Upgrade: [dependabot] - bump mikefarah/yq from 4.52.2 to 4.52.4 by dependabot[bot] · Pull Request #70 · NHSDigital/eps-common-workflows

dependabot · 2026-02-19T18:08:23Z

Bumps mikefarah/yq from 4.52.2 to 4.52.4.

Release notes

v4.52.4

Dropping windows/arm - no longer supported in cross-compile

Fixing comments in TOML arrays (#2592)

Bumped dependencies

Changelog

Sourced from mikefarah/yq's changelog.

4.52.4:

Dropping windows/arm - no longer supported in cross-compile

4.52.3:

Fixing comments in TOML arrays (#2592)

Bumped dependencies

4.52.2:

Fixed bad instructions file breaking go-install (#2587) Thanks @theyoprst

Fixed TOML table scope after comments (#2588) Thanks @tomers

Multiply uses a readonly context (#2558)

Fixed merge globbing wildcards in keys (#2564)

Fixing TOML subarray parsing issue (#2581)

4.52.1:

TOML encoder support - you can now roundtrip! #1364

Parent now supports negative indices, and added a 'root' command for referencing the top level document

Fixed scalar encoding for HCL

Add --yaml-compact-seq-indent / -c flag for compact sequence indentation (#2583) Thanks @jfenal

Add symlink check to file rename util (#2576) Thanks @Elias-elastisys

Powershell fixed default command used for __completeNoDesc alias (#2568) Thanks @teejaded

Unwrap scalars in shell output mode. (#2548) Thanks @flintwinters

Added K8S KYAML output format support (#2560) Thanks @robbat2

Bumped dependencies

Special shout out to @ccoVeille for reviewing my PRs!

4.50.1:

Added HCL support!

Fixing handling of CRLF #2352

Bumped dependencies

4.49.2:

Fixing escape character bugs 😓 #2517

Fixing snap release pipeline #2518 Thanks @aalexjo

4.49.1:

Added --security flags to disable env and file ops #2515

Fixing TOML ArrayTable parsing issues #1758

Fixing parsing of escaped characters #2506

4.48.2:

Strip whitespace when decoding base64 #2507

Upgraded to go-yaml v4! (thanks @ccoVeille, @ingydotnet)

Add linux/loong64 to release target (thanks @znley)

Added --shell-key-separator flag for customizable shell output format #2497 (thanks @rsleedbx)

Bumped dependencies

... (truncated)

Commits

5a7e72a Bumping version
562531d Dropping windows/arm
2c471b6 Bumping version
f4ef6ef Release notes
f49f2bd Bump golang.org/x/mod from 0.31.0 to 0.33.0 (#2606)
6ccc7b7 Bump golang.org/x/net from 0.49.0 to 0.50.0 (#2604)
b3e1fbb Bump golang from 1.25.6 to 1.26.0 (#2603)
288ca2d Fixing comments in TOML arrays #2592 (#2595)
eb04fa8 More tests
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.52.2 to 4.52.4. - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](mikefarah/yq@2be0094...5a7e72a) --- updated-dependencies: - dependency-name: mikefarah/yq dependency-version: 4.52.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-02-19T18:08:34Z

This PR is raised by Dependabot to update a dependency.

sonarqubecloud · 2026-02-20T07:44:33Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 19, 2026

update trivyignore

4b6a7fe

anthony-nhs merged commit 6e8af6d into main Feb 20, 2026
11 checks passed

dependabot bot deleted the dependabot/github_actions/mikefarah/yq-4.52.4 branch February 20, 2026 07:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

Upgrade: [dependabot] - bump mikefarah/yq from 4.52.2 to 4.52.4#70

Upgrade: [dependabot] - bump mikefarah/yq from 4.52.2 to 4.52.4#70
anthony-nhs merged 2 commits intomainfrom
dependabot/github_actions/mikefarah/yq-4.52.4

dependabot bot commented on behalf of github Feb 19, 2026

Uh oh!

github-actions bot commented Feb 19, 2026

Uh oh!

sonarqubecloud bot commented Feb 20, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Comments

Conversation

dependabot bot commented on behalf of github Feb 19, 2026

v4.52.4

Uh oh!

github-actions bot commented Feb 19, 2026

Uh oh!

sonarqubecloud bot commented Feb 20, 2026

Quality Gate passed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant