Regression: query not supported

[theofficialgman]

Are you experiencing an issue with...

shields.io

🐞 Description

https://img.shields.io/badge/dynamic/json?color=c51a4a&label=Pi-Apps&prefix=Prism%20Launcher%20&query=%24..%5B%3F%28%40.Name%3D%3D%22Minecraft%20Java%20Prism%20Launcher%22%29%5D.Version&url=https%3A%2F%2Fraw.githubusercontent.com%2FBotspot%2Fpi-apps-analytics%2Fmain%2Fpackage_data.json

which is decoded as

https://img.shields.io/badge/dynamic/json?color=c51a4a&label=Pi-Apps&prefix=Prism Launcher &query=$..[?(@.Name=="Minecraft Java Prism Launcher")].Version&url=https://raw.githubusercontent.com/Botspot/pi-apps-analytics/main/package_data.json

the above query was previously supported for over a year but stopped working sometime recently (in the past few months)

its purpose was to query https://raw.githubusercontent.com/Botspot/pi-apps-analytics/main/package_data.json for a Name with Minecraft Java Prism Launcher and return the corresponding Version string in the json.

The above query continues to work in https://jsonpath.com/ so this is a regression in shields or the JSONPath evaluator is uses.

🔗 Link to the badge

💡 Possible Solution

No response

[theofficialgman]

Regression caused by https://github.com/badges/shields/commit/ec1b6c8daccda075403c1688ac02603f7aaa50b2

CC: @chris48s

linking https://github.com/badges/shields/issues/10553

No possible solution to my knowledge. This change has made shield unusable for all my usecases which rely on parsing a JSON file that contains data for all projects for pi-apps.

[chris48s]

Hi. As noted in https://github.com/badges/shields/issues/10553 (which you've presumably read) we've disabled script expressions in jsonpath queries to resolve an important security issue. This does remove some functionality that was previously available (e.g: filters using [?(expr)] ), but it was a conscious decision. In some cases it may be possible to rewrite queries relying on script expressions. In some cases, it will not.

In terms of other ways to achieve this.. having a really quick look at https://github.com/Botspot/pi-apps-analytics/ it looks like it is a repo you contribute to and the json file you are parsing is the output of a GitHub workflow.

• One option would be to have the workflow also output JSON in a format that can be parsed using JSONPath selectors that don't involve script expressions (for example if https://raw.githubusercontent.com/Botspot/pi-apps-analytics/main/package_data.json were a key:value mapping instead of an array).
• Another option would be to have the workflow output JSON files conforming to the endpoint schema and switch to using the endpoint badge https://shields.io/badges/endpoint-badge

[theofficialgman]

The latter option is not a solution we can work with.

I assume for the first you mean something like this?

{
  "AbiWord": {
    "Version": "",
    "Description": "A free and open-source alternative to Microsoft Word.  ",
    "URL": "http://www.abisource.com/",
    "Architecture": "package",
    "Users": "5238"
  },
  "Alacritty Terminal": {
    "Version": "",
    "Description": "A fast, cross-platform, OpenGL terminal emulator",
    "URL": "https://github.com/alacritty/alacritty",
    "Architecture": "ARM32/ARM64",
    "Users": "3672"
  }
}

ofc this format is different and I'll have to update all dependent projects (or create another file in the repo for this format and also still update any dependent projects that use the shield to use it).

[chris48s]

I assume for the first you mean something like this? ...

Yep. If you made a data file like that, then you could query it using

• $.AbiWord.Version
• `$.['Alacritty Terminal'].Version``
• etc

which would still work as they don't use script expressions.