Upgrade `yq` to `v4.26.1` for CVE fix

[tzimmermann]

Hi all,

would it be possible to upgrade the yq version from currently v4.23.1 to 4.26.1 or newer? With that version, they have upgraded a vulnerable dep on golang.org/x/net that is reported by our security scanner:

usr/local/bin/yq (gobinary)

Total: 1 (HIGH: 1, CRITICAL: 0)

┌──────────────────┬────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬───────────────────────────────────────────────────────────┐
│     Library      │ Vulnerability  │ Severity │         Installed Version          │           Fixed Version           │                           Title                           │
├──────────────────┼────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼───────────────────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2021-44716 │ HIGH     │ v0.0.0-20210813160813-60bc85c4be6d │ 0.0.0-20211209124913-491a49abca63 │ golang: net/http: limit growth of header canonicalization │
│                  │                │          │                                    │                                   │ cache                                                     │
│                  │                │          │                                    │                                   │ https://avd.aquasec.com/nvd/cve-2021-44716                │
└──────────────────┴────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴───────────────────────────────────────────────────────────┘

[FelicianoTech]

Hi. Thank you for this. This was address here: https://github.com/CircleCI-Public/cimg-base/pull/196

It's in the edge tag and will make it to the next snapshot/current in October.