Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: update Go dependencies #81

Merged
merged 2 commits into from
Sep 5, 2024
Merged

deps: update Go dependencies #81

merged 2 commits into from
Sep 5, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 5, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
cloud.google.com/go/compute v1.27.0 -> v1.28.0 age adoption passing confidence require minor
cloud.google.com/go/storage v1.41.0 -> v1.43.0 age adoption passing confidence require minor
dario.cat/mergo v1.0.0 -> v1.0.1 age adoption passing confidence require patch
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 -> v1.14.0 age adoption passing confidence require minor
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2 -> v1.4.0 age adoption passing confidence require minor
github.com/BurntSushi/toml v1.3.2 -> v1.4.0 age adoption passing confidence require minor
github.com/aws/aws-sdk-go-v2/config v1.27.15 -> v1.27.33 age adoption passing confidence require patch
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.16.20 -> v1.17.18 age adoption passing confidence require minor
github.com/aws/aws-sdk-go-v2/service/ec2 v1.161.3 -> v1.177.2 age adoption passing confidence require minor
github.com/aws/aws-sdk-go-v2/service/s3 v1.54.2 -> v1.61.2 age adoption passing confidence require minor
github.com/aws/aws-sdk-go-v2/service/sts v1.28.9 -> v1.30.7 age adoption passing confidence require minor
github.com/aws/smithy-go v1.20.2 -> v1.20.4 age adoption passing confidence require patch
github.com/foxboron/go-uefi 205d559 -> e2076f0 age adoption passing confidence require digest
github.com/googleapis/gax-go/v2 v2.12.4 -> v2.13.0 age adoption passing confidence require minor
github.com/gophercloud/gophercloud v1.11.0 -> v1.14.0 age adoption passing confidence require minor
github.com/open-policy-agent/opa v0.64.1 -> v0.68.0 age adoption passing confidence require minor
github.com/spf13/cobra v1.8.0 -> v1.8.1 age adoption passing confidence require patch
golang.org/x/mod v0.17.0 -> v0.21.0 age adoption passing confidence require minor
golang.org/x/text v0.15.0 -> v0.18.0 age adoption passing confidence require minor

Release Notes

imdario/mergo (dario.cat/mergo)

v1.0.1

Compare Source

What's Changed

New Contributors

Full Changelog: darccio/mergo@v1.0.0...v1.0.1

BurntSushi/toml (github.com/BurntSushi/toml)

v1.4.0

Compare Source

This version requires Go 1.18

  • Add toml.Marshal() (#​405)

  • Require 2-digit hour (#​320)

  • Wrap UnmarshalTOML() and UnmarshalText() return values in ParseError for position information (#​398)

  • Fix inline tables with dotted keys inside inline arrays (e.g. k=[{a.b=1}]) (#​400)

aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2/feature/s3/manager)

v1.17.3

v1.17.2

v1.17.1

v1.17.0

aws/smithy-go (github.com/aws/smithy-go)

v1.20.4

Compare Source

v1.20.3

Compare Source

googleapis/gax-go (github.com/googleapis/gax-go/v2)

v2.13.0

Compare Source

Features
  • iterator: add package to help work with new iter.Seq types (#​358) (6bccdaa)

v2.12.5

Compare Source

Bug Fixes
gophercloud/gophercloud (github.com/gophercloud/gophercloud)

v1.14.0

Compare Source

What's Changed

Full Changelog: gophercloud/gophercloud@v1.13.0...v1.14.0

v1.13.0

Compare Source

What's Changed

Full Changelog: gophercloud/gophercloud@v1.12.0...v1.13.0

v1.12.0

Compare Source

  • GH-2979 [v1] CI backports
  • GH-2985 [v1] baremetal: fix handling of the "fields" query argument
  • GH-2989 [v1] [CI] Fix portbiding tests
  • GH-2992 [v1] [CI] Fix portbiding tests
  • GH-2993 [v1] build(deps): bump EmilienM/devstack-action from 0.14 to 0.15
  • GH-2998 [v1] testhelper: mark all helpers with t.Helper
  • GH-3043 [v1] CI: remove Zed from testing coverage
open-policy-agent/opa (github.com/open-policy-agent/opa)

v0.68.0

Compare Source

This release contains a mix of features and bugfixes.

Breaking Changes
entrypoint annotation implies document scope (#​6798)

The entrypoint annotation's scope requirement has changed from rule to document (https://github.com/open-policy-agent/opa/issues/6798). Furthermore, if no scope annotation is declared for a METADATA block preceding a rule, the presence of an entrypoint annotation with a true value will assign the block a document scope, where the rule scope is otherwise the default.

In practice, a rule entrypoint always point to the entire document and not a particular rule definition. The previous behavior was a bug, and one we've now addressed.

Authored by @​anderseknert

Topdown and Rego
  • ast: Fixing nil-pointer dereference in compiler for partial rule edge case (#​6930) authored by @​johanfylling
  • ast+parser: Add hint to future-proof imports (6968) authored by @​srenatus
  • topdown: Adding unification scope to virtual-cache key. Fixing issue where false positive cache hits can occur when unification "restricts" the scope of ref-head rule evaluation (#​6926) authored by @​johanfylling reported by @​anderseknert
  • topdown: Marshal JWT encode sign inputs as JSON (#​6934) authored by @​charlieegan3
Runtime, Tooling, SDK
Security Fix: CVE-2024-8260 (#​6933)

This release includes a fix where OPA would accept UNC locations on Windows. Reading those could leak NTLM hashes.
The attack vector would include an adversary tricking the user in passing an UNC path to OPA, e.g. opa eval -d $FILE.
UNC paths are now forbidden. If this is an issue for you, please reach out on Slack or GitHub issues.

Reported by Shelly Raban
Authored by @​ashutosh-narkar

Docs, Website, Ecosystem
Miscellaneous
  • build: Make it possible to build only wasm testcases (#​6920) authored by @​andreaTP
  • Dependency updates; notably:
    • build(deps): bump github.com/containerd/containerd from 1.7.20 to 1.7.21
    • build(deps): bump github.com/prometheus/client_golang from 1.19.1 to 1.20.2
    • build(deps): bump golang.org/x/net from 0.27.0 to 0.28.0
    • build(deps): bump golang.org/x/time from 0.5.0 to 0.6.0
    • build(deps): bump google.golang.org/grpc from 1.65.0 to 1.66.0

v0.67.1

Compare Source

This is a bug fix release addressing the following issue:

  • util+server: Fix bug around chunked request handling (#​6906) authored by @​philipaconrad, reported by @​David-Wobrock. A request handling bug was introduced in (#​6868), which caused OPA to treat all incoming chunked requests as if they had zero-length request bodies.

v0.67.0

Compare Source

This release contains a mix of features, a new builtin function (strings.count), performance improvements, and bugfixes.

Breaking Change
Request Body Size Limits

OPA now automatically rejects very large requests (#​6868) authored by @​philipaconrad.
Requests with a Content-Length larger than 128 MB uncompressed, and gzipped requests with payloads that decompress to
larger than 256 MB will be rejected, as part of hardening OPA against denial-of-service attacks. Previously, a large
enough request could cause an OPA instance to run out of memory in low-memory sidecar deployment scenarios, just from
attempting to read the request body into memory.

These changes allow improvements in memory usage for the OPA HTTP server, and help OPA deployments avoid some accidental out-of-memory situations.

For most users, no changes will be needed to continue using OPA. However, to control this behavior, two new configuration
keys are available: server.decoding.max_length and server.decoding.gzip.max_length. These control the max size in
bytes to allow for an incoming request payload, and the maximum size in bytes to allow for a decompressed gzip request payload, respectively.

Here's an example OPA configuration using the new keys:

### Set max request size to 64 MB and max gzip size (decompressed) to be 128 MB.
server:
  decoding:
    max_length: 67108864
    gzip:
      max_length: 134217728
Topdown and Rego
  • topdown: New strings.count builtin which returns the number of non-overlapping instances of a substring in a string (#​6827) authored by @​Manish-Giri
  • format: Produce error when --rego-v1 formatted module has rule name conflicting with keyword (#​6833) authored by @​johanfylling
  • topdown: Add cap to caches for regex and glob built-in functions (#​6828) authored by @​johanfylling. This fixes possible memory leaks where caches grow uncontrollably when large amounts of regexes or globs are generated or originate from the input document.
Runtime, Tooling, SDK
  • repl: Add support for correctly loading bundle modules (#​6872) authored by @​ashutosh-narkar
  • plugins/discovery: Allow un-registration of discovery listener (#​6851) authored by @​mjungsbluth. The discovery plugin allows OPA to register a bundle download status listener but previously did not offer a method to unregister that listener
  • plugins/logs: Reduce amount of work performed inside global lock in decision log plugin (#​6859) authored by @​johanfylling
  • plugins/rest: Add a new client credential attribute to support Azure Workload Identity. This would allow workloads deployed on an Azure Kubernetes Services (AKS) cluster to authenticate and access Azure cloud resources (#​6802) authored by @​ledbutter
  • cmd/inspect: Add ability for opa inspect to inspect a single file outside of any bundle (#​6873) authored by @​tjons
  • cmd+bundle: Add --follow-symlinks flag to the opa build command to allow users to build directories with symlinked files, and have the contents of those symlinked files included in the built bundle (#​6800) authored by @​tjons
  • server: Add missing handling in the server for the explain=fails query value (#​6886) authored by @​acamatcisco
Docs, Website, Ecosystem
  • docs: Update bundle section with an example of a manifest with rego_version and file_rego_versions attributes (#​6885) authored by @​ashutosh-narkar
  • docs: Better link language SDKs to make them more discoverable (#​6866) authored by @​charlieegan3
Miscellaneous
  • ci: Add the OpenSSF Scorecard Github Action to help evaluate the OPA project's security posture (#​6848) authored by @​harshitasao
  • Dependency updates; notably:
    • build(go): bump golang from 1.22.4 to 1.22.5
    • build(deps): bump github.com/containerd/containerd from 1.7.18 to 1.7.20
    • build(deps): bump golang.org/x/net from 0.26.0 to 0.27.0
    • build(deps): bump google.golang.org/grpc from 1.64.0 to 1.65.0
    • build(deps): bump go.opentelemetry.io modules (#​6847)

v0.66.0

Compare Source

v0.66.0

This release contains a mix of features, performance improvements, and bugfixes.

Improved Test Reports (2546)

The opa test command now includes a new --var-values flag that enriches reporting of failed tests with the values and locations for variables in the failing expression.
E.g.:

FAILURES
--------------------------------------------------------------------------------
data.test.test_my_policy: FAIL (0ms)

  test.rego:8:
    	x == y + z
    	|    |   |
    	|    |   3
    	|    y + z: 5
    	|    y: 2
    	1

SUMMARY
--------------------------------------------------------------------------------
test.rego:
data.test.test_foo: FAIL (0ms)
--------------------------------------------------------------------------------
FAIL: 1/1

Authored by @​johanfylling, reported by @​grosser.

Reading stdin in opa exec (#​6538)

The opa exec command now supports reading input documents from stdin with the --stdin-input (-I) flag.
E.g.:

$ echo '{"user": "alice"}' | opa exec --stdin-input --bundle my_bundle

Authored by @​colinjlacy, reported by @​humbertoc-silva.

Topdown and Rego
Runtime, Tooling, SDK
Docs, Website, Ecosystem
Miscellaneous
  • Dependency updates; notably:
    • build(go): bump golang from 1.22.3 to 1.22.4
    • build(deps): bump github.com/containerd/containerd from 1.7.17 to 1.7.18
    • build(deps): bump golang.org/x/net from 0.25.0 to 0.26.0

v0.65.0

Compare Source

This release contains a mix of features and bugfixes.

Runtime, Tooling, SDK
Topdown and Rego
Miscellaneous
  • docs: Add arrays to composite values section (#​6727) authored by @​anderseknert reported by @​SpecLad
  • docs: Add remainder operator to grammar (#​6767) authored by @​anderseknert
  • docs: Fix dynamic metadata object in docs (#​6709) authored by @​antonioberben
  • docs: Use best practice package name in test examples (#​6731) authored by @​asleire
  • docs: Update query API doc with details about overriding the def decision path (#​6745) authored by @​ashutosh-narkar
  • ci: pin GitHub Actions macos runner version and build for darwin/amd64 (#​6720) reported and authored by @​suzuki-shunsuke
  • Dependency updates; notably:
    • build(go): bump golang from 1.22.2 to 1.22.3
    • build(deps): bump github.com/containerd/containerd from 1.7.15 to 1.7.17
    • build(deps): bump github.com/prometheus/client_golang
    • build(deps): bump golang.org/x/net from 0.24.0 to 0.25.0
    • build(deps): bump google.golang.org/grpc from 1.63.2 to 1.64.0
Breaking changes

A new IsSetStmt statement has been added to the intermediate representation (IR).
This is a breaking change for custom IR evaluators, which must interpret this statement in IR plans generated by this OPA version and later.
No actions are required for Wasm users, as long as Wasm modules are built by this OPA version or later.

spf13/cobra (github.com/spf13/cobra)

v1.8.1

Compare Source

✨ Features

🐛 Bug fixes

🔧 Maintenance

🧪 Testing & CI/CD

✏️ Documentation

New Contributors

Thank you everyone who contributed to this release and all your hard work! Cobra and this community would never be possible without all of you!!!! 🐍

Full Changelog: spf13/cobra@v1.8.0...v1.8.1

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies label Sep 5, 2024
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Sep 5, 2024

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 44 additional dependencies were updated

Details:

Package Change
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 -> v1.7.0
cloud.google.com/go/auth v0.4.2 -> v0.9.0
cloud.google.com/go/auth/oauth2adapt v0.2.2 -> v0.2.4
cloud.google.com/go v0.113.0 -> v0.115.1
cloud.google.com/go/compute/metadata v0.3.0 -> v0.5.0
cloud.google.com/go/iam v1.1.8 -> v1.1.12
github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 -> v1.10.0
github.com/aws/aws-sdk-go-v2 v1.27.0 -> v1.30.5
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 -> v1.6.4
github.com/aws/aws-sdk-go-v2/credentials v1.17.15 -> v1.17.32
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3 -> v1.16.13
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7 -> v1.3.17
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7 -> v2.6.17
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 -> v1.8.1
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.7 -> v1.3.17
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 -> v1.11.4
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.9 -> v1.3.19
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9 -> v1.11.19
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.7 -> v1.17.17
github.com/aws/aws-sdk-go-v2/service/sso v1.20.8 -> v1.22.7
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.2 -> v1.26.7
github.com/go-logr/logr v1.4.1 -> v1.4.2
github.com/google/s2a-go v0.1.7 -> v0.1.8
github.com/prometheus/client_golang v1.19.1 -> v1.20.2
github.com/prometheus/common v0.53.0 -> v0.55.0
github.com/prometheus/procfs v0.15.0 -> v0.15.1
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 -> v0.52.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 -> v0.53.0
go.opentelemetry.io/otel v1.26.0 -> v1.28.0
go.opentelemetry.io/otel/metric v1.26.0 -> v1.28.0
go.opentelemetry.io/otel/sdk v1.26.0 -> v1.28.0
go.opentelemetry.io/otel/trace v1.26.0 -> v1.28.0
golang.org/x/crypto v0.23.0 -> v0.26.0
golang.org/x/net v0.25.0 -> v0.28.0
golang.org/x/oauth2 v0.20.0 -> v0.22.0
golang.org/x/sync v0.7.0 -> v0.8.0
golang.org/x/sys v0.20.0 -> v0.24.0
golang.org/x/time v0.5.0 -> v0.6.0
google.golang.org/api v0.181.0 -> v0.193.0
google.golang.org/genproto v0.0.0-20240515191416-fc5f0ca64291 -> v0.0.0-20240814211410-ddb44dafa142
google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 -> v0.0.0-20240814211410-ddb44dafa142
google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 -> v0.0.0-20240814211410-ddb44dafa142
google.golang.org/grpc v1.64.0 -> v1.66.0
google.golang.org/protobuf v1.34.1 -> v1.34.2

@renovate Renovate
Copy link
Contributor Author

renovate bot commented Sep 5, 2024

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@katexochen katexochen merged commit 4f2ece2 into main Sep 5, 2024
7 of 8 checks passed
@katexochen katexochen deleted the renovate/go-dependencies branch September 5, 2024 06:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@katexochen katexochen katexochen approved these changes

Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@katexochen @edgelessci