outputs/valid_messages.json

[
  {
    "message": "Add missing string color case\n\nColors have a color separate from object keys, so were not tested."
  },
  {
    "message": "Clear formatting immediately after colon"
  },
  {
    "message": "Fix tests and test indented printing"
  },
  {
    "message": "Consistently reset color formatting in `jv_dump_term`\n\nBefore, arrays would not reset colors after `[` and `,`, but objects\nwould; it would reset colors twice before `]` and `}`; and some cases of\nindentation would have colors applied. Now, colors are reset immediately\nafter any token that is colored, before any indentation. This makes the\nformatting consistent, for the benefit of custom `JQ_COLORS`."
  },
  {
    "message": "License: Improve license statement.\n\nThe README mentions only the MIT license but in fact part of `jq`\nis under ICU license and the documentation is under CC.\n\nAlso jq.spec claimed that it is licensed under BSD."
  },
  {
    "message": "docs: rename example jq utility to total\n\nApparently sum(1) is a BSD and GNU coreutil used to compute the\n\"16-bit BSD checksum\" of a file."
  },
  {
    "message": "libm.h+builtin.c: add and use LIBM_DA and LIBM_DA_NO macros\n\nFor functions that from one double return an array with two numbers."
  },
  {
    "message": "builtin.c: fix build with -Woverlength-strings\n\nC99 only allows string literals long at most 4095 characters.\njq_builtins was a lot longer than that.\n\nI rewrote all the optional libm error stubs in C so the value of\njq_builtins is not build dependent.\n\nI replaced the command that generates builtin.inc with a POSIX compliant\nod|sed command that encodes builtin.jq as a comma delimited list of\noctal numbers (that can be embedded in C using a {} literal).\n\nI also added -Woverlength-strings to AM_CFLAGS to verify that the\nproblem is fixed.\n\nFixes #1481"
  },
  {
    "message": "Makefile.am: fix lines indented with tabs instead of spaces"
  },
  {
    "message": "typo contruct->construct (#3017)"
  },
  {
    "message": "Fix \"in the a search\" typo (#3015)\n\nFixes #3014"
  },
  {
    "message": "builtins: make ltrimstr and rtrimstr error for non-string inputs\n\nPreviously, ltrimstr/rtrimstr would just let the input pass through for\nnon-string inputs or arguments.\n\nThat was happening because, they were leaking the errors returned by\nstartswith/endswith treating them as if they were jv_false().\nThe leak was resolved by #2977 for 1.7.1\n\nThis patch rewrites ltrimstr and rtrimstr in jq, and makes them not\nignore startswith and endswith errors anymore."
  },
  {
    "message": "Revert \"lexer: temporarily revert #\\ patch; keep CR in comment bug fix\"\n\nThis reverts commit 5d95791a6795bfc44380c2e6e343ee66dd891e8b."
  },
  {
    "message": "Provide strptime implementation on all systems"
  },
  {
    "message": "Bump jinja2 from 3.1.2 to 3.1.3 in /docs (#3009)\n\nBumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.3.\r\n- [Release notes](https://github.com/pallets/jinja/releases)\r\n- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)\r\n- [Commits](https://github.com/pallets/jinja/compare/3.1.2...3.1.3)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: jinja2\r\n  dependency-type: direct:production\r\n...\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>"
  },
  {
    "message": "Bump the official-actions group with 2 updates (#2998)\n\n* Bump the official-actions group with 2 updates\r\n\r\nBumps the official-actions group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact).\r\n\r\n\r\nUpdates `actions/upload-artifact` from 3 to 4\r\n- [Release notes](https://github.com/actions/upload-artifact/releases)\r\n- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)\r\n\r\nUpdates `actions/download-artifact` from 3 to 4\r\n- [Release notes](https://github.com/actions/download-artifact/releases)\r\n- [Commits](https://github.com/actions/download-artifact/compare/v3...v4)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: actions/upload-artifact\r\n  dependency-type: direct:production\r\n  update-type: version-update:semver-major\r\n  dependency-group: official-actions\r\n- dependency-name: actions/download-artifact\r\n  dependency-type: direct:production\r\n  update-type: version-update:semver-major\r\n  dependency-group: official-actions\r\n...\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\n\r\n* Fix CI workflow for updating artifact actions to v4\r\n\r\n---------\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>\r\nCo-authored-by: itchyny <itchyny@cybozu.co.jp>"
  },
  {
    "message": "Add jq 1.7.1 news item (#3004)"
  },
  {
    "message": "Fix typo (#3002)"
  },
  {
    "message": "Add jq 1.7.1 to webpage (#3003)\n\nMake it the default download"
  },
  {
    "message": "Always build Docker image on CI, group Dependabot PRs for official actions (#2997)\n\n* Always build docker image on CI\r\n\r\n* Revert \"Bump actions/download-artifact from 3 to 4\"\r\n\r\nThis reverts commit 9e2695e117aef8403fa0c5b32ee0f26cb442862a.\r\n\r\n* Group Dependabot PRs for official actions"
  },
  {
    "message": "Bump actions/download-artifact from 3 to 4\n\nBumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4.\r\n- [Release notes](https://github.com/actions/download-artifact/releases)\r\n- [Commits](https://github.com/actions/download-artifact/compare/v3...v4)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: actions/download-artifact\r\n  dependency-type: direct:production\r\n  update-type: version-update:semver-major\r\n...\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>"
  },
  {
    "message": "Update signatures of 1.7.1\n\nCo-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>"
  },
  {
    "message": "Merge pull request from GHSA-686w-5m7m-54vc\n\ndecNumberToString calls for a buffer that can hold a string of digits+14\ncharacters, not a buffer of size digits+14.\nWe need to allocate an extra byte for the NUL byte.\n\n-10E-1000010001, for example, will be stringified as -1.0E-1000010000\nand decNumberToString will currently write an extra NUL byte after the\nallocated buffer in the heap.\n\nOriginally reported by @SEU-SSL on GitHub.\n\nRef: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64574\n\nFixes GHSA-686w-5m7m-54vc"
  },
  {
    "message": "Merge pull request from GHSA-7hmr-442f-qc8j\n\nThe unit allocated for decNumberCompare was accidentally removed by\ncommit 680baeffeb7983e7570b5e68db07fe47f94db8c7 (PR #2804)\n\nThis caused a stack overflow when comparing a nan with a payload of 1000\nor more.\n\nThis bug was found by OSS-fuzz.\nRef: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64771\nFixes GHSA-7hmr-442f-qc8j\n\nIt also fixes 1e999999999 > 1e-1147483646   triggering UBSAN errors\nFixes #2968"
  },
  {
    "message": "jv_parse: let decNumberFromString/strtod parse complex nans as a NaN\n\nBefore this patch (when using decNumber), \"Nan123\" was parsed as a NaN,\r\nonly if the first n was uppercase."
  },
  {
    "message": "NEWS.md: fix markdown syntax; mention more bug fixs; list cves (#2987)"
  },
  {
    "message": "Update NEWS.md with changes since 1.7 (#2948)"
  },
  {
    "message": "lexer: temporarily revert #\\ patch; keep CR in comment bug fix\n\nThis commit temporarily reverts the commit that allows #\\ \"tcl-style\"\r\ncomments everywhere and documents them, for the 1.7.1 patch release\r\ncca1f7d18f2fa6721952645821ae429a0166d7e4.\r\n\r\n\\r is removed from the list of characters not allowed in a comment to\r\npreserve that bugfix."
  },
  {
    "message": "ltrimstr/1+rtrimstr/1: don't leak on invalid input or arguments\n\nltrimstr/rtrimstr was ignoring and leaking the error returned by\r\nf_startswith()/f_endswith().\r\n\r\nThis also means that they just let the input pass through for non-string\r\ninputs or arguments.\r\n\r\nOnly fix the leak for now; in the next release, #2969 will make them\r\nrethrow the error returned by startswith/endswith.\r\n\r\nRef: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64946"
  },
  {
    "message": "Makefile.am: don't use -lshlwapi to build jq on WIN32\n\nIt does not need it, only libjq needs this."
  },
  {
    "message": "ci.yml: use  sysctl -n hw.logicalcpu  instead of  nproc  on macos\n\nThe \"macos (arm64)\" runner on github does not have nproc.\r\n\r\n/Users/runner/work/_temp/f44f0d9f-19eb-4a23-860e-26533d7efdfa.sh: line 10: nproc: command not found"
  },
  {
    "message": "jv_mem_calloc(): always call with (nmemb, size)\n\nIt does not matter much since they most likely just get multiplied\r\ntogether, but some compilers would complain about this if these were\r\ncalls to calloc."
  },
  {
    "message": "shtest+configure: remove uses of non-portable/non-standard commands\n\nReplace deprecated test(1) parentheses and -a logical operator with two\r\ntests command.\r\n\r\nReplace deprecated  tail -1  with  tail -n1.\r\n\r\nReplace non-standard egrep(1) command with  grep -E  ; this also\r\nprevents obsolescence warnings on GNU systems."
  },
  {
    "message": "shtest: fix out-of-source tests\n\nThe locale test was using ./jq intead of $JQ.\r\n\r\nI also removed the use of obsolete egrep instead of grep -E that\r\ntriggers warnings on GNU systems, and the use of deprecated head -1\r\ninstead of head -n1.\r\n\r\nAlso removed the unnecessary hiding of strptime/1 errors with\r\n? // false."
  },
  {
    "message": "chore: Improve readability (for Alternative operator '//')\n\nThe description of the Alternative operator `//` was hard for me to grasp in its wording.\r\n\r\nI suggest dividing the looong sentence into two parts. Since it is actually an alternative formulation, the sentence can be divided into the first formulation, and the alternative formulation."
  },
  {
    "message": "jq.test: fix setpath PR number\n\nIt was #2970, not 2967."
  },
  {
    "message": "Bump actions/setup-python from 4 to 5\n\nBumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5.\n- [Release notes](https://github.com/actions/setup-python/releases)\n- [Commits](https://github.com/actions/setup-python/compare/v4...v5)\n\n---\nupdated-dependencies:\n- dependency-name: actions/setup-python\n  dependency-type: direct:production\n  update-type: version-update:semver-major\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>"
  },
  {
    "message": "jv_setpath()+setpath/2: don't leak the input after an invalid get\n\nRef: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64906"
  },
  {
    "message": "jq_fuzz_fixed: fix test cases that use string interpolation\n\n\"\\(\" is implementation-defined in C++, and both clang and gcc treat it\r\nas equivalent to \"(\", not \"\\\\(\".\r\nThis patch replaces \"\\(\" with \"\\\\(\" so that tests with string\r\ninterpolation actually use string interpolation."
  },
  {
    "message": "tests: add new fuzzer\n\nSigned-off-by: David Korczynski <david@adalogics.com>"
  },
  {
    "message": "jq_fuzz_execute.cpp: fix false assert\n\nFixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64632 by following the suggestion here: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64632#c2 -- the issue is fixed when this attribute is set.\r\n\r\nI did not add any of the other suggestions in the comment: we haven't run into these issues in the fuzzer so far."
  },
  {
    "message": "jq_fuzz_execute: fix memory leak\n\nSigned-off-by: David Korczynski <david@adalogics.com>"
  },
  {
    "message": "jq_fuzz_execute: cleanup un-needed extern\n\nSigned-off-by: David Korczynski <david@adalogics.com>"
  },
  {
    "message": "Add fuzzer targeting jq_next\n\nSigned-off-by: David Korczynski <david@adalogics.com>"
  },
  {
    "message": "jq_fuzz_compile: dump disassembly\n\nSigned-off-by: David Korczynski <david@adalogics.com>"
  },
  {
    "message": "Convert decnum to binary64 (double) instead of decimal64\n\nThis is what the JSON spec suggests and will also be less confusing compared to other jq implementations and langauges.\r\n\r\nRelated to #2939"
  },
  {
    "message": "website: use https URLs instead of http URLs in download page\n\nAlso add markdown formatting for decNumber URL so it gets rendered as a\nlink in the html page."
  },
  {
    "message": "Keep releasing executables with legacy names"
  },
  {
    "message": "libjq: extern C for C++\n\nIf using libjq from C++ it would be nice to not need to do this at the\r\nimport site, so just extern \"C\" to the public headers for libjq\r\n\r\nSigned-off-by: Tyler Rockwood <rockwood@redpanda.com>"
  },
  {
    "message": "jq_fuzz_parse_extended.c: don't jv_free() twice\n\njv_dump() frees its argument.\n\nI missed this problem before merging #2952, whoops! =)\n\nfixup from eb3b5654bbd285fa70bab8ca71f2284354adf625"
  },
  {
    "message": "jv_parse: refactor jv_parse_sized\n\nSigned-off-by: David Korczynski <david@adalogics.com>"
  },
  {
    "message": "test: add jv_dump to extended fuzzer\n\nSigned-off-by: David Korczynski <david@adalogics.com>"
  },
  {
    "message": "Extend fuzzing set up\n\nAdds a parse function ins `jv_parse.c` that enables parsing using custom\nflags for the parser. This is then used by two fuzzers added as well.\n\nThis is to make sure fuzzing hits various code parts currently not\nfuzzed, e.g. `stream_token`:\nhttps://storage.googleapis.com/oss-fuzz-coverage/jq/reports/20231125/linux/src/jq/src/jv_parse.c.html#L241\n\nSigned-off-by: David Korczynski <david@adalogics.com>"
  },
  {
    "message": "simplify paths/0 and paths/1\n\n`recurse/0` already handles traversing objects and arrays, so it is more\r\nconsistent to use that.\r\nFor `paths/1` it is easier to use the actual value returned by\r\n`recurse` instead of querying that value with `getpath/1` afterwards."
  },
  {
    "message": "README.md: to`sed` => to `sed` (#2944)"
  },
  {
    "message": "Comment bug fixes, and fully support Tcl-style multiline comments\n\n* bugfix: comments were incorrectly being terminated by CR; for example\n    jq -n $'1 #foo\\r'\n  fails to compile because the CR character terminates the comment, and\n  CR is not a valid character in jq syntax.\n\n* improvement: comments fully support Tcl-style line continuation.\n  Previously this was only \"supported\" in `-f' scripts, whose first line\n  starts with \"#!\", and second line starts with # and ends with \\, only\n  for the comment on the second line, only for one extra line.\n\n* man: document comment syntax, which was previously undocumented.\n\n* tests: add regression tests for the bugfix, and some tests for line\n  continuation in comments."
  },
  {
    "message": "src/builtin.c: remove unnecessary jv_copy-s in type_error/type_error2\n\nAlso fix doubled semicolon   jv ret;;   =>   jv ret;"
  },
  {
    "message": "jvp_object_contains: remove unnecessary jv_copy"
  },
  {
    "message": "Fix possible uninitialised value dereference if jq_init() fails\n\nIf jq_init() fails, goto out would try to free input_state which is\nuninitialised. I initialised input_state to NULL to fix the problem.\n\nRef: https://github.com/jqlang/jq/pull/2934#discussion_r1367795641\n\nReported-By: Klemens Nanni <kn@openbsd.org>"
  },
  {
    "message": "Defer heap variable initialisation after pledge\n\nOtherwise `AGRS` and `program_arguments` remain allocated/unfreed in the\nearly (extremely unlikely) pledge(2) failure case.\n\nMove their allocation before jq_init(), the first case of jumping to\n`out` where they are cleaned up, where it also seems to logically fit\nbetter than above between function entry, locale setup and OpenBSD\nspecific pledge."
  },
  {
    "message": "Remove unused mkstemp()\n\nb82c231 \"Remove -i option (#704)\" removed its last usage in 2015.\n\nSpotted while looking for code could potentially write/create/modify files."
  },
  {
    "message": "Restrict systems operations on OpenBSD\n\nUse pledge(2)[0] to limit jq(1) to reading files.\nIt does not change files and only writes to standard output/error.\nIt never deals with TTY, network, process management or other subsystems.\n\nThis is to reduce jq's attack surface and potential damage.\n\nOpenBSD is carrying a local patch[1] in its official jq port/package\nsince 2016.  An improved version:\n\n- drop no longer needed \"getpw\" promise\n  f1c4947 \"Avoid getpwuid for static linking\" removed getpwuid(3) usage\n- pledge before jq_init() to simplify the error path\n- use perror(3) to print errno(2)\n\nNo behaviour change in tests or real world usage observed on\nOpenBSD/amd64 7.4.\n\n0: https://man.openbsd.org/pledge.2\n1: https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/textproc/jq/patches/patch-main_c"
  },
  {
    "message": "Generate links in man page\n\nSome [foo](bar) links were added to manual.yml without updating\nbuild_manpage.py to make it generate roff for \"a\" tags.\n\nFixes #2930"
  },
  {
    "message": "Remove undefined behavior caught by LLVM 10 UBSAN."
  },
  {
    "message": "Revert \"Revert \"od -c => od -tc: od -c is an XSI extension...\"\n\nThis reverts commit 0e70f7a57e08b6229c41ab98d1d9a9bca46625be.\n\nThere is no reason to revert this change.\n\nIn #2922, I only disagreed with the commit message suggesting that\n  LC_CTYPE=C od -t c    is   equivalent to   od -c\n\nThe only documented differences are that -tc is required to be\ninfluenced by -N and -j, while -c is not, and that -c is required to\nonly support a subset of the backslash sequences that -tc should\nsupport."
  },
  {
    "message": "Revert \"od -c => od -tc: od -c is an XSI extension equivalent to LC_CTYPE=C od -tc and not universally available\"\n\nThis reverts commit 0bce9fb8ed0fbaeba0901ff9778756e4e037cd47."
  },
  {
    "message": "od -c => od -tc: od -c is an XSI extension equivalent to LC_CTYPE=C od -tc and not universally available"
  },
  {
    "message": "Allow passing the inline jq script before --\n\njq previously only allowed passing the inline script before -- (as if\nthey were options) even though one would expect the inline script to be\na positional argument.\n\nSince jq previously also refused to run with a usage error if the script\nwas passed after -- (It was not assuming  .  as script as it does when\nno arguments are passed), and positional arguments are allowed before --\nand even before other options, it should not be a breaking change to\nchange that weird behaviour, and allow the script to appear after --.\n\nIt also simplifies the option parsing code a bunch.\n\nFixes #2918"
  },
  {
    "message": "Simplify `pick` example\n\nOld pick example included input array in command line, making `input` confusing\nand redundant."
  },
  {
    "message": "Actually use number correctly casted from double to int as index\n\nThe code was using (int)jv_number_value(k) instead of (int)didx.\n\nfollow-up from 0e067ef93605493060392f0999be27694146fca4\n\nUseless assignments to didx detected by clang-tidy."
  },
  {
    "message": "main.c: Remove unused EXIT_STATUS_EXACT option\n\nIn process there is a suspicious  options |= EXIT_STATUS_EXACT  that\nis run when the jq script is terminated by halt, or halt_error.\n\nThat line of code acutally does nothing because options is a local\nargument variable, and is not passed as a pointer. It was probably meant\nto be a   *options |= EXIT_STATUS_EXACT   with the options argument\npassed as a int*.\n\nIn any case, we do not want to run the code in main() that was supposed\nto run if EXIT_STATUS_EXACT is set (but didn't since it is never added\nto options); as far as I can tell, we only want to run that code when\nthe --exit-status/-e option is passed.\n\nSo I removed EXIT_STATUS_EXACT completely, and the useless assignment,\ninstead of fixing it since it was not used for anything else.\n\nUseless assignment detected by clang-tidy."
  },
  {
    "message": "Remove a bunch of unused variables, and useless assignments\n\nDetected by clang-tidy."
  },
  {
    "message": "Remove unused nref accumulator in block_bind_library\n\ndetected as a warning compiling jq with clang."
  },
  {
    "message": "Reject U+001F in string literals (fix #2909)"
  },
  {
    "message": "Correct typo in README.md: compilation (#2912)"
  },
  {
    "message": "Fix the default colors to use 39, the default foreground color (#2904)"
  },
  {
    "message": "Bump docker/setup-qemu-action from 2 to 3 (#2900)\n\nBumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3.\r\n- [Release notes](https://github.com/docker/setup-qemu-action/releases)\r\n- [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: docker/setup-qemu-action\r\n  dependency-type: direct:production\r\n  update-type: version-update:semver-major\r\n...\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>"
  },
  {
    "message": "Bump docker/setup-buildx-action from 2 to 3 (#2901)\n\nBumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3.\r\n- [Release notes](https://github.com/docker/setup-buildx-action/releases)\r\n- [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: docker/setup-buildx-action\r\n  dependency-type: direct:production\r\n  update-type: version-update:semver-major\r\n...\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>"
  },
  {
    "message": "Bump actions/checkout from 1 to 4 (#2902)\n\nBumps [actions/checkout](https://github.com/actions/checkout) from 1 to 4.\r\n- [Release notes](https://github.com/actions/checkout/releases)\r\n- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)\r\n- [Commits](https://github.com/actions/checkout/compare/v1...v4)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: actions/checkout\r\n  dependency-type: direct:production\r\n  update-type: version-update:semver-major\r\n...\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>"
  },
  {
    "message": "Fix checksum file spacing for shasum command (#2899)"
  },
  {
    "message": "Bump actions/upload-artifact from 2 to 3\n\nBumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.\n- [Release notes](https://github.com/actions/upload-artifact/releases)\n- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3)\n\n---\nupdated-dependencies:\n- dependency-name: actions/upload-artifact\n  dependency-type: direct:production\n  update-type: version-update:semver-major\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>"
  },
  {
    "message": "Bump crazy-max/ghaction-import-gpg from 5 to 6\n\nBumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 5 to 6.\n- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases)\n- [Commits](https://github.com/crazy-max/ghaction-import-gpg/compare/v5...v6)\n\n---\nupdated-dependencies:\n- dependency-name: crazy-max/ghaction-import-gpg\n  dependency-type: direct:production\n  update-type: version-update:semver-major\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>"
  },
  {
    "message": "Bump docker/metadata-action from 4 to 5\n\nBumps [docker/metadata-action](https://github.com/docker/metadata-action) from 4 to 5.\n- [Release notes](https://github.com/docker/metadata-action/releases)\n- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)\n- [Commits](https://github.com/docker/metadata-action/compare/v4...v5)\n\n---\nupdated-dependencies:\n- dependency-name: docker/metadata-action\n  dependency-type: direct:production\n  update-type: version-update:semver-major\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>"
  },
  {
    "message": "Bump docker/build-push-action from 4 to 5\n\nBumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5.\n- [Release notes](https://github.com/docker/build-push-action/releases)\n- [Commits](https://github.com/docker/build-push-action/compare/v4...v5)\n\n---\nupdated-dependencies:\n- dependency-name: docker/build-push-action\n  dependency-type: direct:production\n  update-type: version-update:semver-major\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>"
  },
  {
    "message": "Bump docker/login-action from 2 to 3\n\nBumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3.\n- [Release notes](https://github.com/docker/login-action/releases)\n- [Commits](https://github.com/docker/login-action/compare/v2...v3)\n\n---\nupdated-dependencies:\n- dependency-name: docker/login-action\n  dependency-type: direct:production\n  update-type: version-update:semver-major\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>"
  },
  {
    "message": "Add dependabot (#2889)"
  },
  {
    "message": "Disable core.autocrlf on Windows to prevent submodule diffs (fix #2886) (#2888)"
  },
  {
    "message": "Standarize arch types to AMD64 & ARM64 from index page download dropdown (#2884)\n\nStandarize arch types to AMD64 & ARM64 from index page download\r\ndropdown. These are missed from https://github.com/jqlang/jq/pull/2879."
  },
  {
    "message": "Update webpage with 1.7 release (#2879)\n\n* Update webpage with 1.7 release\r\n\r\nUpdate webpage with 1.7 release\r\n\r\n* Update docs/content/download/default.yml\r\n\r\nCo-authored-by: itchyny <itchyny@cybozu.co.jp>\r\n\r\n* Update docs/templates/index.html.j2\r\n\r\nCo-authored-by: itchyny <itchyny@cybozu.co.jp>\r\n\r\n* Update docs/content/download/default.yml\r\n\r\nCo-authored-by: itchyny <itchyny@cybozu.co.jp>\r\n\r\n* Don't mention 1.7rc signatures\r\n\r\n* Add link to 1.7 manual\r\n\r\n* binaries -> binary\r\n\r\n* AMD 32-bit to i386\r\n\r\n* Standarize arch types to AMD64, ARM64 & i386 in download page\r\n\r\n---------\r\n\r\nCo-authored-by: itchyny <itchyny@cybozu.co.jp>"
  },
  {
    "message": "Update signatures of 1.7"
  },
  {
    "message": "Add setlocale() call (fix #1740)"
  },
  {
    "message": "Add a thank you note to the new owners, admins, and maintainers, and to @stedolan"
  },
  {
    "message": "Fix leak on too-large programs, OSS Fuzz issue 61349\n\nA very large program can cause these leaks:\r\n\r\n  ==758838== 7,820 (16 direct, 7,804 indirect) bytes in 2 blocks are definitely lost in loss record 17 of 28\r\n  ==758838==    at 0x4848A23: calloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)\r\n  ==758838==    by 0x125D30: jv_mem_calloc (jv_alloc.c:153)\r\n  ==758838==    by 0x162ADE: compile (compile.c:1286)\r\n  ==758838==    by 0x162D4B: compile (compile.c:1304)\r\n  ==758838==    by 0x163697: block_compile (compile.c:1381)\r\n  ==758838==    by 0x11B5CA: jq_compile_args (execute.c:1245)\r\n  ==758838==    by 0x115E20: main (main.c:691)\r\n  ==758838==\r\n  ==758838== 1,674,694 (103,576 direct, 1,571,118 indirect) bytes in 1,177 blocks are definitely lost in loss record 28 of 28\r\n  ==758838==    at 0x4843839: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)\r\n  ==758838==    by 0x125CD0: jv_mem_alloc (jv_alloc.c:141)\r\n  ==758838==    by 0x162B19: compile (compile.c:1289)\r\n  ==758838==    by 0x163697: block_compile (compile.c:1381)\r\n  ==758838==    by 0x11B5CA: jq_compile_args (execute.c:1245)\r\n  ==758838==    by 0x115E20: main (main.c:691)\r\n\r\nThis commit fixes that.\r\n\r\nFixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61349"
  },
  {
    "message": "Update signatures of 1.7rc2"
  },
  {
    "message": "Improve handling of non-integer numeric indices (fix #2815)"
  },
  {
    "message": "Make jq_get_lib_dirs return an empty array if JQ_LIBRARY_PATH is not set\n\nFor the jq_state used by the jq utility, the JQ_LIBRARY_PATH attribute\nwill always be set, but, in general, it is possible that it might not\nbe.\n\nIf it is not set, jq_get_lib_dirs() will return jv_invalid().\n\nThat is not good, because some code in linker.c expects it to always\nreturns an array.\n\nThis patch makes jq_get_lib_dirs() return an empty array if\nJQ_LIBRARY_PATH is not set to prevent problems.\n\nThis issue made OSS fuzz trigger failed assertions every time it tried\nto compile a script that uses \"include\".\n\nFixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61796"
  },
  {
    "message": "Fix memory leak in  find_lib  for some invalid inputs"
  },
  {
    "message": "Check nomem_handler->handler before calling it"
  },
  {
    "message": "Include more updates to NEWS.md and AUTHORS for 1.7"
  },
  {
    "message": "Add src/config_opts.inc to .gitignore"
  }
]