main/jq: security upgrade to 1.8.0

- CVE-2024-23337 - CVE-2024-53427 - CVE-2025-48060 ref https://github.com/jqlang/jq/releases/tag/jq-1.8.0 sed added to support \x23 replacement for version
2025-07-12 18:59:50 +03:00 · 2025-06-01 17:15:22 +02:00 · 2025-06-01 17:15:22 +02:00 · 98d6ad8a9f
commit 98d6ad8a9f
parent af4f1041c8
1 changed files with 11 additions and 3 deletions
--- a/main/jq/APKBUILD
+++ b/main/jq/APKBUILD
@ -1,17 +1,25 @@
 # Contributor: Johannes Matheis <jomat+alpinebuild@jmt.gr>
 # Maintainer: Patrycja Rosa <alpine@ptrcnull.me>
 pkgname=jq
-pkgver=1.7.1
+pkgver=1.8.0
 pkgrel=0
 pkgdesc="A lightweight and flexible command-line JSON processor"
 url="https://jqlang.github.io/jq/"
 arch="all"
 license="MIT"
-makedepends="oniguruma-dev"
+makedepends="oniguruma-dev sed"
 checkdepends="tzdata"
 subpackages="$pkgname-doc $pkgname-dev"
 source="jq-$pkgver.tar.gz::https://github.com/jqlang/jq/releases/download/jq-$pkgver/jq-$pkgver.tar.gz"
 # secfixes:
 #   1.8.0-r0:
 #     - CVE-2024-23337
 #     - CVE-2024-53427
 #     - CVE-2025-48060
 #   1.7.1-r0:
 #     - CVE-2023-50246
 #     - CVE-2023-50268
 #   1.6_rc1-r0:
 #     - CVE-2016-4074
@ -36,5 +44,5 @@ package() {
 }
 sha512sums="
-464861fb2e0d6934b616f1dc7f8002d7dae727c8c0c07b385b813e7522ba1ada8ead4165e1d99c892e3ea76e238c55a15b718c738805419721920f88f8d8478c  jq-1.7.1.tar.gz
+eaa991e43d3fc716dd57f6722a42d4119dcd8ba272eb2fcab882f83efb0b11c10a35c3dc8ad2067f30440dad988d34b5955601499eae1bb9e43db53db02bc4cf  jq-1.8.0.tar.gz
 "