Skip to content

Update go modules (main) #1490

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update go modules (main) #1490

renovate wants to merge 1 commit into from
+30 −13

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Aug 28, 2025
edited
Loading

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
github.com/conforma/go-containerregistry replace digest b167a6a3459088
github.com/cucumber/godog require minor v0.13.0v0.15.1 age adoption passing confidence
github.com/google/addlicense require minor v1.1.1v1.2.0 age adoption passing confidence
github.com/open-policy-agent/conftest require minor v0.62.0v0.66.0 age adoption passing confidence
github.com/open-policy-agent/opa require minor v1.6.0v1.12.2 age adoption passing confidence
github.com/styrainc/regal require minor v0.29.2v0.38.0 age adoption passing confidence
github.com/tektoncd/cli require minor v0.39.1v0.42.0 age adoption passing confidence
oras.land/oras require minor v1.2.3v1.3.0 age adoption passing confidence

Release Notes

cucumber/godog (github.com/cucumber/godog)

v0.15.1

Compare Source

Added
Changed
  • Replace deprecated ::set-output - (681 - nodeg)
Fixed
  • fix(errors): fix(errors): Fix expected Step argument count for steps with context.Context (679 - tigh-latte)
  • fix(formatter): On concurrent execution, execute formatter at end of Scenario - (645 - tigh-latte)
  • Pretty printing results now prints the line where the step is declared instead of the line where the handler is declared. (668 - spencerc)
  • Update honnef.co/go/tools/cmd/staticcheck version in Makefile by @​RezaZareiii in #​670
  • fix: verify dogT exists in the context before using it by @​cakoolen in #​692
  • fix: change bang to being in README by @​nahomEagleLion in #​687
  • Mark junit test cases as skipped if no pickle step results available by @​mrsheepuk in #​597
  • Print step declaration line instead of handler declaration line by @​SpencerC in #​668

v0.15.0

Compare Source

Added
  • Improved the type checking of step return types and improved the error messages - (647 - johnlon)
  • Ambiguous step definitions will now be detected when strict mode is activated - (636/(648 - johnlon)
  • Provide support for attachments / embeddings including a new example in the examples dir - (623 - johnlon)
Changed
  • Formatters now have a Close method and associated io.Writer changed to io.WriteCloser.

v0.14.1

Compare Source

Added
  • Provide testing.T-compatible interface on test context, allowing usage of assertion libraries such as testify's assert/require - (571 - mrsheepuk)
  • Created releasing guidelines - (608 - glibas)
Fixed

v0.14.0

Compare Source

Added
  • Improve ErrSkip handling, add test for Summary and operations order (584 - vearutop)
Fixed
  • Remove line overwriting for scenario outlines in cucumber formatter (605 - glibas)
  • Remove duplicate warning message (590 - vearutop)
  • updated base formatter to set a scenario as passed unless there exist (582 - roskee)
Changed
google/addlicense (github.com/google/addlicense)

v1.2.0

Compare Source

This is the first full release after a period of dormancy for the project. Support for several file types has been added, plus some internal cleanup.

What's Changed

New Contributors

Full Changelog: google/addlicense@v1.1.1...v1.2.0

open-policy-agent/conftest (github.com/open-policy-agent/conftest)

v0.66.0

Compare Source

Changelog

OPA Changes
Other Changes

v0.65.0

Compare Source

Changelog

New Features
Bug Fixes
OPA Changes
Other Changes

v0.64.0

Compare Source

Changelog

New Features
Bug Fixes
OPA Changes
Other Changes

v0.63.0

Compare Source

Changelog

New Features
Bug Fixes
OPA Changes
Other Changes
open-policy-agent/opa (github.com/open-policy-agent/opa)

v1.12.2

Compare Source

This bug fix release address issues found in the new string interpolation feature

v1.12.1

Compare Source

This bug fix release reverts a change to regex.replace that unintentionally changed its behaviour for anchored regular expressions.

  • Revert "topdown: make regex.replace respect cancellation" (authored by @​srenatus)

v1.12.0

Compare Source

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

  • Support for String Interpolation in the Rego language
  • Faster compilation and runtime
  • Fixes published in the v1.11.1 release
String Interpolation (#​4733)

The Rego language has been extended to support String Interpolation,
which provides a readable means to compose strings containing dynamic values determined at evaluation time.

An interpolated string is composed of a template-string containing zero or more template-expressions that evaluates to a value at evaluation time.
The $ character prefix identifies a template-string, and template-expressions are declared by being enclosed in curly-braces ({, }).

Additionally, undefined template-expression values don't halt evaluation; instead, <undefined> will be injected into the generated string.

package interpolation

allowed_roles := ["admin", "employee"]

default role := "guest"
role := input.role

deny contains $"User {input.username}'s role was '{role}', but must be one of {allowed_roles}" if {
  not role in allowed_roles
}
{
  "deny": [
    "User <undefined>'s role was 'guest', but must be one of [\"admin\", \"employee\"]"
  ],
}

String interpolation is a more readable and less error-prone substitute for the sprintf built-in function.

Authored by @​johanfylling reported by @​anderseknert

[!TIP]
Help us out!

New Rego language features are exciting, and we want to maximize their usefulness. If you come across tools and integrations in the community where string interpolation isn't properly handled, such as syntax highlighting, please reach out and let us know.

Runtime, SDK, Tooling
Compiler, Topdown and Rego
Docs, Website, Ecosystem
Miscellaneous

v1.11.1

Compare Source

This is a bugfix release:

Memory exhaustion via forged gzip header

A crafted HTTP request any of OPA's HTTP endpoints would lead OPA to use a large amount of memory, triggering
an out-of-memory process exit.

This weakness in OPA's HTTP API gzip handling is as old as the gzip handling itself. A configurable limit was introduced in v0.67.0, but it has been shown that this security measure wasn't sufficient to avoid running out of memory in memory-constrained setups.

Thanks to @​thevilledev for reporting and fixing this issue.

It only applies to OPA running as server (as a binary or in a container, as "sidecar"). To trigger an OOM process exit using this weakness, an adversary must be able to send an HTTP request directly to OPA. This would be the case if they are in the same network, there is no proxy in front of OPA, or if OPA was exposed to the internet, which is advised against.

By the nature of HTTP encodings, this would be effective before token-based authentication and authorization policies, so these measures do not protect against the attack vector.

If all OPA endpoints are using TLS-based authentication (mutual TLS, "mTLS"), then an adversary cannot do harm with this method.

Please note that while we're taking all of these issues seriously, OPA isn't designed for adversary environments. It's strongly advised not to expose any of its endpoints to the public internet. Furthermore, available security measures should be applied regardless, for a defense in depth approach. See the documentation for the available means of authentication and authorization in OPA.

Please also check out our Security Policy for reporting critical issues and bugs.

Decision Logs dropped (introduced in OPA v1.9.0)

When the decision logs buffer was uploaded, the buffer limit inadvertently got reset to the default upload limit (32kb).
This causes logs to be dropped that shouldn't have been dropped.

This default is overridden by the configuration value decision_logs.reporting.upload_size_limit_bytes, see the docs on decision logs.

There's a Prometheus metric for dropped events, counter_decision_logs_dropped_buffer_size_limit_bytes_exceeded,
and you can check that for unexpectedly high counts.

Reported by @​johanneslarsson #​8123, fixed by @​sspaink.

The release is otherwise identical to v1.11.0.

v1.11.0

Compare Source

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

  • More efficient connection management in the http.send built-in function
  • More performant loading of large bundles containing multiple Rego files
Immutable Releases

Starting with this release, OPA releases are immutable for increased security.

Runtime, SDK, Tooling
Compiler, Topdown and Rego
Docs, Website, Ecosystem
Miscellaneous
  • Bump golangci-lint, more gocritic linters (#​8052) authored by @​anderseknert
  • Tidy up and unify sync pool handling (#​8068) authored by @​anderseknert
  • builtins: Add StringOperandByteSlice helper (#​8048) authored by @​anderseknert
  • test: Add test cases for consistent cache behavior (#​8015) authored by @​DFrenkel
  • util/performance: Remove math.Log10, remove unused KeysCount (#​8041) authored by @​srenatus
  • workflow: Add Benchmarks workflow (#​8072) authored by @​srenatus
  • workflows/pull-request: Update macos versions (#​8030) authored by @​srenatus
  • Dependency updates; notably:
    • build: golang 1.25.3 -> 1.25.4 (#​8051) authored by @​srenatus
    • build(deps): Bump github.com/bytecodealliance/wasmtime-go from v37.0.0 to v39.0.1 (#​8075) authored by @​srenatus
    • build(deps): Bump github.com/containerd/containerd/v2 from 2.1.4 to 2.2.0
    • build(deps): Bump github.com/huandu/go-sqlbuilder from 1.37.0 to 1.38.1
    • build(deps): Bump github.com/lestrrat-go/jwx/v3 from 3.0.11 to 3.0.12
    • build(deps): Bump github.com/vektah/gqlparser/v2 from 2.5.30 to 2.5.31 (#​8027) authored by @​johanfylling
    • build(deps): Bump golang.org/x/crypto from 0.43.0 to 0.45.0
    • build(deps): Bump golang.org/x/net from 0.44.0 to 0.45.0
    • build(deps): Bump golang.org/x/time from 0.13.0 to 0.14.0
    • build(deps): Bump google.golang.org/grpc from 1.75.1 to 1.76.0
    • build(deps): Bump google.golang.org/protobuf from 1.36.9 to 1.36.10

v1.10.1

Compare Source

This is a bugfix release for the split builtin: In v1.10.0, it was looping infinitely when used with an empty-string delimiter.

Reported by @​SignalRichard, authored by @​srenatus

The release is otherwise identical to v1.10.0.

v1.10.0

Compare Source

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

  • Non-static arm64 executables for linux and darwin, supporting Wasm evaluation
  • Performance improvements to the formatter, compiler, and runtime
  • A new --fail-on-empty flag for opa test
  • Support for IS NOT NULL query statements in the Compile API
Non-static OPA binaries for linux/arm64 and darwin/arm64

Starting with this release, OPA will ship non-static arm64 executables for linux and darwin.
These binaries have support for Wasm evaluation.
Furthermore, the openpolicyagent/opa:latest docker image is a multi-platform image with arm64 support.

Runtime, Tooling
  • cmd: Add opa test --fail-on-empty to allow making bad -r or empty folders fail ([#​7943](https:

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
Copy link
Contributor Author

renovate bot commented Aug 28, 2025
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: go get -t ./...
go: module github.com/open-policy-agent/conftest@v0.66.0 requires go >= 1.25.3; switching to go1.25.5
go: downloading go1.25.5 (linux/amd64)
go: github.com/styrainc/regal@v0.38.0: parsing go.mod:
	module declares its path as: github.com/open-policy-agent/regal
	        but was required as: github.com/styrainc/regal

@renovate renovate bot added the main label Aug 28, 2025
@renovate renovate bot force-pushed the renovate/main-go-modules branch 8 times, most recently from 79e6b9d to 8802e55 Compare September 5, 2025 13:48
@renovate renovate bot force-pushed the renovate/main-go-modules branch 2 times, most recently from 42b430b to 1319fcb Compare September 10, 2025 17:34
@renovate renovate bot force-pushed the renovate/main-go-modules branch from 1319fcb to d2ed639 Compare September 17, 2025 20:43
@renovate renovate bot changed the title Update go modules (main) (minor) Update go modules (main) Sep 18, 2025
@renovate renovate bot force-pushed the renovate/main-go-modules branch from d2ed639 to 44cbdfc Compare September 22, 2025 16:12
@codecov
Copy link

codecov bot commented Sep 22, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@renovate renovate bot force-pushed the renovate/main-go-modules branch from 44cbdfc to e675441 Compare September 22, 2025 20:29
@renovate renovate bot changed the title Update go modules (main) Update go modules (main) - autoclosed Sep 27, 2025
@renovate renovate bot closed this Sep 27, 2025
@renovate renovate bot deleted the renovate/main-go-modules branch September 27, 2025 02:56
@renovate renovate bot changed the title Update go modules (main) - autoclosed Update go modules (main) Oct 3, 2025
@renovate renovate bot reopened this Oct 3, 2025
@renovate renovate bot force-pushed the renovate/main-go-modules branch from efdd5a2 to e675441 Compare October 3, 2025 01:16
@renovate renovate bot changed the title Update go modules (main) Update go modules (main) (minor) Oct 3, 2025
@renovate renovate bot force-pushed the renovate/main-go-modules branch from e675441 to 4634959 Compare October 3, 2025 05:00
@renovate renovate bot force-pushed the renovate/main-go-modules branch 2 times, most recently from 8bf29a8 to f1073bb Compare October 3, 2025 17:27
@renovate renovate bot force-pushed the renovate/main-go-modules branch 2 times, most recently from 4563eb2 to 878409c Compare October 21, 2025 10:41
@renovate renovate bot changed the title Update go modules (main) (minor) Update go modules (main) Oct 21, 2025
@renovate renovate bot force-pushed the renovate/main-go-modules branch 2 times, most recently from 316afe1 to 631da2b Compare October 25, 2025 01:04
@renovate renovate bot force-pushed the renovate/main-go-modules branch 5 times, most recently from 3e3978a to bd2d554 Compare November 6, 2025 20:46
@renovate renovate bot force-pushed the renovate/main-go-modules branch from bd2d554 to 4452624 Compare November 9, 2025 05:58
@renovate renovate bot force-pushed the renovate/main-go-modules branch 5 times, most recently from b10a4cc to 2a0f644 Compare November 26, 2025 17:01
@renovate renovate bot force-pushed the renovate/main-go-modules branch from 2a0f644 to c3f5b28 Compare November 27, 2025 05:46
@renovate renovate bot force-pushed the renovate/main-go-modules branch 5 times, most recently from a087cd0 to e2ff9cc Compare December 22, 2025 02:38
@renovate renovate bot force-pushed the renovate/main-go-modules branch from e2ff9cc to 6fae9fe Compare January 4, 2026 15:23
@github-actions github-actions bot added size: S and removed size: XS labels Jan 4, 2026
@renovate renovate bot force-pushed the renovate/main-go-modules branch 3 times, most recently from 394ca12 to 2a23b0b Compare January 6, 2026 16:46
@renovate renovate bot force-pushed the renovate/main-go-modules branch from 2a23b0b to 02c40e8 Compare January 8, 2026 13:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

main renovate size: S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants