e\u003ccode\u003e11f43e9\u003c/code\u003e\u003c/a\u003e Fixed minor typo in docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3359\"\u003e#3359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/2e6987967e9cbea933619c4a5f78b226acb49c13\"\u003e\u003ccode\u003e2e69879\u003c/code\u003e\u003c/a\u003e Use jv_mem_alloc to allocate dtoa_context in tsd_dtoa_context_get (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3356\"\u003e#3356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/0b1ef469734f0621283a056aa1e8f2080110b493\"\u003e\u003ccode\u003e0b1ef46\u003c/code\u003e\u003c/a\u003e Add oniguruma library path to link jq program\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/5e159b34b179417e3e0404108190a2ac7d65611c\"\u003e\u003ccode\u003e5e159b3\u003c/code\u003e\u003c/a\u003e Fix GHSA-f946-j5j2-4w5m stack-overflow by limit regex parse depth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/499c91bca9d4d027833bc62787d1bb075c03680e\"\u003e\u003ccode\u003e499c91b\u003c/code\u003e\u003c/a\u003e Fixes CVE-2025-49014 which was introduced in 1.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/edbc1da8093f55f8e7e68f29e93abcf2e19c5aa0\"\u003e\u003ccode\u003eedbc1da\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;fix: reduce/foreach state variable should not be reset each iteration...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jqlang/jq\u0026package-manager=docker\u0026previous-version=1.8.0\u0026new-version=1.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/laurentquillerou/dotconf/pull/172","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/laurentquillerou%2Fdotconf/issues/172","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/172/packages"},{"uuid":"2561543843","node_id":"PR_kwDOBwcGbc6Yrg6j","number":152,"state":"open","title":"build(deps): bump jqlang/jq from 1.7.1 to 1.8.0 in /tools/py-dev","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-02T18:23:36.000Z","updated_at":"2025-06-02T18:23:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"jqlang/jq","old_version":"1.7.1","new_version":"1.8.0","repository_url":"https://github.com/jqlang/jq"}],"path":"/tools/py-dev","ecosystem":"docker"},"body":"Bumps [jqlang/jq](https://github.com/jqlang/jq) from 1.7.1 to 1.8.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jqlang/jq/releases\"\u003ejqlang/jq's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ejq 1.8.0\u003c/h2\u003e\n\u003cp\u003eWe are pleased to announce the release of version 1.8.0.\nThis release includes a number of improvements since the last version.\nNote that some changes may introduce breaking changes to existing scripts,\nso be sure to read the following information carefully.\nFull commit log can be found at \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\"\u003ehttps://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eReleasing\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eChange the version number pattern to \u003ccode\u003e1.X.Y\u003c/code\u003e (\u003ccode\u003e1.8.0\u003c/code\u003e instead of \u003ccode\u003e1.8\u003c/code\u003e). \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/2999\"\u003e#2999\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGenerate provenance attestations for release artifacts and docker image. \u003ca href=\"https://github.com/lectrical\"\u003e\u003ccode\u003e@​lectrical\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3225\"\u003e#3225\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003egh attestation verify --repo jqlang/jq jq-linux-amd64\ngh attestation verify --repo jqlang/jq oci://ghcr.io/jqlang/jq:1.8.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-23337: Fix signed integer overflow in \u003ccode\u003ejvp_array_write\u003c/code\u003e and \u003ccode\u003ejvp_object_rehash\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e de21386681c0df0104a99d9d09db23a9b2a78b1e\n\u003cul\u003e\n\u003cli\u003eThe fix for this issue now limits the maximum size of arrays and objects to 536870912 (\u003ccode\u003e2^29\u003c/code\u003e) elements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE-2024-53427: Reject NaN with payload while parsing JSON. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e a09a4dfd55e6c24d04b35062ccfe4509748b1dd3\n\u003cul\u003e\n\u003cli\u003eThe fix for this issue now drops support for NaN with payload in JSON (like \u003ccode\u003eNaN123\u003c/code\u003e).\nOther JSON extensions like \u003ccode\u003eNaN\u003c/code\u003e and \u003ccode\u003eInfinity\u003c/code\u003e are still supported.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE-2025-48060: Fix heap buffer overflow in \u003ccode\u003ejv_string_vfmt\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e c6e041699d8cd31b97375a2596217aff2cfca85b\u003c/li\u003e\n\u003cli\u003eFix use of uninitialized value in \u003ccode\u003echeck_literal\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3324\"\u003e#3324\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix segmentation fault on \u003ccode\u003estrftime/1\u003c/code\u003e, \u003ccode\u003estrflocaltime/1\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3271\"\u003e#3271\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unhandled overflow in \u003ccode\u003e@base64d\u003c/code\u003e. \u003ca href=\"https://github.com/emanuele6\"\u003e\u003ccode\u003e@​emanuele6\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3080\"\u003e#3080\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e--indent 0\u003c/code\u003e implicitly enabling \u003ccode\u003e--compact-output\u003c/code\u003e. \u003ca href=\"https://github.com/amarshall\"\u003e\u003ccode\u003e@​amarshall\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/gbrlmarn\"\u003e\u003ccode\u003e@​gbrlmarn\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3232\"\u003e#3232\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003e$ jq --indent 0 . \u0026lt;\u0026lt;\u0026lt; '{ \u0026quot;foo\u0026quot;: [\u0026quot;hello\u0026quot;, \u0026quot;world\u0026quot;] }'\n{\n\u0026quot;foo\u0026quot;: [\n\u0026quot;hello\u0026quot;,\n\u0026quot;world\u0026quot;\n]\n}\n# Previously, this implied --compact-output, but now outputs with new lines.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove error messages to show problematic position in the filter. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3292\"\u003e#3292\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003e$ jq -n '1 + $foo + 2'\njq: error: $foo is not defined at \u0026lt;top-level\u0026gt;, line 1, column 5:\n    1 + $foo + 2\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d23a7b9db932be706fecf5f4c9711fd4214bb64e\"\u003e\u003ccode\u003ed23a7b9\u003c/code\u003e\u003c/a\u003e Update NEWS.md and AUTHORS for 1.8.0 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3330\"\u003e#3330\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d3cf5caf724a3ff353069dcfbeef7d2b5640ea65\"\u003e\u003ccode\u003ed3cf5ca\u003c/code\u003e\u003c/a\u003e Add more test cases for JQ_COLORS support (ref \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3288\"\u003e#3288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/aa977aa71643d4b02f51cab8be0e1abc3b0f9152\"\u003e\u003ccode\u003eaa977aa\u003c/code\u003e\u003c/a\u003e Dynamically allocate JQ_COLORS escapes for truecolor support (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3282\"\u003e#3282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/c6e041699d8cd31b97375a2596217aff2cfca85b\"\u003e\u003ccode\u003ec6e0416\u003c/code\u003e\u003c/a\u003e Fix heap buffer overflow when formatting an empty string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/3b00981acd9b6b373b5bbb7643802b77169200dc\"\u003e\u003ccode\u003e3b00981\u003c/code\u003e\u003c/a\u003e Fix quotes in 1.7 manual for ease of taking diff between versions (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3329\"\u003e#3329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/f28720f699ab35643edec2a42a2f47c3ddaf3b32\"\u003e\u003ccode\u003ef28720f\u003c/code\u003e\u003c/a\u003e Increase the maximum parsing depth for parsing JSON to 10000 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3328\"\u003e#3328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/9ac6ddae2266c6c19f8599c5ad5fc67e3bc7c9f4\"\u003e\u003ccode\u003e9ac6dda\u003c/code\u003e\u003c/a\u003e Fix whitespace in number parsing (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3195\"\u003e#3195\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/aaace5432a658856c4e40601e29f19a41fd8c80f\"\u003e\u003ccode\u003eaaace54\u003c/code\u003e\u003c/a\u003e Fix parser to allow binary operators for binding syntax (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3326\"\u003e#3326\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/4e3088f1888f367ce744d830423848d15a03f5d0\"\u003e\u003ccode\u003e4e3088f\u003c/code\u003e\u003c/a\u003e Fix behavior of \u003ccode\u003e--slurp --stream\u003c/code\u003e when input has no trailing newline charact...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/7d8c096e487a6ef5f7294e4862938d594ad67f57\"\u003e\u003ccode\u003e7d8c096\u003c/code\u003e\u003c/a\u003e Add trimstr/1 function (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3319\"\u003e#3319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jqlang/jq\u0026package-manager=docker\u0026previous-version=1.7.1\u0026new-version=1.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/laurentquillerou/dotconf/pull/152","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/laurentquillerou%2Fdotconf/issues/152","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/152/packages"},{"uuid":"2561478980","node_id":"PR_kwDOBwcGbc6YrRFE","number":149,"state":"closed","title":"build(deps): bump jqlang/jq from 1.7.1 to 1.8.0 in /tools/toolbox","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-06-05T06:35:55.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-02T17:58:00.000Z","updated_at":"2025-06-05T06:35:55.000Z","time_to_close":218275,"merged_at":"2025-06-05T06:35:55.000Z","merged_by":"laurentquillerou","closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"jqlang/jq","old_version":"1.7.1","new_version":"1.8.0","repository_url":"https://github.com/jqlang/jq"}],"path":"/tools/toolbox","ecosystem":"docker"},"body":"Bumps [jqlang/jq](https://github.com/jqlang/jq) from 1.7.1 to 1.8.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jqlang/jq/releases\"\u003ejqlang/jq's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ejq 1.8.0\u003c/h2\u003e\n\u003cp\u003eWe are pleased to announce the release of version 1.8.0.\nThis release includes a number of improvements since the last version.