chore(deps): update dependency yq to v3.4.3

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
yq	3.4.2 → 3.4.3

---

Release Notes

kislyuk/yq (yq)

v3.4.3

Compare Source

===============================

Finish migration to setuptools_scm

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[rm3l]

/pre-commit

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[rm3l]

This version of yq was causing some issues with the downstream hermetic builds.

/hold

[rhdh-qodo-merge]

Review Summary by Qodo

Update yq dependency to v3.4.3

✨ Enhancement

Walkthroughs

Description

• Update yq dependency from v3.4.2 to v3.4.3
• Completes migration to setuptools_scm
• Updates version references across configuration files

Diagram

flowchart LR
  A["yq v3.4.2"] -- "upgrade" --> B["yq v3.4.3"]
  B -- "updates" --> C["requirements.in"]
  B -- "updates" --> D["requirements.txt"]
  B -- "updates" --> E["Makefile"]

Loading

File Changes

1. .rhdh/docker/requirements.in Dependencies +1/-1

Update yq version in requirements

• Update yq version constraint from 3.4.2 to 3.4.3

.rhdh/docker/requirements.in

---

2. .rhdh/docker/requirements.txt Dependencies +3/-3

Update yq version and hashes

• Update yq pinned version from 3.4.2 to 3.4.3
• Update SHA256 hashes for new version

.rhdh/docker/requirements.txt

---

3. Makefile Dependencies +1/-1

Update YQ_VERSION in Makefile

• Update YQ_VERSION variable from 3.4.2 to 3.4.3

Makefile

---

[rhdh-qodo-merge]

Code Review by Qodo

🐞 Bugs (1) 📘 Rule violations (0)

1. Yq not auto-upgraded 🐞 Bug ☼ Reliability

Description

After bumping YQ_VERSION to 3.4.3, the Makefile’s yq provisioning target only checks whether the yq
binary exists and will skip reinstalling even if that existing binary is still 3.4.2. This can leave
local runs using an older yq than intended, potentially changing script behavior compared to the
pinned version used elsewhere.

Code

Makefile[R33-36]

# renovate: datasource=pypi depName=yq
-YQ_VERSION := 3.4.2
+YQ_VERSION := 3.4.3
YQ_VENV := $(TOOLS_DIR)/yq-venv
YQ_BIN := $(YQ_VENV)/bin/yq

Evidence

The PR changes the configured YQ_VERSION, but the install rule for $(YQ_BIN) does not validate the
installed yq version—only the presence of the binary—so an existing venv/tool cache won’t be updated
to match the new pin. Repo scripts invoke yq for manifest filtering/parsing, so running the wrong
version can lead to inconsistent local behavior vs environments that freshly install the pinned
version.

Makefile[33-36]
Makefile[147-155]
collection-scripts/gather_helm[129-145]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`YQ_VERSION` is bumped, but `make local-setup` may keep using a previously-installed yq because the `$(YQ_BIN)` target only checks whether the binary exists.

## Issue Context
This PR updates `YQ_VERSION := 3.4.3`. If a developer already has `./bin/yq-venv/bin/yq` from the prior version, the Makefile will not re-run `pip install yq==$(YQ_VERSION)`.

## Fix Focus Areas
- Makefile[147-155]
- Makefile[33-36]

## Suggested change
Update the `$(YQ_BIN)` rule to also verify the installed yq version matches `$(YQ_VERSION)` (or persist a `.yq-version` marker file in the venv) and reinstall/recreate the venv when it doesn’t match. For example, extend the condition to reinstall when `$(YQ_BIN) --version` does not contain `$(YQ_VERSION)`, or always run `pip install --upgrade --quiet "yq==$(YQ_VERSION)"`.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[github-actions]

PR images are available (for 1 week):

1. quay.io/rhdh-community/rhdh-must-gather:pr-158
2. quay.io/rhdh-community/rhdh-must-gather:pr-158-7aa1ddb8f
3. quay.io/rhdh-community/rhdh-must-gather:0.0.0-7aa1ddb8f-pr-158

[github-actions]

PR images are available (for 1 week):

1. quay.io/rhdh-community/rhdh-must-gather:pr-158
2. quay.io/rhdh-community/rhdh-must-gather:pr-158-468bf55c3
3. quay.io/rhdh-community/rhdh-must-gather:0.0.0-468bf55c3-pr-158