chore(deps): bump the common group across 1 directory with 34 updates

[dependabot]

Bumps the common group with 22 updates in the / directory:

Package	From	To
github.com/CycloneDX/cyclonedx-go	0.9.1	0.9.2
github.com/alicebob/miniredis/v2	2.33.0	2.34.0
github.com/antchfx/htmlquery	1.3.3	1.3.4
github.com/aws/aws-sdk-go-v2	1.32.3	1.32.7
github.com/aws/aws-sdk-go-v2/config	1.28.1	1.28.7
github.com/aws/aws-sdk-go-v2/service/ec2	1.187.0	1.198.1
github.com/aws/aws-sdk-go-v2/service/ecr	1.36.3	1.36.8
github.com/aws/aws-sdk-go-v2/service/s3	1.66.2	1.71.1
github.com/containerd/containerd/v2	2.0.0	2.0.1
github.com/docker/cli	27.3.1+incompatible	27.4.1+incompatible
github.com/docker/docker	27.3.1+incompatible	27.4.1+incompatible
github.com/hashicorp/hcl/v2	2.22.0	2.23.0
github.com/moby/buildkit	0.17.0	0.18.2
github.com/open-policy-agent/opa	0.70.0	1.0.0
github.com/owenrumney/squealer	1.2.4	1.2.5
github.com/secure-systems-lab/go-securesystemslib	0.8.0	0.9.0
github.com/sigstore/rekor	1.3.6	1.3.7
github.com/spf13/cast	1.7.0	1.7.1
github.com/tetratelabs/wazero	1.8.1	1.8.2
github.com/zclconf/go-cty	1.15.0	1.15.1
helm.sh/helm/v3	3.16.2	3.16.4
modernc.org/sqlite	1.33.1	1.34.4

Updates github.com/CycloneDX/cyclonedx-go from 0.9.1 to 0.9.2

Release notes

Sourced from github.com/CycloneDX/cyclonedx-go's releases.

v0.9.2

Changelog

Features

• 39ede217f126cfbc80eabf880f6643be3d392a4f: feat: add MarshalXML and UnmarshalXML (@​DmitriyLewen)
• e9191ed11a269fcb6b3fb54e000ed6d81b5bf9db: feat: add UnmarshalJSON (@​DmitriyLewen)

Fixes

• 80fede1f13a956d35eb14696cd2ca9d2d943f809: fix: add json tag for Identity (@​DmitriyLewen)
• 24e9503293f0837e6e7ea3ff670ef958e6075b87: fix: tests (@​DmitriyLewen)
• d68a199bc1747e5d6a7d4196c2f270535bbf6e3e: fix: use identity as array in valid-evidence.json (@​DmitriyLewen)
• ff9cc28f9c9554328bd6c1ad56098be5a692d5e9: fix: use componentEvidence array for Evidence.Identity field (@​DmitriyLewen)

Building and Packaging

• 016ee293d464d6383be3a714f7fb0debebef8ad5: build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (@​dependabot[bot])
• 77153ab5fe005f6484ac1e1225e7152df00db3f1: build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (@​dependabot[bot])
• 4f50d02c1282ac1d0d7448502b231a0e84a1e529: build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (@​dependabot[bot])
• b84451219e77e0fbbe7d5ba054bcf25dbc7aaea4: build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (@​dependabot[bot])
• 238cbea3479fed9fdfcbfa5f1751828390a05211: build(deps): bump actions/setup-go from 5.1.0 to 5.2.0 (@​dependabot[bot])
• bbe8f3c2c7c4567514ae966c69bf93fc1b3dba2a: build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (@​dependabot[bot])
• 05f8930fe918a31941ebf90eec627e5e6e908d1c: build(deps): bump github.com/terminalstatic/go-xsd-validate (@​dependabot[bot])
• 082f87791a5e290c9d4c6e8126dc0cc987028a60: build(deps): bump gitpod/workspace-go from 2a9e01c to 9c95281 (@​dependabot[bot])
• 093b1c15164dad5d46768db0e3f6ee43eb60ca20: build(deps): bump gitpod/workspace-go from 9c95281 to 6932342 (@​dependabot[bot])
• 47b7e01ce8f8209894065e9656217b8c00a3c8ea: build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 (@​dependabot[bot])
• ce6eb841cb1e21aa28efbccd9eb8fe5eea0555c9: build(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 (@​dependabot[bot])

Others

• 4d3aff9fab9ae78bd6fbbc9fd0912fab14c8fb64: UPDATE_SNAPSHOTS=true make test (@​DmitriyLewen)
• 31d954443e6563aeee69d82bdfb82aee83e07df1: refactor (@​DmitriyLewen)
• 0170729e313a681fc8659643601410ae10ffe803: refactor: update convert package (@​DmitriyLewen)

Commits

• cba06ff Merge pull request #205 from CycloneDX/dependabot/go_modules/github.com/termi...
• 5c81749 Merge pull request #211 from CycloneDX/dependabot/github_actions/actions/setu...
• 753526c Merge pull request #204 from DmitriyLewen/fix/componentEvidence-as-array
• 4d3aff9 UPDATE_SNAPSHOTS=true make test
• d68a199 fix: use identity as array in valid-evidence.json
• 24e9503 fix: tests
• 238cbea build(deps): bump actions/setup-go from 5.1.0 to 5.2.0
• a7f7415 Merge branch 'master' of github.com:DmitriyLewen/cyclonedx-go into fix/compon...
• 05f8930 build(deps): bump github.com/terminalstatic/go-xsd-validate
• 464d426 Merge pull request #202 from CycloneDX/dependabot/github_actions/actions/chec...
• Additional commits viewable in compare view

Updates github.com/alicebob/miniredis/v2 from 2.33.0 to 2.34.0

Release notes

Sourced from github.com/alicebob/miniredis/v2's releases.

add ZRANK/ZREVRANK, fix ZINTERSTORE and XTRIM

• fix ZINTERSTORE where target is one of the source sets
• added support for ZRank and ZRevRank with score (thanks Jeff Howell)
• fix MEMORY subcommand casing (thanks @​joshaber)
• use streamCmp in Xtrim (thanks @​daniel-cohere)

Changelog

Sourced from github.com/alicebob/miniredis/v2's changelog.

v2.34.0

• fix ZINTERSTORE where target is one of the source sets
• added support for ZRank and ZRevRank with score (thanks Jeff Howell)
• fix MEMORY subcommand casing (thanks @​joshaber)
• use streamCmp in Xtrim (thanks @​daniel-cohere)

Commits

• c5669ae changelog for v2.34.0
• 5320c5c Merge pull request #391 from daniel-cohere/streamCmp-in-xtrim
• e4791b5 use streamCmp in Xtrim
• ef93126 Fix MEMORY subcommand casing (#389)
• 1863d22 inttest and fix some returns
• 5056952 added support for ZRank and ZRevRank with score
• 08e664a update dependency
• 12d2a70 CI against go 1.23
• 8225546 fix ZINTERSTORE where target is one of the source sets
• See full diff in compare view

Updates github.com/antchfx/htmlquery from 1.3.3 to 1.3.4

Release notes

Sourced from github.com/antchfx/htmlquery's releases.

v1.3.4

Update packages:

• update golang.org/x/net from v0.7.0 to v0.33.0
• update github.com/antchfx/xpath from v1.3.2 to v1.3.3

Commits

• 8189c48 Bump golang.org/x/net from 0.7.0 to 0.33.0
• 23f943c update github.com/antchfx/xpath to v1.3.3
• See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2 from 1.32.3 to 1.32.7

Commits

• 5a96470 Release 2024-12-19
• 653aa80 Regenerated Clients
• d02b239 Update endpoints model
• 698d709 Update API model
• 885de40 Fix improper use of Printf-style functions (#2934)
• 858298a Release 2024-12-18
• f58264a Regenerated Clients
• df31082 Update endpoints model
• 346690e Update API model
• 4515454 Release 2024-12-17
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.28.1 to 1.28.7

Commits

• 5a96470 Release 2024-12-19
• 653aa80 Regenerated Clients
• d02b239 Update endpoints model
• 698d709 Update API model
• 885de40 Fix improper use of Printf-style functions (#2934)
• 858298a Release 2024-12-18
• f58264a Regenerated Clients
• df31082 Update endpoints model
• 346690e Update API model
• 4515454 Release 2024-12-17
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.17.42 to 1.17.48

Commits

• 5a96470 Release 2024-12-19
• 653aa80 Regenerated Clients
• d02b239 Update endpoints model
• 698d709 Update API model
• 885de40 Fix improper use of Printf-style functions (#2934)
• 858298a Release 2024-12-18
• f58264a Regenerated Clients
• df31082 Update endpoints model
• 346690e Update API model
• 4515454 Release 2024-12-17
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ec2 from 1.187.0 to 1.198.1

Commits

• 5a96470 Release 2024-12-19
• 653aa80 Regenerated Clients
• d02b239 Update endpoints model
• 698d709 Update API model
• 885de40 Fix improper use of Printf-style functions (#2934)
• 858298a Release 2024-12-18
• f58264a Regenerated Clients
• df31082 Update endpoints model
• 346690e Update API model
• 4515454 Release 2024-12-17
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.36.3 to 1.36.8

Commits

• 5a96470 Release 2024-12-19
• 653aa80 Regenerated Clients
• d02b239 Update endpoints model
• 698d709 Update API model
• 885de40 Fix improper use of Printf-style functions (#2934)
• 858298a Release 2024-12-18
• f58264a Regenerated Clients
• df31082 Update endpoints model
• 346690e Update API model
• 4515454 Release 2024-12-17
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.66.2 to 1.71.1

Commits

• 5a96470 Release 2024-12-19
• 653aa80 Regenerated Clients
• d02b239 Update endpoints model
• 698d709 Update API model
• 885de40 Fix improper use of Printf-style functions (#2934)
• 858298a Release 2024-12-18
• f58264a Regenerated Clients
• df31082 Update endpoints model
• 346690e Update API model
• 4515454 Release 2024-12-17
• Additional commits viewable in compare view

Updates github.com/aws/smithy-go from 1.22.0 to 1.22.1

Changelog

Sourced from github.com/aws/smithy-go's changelog.

Release (2024-11-15)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.22.1
  • Bug Fix: Fix failure to replace URI path segments when their names overlap.

Release (2024-10-03)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.22.0
  • Feature: Add HTTP client metrics.

Release (2024-09-25)

Module Highlights

• github.com/aws/smithy-go/aws-http-auth: v1.0.0
  • Release: Initial release of module aws-http-auth, which implements generically consumable SigV4 and SigV4a request signing.

Release (2024-09-19)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.21.0
  • Feature: Add tracing and metrics APIs, and builtin instrumentation for both, in generated clients.
• github.com/aws/smithy-go/metrics/smithyotelmetrics: v1.0.0
  • Release: Initial release of smithyotelmetrics module, which is used to adapt an OpenTelemetry SDK meter provider to be used with Smithy clients.
• github.com/aws/smithy-go/tracing/smithyoteltracing: v1.0.0
  • Release: Initial release of smithyoteltracing module, which is used to adapt an OpenTelemetry SDK tracer provider to be used with Smithy clients.

Release (2024-08-14)

Module Highlights

• github.com/aws/smithy-go: v1.20.4
  • Dependency Update: Bump minimum Go version to 1.21.

Release (2024-06-27)

Module Highlights

• github.com/aws/smithy-go: v1.20.3
  • Bug Fix: Fix encoding/cbor test overflow on x86.

Release (2024-03-29)

... (truncated)

Commits

• bed421c Release 2024-11-15
• 4d1e793 add changelog for fix pr
• 84c6c7e Fix: URI path element replace issue due to elements name overlap (#553)
• 253cd26 fixup jmespath multiselect codegen (#551)
• a4c9efc Update Smithy version to 1.52.1 (#550)
• 48250f4 Update string shape from synthetic to base (#549)
• e6338ca Allow all headers to be set to an empty value (#547)
• e3a9df9 add annotation to package docs when the service shape is deprecated (#546)
• 90c085e fix: allow empty headers on prefix headers (#544)
• a73f41b stabilize order of client plugin additions (#545)
• See full diff in compare view

Updates github.com/containerd/containerd/v2 from 2.0.0 to 2.0.1

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.0.1

Welcome to the v2.0.1 release of containerd!

The first patch release for containerd 2.0 includes a number of bug fixes and improvements.

Highlights

Container Runtime Interface (CRI)

• Fix apply IoOwner options when not in user namespace (#11151)
• Fix cri grpc plugin config migration (#11140)
• Support CNI STATUS Verb (containerd/go-cni#123)

Image Distribution

• Update differ to handle zstd media types (#11068)

Runtime

• Update runc binary to v1.2.3 (#11142)
• Fix panic due to nil dereference cgroups v2 (#11098)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Wei Fu
• Archit Kulkarni
• Jin Dong
• Phil Estes
• Akhil Mohan
• Akihiro Suda
• Alexey Lunev
• Austin Vazquez
• Maksym Pavlenko
• Mike Brown
• Michael Zappa
• Samuel Karp
• Sebastiaan van Stijn
• Andrey Smirnov
• Davanum Srinivas

Changes

• Prepare release notes for v2.0.1 (#11158)
  • b0ece5dc5 Prepare release notes for v2.0.1

... (truncated)

Commits

• 88aa2f5 Merge pull request #11158 from dmcgowan/prepare-v2.0.1
• b0ece5d Prepare release notes for v2.0.1
• e206c07 Merge pull request #11154 from k8s-infra-cherrypick-robot/cherry-pick-11122-t...
• fe69570 build(deps): bump actions/attest-build-provenance from 1.4.4 to 2.1.0
• eb2d0c4 Merge pull request #11153 from k8s-infra-cherrypick-robot/cherry-pick-11130-t...
• eb2ce68 update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+
• c11f124 Merge pull request #11139 from k8s-infra-cherrypick-robot/cherry-pick-11086-t...
• 8c6dd50 Merge pull request #11151 from k8s-infra-cherrypick-robot/cherry-pick-11104-t...
• e9004f0 Merge pull request #11146 from k8s-infra-cherrypick-robot/cherry-pick-11135-t...
• c403b64 Merge pull request #11140 from k8s-infra-cherrypick-robot/cherry-pick-11061-t...
• Additional commits viewable in compare view

Updates github.com/docker/cli from 27.3.1+incompatible to 27.4.1+incompatible

Commits

• b9d17ea Merge pull request #5700 from thaJeztah/27.x_backport_remove_use_of_netfilter...
• a08a120 cli/command/system: remove BridgeNfIptables, BridgeNfIp6tables in tests
• 4870b3d Merge pull request #5699 from thaJeztah/27.x_backport_remove_system_isabs
• d3b59fb cli/command/container: use local copy of pkg/system.IsAbs
• ac40240 Merge pull request #5685 from thaJeztah/27.x_backport_bump_xx
• 3fa9480 Merge pull request #5690 from thaJeztah/27.x_backport_bump_gomd2man
• fce7c04 Merge pull request #5692 from thaJeztah/27.x_backport_remove_netfilter_warnings
• 70815c1 cli/command/system: remove netfilter warnings from tests
• 12d98b0 update go-md2man to v2.0.5
• f9783ec update xx to v1.6.1 for compatibility with alpine 3.21
• Additional commits viewable in compare view

Updates github.com/docker/docker from 27.3.1+incompatible to 27.4.1+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v27.4.1

27.4.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 27.4.1 milestone
• moby/moby, 27.4.1 milestone

Bug fixes and enhancements

• Fix excessive memory allocations when OTel is not configured. moby/moby#49079
• The docker info command and the corresponding GET /info API endpoint no longer include warnings when bridge-nf-call-iptables or bridge-nf-call-ip6tables are disabled at the daemon is started. The br_netfilter kernel module is now attempted to be loaded when needed, which made those warnings inaccurate. moby/moby#49090
• Attempt to load kernel modules, including ip6_tables and br_netfilter when required, using a method that is likely to succeed inside a Docker-in-Docker container. moby/moby#49043
• Fix a bug that could result in an iptables DOCKER FILTER chain not being cleaned up on failure. moby/moby#49110

Deprecations

• pkg/system: Deprecate Lstat(), Mkdev(), Mknod(), FromStatT() and Stat() functions, and related StatT types. These were only used internally, and will be removed in the next release. moby/moby#49100
• libnetwork/iptables: Deprecate IPV, Iptables and IP6Tables types in favor of IPVersion, IPv4, and IPv6. This type and consts will be removed in the next release. moby/moby#49093
• libnetwork/iptables: Deprecate Passthrough. This function was only used internally, and will be removed in the next release. moby/moby#49119

Packaging updates

• Update Compose to v2.32.1. docker/docker-ce-packaging#1130
• Update Buildx to v0.19.3. docker/docker-ce-packaging#1132
• Update runc to v1.2.3 (static packages only). moby/moby#49085

v27.4.0

27.4.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 27.4.0 milestone
• moby/moby, 27.4.0 milestone

API

• GET /images/json with the manifests option enabled now preserves the original order in which manifests appeared in the manifest-index. moby/moby#48712

Bug fixes and enhancements

• When reading logs with the jsonfile or local log drivers, any errors while trying to read or parse underlying log files will cause the rest of the file to be skipped and move to the next log file (if one exists) rather than returning an error to the client and closing the stream. The errors are viewable in the Docker Daemon logs and exported to traces when tracing is configured. moby/moby#48842
• When reading log files, compressed log files are now only decompressed when needed rather than decompressing all files before starting the log stream. moby/moby#48842
• Fix an issue that meant published ports from one container on a bridge network were not accessible from another container on the same network with userland-proxy disabled, if the kernel's br_netfilter module was not loaded and enabled. The daemon will now attempt to load the module and enable bridge-nf-call-iptables or bridge-nf-call-ip6tables when creating a network with the userland proxy disabled. moby/moby#48685
• Fix loading of bridge and br_netfilter kernel modules. moby/moby#48966
• containerd image store: Fix Docker daemon failing to fully start with a "context deadline exceeded error" with containerd snapshotter and many builds/images. moby/moby#48954
• containerd image-store: Fix partially pulled images not being garbage-collected. moby#48910, moby/moby#48957
• containerd image store: Fix docker image inspect outputting duplicate references in RepoDigests. moby/moby#48785

... (truncated)

Commits

• c710b88 Merge pull request #49119 from thaJeztah/27.x_backport_libnetwork_deprecate_P...
• eda0a20 libnetwork/iptables: deprecate Passthrough
• b51622d libnet/iptables: deprecate type IPV
• 829ac83 Merge pull request #49104 from thaJeztah/27.x_backport_update_swagger_headers
• bd7da11 Merge pull request #49110 from thaJeztah/27.x_backport_fix_setupIPChains_defer
• 135b144 Merge pull request #49105 from thaJeztah/27.x_backport_testing-suse-apparmor
• 08de719 libnetwork/drivers/bridge: setupIPChains: fix defer checking wrong err
• 2a62319 Merge pull request #49100 from thaJeztah/27.x_backport_deprecate_pkg_system
• 6855ca1 integration-cli: don't skip AppArmor tests on SLES
• 224b305 docs/api: document correct case for Api-Version header
• Additional commits viewable in compare view

Updates github.com/hashicorp/hcl/v2 from 2.22.0 to 2.23.0

Release notes

Sourced from github.com/hashicorp/hcl/v2's releases.

v2.23.0

What's Changed

• Preserve marks when traversing unknown values by @​jbardin in hashicorp/hcl#699
• Better control of marks through conditional and for expressions by @​jbardin in hashicorp/hcl#710

Full Changelog: hashicorp/hcl@v2.22.0...v2.23.0

Changelog

Sourced from github.com/hashicorp/hcl/v2's changelog.

v2.23.0 (November 15, 2024)

Bugs Fixed

• Preserve marks when traversing through unknown values. (#699)
• Retain marks through conditional and for expressions. (#710)

Commits

• 56a9aee Merge pull request #710 from hashicorp/jbardin/marked-conditions
• b48ba6e pass marks through unknown ForExpr values
• bbfec2d pass all marks through conditional expressions
• d20d07f github: Pin action refs to latest trusted by TSCCR (#700)
• 3883feb docs(ext/dynblock): recursive function call typo in detecting variables (#686)
• 2eb163f Merge pull request #701 from hashicorp/d/fix-typo
• 65971e8 docs: use 'by' instead of 'prior to'
• 1dfc778 docs: fix typo
• 78fe993 Merge pull request #699 from hashicorp/jbardin/marked-traversals
• e2f43f4 Preserve marks when traversing unknown values
• See full diff in compare view

Updates github.com/moby/buildkit from 0.17.0 to 0.18.2

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.18.2

buildkit 0.18.2

Welcome to the v0.18.2 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Notable Changes

• Builtin Dockerfile frontend has been updated to v1.12.1 changelog
• Fix possible concurrent map write error #5577
• Update Runc to v1.2.3 to fix possible build error when using parallel cache mounts #5588 #5590

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.18.1

v0.18.1

Welcome to the v0.18.1 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Notable Changes

• Fix issue where builds from older versions of clients/frontends could result in missing "no-cache" behavior or original Dockerfile commands could be missing in progress output #5563

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.18.0

v0.18.0

Welcome to the v0.18.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

... (truncated)

Commits

• e4da654 Merge pull request #5601 from tonistiigi/v0.18.2-picks
• 987b409 dockerfile: fix named context replacement for child stages
• 873382b dockerfile: fix onbuild propagation for child stages
• 6614837 dockerfile: add regression test for parallel cache mounts
• 25649b3 Dockerfile: update runc binary to v1.2.3
• 36a6e05 llb: avoid concurrent map write on parallel marshal
• 4241ae2 update xx to v1.6.1
• 715418b hack: remove loong64 validation in archutil
• eb68885 Merge pull request #5564 from tonistiigi/v0.18.1-picks
• ec39add llbsolver: fix recompute test and avoid struct copy
• Additional commits viewable in compare view

Updates github.com/open-policy-agent/opa from 0.70.0 to 1.0.0

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.0.0

NOTES:

• The minimum version of Go required to build the OPA module is 1.22

We are excited to announce OPA 1.0, a milestone release consolidating an improved developer experience for the future of Policy as Code. The release makes new functionality designed to simplify policy writing and improve the language's consistency the default.

Changes to Rego in OPA 1.0

Below we highlight some key changes to the defaults in OPA 1.0:

• Using if for all rule definitions and contains for multi-value rules is now mandatory, not just when using the rego.v1 import.
• Other new keywords (every, in) are available without any imports.
• Previously requirements that were only run in "strict mode" (like opa check --strict) are now the default. Duplicate imports and imports which shadow each other are no longer allowed.
• OPA 1.0 comes with a range of backwards compatibility features to aid your migrations, please see the v0 compatibility guide if you must continue to support v0 Rego.

Read more about the OPA 1.0 announcement here on our blog.

Following are other changes that are included in OPA 1.0.

Improvements to memory allocations

PRs #7172, #7190, #7193, #7165, #7168, #7191 & #7222 together improve the memory performance of OPA. Key strategies include reusing pointers and optimizing array and object operations, minimizing intermediate object creation, and using sync.Pool to manage memory-heavy operations. These changes cumulatively greatly reduced the number of allocations and improved evaluation speed by 10-20%. Additional benchmarks highlighted significant memory and speed improvements in custom function evaluation.

Authored by @​anderseknert.

Wrap http.RoundTripper for SDK users

PR #7180 adds an EvalHTTPRoundTrip EvalOption and query-level WithHTTPRoundTrip option. Both use a new function type which converts an http.Transport configured by topdown to an http.RoundTripper. This supports use cases requiring the customization of the http.send built in behavior.

Authored by @​evankanderson.

Improvements to scientific notation parsing in units.parse

PR #7147 extends the behaviour of extractNumAndUnit to support scientific notation values. This means values such as 1e3KB can now be handled by this function.

Authored by @​berdanA.

Support customized buckets bundle_loading_duration_ns metric

PR #7156 extends OPA’s Prometheus configuration to allow the setting of user defined buckets for metrics. This aids when debugging the loading of slow bundles.

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.0.0

NOTES:

• The minimum version of Go required to build the OPA module is 1.22

We are excited to announce OPA 1.0, a milestone release consolidating an improved developer experience for the future of Policy as Code. The release makes new functionality designed to simplify policy writing and improve the language's consistency the default.

Changes to Rego in OPA 1.0

Below we highlight some key changes to the defaults in OPA 1.0:

• Using if for all rule definitions and contains for multi-value rules is now mandatory, not just when using the rego.v1 import.
• Other new keywords (every, in) are available without any imports.
• Previously requirements that were only run in "strict mode" (like opa check --strict) are now the default. Duplicate imports and imports which shadow each other are no longer allowed.
• OPA 1.0 comes with a range of backwards compatibility features to aid your migrations, please see the v0 compatibility guide if you must continue to support v0 Rego.

Read more about the OPA 1.0 announcement on the OPA blog.

Following are other changes that are included in OPA 1.0.

Improvements to memory allocations

PRs #7172, #7190, #7193, #7165, #7168, #7191 & #7222 together improve the memory performance of OPA. Key strategies include reusing pointers and optimizing array and object operations, minimizing intermediate object creation, and using sync.Pool to manage memory-heavy operations. These changes cumulatively greatly reduced the number of allocations and improved evaluation speed by 10-20%. Additional benchmarks highlighted significant memory and speed improvements in custom function evaluation.

Authored by @​anderseknert.

Wrap http.RoundTripper for SDK users

PR #7180 adds an EvalHTTPRoundTrip EvalOption and query-level WithHTTPRoundTrip option. Both use a new function type which converts an http.Transport configured by topdown to an http.RoundTripper. This supports use cases requiring the customization of the http.send built in behavior.

Authored by @​evankanderson.

Improvements to scientific notation parsing in units.parse

PR #7147 extends the behaviour of extractNumAndUnit to support scientific notation values. This means values such as 1e3KB can now be handled by this function.

Authored by @​berdanA.

... (truncated)

Commits

• 00cc7ae Prepare v1.0.0 release
• 94118ac docs/website/scripts: Control eval behavior via the rego.v1 import rather tha...
• bb10c56 docs/website/scripts: Eval pre-1.0 policies in v0 compatibility mode
• c91c895 go.mod: require go 1.22.7
• b8a1376 build(deps): bump the go-opentelemetry-io group with 6 updates (#7217)
• a190ea3 Fixing optimized numbers.range builtin reversed range bug (#7230)
• 9a7d920 Update docs and server binding addr per OPA v1.0 specs (#7140)
• c5757a5 build(deps): bump google.golang.org/grpc from 1.69.0 to 1.69.2
• c97b640 build(deps): bump golang.org/x/net from 0.32.0 to 0.33.0
• 50b5ee5 Reduce allocations, chapter III (#7222)
• Additional commits viewable in compare view

Updates github.com/owenrumney/squealer from 1.2.4 to 1.2.5

Release notes

Sourced from github.com/owenrumney/squealer's releases.

v1.2.5

What's Changed

• chore(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 by @​dependabot in owenrumney/squealer#122
• chore(deps): bump alpine from 3.20.2 to 3.20.3 by

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.