\nNote that some changes may introduce breaking changes to existing scripts,\nso be sure to read the following information carefully.\nFull commit log can be found at \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\"\u003ehttps://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eReleasing\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eChange the version number pattern to \u003ccode\u003e1.X.Y\u003c/code\u003e (\u003ccode\u003e1.8.0\u003c/code\u003e instead of \u003ccode\u003e1.8\u003c/code\u003e). \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/2999\"\u003e#2999\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGenerate provenance attestations for release artifacts and docker image. \u003ca href=\"https://github.com/lectrical\"\u003e\u003ccode\u003e@​lectrical\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3225\"\u003e#3225\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003egh attestation verify --repo jqlang/jq jq-linux-amd64\ngh attestation verify --repo jqlang/jq oci://ghcr.io/jqlang/jq:1.8.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-23337: Fix signed integer overflow in \u003ccode\u003ejvp_array_write\u003c/code\u003e and \u003ccode\u003ejvp_object_rehash\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e de21386681c0df0104a99d9d09db23a9b2a78b1e\n\u003cul\u003e\n\u003cli\u003eThe fix for this issue now limits the maximum size of arrays and objects to 536870912 (\u003ccode\u003e2^29\u003c/code\u003e) elements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE-2024-53427: Reject NaN with payload while parsing JSON. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e a09a4dfd55e6c24d04b35062ccfe4509748b1dd3\n\u003cul\u003e\n\u003cli\u003eThe fix for this issue now drops support for NaN with payload in JSON (like \u003ccode\u003eNaN123\u003c/code\u003e).\nOther JSON extensions like \u003ccode\u003eNaN\u003c/code\u003e and \u003ccode\u003eInfinity\u003c/code\u003e are still supported.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE-2025-48060: Fix heap buffer overflow in \u003ccode\u003ejv_string_vfmt\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e c6e041699d8cd31b97375a2596217aff2cfca85b\u003c/li\u003e\n\u003cli\u003eFix use of uninitialized value in \u003ccode\u003echeck_literal\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3324\"\u003e#3324\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix segmentation fault on \u003ccode\u003estrftime/1\u003c/code\u003e, \u003ccode\u003estrflocaltime/1\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3271\"\u003e#3271\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unhandled overflow in \u003ccode\u003e@base64d\u003c/code\u003e. \u003ca href=\"https://github.com/emanuele6\"\u003e\u003ccode\u003e@​emanuele6\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3080\"\u003e#3080\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e--indent 0\u003c/code\u003e implicitly enabling \u003ccode\u003e--compact-output\u003c/code\u003e. \u003ca href=\"https://github.com/amarshall\"\u003e\u003ccode\u003e@​amarshall\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/gbrlmarn\"\u003e\u003ccode\u003e@​gbrlmarn\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3232\"\u003e#3232\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003e$ jq --indent 0 . \u0026lt;\u0026lt;\u0026lt; '{ \u0026quot;foo\u0026quot;: [\u0026quot;hello\u0026quot;, \u0026quot;world\u0026quot;] }'\n{\n\u0026quot;foo\u0026quot;: [\n\u0026quot;hello\u0026quot;,\n\u0026quot;world\u0026quot;\n]\n}\n# Previously, this implied --compact-output, but now outputs with new lines.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove error messages to show problematic position in the filter. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3292\"\u003e#3292\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003e$ jq -n '1 + $foo + 2'\njq: error: $foo is not defined at \u0026lt;top-level\u0026gt;, line 1, column 5:\n    1 + $foo + 2\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d23a7b9db932be706fecf5f4c9711fd4214bb64e\"\u003e\u003ccode\u003ed23a7b9\u003c/code\u003e\u003c/a\u003e Update NEWS.md and AUTHORS for 1.8.0 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3330\"\u003e#3330\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d3cf5caf724a3ff353069dcfbeef7d2b5640ea65\"\u003e\u003ccode\u003ed3cf5ca\u003c/code\u003e\u003c/a\u003e Add more test cases for JQ_COLORS support (ref \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3288\"\u003e#3288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/aa977aa71643d4b02f51cab8be0e1abc3b0f9152\"\u003e\u003ccode\u003eaa977aa\u003c/code\u003e\u003c/a\u003e Dynamically allocate JQ_COLORS escapes for truecolor support (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3282\"\u003e#3282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/c6e041699d8cd31b97375a2596217aff2cfca85b\"\u003e\u003ccode\u003ec6e0416\u003c/code\u003e\u003c/a\u003e Fix heap buffer overflow when formatting an empty string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/3b00981acd9b6b373b5bbb7643802b77169200dc\"\u003e\u003ccode\u003e3b00981\u003c/code\u003e\u003c/a\u003e Fix quotes in 1.7 manual for ease of taking diff between versions (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3329\"\u003e#3329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/f28720f699ab35643edec2a42a2f47c3ddaf3b32\"\u003e\u003ccode\u003ef28720f\u003c/code\u003e\u003c/a\u003e Increase the maximum parsing depth for parsing JSON to 10000 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3328\"\u003e#3328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/9ac6ddae2266c6c19f8599c5ad5fc67e3bc7c9f4\"\u003e\u003ccode\u003e9ac6dda\u003c/code\u003e\u003c/a\u003e Fix whitespace in number parsing (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3195\"\u003e#3195\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/aaace5432a658856c4e40601e29f19a41fd8c80f\"\u003e\u003ccode\u003eaaace54\u003c/code\u003e\u003c/a\u003e Fix parser to allow binary operators for binding syntax (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3326\"\u003e#3326\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/4e3088f1888f367ce744d830423848d15a03f5d0\"\u003e\u003ccode\u003e4e3088f\u003c/code\u003e\u003c/a\u003e Fix behavior of \u003ccode\u003e--slurp --stream\u003c/code\u003e when input has no trailing newline charact...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/7d8c096e487a6ef5f7294e4862938d594ad67f57\"\u003e\u003ccode\u003e7d8c096\u003c/code\u003e\u003c/a\u003e Add trimstr/1 function (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3319\"\u003e#3319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jqlang/jq\u0026package-manager=docker\u0026previous-version=1.7.1\u0026new-version=1.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/laurentquillerou/dotconf/pull/149","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/laurentquillerou%2Fdotconf/issues/149","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/149/packages"},{"uuid":"2559633683","node_id":"PR_kwDONbgMPc6YkOkT","number":17,"state":"open","title":"Bump jqlang/jq from 1.7.1 to 1.8.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":["hexa2k9"],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-02T07:44:58.000Z","updated_at":"2025-06-02T07:44:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jqlang/jq","old_version":"1.7.1","new_version":"1.8.0","repository_url":"https://github.com/jqlang/jq"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jqlang/jq](https://github.com/jqlang/jq) from 1.7.1 to 1.8.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jqlang/jq/releases\"\u003ejqlang/jq's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ejq 1.8.0\u003c/h2\u003e\n\u003cp\u003eWe are pleased to announce the release of version 1.8.0.\nThis release includes a number of improvements since the last version.\nNote that some changes may introduce breaking changes to existing scripts,\nso be sure to read the following information carefully.\nFull commit log can be found at \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\"\u003ehttps://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eReleasing\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eChange the version number pattern to \u003ccode\u003e1.X.Y\u003c/code\u003e (\u003ccode\u003e1.8.0\u003c/code\u003e instead of \u003ccode\u003e1.8\u003c/code\u003e). \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/2999\"\u003e#2999\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGenerate provenance attestations for release artifacts and docker image. \u003ca href=\"https://github.com/lectrical\"\u003e\u003ccode\u003e@​lectrical\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3225\"\u003e#3225\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003egh attestation verify --repo jqlang/jq jq-linux-amd64\ngh attestation verify --repo jqlang/jq oci://ghcr.io/jqlang/jq:1.8.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-23337: Fix signed integer overflow in \u003ccode\u003ejvp_array_write\u003c/code\u003e and \u003ccode\u003ejvp_object_rehash\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e de21386681c0df0104a99d9d09db23a9b2a78b1e\n\u003cul\u003e\n\u003cli\u003eThe fix for this issue now limits the maximum size of arrays and objects to 536870912 (\u003ccode\u003e2^29\u003c/code\u003e) elements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE-2024-53427: Reject NaN with payload while parsing JSON. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e a09a4dfd55e6c24d04b35062ccfe4509748b1dd3\n\u003cul\u003e\n\u003cli\u003eThe fix for this issue now drops support for NaN with payload in JSON (like \u003ccode\u003eNaN123\u003c/code\u003e).\nOther JSON extensions like \u003ccode\u003eNaN\u003c/code\u003e and \u003ccode\u003eInfinity\u003c/code\u003e are still supported.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE-2025-48060: Fix heap buffer overflow in \u003ccode\u003ejv_string_vfmt\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e c6e041699d8cd31b97375a2596217aff2cfca85b\u003c/li\u003e\n\u003cli\u003eFix use of uninitialized value in \u003ccode\u003echeck_literal\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3324\"\u003e#3324\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix segmentation fault on \u003ccode\u003estrftime/1\u003c/code\u003e, \u003ccode\u003estrflocaltime/1\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3271\"\u003e#3271\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unhandled overflow in \u003ccode\u003e@base64d\u003c/code\u003e. \u003ca href=\"https://github.com/emanuele6\"\u003e\u003ccode\u003e@​emanuele6\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3080\"\u003e#3080\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e--indent 0\u003c/code\u003e implicitly enabling \u003ccode\u003e--compact-output\u003c/code\u003e. \u003ca href=\"https://github.com/amarshall\"\u003e\u003ccode\u003e@​amarshall\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/gbrlmarn\"\u003e\u003ccode\u003e@​gbrlmarn\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3232\"\u003e#3232\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003e$ jq --indent 0 . \u0026lt;\u0026lt;\u0026lt; '{ \u0026quot;foo\u0026quot;: [\u0026quot;hello\u0026quot;, \u0026quot;world\u0026quot;] }'\n{\n\u0026quot;foo\u0026quot;: [\n\u0026quot;hello\u0026quot;,\n\u0026quot;world\u0026quot;\n]\n}\n# Previously, this implied --compact-output, but now outputs with new lines.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove error messages to show problematic position in the filter. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3292\"\u003e#3292\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003e$ jq -n '1 + $foo + 2'\njq: error: $foo is not defined at \u0026lt;top-level\u0026gt;, line 1, column 5:\n    1 + $foo + 2\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d23a7b9db932be706fecf5f4c9711fd4214bb64e\"\u003e\u003ccode\u003ed23a7b9\u003c/code\u003e\u003c/a\u003e Update NEWS.md and AUTHORS for 1.8.0 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3330\"\u003e#3330\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d3cf5caf724a3ff353069dcfbeef7d2b5640ea65\"\u003e\u003ccode\u003ed3cf5ca\u003c/code\u003e\u003c/a\u003e Add more test cases for JQ_COLORS support (ref \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3288\"\u003e#3288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/aa977aa71643d4b02f51cab8be0e1abc3b0f9152\"\u003e\u003ccode\u003eaa977aa\u003c/code\u003e\u003c/a\u003e Dynamically allocate JQ_COLORS escapes for truecolor support (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3282\"\u003e#3282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/c6e041699d8cd31b97375a2596217aff2cfca85b\"\u003e\u003ccode\u003ec6e0416\u003c/code\u003e\u003c/a\u003e Fix heap buffer overflow when formatting an empty string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/3b00981acd9b6b373b5bbb7643802b77169200dc\"\u003e\u003ccode\u003e3b00981\u003c/code\u003e\u003c/a\u003e Fix quotes in 1.7 manual for ease of taking diff between versions (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3329\"\u003e#3329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/f28720f699ab35643edec2a42a2f47c3ddaf3b32\"\u003e\u003ccode\u003ef28720f\u003c/code\u003e\u003c/a\u003e Increase the maximum parsing depth for parsing JSON to 10000 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3328\"\u003e#3328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/9ac6ddae2266c6c19f8599c5ad5fc67e3bc7c9f4\"\u003e\u003ccode\u003e9ac6dda\u003c/code\u003e\u003c/a\u003e Fix whitespace in number parsing (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3195\"\u003e#3195\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/aaace5432a658856c4e40601e29f19a41fd8c80f\"\u003e\u003ccode\u003eaaace54\u003c/code\u003e\u003c/a\u003e Fix parser to allow binary operators for binding syntax (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3326\"\u003e#3326\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/4e3088f1888f367ce744d830423848d15a03f5d0\"\u003e\u003ccode\u003e4e3088f\u003c/code\u003e\u003c/a\u003e Fix behavior of \u003ccode\u003e--slurp --stream\u003c/code\u003e when input has no trailing newline charact...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/7d8c096e487a6ef5f7294e4862938d594ad67f57\"\u003e\u003ccode\u003e7d8c096\u003c/code\u003e\u003c/a\u003e Add trimstr/1 function (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3319\"\u003e#3319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jqlang/jq\u0026package-manager=docker\u0026previous-version=1.7.1\u0026new-version=1.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/hexa2k9/jenkns-runner/pull/17","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hexa2k9%2Fjenkns-runner/issues/17","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/17/packages"},{"uuid":"2559276767","node_id":"PR_kwDONDwe4M6Yi3bf","number":19,"state":"closed","title":"Bump jqlang/jq from 1.7.1 to 1.8.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-06-02T18:00:13.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-02T05:20:35.000Z","updated_at":"2025-06-02T18:00:13.000Z","time_to_close":45578,"merged_at":"2025-06-02T18:00:12.000Z","merged_by":"dependabot[bot]","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jqlang/jq","old_version":"1.7.1","new_version":"1.8.0","repository_url":"https://github.com/jqlang/jq"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jqlang/jq](https://github.com/jqlang/jq) from 1.7.1 to 1.8.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jqlang/jq/releases\"\u003ejqlang/jq's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ejq 1.8.0\u003c/h2\u003e\n\u003cp\u003eWe are pleased to announce the release of version 1.8.0.\nThis release includes a number of improvements since the last version.\nNote that some changes may introduce breaking changes to existing scripts,\nso be sure to read the following information carefully.\nFull commit log can be found at \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\"\u003ehttps://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eReleasing\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eChange the version number pattern to \u003ccode\u003e1.X.Y\u003c/code\u003e (\u003ccode\u003e1.8.0\u003c/code\u003e instead of \u003ccode\u003e1.8\u003c/code\u003e). \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/2999\"\u003e#2999\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGenerate provenance attestations for release artifacts and docker image. \u003ca href=\"https://github.com/lectrical\"\u003e\u003ccode\u003e@​lectrical\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3225\"\u003e#3225\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003egh attestation verify --repo jqlang/jq jq-linux-amd64\ngh attestation verify --repo jqlang/jq oci://ghcr.io/jqlang/jq:1.8.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-23337: Fix signed integer overflow in \u003ccode\u003ejvp_array_write\u003c/code\u003e and \u003ccode\u003ejvp_object_rehash\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e de21386681c0df0104a99d9d09db23a9b2a78b1e\n\u003cul\u003e\n\u003cli\u003eThe fix for this issue now limits the maximum size of arrays and objects to 536870912 (\u003ccode\u003e2^29\u003c/code\u003e) elements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE-2024-53427: Reject NaN with payload while parsing JSON. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e a09a4dfd55e6c24d04b35062ccfe4509748b1dd3\n\u003cul\u003e\n\u003cli\u003eThe fix for this issue now drops support for NaN with payload in JSON (like \u003ccode\u003eNaN123\u003c/code\u003e).\nOther JSON extensions like \u003ccode\u003eNaN\u003c/code\u003e and \u003ccode\u003eInfinity\u003c/code\u003e are still supported.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE-2025-48060: Fix heap buffer overflow in \u003ccode\u003ejv_string_vfmt\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e c6e041699d8cd31b97375a2596217aff2cfca85b\u003c/li\u003e\n\u003cli\u003eFix use of uninitialized value in \u003ccode\u003echeck_literal\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3324\"\u003e#3324\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix segmentation fault on \u003ccode\u003estrftime/1\u003c/code\u003e, \u003ccode\u003estrflocaltime/1\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3271\"\u003e#3271\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unhandled overflow in \u003ccode\u003e@base64d\u003c/code\u003e. \u003ca href=\"https://github.com/emanuele6\"\u003e\u003ccode\u003e@​emanuele6\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3080\"\u003e#3080\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e--indent 0\u003c/code\u003e implicitly enabling \u003ccode\u003e--compact-output\u003c/code\u003e. \u003ca href=\"https://github.com/amarshall\"\u003e\u003ccode\u003e@​amarshall\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/gbrlmarn\"\u003e\u003ccode\u003e@​gbrlmarn\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3232\"\u003e#3232\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003e$ jq --indent 0 . \u0026lt;\u0026lt;\u0026lt; '{ \u0026quot;foo\u0026quot;: [\u0026quot;hello\u0026quot;, \u0026quot;world\u0026quot;] }'\n{\n\u0026quot;foo\u0026quot;: [\n\u0026quot;hello\u0026quot;,\n\u0026quot;world\u0026quot;\n]\n}\n# Previously, this implied --compact-output, but now outputs with new lines.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove error messages to show problematic position in the filter. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3292\"\u003e#3292\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003e$ jq -n '1 + $foo + 2'\njq: error: $foo is not defined at \u0026lt;top-level\u0026gt;, line 1, column 5:\n    1 + $foo + 2\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d23a7b9db932be706fecf5f4c9711fd4214bb64e\"\u003e\u003ccode\u003ed23a7b9\u003c/code\u003e\u003c/a\u003e Update NEWS.md and AUTHORS for 1.8.0 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3330\"\u003e#3330\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d3cf5caf724a3ff353069dcfbeef7d2b5640ea65\"\u003e\u003ccode\u003ed3cf5ca\u003c/code\u003e\u003c/a\u003e Add more test cases for JQ_COLORS support (ref \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3288\"\u003e#3288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/aa977aa71643d4b02f51cab8be0e1abc3b0f9152\"\u003e\u003ccode\u003eaa977aa\u003c/code\u003e\u003c/a\u003e Dynamically allocate JQ_COLORS escapes for truecolor support (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3282\"\u003e#3282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/c6e041699d8cd31b97375a2596217aff2cfca85b\"\u003e\u003ccode\u003ec6e0416\u003c/code\u003e\u003c/a\u003e Fix heap buffer overflow when formatting an empty string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/3b00981acd9b6b373b5bbb7643802b77169200dc\"\u003e\u003ccode\u003e3b00981\u003c/code\u003e\u003c/a\u003e Fix quotes in 1.7 manual for ease of taking diff between versions (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3329\"\u003e#3329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/f28720f699ab35643edec2a42a2f47c3ddaf3b32\"\u003e\u003ccode\u003ef28720f\u003c/code\u003e\u003c/a\u003e Increase the maximum parsing depth for parsing JSON to 10000 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3328\"\u003e#3328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/9ac6ddae2266c6c19f8599c5ad5fc67e3bc7c9f4\"\u003e\u003ccode\u003e9ac6dda\u003c/code\u003e\u003c/a\u003e Fix whitespace in number parsing (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3195\"\u003e#3195\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/aaace5432a658856c4e40601e29f19a41fd8c80f\"\u003e\u003ccode\u003eaaace54\u003c/code\u003e\u003c/a\u003e Fix parser to allow binary operators for binding syntax (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3326\"\u003e#3326\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/4e3088f1888f367ce744d830423848d15a03f5d0\"\u003e\u003ccode\u003e4e3088f\u003c/code\u003e\u003c/a\u003e Fix behavior of \u003ccode\u003e--slurp --stream\u003c/code\u003e when input has no trailing newline charact...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/7d8c096e487a6ef5f7294e4862938d594ad67f57\"\u003e\u003ccode\u003e7d8c096\u003c/code\u003e\u003c/a\u003e Add trimstr/1 function (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3319\"\u003e#3319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jqlang/jq\u0026package-manager=docker\u0026previous-version=1.7.1\u0026new-version=1.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/omec-project/aether-cni/pull/19","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/omec-project%2Faether-cni/issues/19","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/19/packages"}],"issue_packages":[{"old_version":"1.8.0","new_version":"1.8.1","update_type":"patch","path":null,"pr_created_at":"2025-07-07T04:45:15.000Z","version_change":"1.8.0 → 1.8.1","issue":{"uuid":"3207527631","node_id":"PR_kwDONDwe4M6dro2B","number":21,"state":"open","title":"Bump jqlang/jq from 1.8.0 to 1.8.1","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-07T04:45:15.000Z","updated_at":"2025-07-07T04:59:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jqlang/jq","old_version":"1.8.0","new_version":"1.8.1","repository_url":"https://github.com/jqlang/jq"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jqlang/jq](https://github.com/jqlang/jq) from 1.8.0 to 1.8.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jqlang/jq/releases\"\u003ejqlang/jq's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ejq 1.8.1\u003c/h2\u003e\n\u003cp\u003eThis is a patch release to fix security, performance, and build issues found in 1.8.0.\nFull commit log can be found at \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\"\u003ehttps://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-49014: Fix heap use after free in \u003ccode\u003ef_strftime\u003c/code\u003e, \u003ccode\u003ef_strflocaltime\u003c/code\u003e.\n\u003ca href=\"https://github.com/wader\"\u003e\u003ccode\u003e@​wader\u003c/code\u003e\u003c/a\u003e 499c91bca9d4d027833bc62787d1bb075c03680e\u003c/li\u003e\n\u003cli\u003eGHSA-f946-j5j2-4w5m: Fix stack overflow in \u003ccode\u003enode_min_byte_len\u003c/code\u003e of oniguruma.\n\u003ca href=\"https://github.com/wader\"\u003e\u003ccode\u003e@​wader\u003c/code\u003e\u003c/a\u003e 5e159b34b179417e3e0404108190a2ac7d65611c\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix assertion failure when syntax error happens at the end of the query. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3350\"\u003e#3350\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges to existing functions\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix portability of \u003ccode\u003estrptime/1\u003c/code\u003e especially for Windows. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3342\"\u003e#3342\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eLanguage changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert the change of \u003ccode\u003ereduce\u003c/code\u003e/\u003ccode\u003eforeach\u003c/code\u003e state variable in 1.8.0 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3205\"\u003e#3205\u003c/a\u003e).\nThis change was reverted due to serious performance regression. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3349\"\u003e#3349\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd LICENSE notice of NetBSD's \u003ccode\u003estrptime()\u003c/code\u003e to COPYING. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3344\"\u003e#3344\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBuild improvements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix build on old Mac with old sed. \u003ca href=\"https://github.com/qianbinbin\"\u003e\u003ccode\u003e@​qianbinbin\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3336\"\u003e#3336\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/4467af7068b1bcd7f882defff6e7ea674c5357f4\"\u003e\u003ccode\u003e4467af7\u003c/code\u003e\u003c/a\u003e Update NEWS.md and AUTHORS for 1.8.1 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3353\"\u003e#3353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/98a1176cffa726c1d18db42c76b53169d8c27d7c\"\u003e\u003ccode\u003e98a1176\u003c/code\u003e\u003c/a\u003e build(deps): bump pyyaml from 6.0.1 to 6.0.2 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3363\"\u003e#3363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/205b3a2d75c7dec0e9c71f262e76219b44176b01\"\u003e\u003ccode\u003e205b3a2\u003c/code\u003e\u003c/a\u003e build(deps): bump lxml from 5.4.0 to 6.0.0 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3362\"\u003e#3362\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d21e506d5283511b5b310fffe37a7b2dea6b410a\"\u003e\u003ccode\u003ed21e506\u003c/code\u003e\u003c/a\u003e build(deps): bump markdown from 3.8 to 3.8.2 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3361\"\u003e#3361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/11f43e9d93dec278bdd470bf25214cba614de2dc\"\u003e\u003ccode\u003e11f43e9\u003c/code\u003e\u003c/a\u003e Fixed minor typo in docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3359\"\u003e#3359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/2e6987967e9cbea933619c4a5f78b226acb49c13\"\u003e\u003ccode\u003e2e69879\u003c/code\u003e\u003c/a\u003e Use jv_mem_alloc to allocate dtoa_context in tsd_dtoa_context_get (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3356\"\u003e#3356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/0b1ef469734f0621283a056aa1e8f2080110b493\"\u003e\u003ccode\u003e0b1ef46\u003c/code\u003e\u003c/a\u003e Add oniguruma library path to link jq program\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/5e159b34b179417e3e0404108190a2ac7d65611c\"\u003e\u003ccode\u003e5e159b3\u003c/code\u003e\u003c/a\u003e Fix GHSA-f946-j5j2-4w5m stack-overflow by limit regex parse depth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/499c91bca9d4d027833bc62787d1bb075c03680e\"\u003e\u003ccode\u003e499c91b\u003c/code\u003e\u003c/a\u003e Fixes CVE-2025-49014 which was introduced in 1.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/edbc1da8093f55f8e7e68f29e93abcf2e19c5aa0\"\u003e\u003ccode\u003eedbc1da\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;fix: reduce/foreach state variable should not be reset each iteration...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jqlang/jq\u0026package-manager=docker\u0026previous-version=1.8.0\u0026new-version=1.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/omec-project/aether-cni/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/omec-project%2Faether-cni/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"}},{"old_version":"1.8.0","new_version":"1.8.1","update_type":"patch","path":null,"pr_created_at":"2025-07-02T06:36:17.000Z","version_change":"1.8.0 → 1.8.1","issue":{"uuid":"2634446658","node_id":"PR_kwDONbgMPc6dBndC","number":22,"state":"open","title":"Bump jqlang/jq from 1.8.0 to 1.8.1","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":["hexa2k9"],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-02T06:36:17.000Z","updated_at":"2025-07-02T06:36:18.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jqlang/jq","old_version":"1.8.0","new_version":"1.8.1","repository_url":"https://github.com/jqlang/jq"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jqlang/jq](https://github.com/jqlang/jq) from 1.8.0 to 1.8.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jqlang/jq/releases\"\u003ejqlang/jq's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ejq 1.8.1\u003c/h2\u003e\n\u003cp\u003eThis is a patch release to fix security, performance, and build issues found in 1.8.0.\nFull commit log can be found at \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\"\u003ehttps://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-49014: Fix heap use after free in \u003ccode\u003ef_strftime\u003c/code\u003e, \u003ccode\u003ef_strflocaltime\u003c/code\u003e.\n\u003ca href=\"https://github.com/wader\"\u003e\u003ccode\u003e@​wader\u003c/code\u003e\u003c/a\u003e 499c91bca9d4d027833bc62787d1bb075c03680e\u003c/li\u003e\n\u003cli\u003eGHSA-f946-j5j2-4w5m: Fix stack overflow in \u003ccode\u003enode_min_byte_len\u003c/code\u003e of oniguruma.\n\u003ca href=\"https://github.com/wader\"\u003e\u003ccode\u003e@​wader\u003c/code\u003e\u003c/a\u003e 5e159b34b179417e3e0404108190a2ac7d65611c\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix assertion failure when syntax error happens at the end of the query. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3350\"\u003e#3350\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges to existing functions\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix portability of \u003ccode\u003estrptime/1\u003c/code\u003e especially for Windows. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3342\"\u003e#3342\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eLanguage changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert the change of \u003ccode\u003ereduce\u003c/code\u003e/\u003ccode\u003eforeach\u003c/code\u003e state variable in 1.8.0 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3205\"\u003e#3205\u003c/a\u003e).\nThis change was reverted due to serious performance regression. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3349\"\u003e#3349\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd LICENSE notice of NetBSD's \u003ccode\u003estrptime()\u003c/code\u003e to COPYING. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3344\"\u003e#3344\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBuild improvements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix build on old Mac with old sed. \u003ca href=\"https://github.com/qianbinbin\"\u003e\u003ccode\u003e@​qianbinbin\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3336\"\u003e#3336\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/4467af7068b1bcd7f882defff6e7ea674c5357f4\"\u003e\u003ccode\u003e4467af7\u003c/code\u003e\u003c/a\u003e Update NEWS.md and AUTHORS for 1.8.1 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3353\"\u003e#3353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/98a1176cffa726c1d18db42c76b53169d8c27d7c\"\u003e\u003ccode\u003e98a1176\u003c/code\u003e\u003c/a\u003e build(deps): bump pyyaml from 6.0.1 to 6.0.2 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3363\"\u003e#3363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/205b3a2d75c7dec0e9c71f262e76219b44176b01\"\u003e\u003ccode\u003e205b3a2\u003c/code\u003e\u003c/a\u003e build(deps): bump lxml from 5.4.0 to 6.0.0 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3362\"\u003e#3362\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d21e506d5283511b5b310fffe37a7b2dea6b410a\"\u003e\u003ccode\u003ed21e506\u003c/code\u003e\u003c/a\u003e build(deps): bump markdown from 3.8 to 3.8.2 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3361\"\u003e#3361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/11f43e9d93dec278bdd470bf25214cba614de2dc\"\u003e\u003ccode\u003e11f43e9\u003c/code\u003e\u003c/a\u003e Fixed minor typo in docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3359\"\u003e#3359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/2e6987967e9cbea933619c4a5f78b226acb49c13\"\u003e\u003ccode\u003e2e69879\u003c/code\u003e\u003c/a\u003e Use jv_mem_alloc to allocate dtoa_context in tsd_dtoa_context_get (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3356\"\u003e#3356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/0b1ef469734f0621283a056aa1e8f2080110b493\"\u003e\u003ccode\u003e0b1ef46\u003c/code\u003e\u003c/a\u003e Add oniguruma library path to link jq program\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/5e159b34b179417e3e0404108190a2ac7d65611c\"\u003e\u003ccode\u003e5e159b3\u003c/code\u003e\u003c/a\u003e Fix GHSA-f946-j5j2-4w5m stack-overflow by limit regex parse depth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/499c91bca9d4d027833bc62787d1bb075c03680e\"\u003e\u003ccode\u003e499c91b\u003c/code\u003e\u003c/a\u003e Fixes CVE-2025-49014 which was introduced in 1.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/edbc1da8093f55f8e7e68f29e93abcf2e19c5aa0\"\u003e\u003ccode\u003eedbc1da\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;fix: reduce/foreach state variable should not be reset each iteration...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jqlang/jq\u0026package-manager=docker\u0026previous-version=1.8.0\u0026new-version=1.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/hexa2k9/jenkns-runner/pull/22","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hexa2k9%2Fjenkns-runner/issues/22","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/22/packages"}},{"old_version":"1.8.0","new_version":"1.8.1","update_type":"patch","path":"/tools/py-dev","pr_created_at":"2025-07-01T17:14:27.000Z","version_change":"1.8.0 → 1.8.1","issue":{"uuid":"2633137122","node_id":"PR_kwDOBwcGbc6c8nvi","number":172,"state":"closed","title":"build(deps): bump jqlang/jq from 1.8.0 to 1.8.1 in /tools/py-dev","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-07-01T17:16:13.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-01T17:14:27.000Z","updated_at":"2025-07-01T17:16:13.000Z","time_to_close":106,"merged_at":"2025-07-01T17:16:13.000Z","merged_by":"github-actions[bot]","closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"jqlang/jq","old_version":"1.8.0","new_version":"1.8.1","repository_url":"https://github.com/jqlang/jq"}],"path":"/tools/py-dev","ecosystem":"docker"},"body":"Bumps [jqlang/jq](https://github.com/jqlang/jq) from 1.8.0 to 1.8.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jqlang/jq/releases\"\u003ejqlang/jq's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ejq 1.8.1\u003c/h2\u003e\n\u003cp\u003eThis is a patch release to fix security, performance, and build issues found in 1.8.0.\nFull commit log can be found at \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\"\u003ehttps://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-49014: Fix heap use after free in \u003ccode\u003ef_strftime\u003c/code\u003e, \u003ccode\u003ef_strflocaltime\u003c/code\u003e.\n\u003ca href=\"https://github.com/wader\"\u003e\u003ccode\u003e@​wader\u003c/code\u003e\u003c/a\u003e 499c91bca9d4d027833bc62787d1bb075c03680e\u003c/li\u003e\n\u003cli\u003eGHSA-f946-j5j2-4w5m: Fix stack overflow in \u003ccode\u003enode_min_byte_len\u003c/code\u003e of oniguruma.\n\u003ca href=\"https://github.com/wader\"\u003e\u003ccode\u003e@​wader\u003c/code\u003e\u003c/a\u003e 5e159b34b179417e3e0404108190a2ac7d65611c\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix assertion failure when syntax error happens at the end of the query. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3350\"\u003e#3350\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanges to existing functions\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix portability of \u003ccode\u003estrptime/1\u003c/code\u003e especially for Windows. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3342\"\u003e#3342\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eLanguage changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert the change of \u003ccode\u003ereduce\u003c/code\u003e/\u003ccode\u003eforeach\u003c/code\u003e state variable in 1.8.0 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3205\"\u003e#3205\u003c/a\u003e).\nThis change was reverted due to serious performance regression. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3349\"\u003e#3349\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd LICENSE notice of NetBSD's \u003ccode\u003estrptime()\u003c/code\u003e to COPYING. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3344\"\u003e#3344\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBuild improvements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix build on old Mac with old sed. \u003ca href=\"https://github.com/qianbinbin\"\u003e\u003ccode\u003e@​qianbinbin\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3336\"\u003e#3336\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/4467af7068b1bcd7f882defff6e7ea674c5357f4\"\u003e\u003ccode\u003e4467af7\u003c/code\u003e\u003c/a\u003e Update NEWS.md and AUTHORS for 1.8.1 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3353\"\u003e#3353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/98a1176cffa726c1d18db42c76b53169d8c27d7c\"\u003e\u003ccode\u003e98a1176\u003c/code\u003e\u003c/a\u003e build(deps): bump pyyaml from 6.0.1 to 6.0.2 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3363\"\u003e#3363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/205b3a2d75c7dec0e9c71f262e76219b44176b01\"\u003e\u003ccode\u003e205b3a2\u003c/code\u003e\u003c/a\u003e build(deps): bump lxml from 5.4.0 to 6.0.0 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3362\"\u003e#3362\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d21e506d5283511b5b310fffe37a7b2dea6b410a\"\u003e\u003ccode\u003ed21e506\u003c/code\u003e\u003c/a\u003e build(deps): bump markdown from 3.8 to 3.8.2 in /docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3361\"\u003e#3361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/11f43e9d93dec278bdd470bf25214cba614de2dc\"\u003e\u003ccode\u003e11f43e9\u003c/code\u003e\u003c/a\u003e Fixed minor typo in docs (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3359\"\u003e#3359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/2e6987967e9cbea933619c4a5f78b226acb49c13\"\u003e\u003ccode\u003e2e69879\u003c/code\u003e\u003c/a\u003e Use jv_mem_alloc to allocate dtoa_context in tsd_dtoa_context_get (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3356\"\u003e#3356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/0b1ef469734f0621283a056aa1e8f2080110b493\"\u003e\u003ccode\u003e0b1ef46\u003c/code\u003e\u003c/a\u003e Add oniguruma library path to link jq program\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/5e159b34b179417e3e0404108190a2ac7d65611c\"\u003e\u003ccode\u003e5e159b3\u003c/code\u003e\u003c/a\u003e Fix GHSA-f946-j5j2-4w5m stack-overflow by limit regex parse depth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/499c91bca9d4d027833bc62787d1bb075c03680e\"\u003e\u003ccode\u003e499c91b\u003c/code\u003e\u003c/a\u003e Fixes CVE-2025-49014 which was introduced in 1.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/edbc1da8093f55f8e7e68f29e93abcf2e19c5aa0\"\u003e\u003ccode\u003eedbc1da\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;fix: reduce/foreach state variable should not be reset each iteration...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.8.0...jq-1.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jqlang/jq\u0026package-manager=docker\u0026previous-version=1.8.0\u0026new-version=1.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/laurentquillerou/dotconf/pull/172","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/laurentquillerou%2Fdotconf/issues/172","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/172/packages"}},{"old_version":"1.7.1","new_version":"1.8.0","update_type":"minor","path":"/tools/py-dev","pr_created_at":"2025-06-02T18:23:36.000Z","version_change":"1.7.1 → 1.8.0","issue":{"uuid":"2561543843","node_id":"PR_kwDOBwcGbc6Yrg6j","number":152,"state":"open","title":"build(deps): bump jqlang/jq from 1.7.1 to 1.8.0 in /tools/py-dev","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-02T18:23:36.000Z","updated_at":"2025-06-02T18:23:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"jqlang/jq","old_version":"1.7.1","new_version":"1.8.0","repository_url":"https://github.com/jqlang/jq"}],"path":"/tools/py-dev","ecosystem":"docker"},"body":"Bumps [jqlang/jq](https://github.com/jqlang/jq) from 1.7.1 to 1.8.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jqlang/jq/releases\"\u003ejqlang/jq's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ejq 1.8.0\u003c/h2\u003e\n\u003cp\u003eWe are pleased to announce the release of version 1.8.0.\nThis release includes a number of improvements since the last version.\nNote that some changes may introduce breaking changes to existing scripts,\nso be sure to read the following information carefully.\nFull commit log can be found at \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\"\u003ehttps://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eReleasing\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eChange the version number pattern to \u003ccode\u003e1.X.Y\u003c/code\u003e (\u003ccode\u003e1.8.0\u003c/code\u003e instead of \u003ccode\u003e1.8\u003c/code\u003e). \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/2999\"\u003e#2999\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGenerate provenance attestations for release artifacts and docker image. \u003ca href=\"https://github.com/lectrical\"\u003e\u003ccode\u003e@​lectrical\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3225\"\u003e#3225\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003egh attestation verify --repo jqlang/jq jq-linux-amd64\ngh attestation verify --repo jqlang/jq oci://ghcr.io/jqlang/jq:1.8.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-23337: Fix signed integer overflow in \u003ccode\u003ejvp_array_write\u003c/code\u003e and \u003ccode\u003ejvp_object_rehash\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e de21386681c0df0104a99d9d09db23a9b2a78b1e\n\u003cul\u003e\n\u003cli\u003eThe fix for this issue now limits the maximum size of arrays and objects to 536870912 (\u003ccode\u003e2^29\u003c/code\u003e) elements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE-2024-53427: Reject NaN with payload while parsing JSON. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e a09a4dfd55e6c24d04b35062ccfe4509748b1dd3\n\u003cul\u003e\n\u003cli\u003eThe fix for this issue now drops support for NaN with payload in JSON (like \u003ccode\u003eNaN123\u003c/code\u003e).\nOther JSON extensions like \u003ccode\u003eNaN\u003c/code\u003e and \u003ccode\u003eInfinity\u003c/code\u003e are still supported.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE-2025-48060: Fix heap buffer overflow in \u003ccode\u003ejv_string_vfmt\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e c6e041699d8cd31b97375a2596217aff2cfca85b\u003c/li\u003e\n\u003cli\u003eFix use of uninitialized value in \u003ccode\u003echeck_literal\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3324\"\u003e#3324\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix segmentation fault on \u003ccode\u003estrftime/1\u003c/code\u003e, \u003ccode\u003estrflocaltime/1\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3271\"\u003e#3271\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unhandled overflow in \u003ccode\u003e@base64d\u003c/code\u003e. \u003ca href=\"https://github.com/emanuele6\"\u003e\u003ccode\u003e@​emanuele6\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3080\"\u003e#3080\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e--indent 0\u003c/code\u003e implicitly enabling \u003ccode\u003e--compact-output\u003c/code\u003e. \u003ca href=\"https://github.com/amarshall\"\u003e\u003ccode\u003e@​amarshall\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/gbrlmarn\"\u003e\u003ccode\u003e@​gbrlmarn\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3232\"\u003e#3232\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003e$ jq --indent 0 . \u0026lt;\u0026lt;\u0026lt; '{ \u0026quot;foo\u0026quot;: [\u0026quot;hello\u0026quot;, \u0026quot;world\u0026quot;] }'\n{\n\u0026quot;foo\u0026quot;: [\n\u0026quot;hello\u0026quot;,\n\u0026quot;world\u0026quot;\n]\n}\n# Previously, this implied --compact-output, but now outputs with new lines.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove error messages to show problematic position in the filter. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3292\"\u003e#3292\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003e$ jq -n '1 + $foo + 2'\njq: error: $foo is not defined at \u0026lt;top-level\u0026gt;, line 1, column 5:\n    1 + $foo + 2\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d23a7b9db932be706fecf5f4c9711fd4214bb64e\"\u003e\u003ccode\u003ed23a7b9\u003c/code\u003e\u003c/a\u003e Update NEWS.md and AUTHORS for 1.8.0 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3330\"\u003e#3330\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d3cf5caf724a3ff353069dcfbeef7d2b5640ea65\"\u003e\u003ccode\u003ed3cf5ca\u003c/code\u003e\u003c/a\u003e Add more test cases for JQ_COLORS support (ref \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3288\"\u003e#3288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/aa977aa71643d4b02f51cab8be0e1abc3b0f9152\"\u003e\u003ccode\u003eaa977aa\u003c/code\u003e\u003c/a\u003e Dynamically allocate JQ_COLORS escapes for truecolor support (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3282\"\u003e#3282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/c6e041699d8cd31b97375a2596217aff2cfca85b\"\u003e\u003ccode\u003ec6e0416\u003c/code\u003e\u003c/a\u003e Fix heap buffer overflow when formatting an empty string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/3b00981acd9b6b373b5bbb7643802b77169200dc\"\u003e\u003ccode\u003e3b00981\u003c/code\u003e\u003c/a\u003e Fix quotes in 1.7 manual for ease of taking diff between versions (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3329\"\u003e#3329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/f28720f699ab35643edec2a42a2f47c3ddaf3b32\"\u003e\u003ccode\u003ef28720f\u003c/code\u003e\u003c/a\u003e Increase the maximum parsing depth for parsing JSON to 10000 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3328\"\u003e#3328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/9ac6ddae2266c6c19f8599c5ad5fc67e3bc7c9f4\"\u003e\u003ccode\u003e9ac6dda\u003c/code\u003e\u003c/a\u003e Fix whitespace in number parsing (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3195\"\u003e#3195\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/aaace5432a658856c4e40601e29f19a41fd8c80f\"\u003e\u003ccode\u003eaaace54\u003c/code\u003e\u003c/a\u003e Fix parser to allow binary operators for binding syntax (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3326\"\u003e#3326\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/4e3088f1888f367ce744d830423848d15a03f5d0\"\u003e\u003ccode\u003e4e3088f\u003c/code\u003e\u003c/a\u003e Fix behavior of \u003ccode\u003e--slurp --stream\u003c/code\u003e when input has no trailing newline charact...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/7d8c096e487a6ef5f7294e4862938d594ad67f57\"\u003e\u003ccode\u003e7d8c096\u003c/code\u003e\u003c/a\u003e Add trimstr/1 function (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3319\"\u003e#3319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jqlang/jq\u0026package-manager=docker\u0026previous-version=1.7.1\u0026new-version=1.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/laurentquillerou/dotconf/pull/152","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/laurentquillerou%2Fdotconf/issues/152","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/152/packages"}},{"old_version":"1.7.1","new_version":"1.8.0","update_type":"minor","path":"/tools/toolbox","pr_created_at":"2025-06-02T17:58:00.000Z","version_change":"1.7.1 → 1.8.0","issue":{"uuid":"2561478980","node_id":"PR_kwDOBwcGbc6YrRFE","number":149,"state":"closed","title":"build(deps): bump jqlang/jq from 1.7.1 to 1.8.0 in /tools/toolbox","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-06-05T06:35:55.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-02T17:58:00.000Z","updated_at":"2025-06-05T06:35:55.000Z","time_to_close":218275,"merged_at":"2025-06-05T06:35:55.000Z","merged_by":"laurentquillerou","closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"jqlang/jq","old_version":"1.7.1","new_version":"1.8.0","repository_url":"https://github.com/jqlang/jq"}],"path":"/tools/toolbox","ecosystem":"docker"},"body":"Bumps [jqlang/jq](https://github.com/jqlang/jq) from 1.7.1 to 1.8.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jqlang/jq/releases\"\u003ejqlang/jq's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ejq 1.8.0\u003c/h2\u003e\n\u003cp\u003eWe are pleased to announce the release of version 1.8.0.\nThis release includes a number of improvements since the last version.\nNote that some changes may introduce breaking changes to existing scripts,\nso be sure to read the following information carefully.\nFull commit log can be found at \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\"\u003ehttps://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eReleasing\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eChange the version number pattern to \u003ccode\u003e1.X.Y\u003c/code\u003e (\u003ccode\u003e1.8.0\u003c/code\u003e instead of \u003ccode\u003e1.8\u003c/code\u003e). \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/2999\"\u003e#2999\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGenerate provenance attestations for release artifacts and docker image. \u003ca href=\"https://github.com/lectrical\"\u003e\u003ccode\u003e@​lectrical\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3225\"\u003e#3225\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003egh attestation verify --repo jqlang/jq jq-linux-amd64\ngh attestation verify --repo jqlang/jq oci://ghcr.io/jqlang/jq:1.8.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-23337: Fix signed integer overflow in \u003ccode\u003ejvp_array_write\u003c/code\u003e and \u003ccode\u003ejvp_object_rehash\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e de21386681c0df0104a99d9d09db23a9b2a78b1e\n\u003cul\u003e\n\u003cli\u003eThe fix for this issue now limits the maximum size of arrays and objects to 536870912 (\u003ccode\u003e2^29\u003c/code\u003e) elements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE-2024-53427: Reject NaN with payload while parsing JSON. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e a09a4dfd55e6c24d04b35062ccfe4509748b1dd3\n\u003cul\u003e\n\u003cli\u003eThe fix for this issue now drops support for NaN with payload in JSON (like \u003ccode\u003eNaN123\u003c/code\u003e).\nOther JSON extensions like \u003ccode\u003eNaN\u003c/code\u003e and \u003ccode\u003eInfinity\u003c/code\u003e are still supported.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE-2025-48060: Fix heap buffer overflow in \u003ccode\u003ejv_string_vfmt\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e c6e041699d8cd31b97375a2596217aff2cfca85b\u003c/li\u003e\n\u003cli\u003eFix use of uninitialized value in \u003ccode\u003echeck_literal\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3324\"\u003e#3324\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix segmentation fault on \u003ccode\u003estrftime/1\u003c/code\u003e, \u003ccode\u003estrflocaltime/1\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3271\"\u003e#3271\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unhandled overflow in \u003ccode\u003e@base64d\u003c/code\u003e. \u003ca href=\"https://github.com/emanuele6\"\u003e\u003ccode\u003e@​emanuele6\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3080\"\u003e#3080\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e--indent 0\u003c/code\u003e implicitly enabling \u003ccode\u003e--compact-output\u003c/code\u003e. \u003ca href=\"https://github.com/amarshall\"\u003e\u003ccode\u003e@​amarshall\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/gbrlmarn\"\u003e\u003ccode\u003e@​gbrlmarn\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3232\"\u003e#3232\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003e$ jq --indent 0 . \u0026lt;\u0026lt;\u0026lt; '{ \u0026quot;foo\u0026quot;: [\u0026quot;hello\u0026quot;, \u0026quot;world\u0026quot;] }'\n{\n\u0026quot;foo\u0026quot;: [\n\u0026quot;hello\u0026quot;,\n\u0026quot;world\u0026quot;\n]\n}\n# Previously, this implied --compact-output, but now outputs with new lines.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove error messages to show problematic position in the filter. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3292\"\u003e#3292\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003e$ jq -n '1 + $foo + 2'\njq: error: $foo is not defined at \u0026lt;top-level\u0026gt;, line 1, column 5:\n    1 + $foo + 2\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d23a7b9db932be706fecf5f4c9711fd4214bb64e\"\u003e\u003ccode\u003ed23a7b9\u003c/code\u003e\u003c/a\u003e Update NEWS.md and AUTHORS for 1.8.0 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3330\"\u003e#3330\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d3cf5caf724a3ff353069dcfbeef7d2b5640ea65\"\u003e\u003ccode\u003ed3cf5ca\u003c/code\u003e\u003c/a\u003e Add more test cases for JQ_COLORS support (ref \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3288\"\u003e#3288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/aa977aa71643d4b02f51cab8be0e1abc3b0f9152\"\u003e\u003ccode\u003eaa977aa\u003c/code\u003e\u003c/a\u003e Dynamically allocate JQ_COLORS escapes for truecolor support (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3282\"\u003e#3282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/c6e041699d8cd31b97375a2596217aff2cfca85b\"\u003e\u003ccode\u003ec6e0416\u003c/code\u003e\u003c/a\u003e Fix heap buffer overflow when formatting an empty string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/3b00981acd9b6b373b5bbb7643802b77169200dc\"\u003e\u003ccode\u003e3b00981\u003c/code\u003e\u003c/a\u003e Fix quotes in 1.7 manual for ease of taking diff between versions (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3329\"\u003e#3329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/f28720f699ab35643edec2a42a2f47c3ddaf3b32\"\u003e\u003ccode\u003ef28720f\u003c/code\u003e\u003c/a\u003e Increase the maximum parsing depth for parsing JSON to 10000 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3328\"\u003e#3328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/9ac6ddae2266c6c19f8599c5ad5fc67e3bc7c9f4\"\u003e\u003ccode\u003e9ac6dda\u003c/code\u003e\u003c/a\u003e Fix whitespace in number parsing (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3195\"\u003e#3195\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/aaace5432a658856c4e40601e29f19a41fd8c80f\"\u003e\u003ccode\u003eaaace54\u003c/code\u003e\u003c/a\u003e Fix parser to allow binary operators for binding syntax (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3326\"\u003e#3326\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/4e3088f1888f367ce744d830423848d15a03f5d0\"\u003e\u003ccode\u003e4e3088f\u003c/code\u003e\u003c/a\u003e Fix behavior of \u003ccode\u003e--slurp --stream\u003c/code\u003e when input has no trailing newline charact...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/7d8c096e487a6ef5f7294e4862938d594ad67f57\"\u003e\u003ccode\u003e7d8c096\u003c/code\u003e\u003c/a\u003e Add trimstr/1 function (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3319\"\u003e#3319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jqlang/jq\u0026package-manager=docker\u0026previous-version=1.7.1\u0026new-version=1.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/laurentquillerou/dotconf/pull/149","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/laurentquillerou%2Fdotconf/issues/149","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/149/packages"}},{"old_version":"1.7.1","new_version":"1.8.0","update_type":"minor","path":null,"pr_created_at":"2025-06-02T07:44:58.000Z","version_change":"1.7.1 → 1.8.0","issue":{"uuid":"2559633683","node_id":"PR_kwDONbgMPc6YkOkT","number":17,"state":"open","title":"Bump jqlang/jq from 1.7.1 to 1.8.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":["hexa2k9"],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-02T07:44:58.000Z","updated_at":"2025-06-02T07:44:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jqlang/jq","old_version":"1.7.1","new_version":"1.8.0","repository_url":"https://github.com/jqlang/jq"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jqlang/jq](https://github.com/jqlang/jq) from 1.7.1 to 1.8.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jqlang/jq/releases\"\u003ejqlang/jq's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ejq 1.8.0\u003c/h2\u003e\n\u003cp\u003eWe are pleased to announce the release of version 1.8.0.\nThis release includes a number of improvements since the last version.\nNote that some changes may introduce breaking changes to existing scripts,\nso be sure to read the following information carefully.\nFull commit log can be found at \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\"\u003ehttps://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eReleasing\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eChange the version number pattern to \u003ccode\u003e1.X.Y\u003c/code\u003e (\u003ccode\u003e1.8.0\u003c/code\u003e instead of \u003ccode\u003e1.8\u003c/code\u003e). \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/2999\"\u003e#2999\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGenerate provenance attestations for release artifacts and docker image. \u003ca href=\"https://github.com/lectrical\"\u003e\u003ccode\u003e@​lectrical\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3225\"\u003e#3225\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003egh attestation verify --repo jqlang/jq jq-linux-amd64\ngh attestation verify --repo jqlang/jq oci://ghcr.io/jqlang/jq:1.8.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-23337: Fix signed integer overflow in \u003ccode\u003ejvp_array_write\u003c/code\u003e and \u003ccode\u003ejvp_object_rehash\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e de21386681c0df0104a99d9d09db23a9b2a78b1e\n\u003cul\u003e\n\u003cli\u003eThe fix for this issue now limits the maximum size of arrays and objects to 536870912 (\u003ccode\u003e2^29\u003c/code\u003e) elements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE-2024-53427: Reject NaN with payload while parsing JSON. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e a09a4dfd55e6c24d04b35062ccfe4509748b1dd3\n\u003cul\u003e\n\u003cli\u003eThe fix for this issue now drops support for NaN with payload in JSON (like \u003ccode\u003eNaN123\u003c/code\u003e).\nOther JSON extensions like \u003ccode\u003eNaN\u003c/code\u003e and \u003ccode\u003eInfinity\u003c/code\u003e are still supported.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE-2025-48060: Fix heap buffer overflow in \u003ccode\u003ejv_string_vfmt\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e c6e041699d8cd31b97375a2596217aff2cfca85b\u003c/li\u003e\n\u003cli\u003eFix use of uninitialized value in \u003ccode\u003echeck_literal\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3324\"\u003e#3324\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix segmentation fault on \u003ccode\u003estrftime/1\u003c/code\u003e, \u003ccode\u003estrflocaltime/1\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3271\"\u003e#3271\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unhandled overflow in \u003ccode\u003e@base64d\u003c/code\u003e. \u003ca href=\"https://github.com/emanuele6\"\u003e\u003ccode\u003e@​emanuele6\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3080\"\u003e#3080\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e--indent 0\u003c/code\u003e implicitly enabling \u003ccode\u003e--compact-output\u003c/code\u003e. \u003ca href=\"https://github.com/amarshall\"\u003e\u003ccode\u003e@​amarshall\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/gbrlmarn\"\u003e\u003ccode\u003e@​gbrlmarn\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3232\"\u003e#3232\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003e$ jq --indent 0 . \u0026lt;\u0026lt;\u0026lt; '{ \u0026quot;foo\u0026quot;: [\u0026quot;hello\u0026quot;, \u0026quot;world\u0026quot;] }'\n{\n\u0026quot;foo\u0026quot;: [\n\u0026quot;hello\u0026quot;,\n\u0026quot;world\u0026quot;\n]\n}\n# Previously, this implied --compact-output, but now outputs with new lines.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove error messages to show problematic position in the filter. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3292\"\u003e#3292\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003e$ jq -n '1 + $foo + 2'\njq: error: $foo is not defined at \u0026lt;top-level\u0026gt;, line 1, column 5:\n    1 + $foo + 2\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d23a7b9db932be706fecf5f4c9711fd4214bb64e\"\u003e\u003ccode\u003ed23a7b9\u003c/code\u003e\u003c/a\u003e Update NEWS.md and AUTHORS for 1.8.0 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3330\"\u003e#3330\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d3cf5caf724a3ff353069dcfbeef7d2b5640ea65\"\u003e\u003ccode\u003ed3cf5ca\u003c/code\u003e\u003c/a\u003e Add more test cases for JQ_COLORS support (ref \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3288\"\u003e#3288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/aa977aa71643d4b02f51cab8be0e1abc3b0f9152\"\u003e\u003ccode\u003eaa977aa\u003c/code\u003e\u003c/a\u003e Dynamically allocate JQ_COLORS escapes for truecolor support (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3282\"\u003e#3282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/c6e041699d8cd31b97375a2596217aff2cfca85b\"\u003e\u003ccode\u003ec6e0416\u003c/code\u003e\u003c/a\u003e Fix heap buffer overflow when formatting an empty string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/3b00981acd9b6b373b5bbb7643802b77169200dc\"\u003e\u003ccode\u003e3b00981\u003c/code\u003e\u003c/a\u003e Fix quotes in 1.7 manual for ease of taking diff between versions (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3329\"\u003e#3329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/f28720f699ab35643edec2a42a2f47c3ddaf3b32\"\u003e\u003ccode\u003ef28720f\u003c/code\u003e\u003c/a\u003e Increase the maximum parsing depth for parsing JSON to 10000 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3328\"\u003e#3328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/9ac6ddae2266c6c19f8599c5ad5fc67e3bc7c9f4\"\u003e\u003ccode\u003e9ac6dda\u003c/code\u003e\u003c/a\u003e Fix whitespace in number parsing (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3195\"\u003e#3195\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/aaace5432a658856c4e40601e29f19a41fd8c80f\"\u003e\u003ccode\u003eaaace54\u003c/code\u003e\u003c/a\u003e Fix parser to allow binary operators for binding syntax (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3326\"\u003e#3326\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/4e3088f1888f367ce744d830423848d15a03f5d0\"\u003e\u003ccode\u003e4e3088f\u003c/code\u003e\u003c/a\u003e Fix behavior of \u003ccode\u003e--slurp --stream\u003c/code\u003e when input has no trailing newline charact...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/7d8c096e487a6ef5f7294e4862938d594ad67f57\"\u003e\u003ccode\u003e7d8c096\u003c/code\u003e\u003c/a\u003e Add trimstr/1 function (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3319\"\u003e#3319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jqlang/jq\u0026package-manager=docker\u0026previous-version=1.7.1\u0026new-version=1.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/hexa2k9/jenkns-runner/pull/17","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hexa2k9%2Fjenkns-runner/issues/17","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/17/packages"}},{"old_version":"1.7.1","new_version":"1.8.0","update_type":"minor","path":null,"pr_created_at":"2025-06-02T05:20:35.000Z","version_change":"1.7.1 → 1.8.0","issue":{"uuid":"2559276767","node_id":"PR_kwDONDwe4M6Yi3bf","number":19,"state":"closed","title":"Bump jqlang/jq from 1.7.1 to 1.8.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-06-02T18:00:13.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-02T05:20:35.000Z","updated_at":"2025-06-02T18:00:13.000Z","time_to_close":45578,"merged_at":"2025-06-02T18:00:12.000Z","merged_by":"dependabot[bot]","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jqlang/jq","old_version":"1.7.1","new_version":"1.8.0","repository_url":"https://github.com/jqlang/jq"}],"path":null,"ecosystem":"docker"},"body":"Bumps [jqlang/jq](https://github.com/jqlang/jq) from 1.7.1 to 1.8.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jqlang/jq/releases\"\u003ejqlang/jq's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ejq 1.8.0\u003c/h2\u003e\n\u003cp\u003eWe are pleased to announce the release of version 1.8.0.\nThis release includes a number of improvements since the last version.\nNote that some changes may introduce breaking changes to existing scripts,\nso be sure to read the following information carefully.\nFull commit log can be found at \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\"\u003ehttps://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eReleasing\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eChange the version number pattern to \u003ccode\u003e1.X.Y\u003c/code\u003e (\u003ccode\u003e1.8.0\u003c/code\u003e instead of \u003ccode\u003e1.8\u003c/code\u003e). \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/2999\"\u003e#2999\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGenerate provenance attestations for release artifacts and docker image. \u003ca href=\"https://github.com/lectrical\"\u003e\u003ccode\u003e@​lectrical\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3225\"\u003e#3225\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003egh attestation verify --repo jqlang/jq jq-linux-amd64\ngh attestation verify --repo jqlang/jq oci://ghcr.io/jqlang/jq:1.8.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-23337: Fix signed integer overflow in \u003ccode\u003ejvp_array_write\u003c/code\u003e and \u003ccode\u003ejvp_object_rehash\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e de21386681c0df0104a99d9d09db23a9b2a78b1e\n\u003cul\u003e\n\u003cli\u003eThe fix for this issue now limits the maximum size of arrays and objects to 536870912 (\u003ccode\u003e2^29\u003c/code\u003e) elements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE-2024-53427: Reject NaN with payload while parsing JSON. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e a09a4dfd55e6c24d04b35062ccfe4509748b1dd3\n\u003cul\u003e\n\u003cli\u003eThe fix for this issue now drops support for NaN with payload in JSON (like \u003ccode\u003eNaN123\u003c/code\u003e).\nOther JSON extensions like \u003ccode\u003eNaN\u003c/code\u003e and \u003ccode\u003eInfinity\u003c/code\u003e are still supported.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE-2025-48060: Fix heap buffer overflow in \u003ccode\u003ejv_string_vfmt\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e c6e041699d8cd31b97375a2596217aff2cfca85b\u003c/li\u003e\n\u003cli\u003eFix use of uninitialized value in \u003ccode\u003echeck_literal\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3324\"\u003e#3324\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix segmentation fault on \u003ccode\u003estrftime/1\u003c/code\u003e, \u003ccode\u003estrflocaltime/1\u003c/code\u003e. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3271\"\u003e#3271\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix unhandled overflow in \u003ccode\u003e@base64d\u003c/code\u003e. \u003ca href=\"https://github.com/emanuele6\"\u003e\u003ccode\u003e@​emanuele6\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3080\"\u003e#3080\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCLI changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e--indent 0\u003c/code\u003e implicitly enabling \u003ccode\u003e--compact-output\u003c/code\u003e. \u003ca href=\"https://github.com/amarshall\"\u003e\u003ccode\u003e@​amarshall\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/gbrlmarn\"\u003e\u003ccode\u003e@​gbrlmarn\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3232\"\u003e#3232\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003e$ jq --indent 0 . \u0026lt;\u0026lt;\u0026lt; '{ \u0026quot;foo\u0026quot;: [\u0026quot;hello\u0026quot;, \u0026quot;world\u0026quot;] }'\n{\n\u0026quot;foo\u0026quot;: [\n\u0026quot;hello\u0026quot;,\n\u0026quot;world\u0026quot;\n]\n}\n# Previously, this implied --compact-output, but now outputs with new lines.\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove error messages to show problematic position in the filter. \u003ca href=\"https://github.com/itchyny\"\u003e\u003ccode\u003e@​itchyny\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3292\"\u003e#3292\u003c/a\u003e\u003c/p\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003e$ jq -n '1 + $foo + 2'\njq: error: $foo is not defined at \u0026lt;top-level\u0026gt;, line 1, column 5:\n    1 + $foo + 2\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d23a7b9db932be706fecf5f4c9711fd4214bb64e\"\u003e\u003ccode\u003ed23a7b9\u003c/code\u003e\u003c/a\u003e Update NEWS.md and AUTHORS for 1.8.0 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3330\"\u003e#3330\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/d3cf5caf724a3ff353069dcfbeef7d2b5640ea65\"\u003e\u003ccode\u003ed3cf5ca\u003c/code\u003e\u003c/a\u003e Add more test cases for JQ_COLORS support (ref \u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3288\"\u003e#3288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/aa977aa71643d4b02f51cab8be0e1abc3b0f9152\"\u003e\u003ccode\u003eaa977aa\u003c/code\u003e\u003c/a\u003e Dynamically allocate JQ_COLORS escapes for truecolor support (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3282\"\u003e#3282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/c6e041699d8cd31b97375a2596217aff2cfca85b\"\u003e\u003ccode\u003ec6e0416\u003c/code\u003e\u003c/a\u003e Fix heap buffer overflow when formatting an empty string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/3b00981acd9b6b373b5bbb7643802b77169200dc\"\u003e\u003ccode\u003e3b00981\u003c/code\u003e\u003c/a\u003e Fix quotes in 1.7 manual for ease of taking diff between versions (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3329\"\u003e#3329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/f28720f699ab35643edec2a42a2f47c3ddaf3b32\"\u003e\u003ccode\u003ef28720f\u003c/code\u003e\u003c/a\u003e Increase the maximum parsing depth for parsing JSON to 10000 (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3328\"\u003e#3328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/9ac6ddae2266c6c19f8599c5ad5fc67e3bc7c9f4\"\u003e\u003ccode\u003e9ac6dda\u003c/code\u003e\u003c/a\u003e Fix whitespace in number parsing (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3195\"\u003e#3195\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/aaace5432a658856c4e40601e29f19a41fd8c80f\"\u003e\u003ccode\u003eaaace54\u003c/code\u003e\u003c/a\u003e Fix parser to allow binary operators for binding syntax (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3326\"\u003e#3326\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/4e3088f1888f367ce744d830423848d15a03f5d0\"\u003e\u003ccode\u003e4e3088f\u003c/code\u003e\u003c/a\u003e Fix behavior of \u003ccode\u003e--slurp --stream\u003c/code\u003e when input has no trailing newline charact...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jqlang/jq/commit/7d8c096e487a6ef5f7294e4862938d594ad67f57\"\u003e\u003ccode\u003e7d8c096\u003c/code\u003e\u003c/a\u003e Add trimstr/1 function (\u003ca href=\"https://redirect.github.com/jqlang/jq/issues/3319\"\u003e#3319\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jqlang/jq/compare/jq-1.7.1...jq-1.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jqlang/jq\u0026package-manager=docker\u0026previous-version=1.7.1\u0026new-version=1.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/omec-project/aether-cni/pull/19","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/omec-project%2Faether-cni/issues/19","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/19/packages"}}]}