build(deps): bump github.com/mikefarah/yq/v4 from 4.49.2 to 4.50.1

[dependabot]

Bumps github.com/mikefarah/yq/v4 from 4.49.2 to 4.50.1.

Release notes

Sourced from github.com/mikefarah/yq/v4's releases.

v4.50.1 - HCL!

• Added HCL Support - First cut - hopefully it works well! (#1844)
• Fixing handling of CRLF #2352
• Bumped dependencies

Changelog

Sourced from github.com/mikefarah/yq/v4's changelog.

4.50.1:

• Added HCL support!
• Fixing handling of CRLF #2352
• Bumped dependencies

Commits

• 065b200 Bumping version
• 745a7ff Preparing release
• a305d70 Bump golang.org/x/net from 0.47.0 to 0.48.0
• 0671ccd Bump github.com/zclconf/go-cty from 1.16.3 to 1.17.0
• 4d8cd45 Bump golang.org/x/text from 0.31.0 to 0.32.0
• d2d657e HCL improvements
• f4fd8c5 Better roundtriping of HCL
• e4bf8a1 Simplifying HCL decoder
• fd40574 Add build tag to hcl_test.go to skip tests when HCL is disabled
• 51ddf8d Update pkg/yqlib/format.go
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[AkihiroSuda]

https://github.com/lima-vm/lima/actions/runs/20217415615/job/58032762244?pr=4460

Not allowed license MPL-2.0 found for library github.com/hashicorp/hcl/v2

[AkihiroSuda]

Likely covered in:
https://github.com/cncf/foundation/blob/e805aef48792cbbab4b8aa7b872999e44ada37aa/license-exceptions/CNCF-licensing-exceptions.csv#L427

• [License Exception Request] [hashicorp/hcl/v2 and its dependencies] [MPL-2.0, etc.] cncf/foundation#1242

[AkihiroSuda]

Seems complicated https://github.com/apparentlymart/go-textseg/blob/master/LICENSE

[jandubois]

Yeah, that dependency seems to have been added after the license exception had been granted, so I think hashicorp/hcl is no longer permitted.

I've filed mikefarah/yq#2563 to see if Mike is open to put HCL support behind Go build tags.

[AkihiroSuda]

A request for exception

• [License Exception Request] [hashicorp/hcl/v2 and its dependencies] [MPL-2.0, etc.] cncf/foundation#1242

[jandubois]

Turning this into a draft. It is already superseded by #4522, but that is also a draft because we need to wait for the regressions to be fixed, and then figure out how to deal with the licensing issue.

[dependabot]

Superseded by #4555.