diff --git a/content/en/docs/ops/configuration/telemetry/envoy-stats/test.sh b/content/en/docs/ops/configuration/telemetry/envoy-stats/test.sh
index ef8ffde54891..988f3e0d9af7 100644
--- a/content/en/docs/ops/configuration/telemetry/envoy-stats/test.sh
+++ b/content/en/docs/ops/configuration/telemetry/envoy-stats/test.sh
@@ -65,7 +65,13 @@ kubectl label namespace default istio-injection=enabled --overwrite
 export IFS=
 echo "${snip_proxyIstioConfig}" > proxyConfig.yaml
 unset IFS
-yq m -d2 samples/sleep/sleep.yaml proxyConfig.yaml > sleep_istioconfig.yaml
+# yq m -d2 samples/sleep/sleep.yaml proxyConfig.yaml > sleep_istioconfig.yaml
+yq 'select(document_index != 2)' samples/sleep/sleep.yaml > tmp1.yaml
+yq 'select(document_index == 2)' samples/sleep/sleep.yaml > tmp2.yaml
+# shellcheck disable=SC2016
+yq eval-all '. as $item ireduce ({}; . *+ $item)' tmp2.yaml proxyConfig.yaml > new2.yaml
+yq . tmp1.yaml new2.yaml  > sleep_istioconfig.yaml
+
 kubectl apply -f sleep_istioconfig.yaml
 _wait_for_deployment default sleep
 POD="$(kubectl get pod -l app=sleep -o jsonpath='{.items[0].metadata.name}')"
diff --git a/content/en/docs/tasks/security/authentication/jwt-route/test.sh b/content/en/docs/tasks/security/authentication/jwt-route/test.sh
index 383c44f11e43..13f855f02c8a 100644
--- a/content/en/docs/tasks/security/authentication/jwt-route/test.sh
+++ b/content/en/docs/tasks/security/authentication/jwt-route/test.sh
@@ -41,7 +41,7 @@ _verify_elided snip_validating_ingress_routing_based_on_jwt_claims_1 "$snip_vali
 _verify_elided snip_validating_ingress_routing_based_on_jwt_claims_2 "$snip_validating_ingress_routing_based_on_jwt_claims_2_out"
 
 # Pull the Istio branch from the docs configuration file.
-ISTIO_BRANCH=$(yq r "${REPO_ROOT}"/data/args.yml 'source_branch_name')
+ISTIO_BRANCH=$(yq '.source_branch_name' "${REPO_ROOT}"/data/args.yml)
 
 TOKEN_GROUP_URL="https://raw.githubusercontent.com/istio/istio/${ISTIO_BRANCH}/security/tools/jwt/samples/groups-scope.jwt"
 export TOKEN_GROUP
diff --git a/content/en/docs/tasks/security/authorization/authz-jwt/test.sh b/content/en/docs/tasks/security/authorization/authz-jwt/test.sh
index faf598f1cfae..8132904f7234 100644
--- a/content/en/docs/tasks/security/authorization/authz-jwt/test.sh
+++ b/content/en/docs/tasks/security/authorization/authz-jwt/test.sh
@@ -30,7 +30,7 @@ _wait_for_deployment foo httpbin
 _wait_for_deployment foo sleep
 
 # Pull the Istio branch from the docs configuration file.
-ISTIO_BRANCH=$(yq r "${REPO_ROOT}"/data/args.yml 'source_branch_name')
+ISTIO_BRANCH=$(yq '.source_branch_name' "${REPO_ROOT}"/data/args.yml)
 
 TOKEN_URL="https://raw.githubusercontent.com/istio/istio/${ISTIO_BRANCH}/security/tools/jwt/samples/demo.jwt"
 TOKEN_GROUP_URL="https://raw.githubusercontent.com/istio/istio/${ISTIO_BRANCH}/security/tools/jwt/samples/groups-scope.jwt"
diff --git a/content/zh/docs/tasks/security/authentication/jwt-route/test.sh b/content/zh/docs/tasks/security/authentication/jwt-route/test.sh
index 383c44f11e43..25885bb0c07e 100644
--- a/content/zh/docs/tasks/security/authentication/jwt-route/test.sh
+++ b/content/zh/docs/tasks/security/authentication/jwt-route/test.sh
@@ -41,7 +41,7 @@ _verify_elided snip_validating_ingress_routing_based_on_jwt_claims_1 "$snip_vali
 _verify_elided snip_validating_ingress_routing_based_on_jwt_claims_2 "$snip_validating_ingress_routing_based_on_jwt_claims_2_out"
 
 # Pull the Istio branch from the docs configuration file.
-ISTIO_BRANCH=$(yq r "${REPO_ROOT}"/data/args.yml 'source_branch_name')
+ISTIO_BRANCH=$(yq '.source_branch_name' "${REPO_ROOT}"/data/args.yml )
 
 TOKEN_GROUP_URL="https://raw.githubusercontent.com/istio/istio/${ISTIO_BRANCH}/security/tools/jwt/samples/groups-scope.jwt"
 export TOKEN_GROUP