Bump the backend group with 5 updates #4304

dependabot · 2025-03-03T04:15:13Z

Bumps the backend group with 5 updates:

Package	From	To
github.com/go-git/go-git/v5	`5.13.2`	`5.14.0`
github.com/open-policy-agent/opa	`1.1.0`	`1.2.0`
golang.org/x/crypto	`0.34.0`	`0.35.0`
golang.org/x/oauth2	`0.26.0`	`0.27.0`
google.golang.org/api	`0.222.0`	`0.223.0`

Updates github.com/go-git/go-git/v5 from 5.13.2 to 5.14.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.14.0

What's Changed

v5: Bump Go and dependencies to mitigate GO-2025-3487 by @pjbgf in go-git/go-git#1436

⚠️ Note that this version requires Go 1.23, due to the bump to golang.org/x/crypto@v0.35.0 which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release.

Full Changelog: go-git/go-git@v5.13.2...v5.14.0

Commits

863c621 Merge pull request #1436 from pjbgf/v5-bumps
2e69e81 build: Bump dependencies
b2c1ec9 build: Bump Go versions
See full diff in compare view

Updates github.com/open-policy-agent/opa from 1.1.0 to 1.2.0

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.2.0

This release contains a mix of features, performance improvements, and bugfixes.

Parameterized Rego Tests (#2176)

Rego tests now support parameterization, allowing a single test rule to include multiple, hierarchical, named test cases. This feature is useful for data-driven testing, where a single test rule can be used for multiple test cases with different inputs and expected outputs.
package example_test
test_concat[note] if {
some note, tc in {
"empty + empty": {
"a": [],
"b": [],
"exp": [],
},
"empty + filled": {
"a": [],
"b": [1, 2],
"exp": [1, 2],
},
"filled + filled": {
"a": [1, 2],
"b": [3, 4],
"exp": [1, 2, 3], # Faulty expectation, this test case will fail
},
}
act := array.concat(tc.a, tc.b)
act == tc.exp

}
$ opa test example_test.rego
example_test.rego:
data.example_test.test_concat: FAIL (263.375µs)
  empty + empty: PASS
  empty + filled: PASS
  filled + filled: FAIL
--------------------------------------------------------------------------------
FAIL: 1/1
See the documentation for more information.

Authored by @johanfylling, reported by @anderseknert

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.2.0

This release contains a mix of features, performance improvements, and bugfixes.

Parameterized Rego Tests (#2176)

Rego tests now support parameterization, allowing a single test rule to include multiple, hierarchical, named test cases. This feature is useful for data-driven testing, where a single test rule can be used for multiple test cases with different inputs and expected outputs.
package example_test
test_concat[note] if {
some note, tc in {
"empty + empty": {
"a": [],
"b": [],
"exp": [],
},
"empty + filled": {
"a": [],
"b": [1, 2],
"exp": [1, 2],
},
"filled + filled": {
"a": [1, 2],
"b": [3, 4],
"exp": [1, 2, 3], # Faulty expectation, this test case will fail
},
}
act := array.concat(tc.a, tc.b)
act == tc.exp

}
$ opa test example_test.rego
example_test.rego:
data.example_test.test_concat: FAIL (263.375µs)
  empty + empty: PASS
  empty + filled: PASS
  filled + filled: FAIL
--------------------------------------------------------------------------------
FAIL: 1/1
See the documentation for more information.

Authored by @johanfylling, reported by @anderseknert

... (truncated)

Commits

d537788 Release v1.2.0 (#7403)
d6b8e6d perf: various small improvements (#7357)
e46696e ci: Using fetch-depth when fetching tags (#7400)
85eaacd docs: Add note about v1.0 addr behaviour (#7398)
83c8e0e ci: Adding fetch-tags under with in GHA (#7397)
10d1a54 Explicitly fetching fetching git tags for CI builds (#7395)
6088316 build(deps): bump github.com/containerd/containerd from 1.7.25 to 1.7.26 (#7392)
3ab892f docs: Update homepage examples to drop v1 import (#7391)
bad1b1a build(deps): bump github.com/prometheus/client_golang (#7375)
e75f583 build(deps): bump actions/download-artifact from 4.1.8 to 4.1.9 (#7389)
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.34.0 to 0.35.0

Commits

7292932 ssh: limit the size of the internal packet queue while waiting for KEX
See full diff in compare view

Updates golang.org/x/oauth2 from 0.26.0 to 0.27.0

Commits

681b4d8 jws: split token into fixed number of parts
3f78298 all: upgrade go directive to at least 1.23.0 [generated]
109dabf endpoints: add links/provider for Discord
ac571fa oauth2: fix docs for Config.DeviceAuth
314ee5b endpoints: add patreon endpoint
See full diff in compare view

Updates google.golang.org/api from 0.222.0 to 0.223.0

Release notes

Sourced from google.golang.org/api's releases.

v0.223.0

0.223.0 (2025-02-25)

Features

all: Auto-regenerate discovery clients (#3024) (ae09c4f)

all: Auto-regenerate discovery clients (#3027) (7775233)

all: Auto-regenerate discovery clients (#3031) (065695b)

all: Auto-regenerate discovery clients (#3033) (9390c07)

all: Auto-regenerate discovery clients (#3034) (a6fb5d5)

all: Auto-regenerate discovery clients (#3036) (a606deb)

all: Auto-regenerate discovery clients (#3037) (1532643)

Bug Fixes

Copy AllowHardBoundTokens option from old auth to new auth. (#3030) (8cb69d6)

Changelog

Sourced from google.golang.org/api's changelog.

0.223.0 (2025-02-25)

Features

all: Auto-regenerate discovery clients (#3024) (ae09c4f)

all: Auto-regenerate discovery clients (#3027) (7775233)

all: Auto-regenerate discovery clients (#3031) (065695b)

all: Auto-regenerate discovery clients (#3033) (9390c07)

all: Auto-regenerate discovery clients (#3034) (a6fb5d5)

all: Auto-regenerate discovery clients (#3036) (a606deb)

all: Auto-regenerate discovery clients (#3037) (1532643)

Bug Fixes

Copy AllowHardBoundTokens option from old auth to new auth. (#3030) (8cb69d6)

Commits

88e8ed9 chore(main): release 0.223.0 (#3026)
1532643 feat(all): auto-regenerate discovery clients (#3037)
bfc82dc chore(all): update all (#3035)
a606deb feat(all): auto-regenerate discovery clients (#3036)
a6fb5d5 feat(all): auto-regenerate discovery clients (#3034)
9390c07 feat(all): auto-regenerate discovery clients (#3033)
065695b feat(all): auto-regenerate discovery clients (#3031)
8cb69d6 fix: Copy AllowHardBoundTokens option from old auth to new auth. (#3030)
639780c chore(all): update cloud.google.com/go/auth to v0.15.0 (#3029)
7775233 feat(all): auto-regenerate discovery clients (#3027)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the backend group with 5 updates: | Package | From | To | | --- | --- | --- | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.13.2` | `5.14.0` | | [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `1.1.0` | `1.2.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.34.0` | `0.35.0` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.26.0` | `0.27.0` | | [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.222.0` | `0.223.0` | Updates `github.com/go-git/go-git/v5` from 5.13.2 to 5.14.0 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.13.2...v5.14.0) Updates `github.com/open-policy-agent/opa` from 1.1.0 to 1.2.0 - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v1.1.0...v1.2.0) Updates `golang.org/x/crypto` from 0.34.0 to 0.35.0 - [Commits](golang/crypto@v0.34.0...v0.35.0) Updates `golang.org/x/oauth2` from 0.26.0 to 0.27.0 - [Commits](golang/oauth2@v0.26.0...v0.27.0) Updates `google.golang.org/api` from 0.222.0 to 0.223.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.222.0...v0.223.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: backend ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 3, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the backend group with 5 updates #4304

Bump the backend group with 5 updates #4304

dependabot bot commented on behalf of github Mar 3, 2025

Bump the backend group with 5 updates #4304

Are you sure you want to change the base?

Bump the backend group with 5 updates #4304

Conversation

dependabot bot commented on behalf of github Mar 3, 2025

v5.14.0

What's Changed

v1.2.0

Parameterized Rego Tests (#2176)

1.2.0

Parameterized Rego Tests (#2176)

v0.223.0

0.223.0 (2025-02-25)

Features

Bug Fixes

0.223.0 (2025-02-25)

Features

Bug Fixes