Old version of jq in jqFilter output param

[wreed4]

Checklist:

• I've included the version.
• I've included reproduction steps.
• I've included the workflow YAML.
• I've included the logs.

What happened:
jq > 1.5 supports decoding base64 encoded strings. I want to use this feature to read secrets that are outside of the namespace in which I run my workflow. When attempting to use the feature I get

jq: error (at <stdin>:1): base64d is not a valid format

which is the error that jq sends pre 1.6.

What you expected to happen:
jq decodes the string correctly

How to reproduce it (as minimally and precisely as possible):

- name: get-secret
  outputs:
    parameters:
    - name: value
      valueFrom:
        jqFilter: ".data.value | @base64d"
  resource:
    action: get
    manifest: |
      apiVersion: v1
      kind: Secret
      metadata:
        name: some-name
        namespace: some-namespace-different-than-workflows

Anything else we need to know?:
I believe this is simply due to the version in the argo executor (or rather in the ubuntu packages)

(ins)-> docker run argoproj/argoexec jq --version
jq-1.5-1-a5b5cbe

A newer binary can be installed from github, but 1.5 is the latest debian package.

I would argue this feature is worth the deviation as otherwise the only way to read secrets from another namespace that I know of is to run a script in argoproj/argoexec and run kubectl ... | base64 -d manually. which for some reason seems significantly slower than the resource implementation above. plus it's just uglier. Is there any better way to get a secret from a different namespace? If it were in the same namespace I'd just mount it in the pod I need it in.

Environment:

• Argo version:

$ argo version
2.4.2

• Kubernetes version :

$ kubectl version
1.16.1