Update dependency open-policy-agent/opa to v0.63.0 by renovate[bot] · Pull Request #195 · redhat-cop/github-actions · GitHub
Skip to content

Update dependency open-policy-agent/opa to v0.63.0#195

Merged
garethahealy merged 1 commit into
mainfrom
renovate/open-policy-agent-opa-0.x
Apr 1, 2024
Merged

Update dependency open-policy-agent/opa to v0.63.0#195
garethahealy merged 1 commit into
mainfrom
renovate/open-policy-agent-opa-0.x

Conversation

@renovate

@renovate renovate Bot commented Mar 4, 2024

Copy link
Copy Markdown
Contributor

Mend Renovate

This PR contains the following updates:

Package Update Change
open-policy-agent/opa minor v0.61.0 -> v0.63.0

Release Notes

open-policy-agent/opa (open-policy-agent/opa)

v0.63.0

Compare Source

v0.63.0

This release contains a mix of features, performance improvements, and bugfixes.

Runtime, Tooling, SDK
Topdown and Rego
Docs + Website + Ecosystem
Miscellaneous
  • chore: Remove repetitive words (#​6644) authored by @​occupyhabit
  • Dependency updates; notably:
    • build(deps): bump github.com/containerd/containerd from 1.7.13 to 1.7.14
    • build(deps): bump github.com/golang/protobuf from 1.5.3 to 1.5.4
    • build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1

v0.62.1

Compare Source

This is a security fix release for the fixes published in Go 1.22.1.

OPA servers using --authentication=tls would be affected: crafted malicious client certificates could cause a panic in the server.

Also, crafted server certificates could panic OPA's HTTP clients, in bundle plugin, status and decision logs; and http.send calls that verify TLS.

This is CVE-2024-24783 (https://pkg.go.dev/vuln/GO-2024-2598).

Note that there are other security fixes in this Golang release, but whether or not OPA is affected is harder to assess. An update is advised.

Miscellaneous

v0.62.0

Compare Source

NOTES:

  • The minimum version of Go required to build the OPA module is 1.20

This release contains a mix of improvements and bugfixes.

Runtime, Tooling, SDK
  • cmd: Add environment variable backups for command-line flags (#​6508) authored by @​colinjlacy
  • download/oci: Add missing WithBundleParserOpts method to OCI downloader (#​6571) authored by @​slonka
  • logging: avoid %!F(MISSING) in logs by skipping calls to the {Debug,Info,Warn,Error}f functions when there are no arguments (#​6555) authored by @​srenatus
Topdown and Rego
Docs + Website + Ecosystem
Miscellaneous
  • Add Elastic to ADOPTERS.md (#​6568) authored by @​orouz
  • Dependency updates; notably:
    • bump golang 1.21.5 -> 1.22 (#​6595) authored by @​srenatus
    • bump google.golang.org/grpc from 1.61.0 to 1.62.0
    • bump golang.org/x/net from 0.19.0 to 0.21.0
    • bump github.com/containerd/containerd from 1.7.12 to 1.7.13
    • bump aquasecurity/trivy-action from 0.16.1 to 0.17.0
    • bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0
    • bump github.com/opencontainers/image-spec from 1.1.0-rc5 to 1.1.0-rc6

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate Bot requested a review from a team as a code owner March 4, 2024 03:34
@renovate renovate Bot changed the title Update dependency open-policy-agent/opa to v0.62.0 Update dependency open-policy-agent/opa to v0.62.1 Mar 6, 2024
@renovate renovate Bot force-pushed the renovate/open-policy-agent-opa-0.x branch from 029c814 to ea610a6 Compare March 6, 2024 13:50
@renovate renovate Bot changed the title Update dependency open-policy-agent/opa to v0.62.1 Update dependency open-policy-agent/opa to v0.63.0 Mar 28, 2024
@renovate renovate Bot force-pushed the renovate/open-policy-agent-opa-0.x branch from ea610a6 to a5aedb2 Compare March 28, 2024 20:45
@garethahealy garethahealy merged commit fcc095c into main Apr 1, 2024
@renovate renovate Bot deleted the renovate/open-policy-agent-opa-0.x branch April 1, 2024 12:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant