Bump mikefarah/yq from 4.22.1 to 4.23.1

[dependabot]

Bumps mikefarah/yq from 4.22.1 to 4.23.1.

Release notes

Sourced from mikefarah/yq's releases.

v4.23.1

• Can now supply the envsubst operator with parameters (nounset, noempty, failfast). See envsubst for details (#1137)
• Bumped dependencies
• Fixed '+=' problem with multiple matches #1145
• Fixed bug with "and", "or" evaluating the RHS when not needed
• Fixed potential panic (thanks @​mkatychev)
• Tweaked CLI help (thanks @​justin-f-perez)

Changelog

Sourced from mikefarah/yq's changelog.

4.23.1:

• Can now supply the envsubst operator with parameters (nounset, noempty, failfast). See envsubst for details (#1137)
• Bumped dependencies
• Fixed '+=' problem with multiple matches #1145
• Fixed bug with "and", "or" evaluating the RHS when not needed
• Fixed potential panic (thanks @​mkatychev)
• Tweaked CLI help (thanks @​justin-f-perez)

4.22.1:

• Added [pick] (https://mikefarah.gitbook.io/yq/operators/pick) operator
• Can load expression from a file '--from-file' (#1120)
• Fixed property auto expansion (#1127)

4.21.1:

• Added reverse operator
• Added string case operators
• Added base64 support
• Added line and column operators
• Bumped dependency versions

4.20.2:

• Fixed self assignment issue (#1107)
• Fixed bad capture groups with multiple matches (#1114)
• No longer auto-read from STDIN if there are files given (#1115)
• Added missing load_props operator

4.20.1:

• New Date Operators (now, tz, add and subtract durations from dates)
• Can now decode property files!
• New flag to manually set expression if required
• ZSH completion bug fix (#1108) thanks @​whi-tw
• Fixed SEGV error (#1096)
• Fixed Github actions issues (it pipes in /dev/null) for XML
• Fixed bug - handle expressions that match a directory (e.g. ".")

4.19.1:

• New eval operator that allows dynamic expression evaluation (e.g. from a env variable) (#1087)
• Adding new elements to array now automatically applies styling of existing elements (#722)

4.18.1:

• eval is now the default command, you can leave it out #113
• - no longer needs to be specified as STDIN, unless you are also working with multiple files. #113
• Adding to empty maps / arrays now uses idiomatic yaml styling by default
• Fixed seg fault on bad input #1086
• New envsubst operator! (thanks @​sciyoshi)
• Added support for *=, relative multiply/merge
• Custom tag types now autocast to there actual types #933

4.17.2:

• Fixed manpath issue (thanks @​mr-pmillz)

... (truncated)

Commits

• 03f57b7 Bumping version
• 005b097 Boolean fix (#1148)
• e08b680 Simplify json > yaml cli example
• 78e9cc7 Envsubst params (#1147)
• 1a964c5 update cli help (#1146)
• 0ffee92 Fixed += with multiple matches #1145
• 99cd9e8 Bump github.com/spf13/cobra from 1.3.0 to 1.4.0 (#1143)
• 8cb2422 Bump golang from 1.17 to 1.18.0 (#1144)
• 4bb2fa1 Updated equals doc
• d27fb0e Update multiply docs
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

Merging #1639 (cbad0df) into main (f48f00b) will increase coverage by 0.63%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #1639      +/-   ##
==========================================
+ Coverage   27.34%   27.97%   +0.63%     
==========================================
  Files         137      137              
  Lines        7820     7820              
==========================================
+ Hits         2138     2188      +50     
+ Misses       5471     5403      -68     
- Partials      211      229      +18     

Impacted Files	Coverage Δ
pkg/cosign/tuf/client.go	63.29% <0.00%> (+0.31%)	⬆️
pkg/oci/layout/index.go	28.57% <0.00%> (+28.57%)	⬆️
pkg/oci/layout/write.go	37.50% <0.00%> (+37.50%)	⬆️
pkg/oci/layout/signatures.go	53.84% <0.00%> (+53.84%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f48f00b...cbad0df. Read the comment docs.

[dlorenc]

@dependabot rebase