build(deps): bump the project-dependency group across 1 directory with 13 updates

[dependabot]

Bumps the project-dependency group with 11 updates in the / directory:

Package	From	To
github.com/containerd/cgroups/v3	3.1.2	3.1.3
github.com/containerd/containerd/v2	2.2.1	2.2.2
github.com/containerd/platforms	1.0.0-rc.2	1.0.0-rc.3
github.com/coreos/go-systemd/v22	22.6.0	22.7.0
github.com/onsi/ginkgo/v2	2.27.3	2.28.1
github.com/pelletier/go-toml/v2	2.2.4	2.3.0
github.com/runfinch/common-tests	0.10.1	0.10.4
github.com/sirupsen/logrus	1.9.4-0.20251023124752-b61f268f75b6	1.9.4
golang.org/x/sys	0.40.0	0.42.0
github.com/docker/docker-credential-helpers	0.9.4	0.9.5
github.com/open-policy-agent/opa	1.12.1	1.14.1

Updates github.com/containerd/cgroups/v3 from 3.1.2 to 3.1.3

Release notes

Sourced from github.com/containerd/cgroups/v3's releases.

v3.1.3

What's Changed

• build(deps): bump actions/cache from 4 to 5 by @​dependabot[bot] in containerd/cgroups#385
• Cg2: Expose OOMGroupKill event/writes by @​dcantah in containerd/cgroups#388
• Cg2: Add the ability to filter stats by @​dcantah in containerd/cgroups#387

Full Changelog: containerd/cgroups@v3.1.2...v3.1.3

Commits

• 076b5e0 Merge pull request #387 from dcantah/cg2-stats-filter
• 31da8b0 Merge pull request #388 from dcantah/oom-group-kill
• d72c9ce Cg2: Add ability to set memory.oom.group
• 4584088 Events: Add OOMGroupKill
• 9293fbb Cg2: Add the ability to filter stats
• 568b349 Merge pull request #385 from containerd/dependabot/github_actions/actions/cac...
• 90c5813 build(deps): bump actions/cache from 4 to 5
• See full diff in compare view

Updates github.com/containerd/containerd/v2 from 2.2.1 to 2.2.2

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.2.2

Welcome to the v2.2.2 release of containerd!

The second patch release for containerd 2.2 contains various fixes and improvements.

Highlights

Container Runtime Interface (CRI)

• Fix migrated CRI image config when using legacy registry mirrors (#12987)
• Unpack images with per-layer labels for runtime-specific snapshotters (#12936)
• Fix CNI issue where DEL is never executed after a restart (#12926)
• Harden error handling to strip potentially-sensitive registry parameters (#12804)
• Fix nil pointer dereference in container spec memory metrics when memory constraints are not fully configured (#12731)
• Use the specified runtime handler when pulling images (#12721)
• Reduce noisy CDI logs (#12717)
• Fix regression for pulling encrypted images (#12712)

Runtime

• Fix unintended dropping of mount flags for read-only bind-mounts in user namespaces (#12944)
• Fix AppArmor bug disallowing unix domain sockets on newer kernels (#12897)

ctr development tool

• Fix ctr image mount failing with "no such device" (#12831)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Maksym Pavlenko
• Akhil Mohan
• Samuel Karp
• Wei Fu
• Michael Zappa
• Phil Estes
• Fabiano Fidêncio
• Jérôme Poulin
• Luke Hinds
• Aadhar Agarwal
• Akihiro Suda
• Alex Chernyakhovsky
• Chris Adeniyi-Jones
• Kazuyoshi Kato
• Rodrigo Campos
• Sebastiaan van Stijn
• You Binhao
• ningmingxiao

... (truncated)

Commits

• 301b2da Merge pull request #12998 from samuelkarp/prepare-release-2.2.2
• 7e6ecf4 Prepare release notes for v2.2.2
• 5dc7bb2 Merge pull request #12987 from k8s-infra-cherrypick-robot/cherry-pick-12617-t...
• a20dead set default config_path in plugin init
• 8b085dd Merge pull request #12936 from fidencio/release-2.2/backport-12835
• 7022bea Merge pull request #12957 from k8s-infra-cherrypick-robot/cherry-pick-12950-t...
• 68855cb ci: modprobe xt_comment on almalinux
• 46fabcc Merge pull request #12944 from k8s-infra-cherrypick-robot/cherry-pick-12941-t...
• ef7a8be core/mount: add test for getUnprivilegedMountFlags
• 07b2cc0 core/mount: fix getUnprivilegedMountFlags iterating over indices instead of v...
• Additional commits viewable in compare view

Updates github.com/containerd/platforms from 1.0.0-rc.2 to 1.0.0-rc.3

Release notes

Sourced from github.com/containerd/platforms's releases.

v1.0.0-rc.3

What's Changed

• Update GitHub actions by @​dmcgowan in containerd/platforms#27
• Add support for OS Features in the format by @​dmcgowan in containerd/platforms#16
• Match and Compare platforms with OSFeatures by @​dmcgowan in containerd/platforms#20
• Add encoding to os version and features by @​dmcgowan in containerd/platforms#28

Full Changelog: containerd/platforms@v1.0.0-rc.2...v1.0.0-rc.3

Commits

• e543b9f Merge pull request #28 from dmcgowan/encode-os-version
• 3cff7fa Add encoding to os version and features
• 54c1ef4 Merge pull request #20 from dmcgowan/match-features
• 1b8cf34 Add compare and matching for OS features
• b42036f Merge pull request #16 from dmcgowan/add-os-features
• 2474351 Sort OSFeatures on format
• 5b124ef Add support for OS Features in the format
• 005d370 Merge pull request #27 from dmcgowan/update-github-actions
• 7c872f6 Update golangci lint
• 50e5387 Update go version to latest
• Additional commits viewable in compare view

Updates github.com/coreos/go-systemd/v22 from 22.6.0 to 22.7.0

Release notes

Sourced from github.com/coreos/go-systemd/v22's releases.

v22.7.0

This release fixes an issue with multiple calls to (e.g.) StopUnit, simplifies and improves code and documentation, and adds a few new methods.

What's Changed

• build(deps): bump actions/setup-go from 5 to 6 by @​dependabot[bot] in coreos/go-systemd#473
• Fixing error on negative value of LISTEN_FDS by @​vporoshok in coreos/go-systemd#472
• Misc error reporting improvements by @​kolyshkin in coreos/go-systemd#475
• daemon: add SdNotifyMonotonicUsec helper function by @​corhere in coreos/go-systemd#435
• build(deps): bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in coreos/go-systemd#481
• build(deps): bump actions/checkout from 5 to 6 by @​dependabot[bot] in coreos/go-systemd#483
• dbus: fix TestSetUnitProperties wrt systemd >= 252 by @​kolyshkin in coreos/go-systemd#489
• Sync repo templates ⚙ by @​coreosbot-releng in coreos/go-systemd#486
• unit: simplify escape character by @​huww98 in coreos/go-systemd#485
• machine1: add missing close method to conn. by @​maartensson in coreos/go-systemd#487
• subscription: Added context cancellation and sync to subscription set by @​NotSoFancyName in coreos/go-systemd#480
• ci: improvements by @​kolyshkin in coreos/go-systemd#490
• import1: add missing close method to conn by @​maartensson in coreos/go-systemd#492
• sdjournal: fix copyrights by @​kolyshkin in coreos/go-systemd#499
• activation: simplify ListenersWithNames by @​kolyshkin in coreos/go-systemd#498
• dbus: allow multiple calls for the same unit to *Unit by @​haircommander in coreos/go-systemd#496
• Documentation nits by @​kolyshkin in coreos/go-systemd#500
• dbus: dedup result conversion code by @​kolyshkin in coreos/go-systemd#493
• add FilesWithNames() to activation by @​MayCXC in coreos/go-systemd#497
• Add support for transient units with auxiliary units by @​gwenya in coreos/go-systemd#495
• activation: stub out for plan9 by @​flokli in coreos/go-systemd#440

New Contributors

• @​vporoshok made their first contribution in coreos/go-systemd#472
• @​corhere made their first contribution in coreos/go-systemd#435
• @​huww98 made their first contribution in coreos/go-systemd#485
• @​maartensson made their first contribution in coreos/go-systemd#487
• @​haircommander made their first contribution in coreos/go-systemd#496
• @​MayCXC made their first contribution in coreos/go-systemd#497
• @​gwenya made their first contribution in coreos/go-systemd#495
• @​flokli made their first contribution in coreos/go-systemd#440

Full Changelog: coreos/go-systemd@v22.6.0...v22.7.0

Commits

• 4dc4ee6 activation: stub out for plan9
• 8f5a75c dbus: add StartTransientUnitAux for starting transient units with auxiliary u...
• 9211a7b activation: add FilesWithNames()
• 2c3ebed dbus: dedup result conversion code
• aac8e00 unit: fix Deserialize deprecation notice
• d4795ce Fix doc references
• abb50b3 dbus: allow multiple calls for the same unit to *Unit
• 27f6bea activation: simplify ListenersWithNames
• e615438 sdjournal: fix copyrights
• d25876d import1: add missing close method to conn
• Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.27.3 to 2.28.1

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.28.1

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v2.28.0

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

v2.27.5

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

v2.27.4

2.27.4

Fixes

• CurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

2.27.4

Fixes

• CurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]

Commits

• 5d1d628 v2.28.1
• 676f985 update test mu language
• 8032100 appease go vet
• 41ca807 bump dependencies
• 2b2305b v2.28.0
• 71d2d89 feat: support component semantic version filtering
• 8cbbcb4 Fix doclink for ginkgo run
• a928307 v2.27.5
• 0d0e96d don't make a new formatter for each GinkgoT(); that's just silly and uses pre...
• 867ce95 v2.27.4
• Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.38.3 to 1.39.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.39.0

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

Commits

• 49561ad v1.39.0
• 8f7f425 document MatchErrorStrictly
• bae643d add matcher relecting errors.Is behavior
• See full diff in compare view

Updates github.com/pelletier/go-toml/v2 from 2.2.4 to 2.3.0

Release notes

Sourced from github.com/pelletier/go-toml/v2's releases.

v2.3.0

This is the first release built largely with the help of AI coding agents. Highlights include the complete removal of the unsafe package. go-toml is now fully safe Go code, with a geomean overhead of only ~1.4% vs v2.2.4 and zero additional allocations on benchmarks. This release also adds omitzero struct tag support, improves UnmarshalText/Unmarshaler handling for tables and array tables, and fixes several bugs including nil pointer marshaling, leap second handling, and datetime unmarshaling panics.

What's Changed

What's new

• marshal: don't escape quotes unnecessarily by @​virtuald in pelletier/go-toml#991
• Add omitzero tag support by @​NathanBaulch in pelletier/go-toml#998
• Support custom IsZero() methods with omitzero tag by @​pelletier in pelletier/go-toml#1020
• UnmarshalText fallbacks to struct unmarshaling for tables and arrays by @​pelletier in pelletier/go-toml#1026
• [unstable] Support Unmarshaler interface for tables and array tables by @​pelletier in pelletier/go-toml#1027

Fixed bugs

• Add missing UnmarshalTOML call by @​pelletier in pelletier/go-toml#996
• Handle array table into an empty slice by @​pelletier in pelletier/go-toml#997
• Unwrap strict errors by @​bersace in pelletier/go-toml#1012
• Fix leap second handling found by fuzz by @​pelletier in pelletier/go-toml#1019
• Fix nil pointer map values not being marshaled by @​pelletier in pelletier/go-toml#1025
• Fix panic when unmarshaling datetime values to incompatible types (#1028) by @​pelletier in pelletier/go-toml#1029
• Fix parser error pointing to wrong line at EOF without trailing newline by @​pelletier in pelletier/go-toml#1041

Documentation

• Improve Unmarshaling README by @​heckelson in pelletier/go-toml#1016
• Create AGENTS.md guidelines file by @​pelletier in pelletier/go-toml#1017

Other changes

• Unsafe package removal by @​pelletier in pelletier/go-toml#1021
• Bump CI and test scripts to Go 1.26 by @​pelletier in pelletier/go-toml#1030

New Contributors

• @​virtuald made their first contribution in pelletier/go-toml#991
• @​NathanBaulch made their first contribution in pelletier/go-toml#999
• @​bersace made their first contribution in pelletier/go-toml#1012
• @​flyn-org made their first contribution in pelletier/go-toml#1013
• @​heckelson made their first contribution in pelletier/go-toml#1016

Full Changelog: pelletier/go-toml@v2.2.4...v2.3.0

Commits

• f36a3ec Reduce marshal and unmarshal overhead (#1044)
• 77f3862 Fix benchmark script replacing internal package imports (#1042)
• 16b1ef5 Fix parser error pointing to wrong line when last line has no trailing newlin...
• e14bde7 build(deps): bump docker/login-action from 3 to 4 (#1039)
• 4b1ff01 build(deps): bump docker/setup-buildx-action from 3 to 4 (#1040)
• 048a25f Go 1.26 (#1030)
• b357558 build(deps): bump goreleaser/goreleaser-action from 6 to 7 (#1035)
• a0be52f build(deps): bump actions/upload-artifact from 6 to 7 (#1036)
• 316bfc6 Support Unmarshaler interface for tables and array tables (#1027)
• 2edc61f Fix panic when unmarshaling datetime values to incompatible types (#1028) (#1...
• Additional commits viewable in compare view

Updates github.com/runfinch/common-tests from 0.10.1 to 0.10.4

Release notes

Sourced from github.com/runfinch/common-tests's releases.

v0.10.4

0.10.4 (2026-01-12)

Bug Fixes

• add grace period to allow registry to start up (#282) (cfbacce)

v0.10.3

0.10.3 (2026-01-08)

Bug Fixes

• handle abs path in subject when getting nerdctl version (#280) (38e1fdf)

v0.10.2

0.10.2 (2026-01-08)

Bug Fixes

• skip healthcheck when nerdctl < 2.2.1 (#276) (afd3ee2)

Changelog

Sourced from github.com/runfinch/common-tests's changelog.

0.10.4 (2026-01-12)

Bug Fixes

• add grace period to allow registry to start up (#282) (cfbacce)

0.10.3 (2026-01-08)

Bug Fixes

• handle abs path in subject when getting nerdctl version (#280) (38e1fdf)

0.10.2 (2026-01-08)

Bug Fixes

• skip healthcheck when nerdctl < 2.2.1 (#276) (afd3ee2)

Commits

• 7ee3208 chore(main): release 0.10.4 (#283)
• cfbacce fix: add grace period to allow registry to start up (#282)
• b04e346 chore(main): release 0.10.3 (#281)
• 38e1fdf fix: handle abs path in subject when getting nerdctl version (#280)
• 2279f8e chore(main): release 0.10.2 (#279)
• afd3ee2 fix: skip healthcheck when nerdctl < 2.2.1 (#276)
• c9b3409 chore: scope down workflows (#274)
• See full diff in compare view

Updates github.com/sirupsen/logrus from 1.9.4-0.20251023124752-b61f268f75b6 to 1.9.4

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.4

Notable changes

• go.mod: update minimum supported go version to v1.17 sirupsen/logrus#1460
• go.mod: bump up dependencies sirupsen/logrus#1460
• Touch-up godoc and add "doc" links.
• README: fix links, grammar, and update examples.
• Add GNU/Hurd support sirupsen/logrus#1364
• Add WASI wasip1 support sirupsen/logrus#1388
• Remove uses of deprecated ioutil package sirupsen/logrus#1472
• CI: update actions and golangci-lint sirupsen/logrus#1459
• CI: remove appveyor, add macOS sirupsen/logrus#1460

Full Changelog: sirupsen/logrus@v1.9.3...v1.9.4

Changelog

Sourced from github.com/sirupsen/logrus's changelog.

1.9.4

Fixes:

• Remove uses of deprecated ioutil package

Features:

• Add GNU/Hurd support
• Add WASI wasip1 support

Code quality:

• Update minimum supported Go version to 1.17
• Documentation updates

1.9.3

Fixes:

• Re-apply fix for potential denial of service in logrus.Writer() when logging >64KB single-line payloads without newlines (#1376)
• Fix panic in Writer

1.9.2

Fixes:

• Revert Writer DoS fix (#1376) due to regression

1.9.1

Fixes:

• Fix potential denial of service in logrus.Writer() when logging >64KB single-line payloads without newlines (#1376)

1.9.0

Fixes:

• Multiple concurrency and race condition fixes
• Improve Windows terminal and ANSI handling

Code quality:

• Internal cleanups and modernization

1.8.3

Fixes:

• Fix potential denial of service in logrus.Writer() when logging >64KB single-line payloads without newlines (#1376)

1.8.2

... (truncated)

Commits

• See full diff in compare view

Updates golang.org/x/net from 0.48.0 to 0.49.0

Commits

• d977772 go.mod: update golang.org/x dependencies
• eea413e internal/http3: use go1.25 synctest.Test instead of go1.24 synctest.Run
• 9ace223 websocket: add missing call to resp.Body.Close
• 7d3dbb0 http2: buffer the most recently received PRIORITY_UPDATE frame
• See full diff in compare view

Updates golang.org/x/sys from 0.40.0 to 0.42.0

Commits

• eaaaaee windows/registry: correct KeyInfo.ModTime calculation
• 942780b cpu: darwin/arm64 feature detection
• acef388 unix/linux: Prefixmsg and PrefixCacheinfo structs
• 3687fbd cpu: better defaults on darwin ARM64
• 48062e9 plan9: change Note to alias syscall.Note
• 4f23f80 windows: change Signal to alias syscall.Signal
• 7548802 all: upgrade go directive to at least 1.25.0 [generated]
• fc646e4 cpu: use IsProcessorFeaturePresent to calculate ARM64 on windows
• f11c7bb windows: add IsProcessorFeaturePresent and processor feature consts
• d25a7aa unix: add IoctlSetString on all platforms
• Additional commits viewable in compare view

Updates github.com/docker/docker-credential-helpers from 0.9.4 to 0.9.5

Release notes

Sourced from github.com/docker/docker-credential-helpers's releases.

v0.9.5

What's Changed

• build(deps): bump actions/checkout from 5 to 6 docker/docker-credential-helpers#395
• build(deps): bump actions/upload-artifact from 4 to 6 docker/docker-credential-helpers#398
• build(deps): bump softprops/action-gh-release from 2.3.3 to 2.4.1 docker/docker-credential-helpers#391
• build(deps): bump softprops/action-gh-release from 2.4.1 to 2.5.0 docker/docker-credential-helpers#397
• Dockerfile: remove redundant DEBIAN_FRONTEND=noninteractive docker/docker-credential-helpers#404
• Dockerfile: update golangci-lint to v2.8 docker/docker-credential-helpers#402
• gha: update some actions to ubuntu 24.04 docker/docker-credential-helpers#401
• update to go1.25.2 docker/docker-credential-helpers#392
• update to go1.25.5 docker/docker-credential-helpers#399

Full Changelog: docker/docker-credential-helpers@v0.9.4...v0.9.5

Commits

• b871f76 Merge pull request #404 from thaJeztah/rm_noninteractive
• 50c1460 Dockerfile: remove redundant DEBIAN_FRONTEND=noninteractive
• aecf6e5 Merge pull request #402 from thaJeztah/bump_golangci_lint
• ecf6c1c Merge pull request #399 from ameya-keskar/bump_go_1.25.5
• b844409 update to go1.25.5
• 9df2c77 Merge pull request #401 from thaJeztah/bump_ubuntu
• 7a15b77 Dockerfile: update golangci-lint to v2.8
• 81f7ebe gha: update some actions to ubuntu 24.04
• 3f97cf3 Merge pull request #398 from docker/dependabot/github_actions/actions/upload-...
• 8b5e6df Merge pull request #397 from docker/dependabot/github_actions/softprops/actio...
• Additional commits viewable in compare view

Updates github.com/open-policy-agent/opa from 1.12.1 to 1.14.1

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.14.1

This is a patch release collecting two bug fixes and various dependency updates for Golang standard library and common package vulnerabilities.

These bug fixes include a revert of the rule indexer tweaks shipped in 1.14.0, which had caused unexpected lookup failures for some users. (We expect to properly fix the issue in 1.15.0, but for now, a revert is the quicker choice.)

Changes

• Fix intermittent plugins manager deadlock on opa.configure (#8407)
• Revert "ast: make rule index track var assignments and x in {...} (#8341)" (#8410)
• build: bump deps (go.mod from main)
• build: bump go 1.26.1 (#8409)

v1.14.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

• Improved rule indexing of variable assignments and x in {...} expressions
• Support for --h2c with unix domain socket for opa run
• A new glossary tooltip for technical terms in the docs
• Fixes published in the v1.13.1 and v1.13.2 releases

Improved rule indexing of variable assignments and x in {...} expressions (#1841)

With this change, the rule indexer will index expressions like:

allow if input.role in {"admin", "user"}

On lookup, the rule body will only be returned if input.role is either one of "admin" or "user".

The reverse case is also indexed:

allow if "admin" in input.roles

in which the searched collection is unknown.

Authored by @​srenatus reported by @​nischalsheth

Runtime, SDK, Tooling

• cmd,run: Support --h2c with unix domain socket (UDS) (#8282) authored by @​srenatus reported by @​theJC
• cmd,tester: Add line number next to test file in pretty format (#8328) authored by @​sspaink reported by @​anderseknert
• plugins: Fix race accessing registeredTriggers (#8363) reported and authored by @​szuecs
• rego: Add ResultValue[T]() helper method (#8320) authored by @​srenatus
• runtime: Add custom storage backend registration API (#8277) authored and reported by @​alex60217101990
• topdown: Add config option to disable named inter-query built-in cache (#7519) authored by @​sspaink reported by @​johanfylling

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.14.1

This is a patch release collecting two bug fixes and various dependency updates for Golang standard library and common package vulnerabilities.

These bug fixes include a revert of the rule indexer tweaks shipped in 1.14.0, which had caused unexpected lookup failures for some users. (We expect to properly fix the issue in 1.15.0, but for now, a revert is the quicker choice.)

Changes

• Fix intermittent plugins manager deadlock on opa.configure (#8407)
• Revert "ast: make rule index track var assignments and x in {...} (#8341)" (#8410)
• build: bump deps (go.mod from main)
• build: bump go 1.26.1 (#8409)

1.14.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

• Improved rule indexing of variable assignments and x in {...} expressions
• Support for --h2c with unix domain socket for opa run
• A new glossary tooltip for technical terms in the docs
• Fixes published in the v1.13.1 and v1.13.2 releases

Improved rule indexing of variable assignments and x in {...} expressions (#1841)

With this change, the rule indexer will index expressions like:

allow if input.role in {"admin", "user"}

On lookup, the rule body will only be returned if input.role is either one of "admin" or "user".

The reverse case is also indexed:

allow if "admin" in input.roles

in which the searched collection is unknown.

Authored by @​srenatus reported by @​nischalsheth

Runtime, SDK, Tooling

• cmd,run: Support --h2c with unix domain socket (UDS) (#8282) authored by @​srenatus reported by @​theJC
• cmd,tester: Add line number next to test file in pretty format (#8328) authored by @​sspaink reported by @​anderseknert
• plugins: Fix race accessing registeredTriggers (#8363) reported and authored by @​szuecs
• rego: Add ResultValue[T]() helper method (#8320) authored by @​srenatus
• runtime: Add custom storage backend registration API (#8277) authored and reported by @​alex60217101990
• topdown: Add config option to disable named inter-query built-in cache (#7519) authored by @​sspaink reported by @​johanfylling

... (truncated)

Commits

• 3d1bac4 Patch release v1.14.1
• 13ef6b8 build: bump deps (go.mod from main)
• 8836a79 Fix intermittent plugins manager deadlock on opa.configure (#8407)
• c416fd9 Revert "ast: make rule index track var assignments and x in {...} (#8341)" ...
• 3d57b2e build: bump go 1.26.1 (#8409)
• acf81e8 Release v1.14.0 (#8379)
• b4b04a6 ci: Fix check-changes job skipping over YAML changes. (#8377)
• 3c5b7c6 docs: Document metrics for http.send, regex, and glob builtins (#8103)
• 29918f9 rego: disable rule indexing for benchmark
• 9d124cb ast: Ensure term values implement string lengther (#8374)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgra...

Description has been truncated