chore(deps): bump github.com/google/cel-go from 0.26.0 to 0.27.0

[dependabot]

Bumps github.com/google/cel-go from 0.26.0 to 0.27.0.

Release notes

Sourced from github.com/google/cel-go's releases.

Release v0.27.0

Release Summary

This release focuses on improving developer tooling and stability. Key highlights include significant enhancements to the REPL (YAML configuration support and parse-only evaluation), the addition of cost estimation for regex operations, and improved test coverage reporting.

On the stability front, this release addresses race conditions in reference types, improves namespace resolution, and ensures formatting directives align strictly with the CEL specification.

Note: This release includes a breaking change regarding how types are handled as variables. Please review the "Breaking Changes" section below.

⚠ Breaking Changes

Remove types as variables: The logic for handling types has been relaxed to support safe rollout of feature packages which introduce new types whose names may collide with existing variables. Please review your policies if you relied on types behaving strictly as variables in previous versions. [PR #1262](google/cel-go#1262)

Features & Enhancements

REPL & Tooling

• YAML Configuration: The REPL now supports reading and writing YAML environment configurations. [PR #1250](google/cel-go#1250)

• Parse-Only Mode: Added parse-only evaluation capabilities to the REPL. [PR #1254](google/cel-go#1254)

• Test Coverage: Introduced logic for CEL test coverage calculation and updated the reporter to handle error/unknown scenarios.[PR #1209](google/cel-go#1209) & [PR #1215](google/cel-go#1215)

Core Library

• Regex Costing: Added support for cost estimation and tracking within the regex library. [PR #1200](google/cel-go#1200)

• JSON Type Exposure: Exposed CEL JSON types to assist developers in converting to native values. [PR #1261](google/cel-go#1261)

• Policy Composition: Source information is now preserved during CEL policy composition, aiding in debugging. [PR #1253](google/cel-go#1253)

Extensibility:

• Updated extension option factory to resolve by ID (#1249).

• Refactored match output compiling to accept user-defined logic (#1246).

• Exposed Match source ID to callers (#1227).

Build & Maintenance

• Bazel: Migrated to use Bazel module only and improved configuration for dependent builds. [PR #1231](google/cel-go#1231) & [PR #1228](google/cel-go#1228)

• Cleanup: Removed strcase dependency, removed AppEngine code from REPL, and performed general linting. [PR #1230](google/cel-go#1230), #1216, #1251

Bug Fixes

• Concurrency: Fixed a race condition in the checker regarding reference types. [PR #1224](google/cel-go#1224)

• Namespace Resolution: Addressed an issue with namespace resolution. [PR #1256](google/cel-go#1256)

• Spec Compliance: Fixed formatting directives to fully support requirements documented in the cel-spec. [PR #1232](google/cel-go#1232)

... (truncated)

Commits

• 450089b Preserve source information during CEL policy composition. (#1253)
• c66b313 Remove types as variables to allow user-defined variables to shadow type decl...
• bff3a72 Expose the CEL JSON types to assist with conversion to native values (#1261)
• 559cbc9 Remove errant diff checked into a prior PR (#1260)
• fe26efa Simplify the disambiguation logic to a single boolean (#1263)
• 52280ba Clean up unused source info after checker rewrites the AST. (#1258)
• 3cb5705 Namespace resolution fix (#1256)
• 409bcbe Refactor match output compiling to accept user-defined logic. (#1246)
• e9f15ea Enable two var comprehension conformance tests. (#1255)
• 057fa1a Add parse only evaluation to REPL (#1254)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[netlify]

✅ Deploy Preview for gateway-api-inference-extension ready!

Name	Link
🔨 Latest commit	aac868d
🔍 Latest deploy log	https://app.netlify.com/projects/gateway-api-inference-extension/deploys/69aff96b1751cf000999ff6f
😎 Deploy Preview	https://deploy-preview-2458--gateway-api-inference-extension.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[k8s-ci-robot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[elevran]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot], elevran
Once this PR has been reviewed and has the lgtm label, please assign ahg-g for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[nirrozenbaum]

/hold

the new cel-go release is announcing breaking changes. this was added recently as part of cost report plugin based on cel expression in the configuration of the plugin. it should be tested before merging (that plugin is not included in the ci tests and therefore might be missed)

[k8s-ci-robot]

New changes are detected. LGTM label has been removed.