Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.27.0
->v1.28.0
v1.41.0
->v1.43.0
v1.0.0
->v1.0.1
v1.11.1
->v1.14.0
v1.3.2
->v1.4.0
v1.3.2
->v1.4.0
v1.27.15
->v1.27.33
v1.16.20
->v1.17.18
v1.161.3
->v1.177.2
v1.54.2
->v1.61.2
v1.28.9
->v1.30.7
v1.20.2
->v1.20.4
205d559
->e2076f0
v2.12.4
->v2.13.0
v1.11.0
->v1.14.0
v0.64.1
->v0.68.0
v1.8.0
->v1.8.1
v0.17.0
->v0.21.0
v0.15.0
->v0.18.0
Release Notes
imdario/mergo (dario.cat/mergo)
v1.0.1
Compare Source
What's Changed
WithoutDereference
should respect non-nil struct pointers by @joshkaplinsky in https://github.com/darccio/mergo/pull/251New Contributors
Full Changelog: darccio/mergo@v1.0.0...v1.0.1
BurntSushi/toml (github.com/BurntSushi/toml)
v1.4.0
Compare Source
This version requires Go 1.18
Add toml.Marshal() (#405)
Require 2-digit hour (#320)
Wrap UnmarshalTOML() and UnmarshalText() return values in ParseError for position information (#398)
Fix inline tables with dotted keys inside inline arrays (e.g.
k=[{a.b=1}]
) (#400)aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2/feature/s3/manager)
v1.17.3
v1.17.2
v1.17.1
v1.17.0
aws/smithy-go (github.com/aws/smithy-go)
v1.20.4
Compare Source
v1.20.3
Compare Source
googleapis/gax-go (github.com/googleapis/gax-go/v2)
v2.13.0
Compare Source
Features
v2.12.5
Compare Source
Bug Fixes
gophercloud/gophercloud (github.com/gophercloud/gophercloud)
v1.14.0
Compare Source
What's Changed
Full Changelog: gophercloud/gophercloud@v1.13.0...v1.14.0
v1.13.0
Compare Source
What's Changed
Full Changelog: gophercloud/gophercloud@v1.12.0...v1.13.0
v1.12.0
Compare Source
open-policy-agent/opa (github.com/open-policy-agent/opa)
v0.68.0
Compare Source
This release contains a mix of features and bugfixes.
Breaking Changes
entrypoint
annotation impliesdocument
scope (#6798)The entrypoint annotation's scope requirement has changed from
rule
todocument
(https://github.com/open-policy-agent/opa/issues/6798). Furthermore, if noscope
annotation is declared for a METADATA block preceding a rule, the presence of anentrypoint
annotation with atrue
value will assign the block adocument
scope, where therule
scope is otherwise the default.In practice, a rule entrypoint always point to the entire document and not a particular rule definition. The previous behavior was a bug, and one we've now addressed.
Authored by @anderseknert
Topdown and Rego
Runtime, Tooling, SDK
copy
method copy all values (#6949) authored by @anderseknertopa exec
: This command never supported "pretty" formatting (--format=pretty
or-f pretty
), onlyjson
. Passingpretty
is now invalid. (#6923) authored by @srenatusNote that the flag is now unnecessary, but it's kept so existing calls like
opa exec -fjson ...
remain valid.Security Fix: CVE-2024-8260 (#6933)
This release includes a fix where OPA would accept UNC locations on Windows. Reading those could leak NTLM hashes.
The attack vector would include an adversary tricking the user in passing an UNC path to OPA, e.g.
opa eval -d $FILE
.UNC paths are now forbidden. If this is an issue for you, please reach out on Slack or GitHub issues.
Reported by Shelly Raban
Authored by @ashutosh-narkar
Docs, Website, Ecosystem
opa-config.yaml
as name for config file (#6966) (#6959) authored by @anderseknerthttp.send
in inter-query cache config docs (#6953) authored by @anderseknertMiscellaneous
v0.67.1
Compare Source
This is a bug fix release addressing the following issue:
v0.67.0
Compare Source
This release contains a mix of features, a new builtin function (
strings.count
), performance improvements, and bugfixes.Breaking Change
Request Body Size Limits
OPA now automatically rejects very large requests (#6868) authored by @philipaconrad.
Requests with a
Content-Length
larger than 128 MB uncompressed, and gzipped requests with payloads that decompress tolarger than 256 MB will be rejected, as part of hardening OPA against denial-of-service attacks. Previously, a large
enough request could cause an OPA instance to run out of memory in low-memory sidecar deployment scenarios, just from
attempting to read the request body into memory.
These changes allow improvements in memory usage for the OPA HTTP server, and help OPA deployments avoid some accidental out-of-memory situations.
For most users, no changes will be needed to continue using OPA. However, to control this behavior, two new configuration
keys are available:
server.decoding.max_length
andserver.decoding.gzip.max_length
. These control the max size inbytes to allow for an incoming request payload, and the maximum size in bytes to allow for a decompressed gzip request payload, respectively.
Here's an example OPA configuration using the new keys:
Topdown and Rego
strings.count
builtin which returns the number of non-overlapping instances of a substring in a string (#6827) authored by @Manish-Giri--rego-v1
formatted module has rule name conflicting with keyword (#6833) authored by @johanfyllingRuntime, Tooling, SDK
--follow-symlinks
flag to theopa build
command to allow users to build directories with symlinked files, and have the contents of those symlinked files included in the built bundle (#6800) authored by @tjonsexplain=fails
query value (#6886) authored by @acamatciscoDocs, Website, Ecosystem
rego_version
andfile_rego_versions
attributes (#6885) authored by @ashutosh-narkarMiscellaneous
v0.66.0
Compare Source
v0.66.0
This release contains a mix of features, performance improvements, and bugfixes.
Improved Test Reports (2546)
The
opa test
command now includes a new--var-values
flag that enriches reporting of failed tests with the values and locations for variables in the failing expression.E.g.:
Authored by @johanfylling, reported by @grosser.
Reading stdin in
opa exec
(#6538)The
opa exec
command now supports readinginput
documents from stdin with the--stdin-input
(-I
) flag.E.g.:
Authored by @colinjlacy, reported by @humbertoc-silva.
Topdown and Rego
every
domain (#6790) authored by @johanfylling reported by @anakrishRuntime, Tooling, SDK
Docs, Website, Ecosystem
go_memstats_gc_cpu_fraction
(#6783) authored by @philipaconradan HTTP
(#6786) authored by @jdbaldryMiscellaneous
v0.65.0
Compare Source
This release contains a mix of features and bugfixes.
Runtime, Tooling, SDK
Topdown and Rego
every
domain is a collection type before evaluation (#6762) authored by @johanfylling reported by @anderseknertMiscellaneous
Breaking changes
A new IsSetStmt statement has been added to the intermediate representation (IR).
This is a breaking change for custom IR evaluators, which must interpret this statement in IR plans generated by this OPA version and later.
No actions are required for Wasm users, as long as Wasm modules are built by this OPA version or later.
spf13/cobra (github.com/spf13/cobra)
v1.8.1
Compare Source
✨ Features
🐛 Bug fixes
🔧 Maintenance
🧪 Testing & CI/CD
✏️ Documentation
New Contributors
Thank you everyone who contributed to this release and all your hard work! Cobra and this community would never be possible without all of you!!!! 🐍
Full Changelog: spf13/cobra@v1.8.0...v1.8.1
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.