go.mod: gopkg.in/yaml.v2 v2.4.0

[thaJeztah]

gopkg.in/yaml.v2 v2.3.0 introduced a breaking change for Kubernetes, and should not have gone into a "minor" release. Acknowledging this was a breaking change, version v2.4.0 was released with this change reverted.

From the v2.4.0 release notes:

It was clearly a mistake to accept the default formatting change in v2, and now there's no ideal choice. Either we revert the change and break some projects twice, or we keep the change and break some projects once. Given the report comes from Kubernetes, which has a relevant community and code size, we'll revert it. At the same time, to simplify the life of those that already started migrating towards the v3 behavior, a new FutureLineWrap function is being introduced to trivially preserve the new behavior where desired.

The v3 branch is not affected by this, and will retain the default non-wrapping behavior. It will also be changed soon to support per arbitrary line-wrapping for individual encoding operations.

Thanks to everyone who offered code and ideas, and apologies for the trouble.

While go modules will pick the "highest" version if both exist in the dependency tree, such as in k8s, it's good to prevent any chance of the "broken" version getting accidentally used, so this updates the version to v2.4.0.

full diff: https://github.com/go-yaml/yaml/compare/v2.3.0...v2.4.0

[thaJeztah]

@stefanberger ptal

Would it be possible to tag a v1.1.1 release after this and https://github.com/containers/ocicrypt/pull/45 are merged?

[stefanberger]

LGTM

[stefanberger]

Would it be possible to tag a v1.1.1 release after this and #45 are merged?

Me or @lumjjb will do tomorrow...

[thaJeztah]

Thank you!