build(deps): bump the all group across 1 directory with 28 updates

[dependabot]

Bumps the all group with 14 updates in the / directory:

Package	From	To
cuelang.org/go	0.11.1	0.13.0
github.com/CycloneDX/cyclonedx-go	0.9.0	0.9.2
github.com/docker/docker	27.5.0+incompatible	28.2.2+incompatible
github.com/enterprise-contract/enterprise-contract-controller/api	0.1.79	0.1.106
github.com/evanphx/json-patch	5.9.0+incompatible	5.9.11+incompatible
github.com/gkampitakis/go-snaps	0.5.7	0.5.12
github.com/go-git/go-git/v5	5.13.2	5.16.0
github.com/go-logr/logr	1.4.2	1.4.3
github.com/open-policy-agent/conftest	0.55.0	0.61.0
github.com/sigstore/cosign/v2	2.4.1	2.5.0
github.com/tektoncd/pipeline	0.63.0	1.0.0
github.com/testcontainers/testcontainers-go	0.34.1-0.20241204123437-72be13940122	0.37.0
github.com/testcontainers/testcontainers-go/modules/registry	0.34.0	0.37.0
oras.land/oras-go/v2	2.5.0	2.6.0

Updates cuelang.org/go from 0.11.1 to 0.13.0

Updates github.com/CycloneDX/cyclonedx-go from 0.9.0 to 0.9.2

Release notes

Sourced from github.com/CycloneDX/cyclonedx-go's releases.

v0.9.2

Changelog

Features

• 39ede217f126cfbc80eabf880f6643be3d392a4f: feat: add MarshalXML and UnmarshalXML (@​DmitriyLewen)
• e9191ed11a269fcb6b3fb54e000ed6d81b5bf9db: feat: add UnmarshalJSON (@​DmitriyLewen)

Fixes

• 80fede1f13a956d35eb14696cd2ca9d2d943f809: fix: add json tag for Identity (@​DmitriyLewen)
• 24e9503293f0837e6e7ea3ff670ef958e6075b87: fix: tests (@​DmitriyLewen)
• d68a199bc1747e5d6a7d4196c2f270535bbf6e3e: fix: use identity as array in valid-evidence.json (@​DmitriyLewen)
• ff9cc28f9c9554328bd6c1ad56098be5a692d5e9: fix: use componentEvidence array for Evidence.Identity field (@​DmitriyLewen)

Building and Packaging

• 016ee293d464d6383be3a714f7fb0debebef8ad5: build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (@​dependabot[bot])
• 77153ab5fe005f6484ac1e1225e7152df00db3f1: build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (@​dependabot[bot])
• 4f50d02c1282ac1d0d7448502b231a0e84a1e529: build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (@​dependabot[bot])
• b84451219e77e0fbbe7d5ba054bcf25dbc7aaea4: build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (@​dependabot[bot])
• 238cbea3479fed9fdfcbfa5f1751828390a05211: build(deps): bump actions/setup-go from 5.1.0 to 5.2.0 (@​dependabot[bot])
• bbe8f3c2c7c4567514ae966c69bf93fc1b3dba2a: build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (@​dependabot[bot])
• 05f8930fe918a31941ebf90eec627e5e6e908d1c: build(deps): bump github.com/terminalstatic/go-xsd-validate (@​dependabot[bot])
• 082f87791a5e290c9d4c6e8126dc0cc987028a60: build(deps): bump gitpod/workspace-go from 2a9e01c to 9c95281 (@​dependabot[bot])
• 093b1c15164dad5d46768db0e3f6ee43eb60ca20: build(deps): bump gitpod/workspace-go from 9c95281 to 6932342 (@​dependabot[bot])
• 47b7e01ce8f8209894065e9656217b8c00a3c8ea: build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 (@​dependabot[bot])
• ce6eb841cb1e21aa28efbccd9eb8fe5eea0555c9: build(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 (@​dependabot[bot])

Others

• 4d3aff9fab9ae78bd6fbbc9fd0912fab14c8fb64: UPDATE_SNAPSHOTS=true make test (@​DmitriyLewen)
• 31d954443e6563aeee69d82bdfb82aee83e07df1: refactor (@​DmitriyLewen)
• 0170729e313a681fc8659643601410ae10ffe803: refactor: update convert package (@​DmitriyLewen)

v0.9.1

Changelog

Fixes

• 6f0e0cf025dd99ab903e33f8e043d92b28dab4f6: fix: nil pointer dereference during evidence conversion (@​nscuro)
• ce43b6f4cb5707d3ef2db1af1d597f5b23bf0e15: fix: make linter happy (@​nscuro)
• 5d799e634b9bed9c86621048544737b210e433e8: fix: remove deprecated goreleaser flag (@​nscuro)

Building and Packaging

• 6d5bcb0e277207551dbc728eb29959f1d3cbd685: build(deps): bump actions/checkout from 4.1.6 to 4.1.7 (@​dependabot[bot])
• f34fc0c413da74d20d1cc240863aaf2eb6b274f7: build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (@​dependabot[bot])
• 71cff221b8dbbc1d50f839fa76ecea4e42d83a2b: build(deps): bump gitpod/workspace-go from 8d15123 to 2a9e01c (@​dependabot[bot])
• ea693550558d230b3fbba810b6e75ac2eb0b55c8: build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (@​dependabot[bot])
• d5cbdad49dfbf54f2dab4ad95bd1a47c710a526c: build(deps): bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (@​dependabot[bot])

Commits

• cba06ff Merge pull request #205 from CycloneDX/dependabot/go_modules/github.com/termi...
• 5c81749 Merge pull request #211 from CycloneDX/dependabot/github_actions/actions/setu...
• 753526c Merge pull request #204 from DmitriyLewen/fix/componentEvidence-as-array
• 4d3aff9 UPDATE_SNAPSHOTS=true make test
• d68a199 fix: use identity as array in valid-evidence.json
• 24e9503 fix: tests
• 238cbea build(deps): bump actions/setup-go from 5.1.0 to 5.2.0
• a7f7415 Merge branch 'master' of github.com:DmitriyLewen/cyclonedx-go into fix/compon...
• 05f8930 build(deps): bump github.com/terminalstatic/go-xsd-validate
• 464d426 Merge pull request #202 from CycloneDX/dependabot/github_actions/actions/chec...
• Additional commits viewable in compare view

Updates github.com/docker/docker from 27.5.0+incompatible to 28.2.2+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

28.2.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.2.2 milestone
• moby/moby, 28.2.2 milestone

Bug fixes and enhancements

• containerd image store: Fix a regression causing docker build --push to fail. This reverts the fix for docker build not persisting overridden images as dangling. moby/moby#50105

Networking

• When creating the iptables DOCKER-USER chain, do not add an explicit RETURN rule, allowing users to append as well as insert their own rules. Existing rules are not removed on upgrade, but it won't be replaced after a reboot. moby/moby#50098

28.2.1

Packaging updates

• Fix packaging regression in v28.2.0 which broke creating the docker group/user on fresh installations. docker-ce-packaging#1209

28.2.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.2.0 milestone
• moby/moby, 28.2.0 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

[!NOTE] RHEL packages are currently not available and will be released later.

New

• Add {{.Platform}} as formatting option for docker ps to show the platform of the image the container is running. docker/cli#6042
• Add support for relative parent paths (../) on bind mount sources when using docker run/create with -v/--volume or --mount type=bind options. docker/cli#4966
• CDI is now enabled by default. moby/moby#49963
• Show discovered CDI devices in docker info. docker/cli#6078
• docker image rm: add --platform option to remove a variant from multi-platform images. docker/cli#6109
• containerd image store: Initial BuildKit support for building Windows container images on Windows (requires an opt-in with DOCKER_BUILDKIT=1). moby/moby#49740

Bug fixes and enhancements

• Add a new log option for fluentd log driver (fluentd-write-timeout), which enables specifying write timeouts for fluentd connections. moby/moby#49911
• Add support for DOCKER_AUTH_CONFIG for the experimental --use-api-socket option. docker/cli#6019
• Fix docker exec waiting for 10 seconds if a non-existing user or group was specified. moby/moby#49868
• Fix docker swarm init ignoring cacert option of --external-ca. docker/cli#5995
• Fix an issue where the CLI would not correctly save the configuration file (~/.docker/config.json) if it was a relative symbolic link. docker/cli#5282
• Fix containers with --restart always policy using CDI devices failing to start on daemon restart. moby/moby#49990

... (truncated)

Commits

• 45873be Merge pull request #50105 from jsternberg/revert-build-dangling
• 7994426 Revert "containerd: images overridden by a build are kept dangling"
• f144264 Merge pull request #50090 from corhere/libn/overlay-netip
• 768cfae Merge pull request #50050 from robmry/nftables_internal_dns
• d3289dd Add nftables NAT rules for internal DNS resolver
• 7a0bf74 Merge pull request #50038 from ctalledo/fix-for-50037
• b43afbf Merge pull request #50098 from robmry/remove_docker-user_return_rule
• c299ba3 Update worker.Platforms() in builder-next worker.
• 0e2cc22 Merge pull request #50049 from robmry/nftables_env_var_enable
• e37efd4 Merge pull request #50068 from mmorel-35/github.com/containerd/errdefs
• Additional commits viewable in compare view

Updates github.com/enterprise-contract/enterprise-contract-controller/api from 0.1.79 to 0.1.106

Release notes

Sourced from github.com/enterprise-contract/enterprise-contract-controller/api's releases.

API Release api/v0.1.106

What's Changed

• Update ossf/scorecard-action action to v2.4.2 by @​renovate in enterprise-contract/enterprise-contract-controller#531

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.105...api/v0.1.106

API Release api/v0.1.105

What's Changed

• chore: update references to ec-policies repo by @​robnester-rh in enterprise-contract/enterprise-contract-controller#530

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.104...api/v0.1.105

API Release api/v0.1.104

What's Changed

• Add CI check for uncommitted changes by "make all" by @​Acepresso in enterprise-contract/enterprise-contract-controller#525

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.103...api/v0.1.104

API Release api/v0.1.103

What's Changed

• Update github/codeql-action action to v3.28.18 by @​renovate in enterprise-contract/enterprise-contract-controller#527

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.102...api/v0.1.103

API Release api/v0.1.102

What's Changed

• Update codecov/codecov-action action to v5.4.3 by @​renovate in enterprise-contract/enterprise-contract-controller#526

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.101...api/v0.1.102

API Release api/v0.1.101

What's Changed

• Add "reference" field to volatileConfig by @​Acepresso in enterprise-contract/enterprise-contract-controller#524

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.100...api/v0.1.101

API Release api/v0.1.100

What's Changed

• Update GitHub Actions updates by @​renovate in enterprise-contract/enterprise-contract-controller#523

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.99...api/v0.1.100

API Release api/v0.1.99

... (truncated)

Commits

• 9237da9 Update ossf/scorecard-action action to v2.4.2 (#531)
• ccbfa71 Merge pull request #530 from robnester-rh/EC-1113
• ac443f8 chore: update references to ec-policies repo
• 718a621 Merge pull request #525 from Acepresso/pre-merge-make-all-EC-1262
• ca0759c CI: run make all before checking for uncommitted changes
• 8935728 Update github/codeql-action action to v3.28.18 (#527)
• 356b3b3 Update codecov/codecov-action action to v5.4.3 (#526)
• 54a830d Merge pull request #524 from Acepresso/add-reference-field-EC-1246
• f35c607 Add "reference" field to volatileConfig
• 34d635e Update GitHub Actions updates (#523)
• Additional commits viewable in compare view

Updates github.com/evanphx/json-patch from 5.9.0+incompatible to 5.9.11+incompatible

Release notes

Sourced from github.com/evanphx/json-patch's releases.

v5.9.11

What's Changed

• Export errBadJSONDoc and errBadJSONPatch errors by @​skitt in evanphx/json-patch#209

Full Changelog: evanphx/json-patch@v5.9.10...v5.9.11

v5.9.10

What's Changed

• Drop the reference to gopkg.in for v5 by @​skitt in evanphx/json-patch#203
• remove unmaintained errors pkg(github.com/pkg/errors) by @​koba1t in evanphx/json-patch#206

New Contributors

• @​skitt made their first contribution in evanphx/json-patch#203
• @​koba1t made their first contribution in evanphx/json-patch#206

Full Changelog: evanphx/json-patch@v5.9.0...v5.9.10

Commits

• 84a4bb1 Merge pull request #209 from skitt/export-errs-v5
• 7a7a88a Export errBadJSONDoc and errBadJSONPatch errors
• bd18525 Upgrade go-flags
• 42f26cb Fix spacing
• 0a3482b Merge pull request #206 from koba1t/remove_unmaintained_error_pkg
• 106306d remove unmaintained errors pkg
• e7cfbbb Merge pull request #203 from skitt/drop-gopkgin-v5
• 61e1ad7 Drop the reference to gopkg.in for v5
• See full diff in compare view

Updates github.com/gkampitakis/go-snaps from 0.5.7 to 0.5.12

Release notes

Sourced from github.com/gkampitakis/go-snaps's releases.

v0.5.12

What's Changed

• feat: add UPDATE_SNAPS=always for updating and creating snaps on CI setup by @​gkampitakis in gkampitakis/go-snaps#126

Full Changelog: gkampitakis/go-snaps@v0.5.11...v0.5.12

v0.5.11

What's Changed

• feat: add json format config by @​kitimark in gkampitakis/go-snaps#121

New Contributors

• @​kitimark made their first contribution in gkampitakis/go-snaps#121

Full Changelog: gkampitakis/go-snaps@v0.5.10...v0.5.11

v0.5.10

What's Changed

• fix: handle builds with trimpath enabled by @​gkampitakis in gkampitakis/go-snaps#120

Full Changelog: gkampitakis/go-snaps@v0.5.9...v0.5.10

v0.5.9

What's Changed

• fix: snaps.Update should apply and on snapshot create by @​gkampitakis in gkampitakis/go-snaps#119

Full Changelog: gkampitakis/go-snaps@v0.5.8...v0.5.9

Kudos to @​orloffv for this issue gkampitakis/go-snaps#116

v0.5.8

What's Changed

• feat: implement matchYAML by @​gkampitakis in gkampitakis/go-snaps#114
• feat: implement matchStandaloneJSON by @​gkampitakis in gkampitakis/go-snaps#113

Full Changelog: gkampitakis/go-snaps@v0.5.7...v0.5.8

Commits

• 66ada09 feat: add UPDATE_SNAPS=always for updating and creating snaps on CI setup (#126)
• 1bd0d83 chore: add FUNDING details
• e004bc1 feat: add json format config (#121)
• 8740883 fix: handle builds with trimpath enabled (#120)
• 00f3055 fix: snaps.Update should apply and on snapshot create (#119)
• 560fde0 feat: implement matchStandaloneJSON (#113)
• f81115d feat: implement matchYAML (#114)
• See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.13.2 to 5.16.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.0

What's Changed

• [v5] plumbing: support mTLS for HTTPS protocol by @​hiddeco in go-git/go-git#1510
• v5: plumbing: transport, Reintroduce SetHostKeyCallback. Fix #1514 by @​pjbgf in go-git/go-git#1515

Full Changelog: go-git/go-git@v5.15.0...v5.16.0

v5.15.0

What's Changed

• plumbing: add cert auth support to releases/v5.x by @​Javier-varez in go-git/go-git#1482
• v5: Bump dependencies by @​pjbgf in go-git/go-git#1505

Full Changelog: go-git/go-git@v5.14.0...v5.15.0

v5.14.0

What's Changed

• v5: Bump Go and dependencies to mitigate GO-2025-3487 by @​pjbgf in go-git/go-git#1436

⚠️ Note that this version requires Go 1.23, due to the bump to golang.org/x/crypto@v0.35.0 which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release.

Full Changelog: go-git/go-git@v5.13.2...v5.14.0

Commits

• 6d4a5c6 Merge pull request #1515 from pjbgf/regre
• beedd6b plumbing: transport, Reintroduce SetHostKeyCallback. Fix #1514
• 763ce2e Merge pull request #1510 from hiddeco/mtls-support
• 5320e1b plumbing: surface transport configuration errors
• 9bbc93b plumbing: fix unintended pointer mutation in test
• f3783f4 plumbing: support mTLS for HTTPS protocol
• 6f444d3 Merge pull request #1505 from pjbgf/bump
• 9996069 v5: Bump dependencies
• 768fda7 Merge pull request #1482 from Javier-varez/add-cert-auth-support-v5.x
• ba9d693 plumbing: support setting custom host key algorithms along with host key call...
• Additional commits viewable in compare view

Updates github.com/go-logr/logr from 1.4.2 to 1.4.3

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.3

Minor release.

What's Changed

• Fix slog tests for 1.25 by @​hoeppi-google in go-logr/logr#361
• Remove one exception from Slog testing by @​thockin in go-logr/logr#362

New Contributors

• @​hoeppi-google made their first contribution in go-logr/logr#361

Full Changelog: go-logr/logr@v1.4.2...v1.4.3

Commits

• 38a1c47 build(deps): bump github/codeql-action from 3.28.17 to 3.28.18
• f08bedd build(deps): bump actions/setup-go from 5.4.0 to 5.5.0
• 6295e99 build(deps): bump golangci/golangci-lint-action from 7.0.0 to 8.0.0
• 028840d build(deps): bump github/codeql-action from 3.28.15 to 3.28.17
• 511e5fa Merge pull request #367 from go-logr/dependabot/github_actions/github/codeql-...
• d806463 build(deps): bump github/codeql-action from 3.28.13 to 3.28.15
• 158c311 Merge pull request #366 from thockin/master
• c79ddb3 Update to support golangci-lint v2
• 20a64ba build(deps): bump github/codeql-action from 3.28.12 to 3.28.13
• 0385e14 Add comments around slog exceptions
• Additional commits viewable in compare view

Updates github.com/google/go-cmp from 0.6.0 to 0.7.0

Release notes

Sourced from github.com/google/go-cmp's releases.

v0.7.0

New API:

• (#367) Support compare functions with SortSlices and SortMaps

Panic messaging:

• (#370) Detect proto.Message types when failing to export a field

Commits

• 9b12f36 Detect proto.Message types when failing to export a field (#370)
• 4dd3d63 fix: type 'aribica' => 'arabica' (#368)
• 391980c Support compare functions with SortSlices and SortMaps (#367)
• See full diff in compare view

Updates github.com/open-policy-agent/conftest from 0.55.0 to 0.61.0

Release notes

Sourced from github.com/open-policy-agent/conftest's releases.

v0.61.0

Changelog

Bug Fixes

• ed0ff0a76feacc1707b0c3b23e533a464c988cd0: fix(test): clean updated policies after test run (#1109) (@​kirecek)
• f82f55687b0d6386d0c6622897d584930a67d305: fix: Use v1 as rego version for fmt, too (#1128) (@​msw-kialo)

OPA Changes

• bcba55e516102dfa12d619568bc554b86db7739f: build(deps): bump github.com/open-policy-agent/opa from 1.4.2 to 1.5.0 (#1134) (@​dependabot[bot])

Other Changes

• a826a0b29a4639716dd0cec608fd4e54c15f9d02: build(deps): bump cuelang.org/go from 0.12.1 to 0.13.0 (#1131) (@​dependabot[bot])
• d44b4807e11b0be396ba7a5440b692319f254096: build(deps): bump github.com/moby/buildkit from 0.21.1 to 0.22.0 (#1129) (@​dependabot[bot])
• f09428f5a68982af7bbb292d5dbfea4b6d270bba: build(deps): bump golang from 1.24.2-alpine to 1.24.3-alpine (#1124) (@​dependabot[bot])
• 1e43dc0dd0c39a6c8204df07cfacc48e9dd3caa9: deps: update jsonc import path (#1133) (@​st3penta)

v0.60.0

Announcements

⚠️ Breaking Changes ⚠️

We have set the default version of Rego syntax to v1. This is a breaking change if your Rego policies are not compatible with the v1 syntax.

• Individual policies can be updated gradually, by adding import rego.v1 to the policy.
• The rego-version flag will remain available indefinitely, and users who do not wish to update their Rego policies can continue to use v0 syntax by setting this flag to v0.

For more information about upgrading to Rego v1 syntax, see the upstream docs at https://www.openpolicyagent.org/docs/latest/v0-upgrade/.

Changelog

New Features

• 06658d41ac259398cf2616b958a898185c0d27d7: feat(output): redirect trace output to stderr (#1084) (@​thevilledev)
• 18a0f14fab7759cce9fd7b101c04a7331bd73e5e: feat(runner): add support for symlinks (#1098) (@​siliconsheep)

OPA Changes

• 2797c9916a070d6e0db37da0a1ce1ee9c53f233d: build(deps): bump github.com/open-policy-agent/opa from 1.3.0 to 1.4.1 (#1113) (@​dependabot[bot])

Other Changes

• 67a3c3e081607af24a7c8831e9454978b95064a7: build(deps): bump actions/setup-go from 4 to 5 (#1102) (@​dependabot[bot])
• 609490f54775bb0044e55e2a4a4bae941f13bab2: build(deps): bump bats-core/bats-action from 1.5.4 to 3.0.1 (#1104) (@​dependabot[bot])
• 9e56924ba242838c1a226e98d8e8558642975077: build(deps): bump github.com/google/go-jsonnet from 0.20.0 to 0.21.0 (#1120) (@​dependabot[bot])
• 5ea04460dc9ae20fa8fa0e77ada3a31bd2f4870b: build(deps): bump github.com/moby/buildkit from 0.20.2 to 0.21.0 (#1101) (@​dependabot[bot])
• 21a73eb583b3ba29c0a17902e225e5d441e51d5a: build(deps): bump github.com/moby/buildkit from 0.21.0 to 0.21.1 (#1111) (@​dependabot[bot])
• b3d0491b52eb2e5f321a9153ca7715ac5c661d38: build(deps): bump golangci/golangci-lint-action from 6 to 7 (#1103) (@​dependabot[bot])
• e894c43ed14bc258b83726d7826b5ff65252d002: build(deps): bump golangci/golangci-lint-action from 7 to 8 (#1119) (@​dependabot[bot])
• 3ae2e78afa0447441868d94653ba64830c96beff: chore: Update Github Actions via Dependabot (#1100) (@​mrueg)
• 4c5e5f536a6dd96d3e8399523f7496a72b8cf61c: ci: Move docker build to separate job in the PR workflow (#1105) (@​jalseth)
• 39074821d8ab04a2e1c68f7145326710ba7fb6dd: cli: Make Rego v1 syntax the default (#1114) (@​jalseth)

v0.59.0

Announcements

Breaking Changes ⚠️

• Bump hcl2json - This makes the behavior of the conversion more consistent by always using arrays for blocks that can be repeated. See open-policy-agent/conftest#1074 and open-policy-agent/conftest#1006 for more info.

... (truncated)

Commits

• 1e43dc0 deps: update jsonc import path (#1133)
• bcba55e build(deps): bump github.com/open-policy-agent/opa from 1.4.2 to 1.5.0 (#1134)
• f09428f build(deps): bump golang from 1.24.2-alpine to 1.24.3-alpine (#1124)
• f82f556 fix: Use v1 as rego version for fmt, too (#1128)
• a826a0b build(deps): bump cuelang.org/go from 0.12.1 to 0.13.0 (#1131)
• d44b480 build(deps): bump github.com/moby/buildkit from 0.21.1 to 0.22.0 (#1129)
• ed0ff0a fix(test): clean updated policies after test run (#1109)
• 989734f docs: update examples to v1 syntax (#1126)
• 1441245 docs: Update README.md to make it compatible with v1 syntax (#1122)
• 9e56924 build(deps): bump github.com/google/go-jsonnet from 0.20.0 to 0.21.0 (#1120)
• Additional commits viewable in compare view

Updates github.com/open-policy-agent/opa from 0.70.0 to 1.5.0

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.5.0

This release contains a mix of new features, performance improvements, and bugfixes. Among others:

• Support for AWS SSO credentials provider
• Support for signing client assertions with Azure Keyvault
• Faster object.get, walk and builtin-function evaluation
• Improved guardrails in the parser
• Improvements to decision logging

Modernized OPA Website (#7037)

The OPA website has been modernized with a new design and improved user experience.

The new site is based on Docusaurus and React which makes it easier to build live functionality and add non-documentation resources. This lays the groundwork for even more improvements in the future!

Documentation for older OPA versions are still available in the version archive.

Authored by @​charlieegan3

Runtime, Tooling, SDK

• ast: Only use JSON-escaped literal when needed in ref to string convertion (#7550) reported and authored by @​xubinzheng
• ast: Parser recursion depth guard (#7568) authored by @​thevilledev
• ast: Retaining SomeDecl Location field when compiler resolves refs (#7543) authored by @​johanfylling
• bundle: Setting default rego-version in bundle API (#7588) authored by @​johanfylling reported by @​xubinzheng
• perf: Improved "baseline" metrics of opa bench for trivial queries (#7580) authored by @​anderseknert
• plugins/decision: Don't drop adaptive uncompressed size limit on upload (#7562) authored by @​sspaink
• plugins/decision: Set config boundaries to upload_size_limit_bytes (#7563) (authored by @​sspaink)
• plugins/rest: Add support for AWS SSO credentials provider (#7527) authored by @​efiShtain
• plugins/rest: Support signing of client assertions with Azure Keyvault (#7462) reported and authored by @​Od1nB
• plugins/status: Support graceful shutdown timeout (#7576) authored by @​sspaink
• rego: Don't generate JSON values for wildcard/generated keys in result set (#7567) authored by @​anderseknert
• runtime: Don't override user set version commit and timestamp (#7471) reported by @​kastl-ars authored by @​sspaink

Planner, Topdown and Rego

• planner: Deal with var-for-function replacement in indirect calls (#5311) authored by @​srenatus
• topdown: Faster object.get built-in function (#7593) authored by @​anderseknert
• topdown: Faster walk built-in function (#7612) authored by @​anderseknert
• topdown: Improved default rule value inlining ( (#1418) authored by @​johanfylling
• topdown: Improved GraphQL error handling (#7622) reported and authored by @​robmyersrobmyers

Docs, Website, Ecosystem

• docs: Fix helm-kubernetes-quickstart bundle (#7606) reported and authored by @​nejec
• docs: Add Swift-OPA to the Ecosystem Page (#7610) authored by @​charlieegan3
• docs: Add Tutorial Redirects ([#7603]open-policy-agent/opa#7603) reported by @​nataraj24 authored by @​charlieegan3
• Fix links in README (#7633) authored by @​ffjlabo

Miscellaneous

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.5.0

This release contains a mix of new features, performance improvements, and bugfixes. Among others:

• Support for AWS SSO credentials provider
• Support for signing client assertions with Azure Keyvault
• Faster object.get, walk and builtin-function evaluation
• Improved guardrails in the parser
• Improvements to decision logging

Modernized OPA Website (#7037)

The OPA website has been modernized with a new design and improved user experience.

The new site is based on Docusaurus and React which makes it easier to build live functionality and add non-documentation resources. This lays the groundwork for even more improvements in the future!

Documentation for older OPA versions are still available in the version archive.

Authored by @​charlieegan3

Runtime, Tooling, SDK

• ast: Only use JSON-escaped literal when needed in ref to string convertion (#7550) reported and authored by @​xubinzheng
• ast: Parser recursion depth guard (#7568) authored by @​thevilledev
• ast: Retaining SomeDecl Location field when compiler resolves refs (#7543) authored by @​johanfylling
• bundle: Setting default rego-version in bundle API (#7588) authored by @​johanfylling reported by @​xubinzheng
• perf: Improved "baseline" metrics of opa bench for trivial queries (#7580) authored by @​anderseknert
• plugins/decision: Don't drop adaptive uncompressed size limit on upload (#7562) authored by @​sspaink
• plugins/decision: Set config boundaries to upload_size_limit_bytes (#7563) (authored by @​sspaink)
• plugins/rest: Add support for AWS SSO credentials provider (#7527) authored by @​efiShtain
• plugins/rest: Support signing of client assertions with Azure Keyvault (#7462) reported and authored by @​Od1nB
• plugins/status: Support graceful shutdown timeout (#7576) authored by @​sspaink
• rego: Don't generate JSON values for wildcard/generated keys in result set (#7567) authored by @​anderseknert
• runtime: Don't override user set version commit and timestamp (#7471) reported by @​kastl-ars authored by @​sspaink

Planner, Topdown and Rego

• planner: Deal with var-for-function replacement in indirect calls (#5311) authored by @​srenatus
• topdown: Faster object.get built-in function (#7593) authored by @​anderseknert
• topdown: Faster walkDescription has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.