chore(deps): update module github.com/open-policy-agent/opa to v1

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/open-policy-agent/opa	v0.70.0 -> v1.2.0

---

Release Notes

open-policy-agent/opa (github.com/open-policy-agent/opa)

v1.2.0

Compare Source

This release contains a mix of features, performance improvements, and bugfixes.

Parameterized Rego Tests (#​2176)

Rego tests now support parameterization, allowing a single test rule to include multiple, hierarchical, named test cases.
This feature is useful for data-driven testing, where a single test rule can be used for multiple test cases with different inputs and expected outputs.

package example_test

test_concat[note] if {
	some note, tc in {
		"empty + empty": {
			"a": [],
			"b": [],
			"exp": [],
		},
		"empty + filled": {
			"a": [],
			"b": [1, 2],
			"exp": [1, 2],
		},
		"filled + filled": {
			"a": [1, 2],
			"b": [3, 4],
			"exp": [1, 2, 3], # Faulty expectation, this test case will fail
		},
	}

	act := array.concat(tc.a, tc.b)
	act == tc.exp
}

$ opa test example_test.rego
example_test.rego:
data.example_test.test_concat: FAIL (263.375µs)
  empty + empty: PASS
  empty + filled: PASS
  filled + filled: FAIL
--------------------------------------------------------------------------------
FAIL: 1/1

See the documentation for more information.

Authored by @​johanfylling, reported by @​anderseknert

Performance Improvements

• perf: Add ref.CopyNonGround (#​7350) authored by @​anderseknert
• perf: opa fmt 3x faster formatting (#​7341) authored by @​anderseknert
• perf: Cost of indexing greatly reduced (#​7370) authored by @​anderseknert
• perf: Eval optimizations (#​7367) authored by @​anderseknert
• perf: Intern annotation terms (#​7365) authored by @​anderseknert
• perf: Slightly more efficient policy scanning (#​7368) authored by @​anderseknert
• perf: Switch to a faster xxhash package (7362) authored by @​Juneezee
• perf: Use GetByValue to avoid boxing to interface{} (#​7372) authored by @​anderseknert
• perf: Various small improvements (#​7357) authored by @​anderseknert
• perf: Improve storage lookup performance (#​7336) authored by @​anderseknert
• perf: optimize iteration (#​7327) authored by @​anderseknert

Topdown and Rego

• rego+topdown: Allow providing custom base cache (#​7329) authored by @​anderseknert

Runtime, Tooling, SDK

• ast: Add missing BuildAnnotationSet to ast v0 (#​7347) authored by @​anderseknert
• ast: Eliminate allocation in Value.Find, and other improvements (#​7319) authored by @​anderseknert
• ast: Use byte for RuleKind and DocKind (#​7332) authored by @​anderseknert
• ast.InterfaceToValue: add test case for []byte (#​7379) authored by @​dennygursky
• ast: support []string and ast.Value in ast.InterfaceToValue (#​7306) authored by @​regeda
• bundle: Fixing issue where --v0-compatible isn't respected for custom bundles (#​7338) authored by @​johanfylling
• cmd: Handle failing tests in opa test --bench (#​7205) authored by @​anderseknert
• cmd: Add decision ID to opa exec output (#​7373) authored by @​anderseknert
• oracle: Make oracle public under v1/ast/oracle (#​7265) authored by @​anderseknert
• oracle: Allow passing own compiler to oracle (#​7354) authored by @​anderseknert
• plugins/discovery: Enable tracing for discovery plugin (#​7299) authored by @​mjungsbluth
• plugins/rest: Do not attach authorization header in bearerAuthPlugin if response is a redirect (#​7308) authored by @​carabasdaniel
• server+distributedtracing: Add Additional Resource Attributes for OpenTelemetry (#​7322) authored by @​briankahoot reported by @​briankahoot
• util: Add util.HasherMap (#​7363) authored by @​anderseknert

Docs, Website, Ecosystem

• docs: Add support link to README (#​7359) (authored by @​anderseknert)
• docs: Update example bundle to be v1 compatible (#​7342) authored by @​ashutosh-narkar
• docs: Add note about v1.0 addr behaviour (#​7360) authored by @​charlieegan3 reported by @​ali-jalaal
• docs: Update homepage examples to drop v1 import (#​7391) authored by @​charlieegan3
• docs: Updating --v1-compatible mentions outside the v1 upgrade guide and v0 compatibility docs (#​7337) authored by @​johanfylling
• docs: Fixed invalid links to examples (#​7326) authored by @​JonathanDeLaCruzEncora
• MAINTAINERS: Add Anders and Charlie as maintainers (#​7318) authored by @​charlieegan3

Miscellaneous

• build+test: Add make test-short task (#​7364) (authored by @​anderseknert)
• build: Add gocritic linter (#​7377) authored by @​anderseknert
• build: Add nilness linter from govet (#​7335) authored by @​anderseknert
• build: Add perfsprint linter (#​7334) authored by @​anderseknert
• ci: Tagging release binaries with build version (#​7395, #​7397, #​7400) authored by @​johanfylling
• test: fix race in TestIntraQueryCache_ClientError and TestInterQueryCache_ClientError (#​7280) authored by @​Juneezee
• misc: Use Go 1.22+ int ranges (#​7328) authored by @​anderseknert
• Dependency updates; notably:
  • build: bump go from 1.23.5 to 1.24.0
  • build(deps): bump github.com/agnivade/levenshtein from 1.2.0 to 1.2.1
  • build(deps): bump github.com/containerd/containerd from 1.7.25 to 1.7.26
  • build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0
  • build(deps): bump github.com/prometheus/client_golang
  • build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1
  • build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6
  • build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0
  • build(deps): bump golang.org/x/time from 0.9.0 to 0.10.0
  • build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1
  • Bump golangci-lint from v1.60.1 to 1.64.5

v1.1.0

Compare Source

This release contains a mix of features, performance improvements, and bugfixes.

Performance Improvements

• ast: Remove jsonOptions from AST nodes and terms (#​7281) authored by @​anderseknert
• ast+plugins: Optimize activation of bundles with no inter-bundle path overlap (#​7144) authored and reported by @​sqyang94
• bundle: Optimizing rego-version management in bundle activation (#​7296) authored by @​johanfylling
• cmd: Don't generate JSON from result in opa bench (#​7291) authored by @​anderseknert
• topdown: Adding configurable token cache to io.jwt token verification built-ins (#​7274) authored by @​johanfylling
• topdown: Reduce allocations in hot path (#​7288) authored by @​anderseknert
• perf: Improvements to terms and built-in functions (#​7284) authored by @​anderseknert
• perf: add Regorus ACI benchmark tests (#​7298) authored by @​anderseknert
• plugins: Don't use reflect.DeepEqual for errors (#​7238) authored by @​anderseknert
• testing: replace reflect.DeepEqual where possible (#​7286) authored by @​anderseknert

Topdown and Rego

• topdown: Fix out of range error in numbers.range built-in (#​7269) authored by @​anderseknert
• topdown+rego+server: Allow opt-in for evaluating non-det builtins in PE (#​6496) authored by @​srenatus

Runtime, Tooling, SDK

• bundle: Add info about the correct rego version to parse modules on the store (#​7278) co-authored by @​ashutosh-narkar and @​johanfylling
• bundle+plugins: Fixing issue where bundle plugin could panic on reconfiguration (SDK use) (#​7297) authored by @​johanfylling reported by @​carabasdaniel
• cmd: Fix printed representation of ref head rules in opa repl (#​7301) authored by @​anderseknert reported by @​tsandall
• cmd: Respect --v0-compatible for opa eval partial eval support modules (#​7251) authored by @​johanfylling
• golangci: fix invalid linter-settings configuration name (#​7244) authored by @​Juneezee
• plugins/logs: Add support for masking with array keys (#​6883) authored by @​charlieegan3
• tester: code nitpicks (#​7252) authored by @​srenatus
• util: Add util.Keys and util.KeysSorted (#​7285) authored by @​anderseknert

Docs, Website, Ecosystem

• docs: Update docker compose file in HTTP API tutorial and use addr for binding (#​7264) authored and reported by @​zanliffick
• docs: Make 'ancient' warnings closable (#​7253) authored by @​srenatus reported by @​konradzagozda
• docs: Redirect opa-1 to v0-upgrade (#​7259) authored by @​charlieegan3
• docs: Use preformatted strings in fmt help (#​7263) authored by @​charlieegan3
• docs: Fix typo in k8s primer (#​7242) authored by @​vicentinileonardo
• docs: Formatting and wording fixes (#​7268) authored by @​kamilturek
• docs: Update output document of Envoy plugin. (#​7241) authored by @​regeda

Miscellaneous

• ci(nightly): Remove vendor w/o modproxy check (#​7292) authored by @​srenatus
• Dependency updates; notably:
  • build(go): bump to 1.23.5 (7279) authored by @​srenatus
  • build(deps): upgrade github.com/dgraph-io/badger to v4 (4.5.1) (#​7239) authored by @​Juneezee
  • build(deps): bump github.com/containerd/containerd from 1.7.24 to 1.7.25
  • build(deps): bump github.com/tchap/go-patricia/v2 from 2.3.1 to 2.3.2
  • build(deps): bump golang.org/x/net from 0.33.0 to 0.34.0
  • build(deps): bump golang.org/x/time from 0.8.0 to 0.9.0
  • build(deps): bump google.golang.org/grpc from 1.69.2 to 1.70.0
  • build(deps): bump go.opentelemetry.io deps to 1.34.0/0.59.0

v1.0.1

Compare Source

This is a bug fix release addressing the following issues:

• build(go): bump to 1.23.5 (authored by @​srenatus).
  Addressing CVE-2024-45341 and CVE-2024-45336 vulnerabilities in the Go runtime.
• bundle: Add info about the correct rego version to parse modules on the store, co-authored by @​ashutosh-narkar and @​johanfylling in #​7278.
  Fixing an issue where the rego-version for individual modules was lost during bundle deactivation (bundle lifecycle) if this version diverged from the active runtime rego-version.
  This could cause reloading of v0 bundles to fail when OPA was not running with the --v0-compatible flag.

v1.0.0

Compare Source

NOTES:

• The minimum version of Go required to build the OPA module is 1.22

We are excited to announce OPA 1.0, a milestone release consolidating an improved developer experience for the future of Policy as Code. The release makes new functionality designed to simplify policy writing and improve the language's consistency the default.

Changes to Rego in OPA 1.0

Below we highlight some key changes to the defaults in OPA 1.0:

• Using if for all rule definitions and contains for multi-value rules is now mandatory, not just when using the rego.v1 import.
• Other new keywords (every, in) are available without any imports.
• Some requirements that were previously only run in "strict mode" (opa check --strict) are now the default. Duplicate imports and imports which shadow each other are no longer allowed.
• OPA 1.0 comes with a range of backwards compatibility features to aid your migrations, please see the v0 compatibility guide
  if you must continue to support v0 Rego.

Read more about the OPA 1.0 announcement here on our blog.

Following are other changes that are included in OPA 1.0.

Improvements to memory allocations

PRs #​7172, #​7190, #​7193, #​7165, #​7168, #​7191 & #​7222 together improve the memory performance of OPA. Key strategies
include reusing pointers and optimizing array and object operations, minimizing intermediate object creation, and using sync.Pool
to manage memory-heavy operations. These changes cumulatively greatly reduced the number of allocations and improved
evaluation speed by 10-20%. Additional benchmarks highlighted significant memory and speed improvements in custom
function evaluation.

Authored by @​anderseknert.

Wrap http.RoundTripper for SDK users

PR #​7180 adds an EvalHTTPRoundTrip EvalOption and query-level WithHTTPRoundTrip option.
Both use a new function type which converts an http.Transport configured by topdown to an http.RoundTripper.
This supports use cases requiring the customization of the http.send built in behavior.

Authored by @​evankanderson.

Improvements to scientific notation parsing in units.parse

PR #​7147 extends the behaviour of extractNumAndUnit to support
scientific notation values. This means values such as 1e3KB can now be handled by this function.

Authored by @​berdanA.

Support customized buckets bundle_loading_duration_ns metric

PR #​7156 extends OPA’s Prometheus configuration to allow the
setting of user defined buckets for metrics. This aids when debugging the loading of slow bundles.

Authored by @​jwu730-1.

Test suite performance improvements

PR #​7126 updates tests to improve performance. Topdown and storage/disk/
tests now run around 50% and 75% faster respectively.

Authored by @​philipaconrad.

OPA 1.0 Preparation

• Update v1 capabilities by @​johanfylling in #​7216
• v1 API by @​johanfylling in #​7215
• Updating formatter to not drop rego.v1 and future.keywords imports for v1 by @​johanfylling in #​7224
• Update docs and server binding address per OPA 1.0 specs by @​ashutosh-narkar & @​charlieegan3 in #​7140
• Renaming --rego-v1 cmd flag to --v0-v1 by @​johanfylling in #​7225

Topdown and Rego

• Provide a more useful error message when there are conflicting default rules by @​tjons in #​7164
• Fix test flakes in topdown/cache by @​evankanderson in #​7188
• Add description to all built-in function args and return values by @​anderseknert in #​7153
• Built-in function to_number now rejects "Inf", "Infinity" and "NaN" values by @​sikehish in #​7203
• Update eval_cancel_error logic to separate context canceled, timeout errors by @​mchitten in #​7202

Runtime, Tooling, SDK

• Respect runtime rego-version in RESTful policy API by @​johanfylling in #​7183
• Debugger: allow YAML to be used as input by @​anderseknert in #​7178
• opa build: provide an option to preserve print statements for the "wasm" target (#​7194) by @​me-viper in #​7195
• Fix improper formatter behavior when comprehension contains comment by @​tjons in #​7169
• runtime: send version report less often when OPA long-running by @​srenatus in #​7211
• opa eval: Return error if illegal arguments passed with --unknowns flag by @​kd-labs in #​7149
• Enable direct error handling for bundle plugin trigger method by @​torwunder in #​7143

Docs, Website, Ecosystem

• Add VodafoneZiggo as adopters by @​Parsifal-M in #​7154
• Add opa-java-wasm to docs by @​andreaTP in #​7199

Dependency Updates

• (build) golangci-lint: v1.59.1 -> v1.60.1 by @​srenatus in #​7175
• github.com/containerd/containerd: v1.7.23 -> v1.7.24
• github.com/fsnotify/fsnotify: v1.7.0 -> v1.8.0
• golang.org/x/net: v0.30.0 -> v0.33.0
• golang.org/x/time: v0.7.0 -> v0.8.0
• google.golang.org/grpc: v1.67.1 -> v1.69.2
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.53.0 -> v0.58.0
• go.opentelemetry.io/otel: v1.28.0 -> v1.33.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.28.0 -> v1.33.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.28.0 -> v1.33.0
• go.opentelemetry.io/otel/sdk: v1.28.0 -> v1.33.0
• go.opentelemetry.io/otel/trace: v1.28.0 -> v1.33.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[forking-renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: cli/go.sum

Command failed: go get -d -t ./...
go: -d flag is deprecated. -d=true is a no-op
go: downloading github.com/open-policy-agent/opa v1.2.0
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f
go: downloading go.opentelemetry.io/contrib/detectors/gcp v1.32.0
go: downloading github.com/tchap/go-patricia/v2 v2.3.2
go: downloading github.com/klauspost/compress v1.17.11
go: downloading github.com/prometheus/client_golang v1.21.0
go: downloading github.com/agnivade/levenshtein v1.2.1
go: downloading github.com/prometheus/common v0.62.0
go: downloading cel.dev/expr v0.19.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0
go: downloading go.opentelemetry.io/proto/otlp v1.5.0
go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1
go: github.com/GoogleCloudPlatform/cloud-foundation-toolkit/cli/scorecard imports
	cloud.google.com/go/storage imports
	google.golang.org/grpc/stats/opentelemetry: ambiguous import: found package google.golang.org/grpc/stats/opentelemetry in multiple modules:
	google.golang.org/grpc v1.70.0 (/runner/cache/others/go/pkg/mod/google.golang.org/[email protected]/stats/opentelemetry)
	google.golang.org/grpc/stats/opentelemetry v0.0.0-20241028142157-ada6787961b3 (/runner/cache/others/go/pkg/mod/google.golang.org/grpc/stats/[email protected])

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun