opa changelogs since opa | diffwithgpt
AI Summary
The diff includes a patch release v1.4.2 that addresses a missing capabilities file from the v1.4.1 release and updates the Go version to 1.24.2 for security fixes. The version number in the Go source file is updated from 1.4.0 to 1.4.2 to reflect the new release.
Commit Log
Patch release v1.4.2 (#7546)
AI Summary
The diff represents a bug fix release for version 1.4.2 of the project, primarily addressing the missing `capabilities/v1.4.1.json` file from the previous release. The changes include updating version numbers in multiple files to reflect the new version and adding the missing capabilities file.
Commit Log
Prepare v1.4.2 release (#7547)
AI Summary
The patch release updates the Go version to 1.24.2 to address security vulnerabilities. The version number in the code and metadata files is updated to reflect the new release version v1.4.1.
Commit Log
Patch release v1.4.1 (#7545) * build: bump go to 1.24.2 (#7544) (cherry picked from commit 026ea16d28a6100a5d4ced4b5db04970a4442c62) * Prepare v1.4.1 release ---------
AI Summary
The commit updates the Go version from 1.24.0 to 1.24.2. This change is likely to ensure compatibility with the latest bug fixes and security patches in Go 1.24.2.
Commit Log
build: bump go to 1.24.2 (#7544)
AI Summary
The diff represents the release of OPA version 1.4.0, which includes a security fix for CVE-2025-46569 addressing a path injection vulnerability in the Data API. The release also includes various bug fixes, new features, and dependency updates across different components of the project.
Commit Log
Prepare v1.4.0 release (#7541)
AI Summary
The code change introduces error handling for invalid path conversions in Rego query construction to prevent code injection attacks. It adds validation to ensure that path strings are properly formatted and do not contain malicious constructs, improving security by rejecting malformed or potentially harmful input.
Commit Log
Merge commit from fork to disable code injection attacks, where Rego code can be injected into the constructed evaluation query. See Security Advisory: https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7 Fixes: #GHSA-6m8w-jc87-6cr7
AI Summary
The code diff updates several dependencies to newer versions, including fsnotify, prometheus/client_golang, golang.org/x/net, and grpc, which may include bug fixes, performance improvements, and new features. The changes also include updates to internal code structures and dependencies in vendor directories, which could affect compatibility and require testing to ensure no breaking changes occur. Potential risks include compatibility issues with existing code that relies on older versions of these dependencies, and the possibility of new bugs introduced in the updated versions.
Commit Log
build(deps): bump the dependencies group with 5 updates Bumps the dependencies group with 5 updates: | Package | From | To | | --- | --- | --- | | [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) | `1.8.0` | `1.9.0` | | [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.21.1` | `1.22.0` | | [github.com/prometheus/client_model](https://github.com/prometheus/client_model) | `0.6.1` | `0.6.2` | | [golang.org/x/net](https://github.com/golang/net) | `0.38.0` | `0.39.0` | | [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.71.1` | `1.72.0` | Updates `github.com/fsnotify/fsnotify` from 1.8.0 to 1.9.0 - [Release notes](https://github.com/fsnotify/fsnotify/releases) - [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md) - [Commits](https://github.com/fsnotify/fsnotify/compare/v1.8.0...v1.9.0) Updates `github.com/prometheus/client_golang` from 1.21.1 to 1.22.0 - [Release notes](https://github.com/prometheus/client_golang/releases)
AI Summary
The code ensures the latest status is read before manually triggering or returning a snapshot, preventing stale data. The buffer limit is reduced to 1 to enforce only the most recent status event is retained.
Commit Log
fix(status plugin): make sure the latest status is read before manually triggering or returning a snapshot (#7533) * when manually triggering, make sure the latest status event is registered. Only one status event should exist. * read bundle status for snapshot as well * revert back to buffering 1 status event
AI Summary
The code change ensures that raw strings containing null characters (\u0000) are preserved as-is instead of being converted to \x00. It introduces logic to detect quoted strings in term.Location.Text and outputs the raw string content without modification.
Commit Log
fix: return the raw strings when formatting (#7525) prevent `\u0000` from being changed to `\x00`
AI Summary
The commit updates the README.md file to fix the Post Merge badge URL by removing the branch parameter. This change ensures the badge correctly reflects the main branch's build status.
Commit Log
docs: fix post merge badge (#7532)
AI Summary
The code introduces a FIFO buffer channel to prevent OPA from blocking when the status API is slow, by dropping the oldest event when the buffer is full. The change uses a buffered channel with a drop policy and adds a test to verify the buffer behavior under different load conditions. The `PushFIFO` function is used in multiple places to handle status updates, ensuring non-blocking behavior and metric tracking for dropped events.
Commit Log
plugins/status: FIFO buffer channel for status events to prevent slow status API blocking (#7522) If a status API is slow to respond it can cause OPA to be blocked writing to an unbuffered channel. This fixes it by using a buffered channel that never blocks but drops the oldest status update if full.
AI Summary
The commit improves the documentation for common request headers in the REST API, providing clearer explanations for Content-Type, Accept-Encoding, and Content-Encoding. It adds a dedicated section for common request headers and updates relevant sections in the API documentation to reference these headers consistently.
Commit Log
docs: improve request headers documentation in REST APIs (#7524)
AI Summary
The code introduces a cache for GraphQL schema parsing results to improve performance by reusing parsed schemas across operations. It adds cache insertion and retrieval logic for different schema representations (AST, document, and validated schema) and updates the configuration to allow tuning the cache size for GraphQL-related caches. The changes include benchmark tests to validate the performance improvements and ensure the cache behaves as expected under various conditions.
Commit Log
graphql: Cache GraphQL schema parse results (#7457) This commit stores parsed GraphQL schemas to the cache, which improves the performance of GraphQL operations that parse the schema more than once. Queries are not cached. Resolves: #5377
AI Summary
The code adds JSON marshaling annotations to exclude Position fields in gqlparser structs to reduce memory allocation during JSON roundtrips. This change prevents unnecessary memory usage by avoiding the inclusion of Position fields in JSON output, which are later pruned by OPA.
Commit Log
gqlparser: Add JSON annotation in internal/gqlparser/ast to Position fields (#7509) Annotate internal/gqlparser structs not to include Position when marshaled to JSON. This makes the JSON roundtrip succeed without allocating a ton of memory for JSON fields that will be subsequently pruned. Upstream PR: https://github.com/vektah/gqlparser/pull/364 $ time ./reproducer-pre-fix Now passing 1262568 bytes to builtinGraphQLParseSchema() to reproduce the issue in ast.InterfaceToValue() Alloc = 4159 MiB TotalAlloc = 5625 MiB Sys = 5584 MiB NumGC = 18 Alloc = 8312 MiB TotalAlloc = 11169 MiB Sys = 11125 MiB NumGC = 19 Alloc = 8312 MiB TotalAlloc = 11169 MiB Sys = 11125 MiB NumGC = 19 Alloc = 16615 MiB TotalAlloc = 22247 MiB Sys = 22209 MiB NumGC = 20 Alloc = 16615 MiB TotalAlloc = 22247 MiB Sys = 22209 MiB NumGC = 20 Alloc = 16615 MiB TotalAlloc = 22247 MiB Sys = 22209 MiB NumGC = 20 Alloc = 38765 MiB TotalAlloc = 44397 MiB Sys = 44377 MiB NumGC = 20 Alloc = 33223 MiB TotalAlloc = 44397 MiB Sys = 44377 MiB NumGC = 21 $ time ./reproducer-post-fix
AI Summary
The code updates the Docker authorization plugin example to use the ghcr registry and the v0.10 release tag of the opa-docker-authz plugin. This change ensures compatibility with the latest version of the plugin and simplifies the configuration by using an alias.
Commit Log
docs: Update opa-docker-authz example to use ghcr and v0.10 release tag
AI Summary
The code change modifies the format package to handle unexpected comments in Rego rules by catching errors and writing the rule as-is instead of panicking. This ensures that the formatting process does not fail due to comments in unexpected locations, improving robustness and user experience.
Commit Log
fix: don't panic on format due to unexpected comments (#7458) fix: don't panic on format due to unexpected comments comments next to object elements is valid rego, instead of panicking catch the error and write the rule as-is.
AI Summary
The commit adds TavoAI as an integration to the OPA ecosystem, including documentation and logo. It introduces new files for TavoAI's organization, software, and integration details.
Commit Log
Add tavo to ecosystem integration (#7511)
AI Summary
The code updates documentation to reflect the migration of built-in functions to version 1 of the OPA project. It changes import paths and test case directories to align with the new versioning structure.
Commit Log
doc: update builtin function examples for v1 (#7514) (#7515)
AI Summary
The commit fixes a broken documentation link in the v0-upgrade.md file by updating the path to point to the correct v0-compatibility documentation. This change ensures users can access the backwards compatibility information correctly when upgrading from v0 to v1.
Commit Log
docs: fixed broken docs link (#7510) Fixes: #7452
AI Summary
The code ensures Partial Eval (PE) respects default functions by generating support modules for them, which was previously omitted. It introduces logic to determine when support modules must be generated based on the presence and behavior of default functions.
Commit Log
topdown: Handling default functions in Partial Eval (#7499) Making Partial Eval (PE) respect default functions. Before this fix, Rego functions with declared default values weren't respected by PE, and the default declaration was omitted from generated support modules. Fixes: #7220
AI Summary
The commit removes the 'resource.syso' file after building Windows binaries to clean up the output directory. This change ensures that the 'resource.syso' file is not left behind during the build process, improving build hygiene.
Commit Log
fix: remove resource.syso after building windows binary (#7507)
AI Summary
The code adds version information and an icon to the Windows binary of OPA. It uses goversioninfo to generate a resource file that embeds the version and icon.
Commit Log
feat: add version and icon to opa_windows_amd64.exe (#7501)
AI Summary
The commit updates the Go version in go.mod from 1.23.6 to 1.23.8 and upgrades the toolchain to 1.24.2 to address a security vulnerability. This change is likely made to resolve the CVE-2025-22871 vulnerability related to Go versions prior to 1.23.8.
Commit Log
build: bump go to 1.23.8 (#7502) CVE-2025-22871 https://pkg.go.dev/vuln/GO-2025-3563
AI Summary
The code adds documentation for the Nomad Admission Control Proxy (NACP) integration, which is an OPA-based proxy for validating and mutating Nomad job data. It includes links to the NACP repository, example tutorials, and a logo, indicating the integration is being officially supported and promoted.
Commit Log
ecosystem: Add NACP integration This is a nomad admission controller based on OPA.
AI Summary
The commit adds Cloudsmith to the ADOPTERS.md file as an adopter of OPA. This indicates Cloudsmith uses OPA for policy enforcement and integrates EPSS-based logic in Rego policies for vulnerability management.
Commit Log
Cloudsmith adds support for OPA (#7498) Add Cloudsmith to adopters file.
AI Summary
The commit adds a link to inline schema annotations in the policy language documentation to improve clarity and guide users on how to embed schema definitions within Rego files. This change enhances documentation usability by providing a direct reference to schema annotations, which helps users understand how to leverage inline schema definitions for better type checking.
Commit Log
docs: Add link to inline schema annotations (#7496)
AI Summary
The commit reverts the Slack link from 'https://inviter.co/opa/' to 'https://slack.openpolicyagent.org/' across multiple documentation files. This change likely aims to direct users to the correct and updated Slack invitation link for the OPA project.
Commit Log
docs: Revert slack link change This redirect has been reconfigured.
AI Summary
The change adds the `rego_v1` feature to the `--v0-compatible` capabilities in OPA, allowing Rego v1 bundles to be parsed when using this flag. This resolves an error where v1 bundles were previously rejected with the message `illegal capabilities: rego_v1 feature required for parsing v1 Rego`.
Commit Log
ast: Adding `rego_v1` feature to `--v0-compatible` capabilities (#7474) to allow for using Rego v1 bundles in `opa build`/`check`/`eval`/`test`. Before this change, a bundle with `1` as `rego_version`/`file_rego_versions` would be rejected when evaluated with the `--v0-compatible` flag with the error: ``` rego_parse_error: illegal capabilities: rego_v1 feature required for parsing v1 Rego ``` This is fixed by adding the `rego_v1` feature to the `v0` default capabilities applied when using the `--v0-compatible` flag. Note: this allows OPA to accept Rego `v1` modules inside bundles, but modules without a specified Rego version, such as freestanding non-bundle modules or modules inside bundles with no specified Rego version, are parsed as `v0`.
AI Summary
The code change fixes the initialization of wall clock time in PartialRun() to ensure it is properly set to zero before execution. This addresses an issue where the time was not being reset correctly, potentially leading to incorrect timing behavior in partial evaluation.
Commit Log
topdown: fix wall clock time init for PartialRun() Fixes #7490.
AI Summary
The commit updates the community Slack inviter link by removing the trailing slash from the URL. This change likely aims to ensure the link is correctly formatted and functional for inviting users to the community Slack.
Commit Log
docs: Update community slack inviter link
AI Summary
The code diff updates several dependencies to newer versions, including viper, golang/x/net, grpc, and oras-go, likely to incorporate bug fixes, security patches, and new features. These updates may introduce compatibility changes, especially with oras-go, which has a significant version jump, potentially affecting existing integrations or workflows.
Commit Log
build(deps): bump the dependencies group with 4 updates (#7485) Bumps the dependencies group with 4 updates: [github.com/spf13/viper](https://github.com/spf13/viper), [golang.org/x/net](https://github.com/golang/net), [google.golang.org/grpc](https://github.com/grpc/grpc-go) and [oras.land/oras-go/v2](https://github.com/oras-project/oras-go). Updates `github.com/spf13/viper` from 1.18.2 to 1.20.1 - [Release notes](https://github.com/spf13/viper/releases) - [Commits](https://github.com/spf13/viper/compare/v1.18.2...v1.20.1) Updates `golang.org/x/net` from 0.37.0 to 0.38.0 - [Commits](https://github.com/golang/net/compare/v0.37.0...v0.38.0) Updates `google.golang.org/grpc` from 1.71.0 to 1.71.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.71.0...v1.71.1) Updates `oras.land/oras-go/v2` from 2.3.1 to 2.5.0 - [Release notes](https://github.com/oras-project/oras-go/releases) - [Commits](https://github.com/oras-project/oras-go/compare/v2.3.1...v2.5.0)
AI Summary
The commit updates several GitHub Actions dependencies to newer versions, including codeql-action, action-slack, trivy-action, upload-artifact, and download-artifact. These updates likely aim to benefit from new features, bug fixes, and security patches in the updated versions of the actions.
Commit Log
build(deps): bump the gha-dependencies group with 5 updates (#7486) Bumps the gha-dependencies group with 5 updates: | Package | From | To | | --- | --- | --- | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.10` | `3.28.13` | | [8398a7/action-slack](https://github.com/8398a7/action-slack) | `3.16.2` | `3.18.0` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.29.0` | `0.30.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.1` | `4.6.2` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.9` | `4.2.1` | Updates `github/codeql-action` from 3.28.10 to 3.28.13 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d...1b549b9259bda1cb5ddde3b41741a82a2d15a841) Updates `8398a7/action-slack` from 3.16.2 to 3.18.0 - [Release notes](https://github.com/8398a7/action-slack/releases)
AI Summary
The commit modifies the Dependabot configuration to group dependencies under a specific group for better management. It excludes the 'go.opentelemetry.io/*' package from dependency updates to avoid potential conflicts or version mismatches.
Commit Log
deps: Grouping deps for dependabot (#7484)
AI Summary
The commit updates the version of the actions/setup-go action from 5.3.0 to 5.4.0 across multiple GitHub workflows to ensure compatibility with the latest features and bug fixes. This change is likely made to benefit from improvements, security patches, or new functionality introduced in the 5.4.0 release of the setup-go action.
Commit Log
build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 (#7475) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.3.0 to 5.4.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/f111f3307d8850f501ac008e886eec1fd1932a34...0aaccfd150d50ccaeb58ebd88d36e91967a5f35b) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ...
AI Summary
The commit adds documentation for manually triggering bundle reloads in the OPA SDK integration, specifically for the v1 SDK package. It includes a code example demonstrating how to trigger bundle reloads and updates the configuration documentation to reflect the new `manual` trigger option.
Commit Log
docs: Add manual trigger to integration docs (#7473) Following: https://github.com/orgs/open-policy-agent/discussions/685 This comes up often enough that it should be documented. Based on the handy example in: https://github.com/open-policy-agent/opa/issues/3828#issuecomment-1013211919
AI Summary
The commit updates the helm-kubernetes-quickstart bundle to fix a corrupted tarball issue that caused OPA to fail loading the bundle. The previous version had invalid characters that prevented proper decoding of the bundle manifest.
Commit Log
docs: Update helm-kubernetes-quickstart bundle (#7469) The previous update of this bundle was a corrupted tarball that OPA was unable to read. ```bash $ opa eval -b helm-kubernetes-quickstart 'data' { "errors": [ { "message": "loading error: bundle helm-kubernetes-quickstart: bundle load failed on manifest decode: invalid character '\\x00' looking for beginning of value" } ] } ```
AI Summary
The code updates the version number from 1.3.0 to 1.4.0-dev in the version.go file, indicating the start of development for the v1.4.0 release. The CHANGELOG.md file now includes an 'Unreleased' section, which is typical for tracking changes before a new version is officially released.
Commit Log
Prepare v1.4.0 development (#7468)
AI Summary
The diff represents the release of version 1.3.0 for the opa project, including new features, bug fixes, and dependency updates. The new buffer option for decision logs and OpenTelemetry HTTP support are key features that improve performance and tracing capabilities.
Commit Log
Prepare v1.3.0 release (#7467)
AI Summary
The commit removes a reference to setting an OPA license key in the envoy-tutorial-standalone-envoy.md documentation. This suggests that the requirement for a license key may no longer be necessary, or the documentation has been updated to reflect this change.
Commit Log
Delete reference to license key in envoy-tutorial-standalone-envoy.md (#7466) Apparently setting a license key is not (longer?) needed. The tutorial doesn't mention it in the rest of the text as the deleted line promises. I couldn't find a hidden statement about a license key in the config files. Not does the page on installing opa using docker mention a license key. https://www.openpolicyagent.org/docs/latest/deployments/
AI Summary
The commit fixes a typo in the documentation by correcting 'available to as a Bundle' to 'available as a Bundle'. This change ensures the documentation accurately reflects the intended meaning and improves clarity for users.
Commit Log
docs/envoy-tutorial-standalone: fix typo (#7464)
AI Summary
The code introduces an event-based buffer for decision logs, which improves performance by reducing locks and allowing concurrent writes and uploads. The buffer size is now managed by the number of events rather than total bytes. New configuration options include `buffer_type` (event or size), `buffer_size_limit_events`, and `buffer_size_limit_bytes` (only for size buffer). The event buffer type is the default. The event buffer implementation uses a channel to store events, allowing concurrent writes and uploads, and drops old events when the buffer is full.
Commit Log
feat: new event-based decisions log buffer implementation (#7446) This new event-based buffer provides a performance improvement over the existing buffer by reducing locks and allowing concurrent writes and uploads. The buffer size is managed by number of individual events opposed to total bytes.
AI Summary
The code adds support for HTTP as a distributed tracing endpoint type in addition to the existing gRPC support. It introduces new configuration options for HTTP tracing, including address, compression, batch processing settings, and TLS configuration. The changes include updating the OpenTelemetry HTTP exporter dependency to version 1.35.0 and modifying the code to handle both HTTP and gRPC endpoints.
Commit Log
feat: add more distributed tracing options (#7421) Resolves: #7412
AI Summary
The code allows one-liner rules to be grouped without double newlines, improving formatting for compact policies. A new helper function `groupableOneLiner` determines if a rule can be grouped with the next one based on formatting options and rule structure. The change modifies the `writeRules` function to skip adding a newline between adjacent groupable one-liner rules.
Commit Log
fmt: allow one liner rule grouping (#7453) While the double newline added by the formatter after each rule makes sense for most rules, short one-liner rules should be groupable. This PR changes the behavior of the formatter, so that if the user does: ```rego x := 1 y := 2 ``` That is no longer formatted into: ```rego x := 1 y := 2 ``` If the user **wants** double newlines between one-liner rules, the formatter
AI Summary
The code updates the containerd dependency from version 1.7.26 to 1.7.27, including new media type support for attestation. New functions and constants for handling attestation media types are added, which may affect how attestation data is processed in the system.
Commit Log
build(deps): bump github.com/containerd/containerd from 1.7.26 to 1.7.27 (#7451) Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.26 to 1.7.27. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](https://github.com/containerd/containerd/compare/v1.7.26...v1.7.27) --- updated-dependencies: - dependency-name: github.com/containerd/containerd dependency-type: direct:production ...
AI Summary
The diff enables the 'unused-receiver' linter in revive to detect unused receiver parameters in Go methods. This change modifies several method receivers from pointer receivers to value receivers across the codebase to comply with the linter.
Commit Log
Enable unused-receiver linter (revive) (#7448)
AI Summary
The code change prevents optimization when a ref path contains mixed-length rules in the ruletrie, ensuring CallDynamicStmt is not used in such cases. This addresses a bug where dynamic dispatch failed due to inconsistent return types from different rules in the same ref path.
Commit Log
planner: address ref head issue, don't optimize if impossible (#7439) When planning rules like these: ``` package authz p.allow[action][resource] if { action := "list"; resource := "fruit" } p.unrelated.eat.veggies if true resp := p[input.rule][input.action][input.resource] ``` we ended up with a broken CallDynamic statement. Since the first ref rule is planned as `g0.data.authz.p.allow` and builds an object return value, and the second rule is planned as `g0.data.authz.p.unrelated.eat.veggies` with a boolean return value, we cannot dynamically dispatch their calls.
AI Summary
The code adds a test case for RoundTrip functionality and fixes a nil pointer dereference in Unmarshal() by checking for the existence of factories before using them. The change ensures that unrecognized types are handled gracefully, preventing runtime panics and improving robustness.
Commit Log
ir: Fix nil pointer deref in Unmarshal() when handling IsSetStmt (#7430) Fixes: #7415
AI Summary
The commit updates Terraform examples in the documentation to improve clarity and formatting. It fixes formatting issues in code blocks and adjusts syntax to ensure compatibility with the latest Terraform versions.
Commit Log
Reapply "docs: Update terraform examples" (#7428) (#7429) This reverts commit 93321b220efd4b5a54079d57ccb4d2af1d4bbfec.
AI Summary
The diff updates the golang.org/x/net dependency from version 0.36.0 to 0.37.0, along with related dependencies like x/sync, x/sys, and x/text to newer versions. This change likely introduces new features, bug fixes, or improvements from the updated packages, but may also introduce breaking changes if the new versions are not backward compatible.
Commit Log
build(deps): bump golang.org/x/net from 0.36.0 to 0.37.0 (#7424) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.36.0 to 0.37.0. - [Commits](https://github.com/golang/net/compare/v0.36.0...v0.37.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ...
AI Summary
The code updates the golang.org/x/time dependency from version 0.10.0 to 0.11.0, which is a minor version update. The change includes modifying function return values in several methods of the Limiter and Reservation types to align with the new version's API.
Commit Log
build(deps): bump golang.org/x/time from 0.10.0 to 0.11.0 (#7425) Bumps [golang.org/x/time](https://github.com/golang/time) from 0.10.0 to 0.11.0. - [Commits](https://github.com/golang/time/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/time dependency-type: direct:production update-type: version-update:semver-minor ...
AI Summary
The code change adjusts the ruletree scanning logic to avoid false positives by only counting relevant ruletrie child nodes based on the reference path. A new helper function 'dont' is introduced to return a default value, replacing an inline function that was previously used in the same context.
Commit Log
planner: adjust check in ruletree scanning The previous check there was running into false positives, as the added test case showed. We should only count relevant ruletrie child nodes.
AI Summary
The commit changes the Dependabot scheduled update interval from daily to monthly. This adjustment reduces the frequency of dependency updates, potentially lowering maintenance overhead but increasing the risk of using outdated dependencies.
Commit Log
Setting dependabot scheduled update interval to `monthly` (#7431)
AI Summary
The code updates several OpenTelemetry Go packages to newer versions, including otelhttp, otel, and related exporters, to ensure compatibility with the latest features and security fixes. The changes include updating dependencies, adding new semantic conventions, and modifying some internal structures to align with new versions of the OpenTelemetry SDK and related libraries.
Commit Log
build(deps): bump the go-opentelemetry-io group with 6 updates (#7423) Bumps the go-opentelemetry-io group with 6 updates: | Package | From | To | | --- | --- | --- | | [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.59.0` | `0.60.0` | | [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.34.0` | `1.35.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) | `1.34.0` | `1.35.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.34.0` | `1.35.0` | | [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.34.0` | `1.35.0` | | [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) | `1.34.0` | `1.35.0` | Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.59.0 to 0.60.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.59.0...zpages/v0.60.0) Updates `go.opentelemetry.io/otel` from 1.34.0 to 1.35.0
AI Summary
The commit updates Terraform examples in the documentation to remove live output that caused confusion and improves clarity by using raw examples. It also updates Rego code examples to ensure they are accurate and consistent with the expected behavior of the Terraform integration with OPA.
Commit Log
docs: Update terraform examples - removed live output at it appeared to cause confusion here: https://github.com/open-policy-agent/opa/issues/7388 - Updated outputs to be raw examples as you see from exec commands - Updated rego code examples too
AI Summary
The commit reverts changes to the Terraform documentation in the opa project, removing formatting and syntax adjustments that were mistakenly committed to main. The changes were likely added to improve documentation formatting or syntax, but were reverted due to being committed via an incorrect method (directly to main instead of via a PR).
Commit Log
Revert "docs: Update terraform examples" (#7428) This reverts commit d506db305c8bd26d9357ddf7fb7d0c423ad677a4. This was committed to main in error and should be merged via PR instead.
AI Summary
The code change modifies the test reporter to only include failed sub-test cases in the summary when non-verbose mode is active. This aligns with the behavior of excluding passing non-parameterized tests in non-verbose reports, improving clarity and reducing noise.
Commit Log
tester: Only including failed sub-test cases in report summary when non-verbose (#7426) * tester: Only including failed sub-test cases in report summary when non-verbose This aligns with not including PASS:ing non-parameterized tests in non-verbose test report summary. verbose: ``` data.foo.qux.test_cases: FAIL (0s) bar: FAIL baz: PASS foo: PASS ``` non-verbose: ``` data.foo.qux.test_cases: FAIL (0s) bar: FAIL
AI Summary
The code change introduces parameterized test cases support by updating the test reporting logic to handle nested results and sub-results correctly. It modifies the `Pass` method to be a pointer receiver, which is likely to ensure proper state handling for sub-results and avoid unintended side effects. The changes also update test reports to reflect more accurate pass/fail/skipped/error counts, which improves test reporting clarity.
Commit Log
tester: Including parameterized test cases in test report counter (#7420) Fixes: #7407
AI Summary
The diff updates the Prometheus client_golang dependency from version 1.21.0 to 1.21.1, a minor patch release. The change replaces the atomicUpdateFloat function with a simpler loop-based approach in several files, likely to improve performance or simplify logic. The update also includes build constraint changes for Darwin and iOS platforms, which may affect cross-platform compatibility.
Commit Log
build(deps): bump github.com/prometheus/client_golang (#7416) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.21.0 to 1.21.1. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.21.0...v1.21.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ...
AI Summary
The code updates the dependency github.com/dgraph-io/badger/v4 from version 4.5.1 to 4.6.0, which includes a minor version upgrade. This change likely introduces new features, bug fixes, or performance improvements from the Badger library.
Commit Log
build(deps): bump github.com/dgraph-io/badger/v4 from 4.5.1 to 4.6.0 (#7417) Bumps [github.com/dgraph-io/badger/v4](https://github.com/dgraph-io/badger) from 4.5.1 to 4.6.0. - [Release notes](https://github.com/dgraph-io/badger/releases) - [Changelog](https://github.com/hypermodeinc/badger/blob/main/CHANGELOG.md) - [Commits](https://github.com/dgraph-io/badger/compare/v4.5.1...v4.6.0) --- updated-dependencies: - dependency-name: github.com/dgraph-io/badger/v4 dependency-type: direct:production update-type: version-update:semver-minor ...
AI Summary
The diff updates the Google gRPC library from version 1.70.0 to 1.71.0, including several internal changes and new experimental features. The update introduces a new experimental load balancing policy called endpointsharding, which manages multiple child policies for individual endpoints. There are changes to the proxy handling logic, including support for proxy attributes and improved proxy resolution. The protobuf dependency was also updated from 1.36.3 to 1.36.4 to align with the new gRPC version.
Commit Log
build(deps): bump google.golang.org/grpc from 1.70.0 to 1.71.0 (#7418) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.70.0 to 1.71.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.70.0...v1.71.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ...
AI Summary
The commit updates the docker/setup-buildx-action dependency from version 3.9.0 to 3.10.0 to benefit from new features or bug fixes. This change affects the CI/CD workflows by using the newer version of the action, which may introduce compatibility or behavior changes.
Commit Log
build(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0 (#7393) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.9.0 to 3.10.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca...b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ...
AI Summary
The commit updates the docker/setup-qemu-action dependency from version 3.4.0 to 3.6.0 to benefit from new features or bug fixes. This change is likely made to ensure compatibility with newer versions of the action, which may include performance improvements or security patches.
Commit Log
build(deps): bump docker/setup-qemu-action from 3.4.0 to 3.6.0 (#7406) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.4.0 to 3.6.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/4574d27a4764455b42196d70a065bc6853246a25...29109295f81e9208d7d86ff1c6c12d2833863392) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor ...
AI Summary
The code updates the version of the opencontainers/image-spec dependency from 1.1.0 to 1.1.1, which is a patch release. This change likely aims to incorporate bug fixes, security patches, or minor improvements from the new version.
Commit Log
build(deps): bump github.com/opencontainers/image-spec (#7408) Bumps [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec) from 1.1.0 to 1.1.1. - [Release notes](https://github.com/opencontainers/image-spec/releases) - [Changelog](https://github.com/opencontainers/image-spec/blob/main/RELEASES.md) - [Commits](https://github.com/opencontainers/image-spec/compare/v1.1.0...v1.1.1) --- updated-dependencies: - dependency-name: github.com/opencontainers/image-spec dependency-type: direct:production update-type: version-update:semver-patch ...
AI Summary
The commit updates all GitHub Actions workflows to use the `ubuntu-24.04` runner instead of `ubuntu-22.04`. This change likely aims to leverage newer tooling, libraries, and security updates available in Ubuntu 24.04.
Commit Log
Bumping GHA runner to `ubuntu-24.04` (#7414)
AI Summary
The version number in the code has been updated from 1.2.0 to 1.3.0-dev, indicating the start of development for the v1.3.0 release. This change is likely part of the preparation for the v1.3.0 development cycle, as the version is marked as 'dev' to signify it's not yet a stable release.
Commit Log
Prepare v1.3.0 development (#7404)
AI Summary
The code adds support for v0-compatible formatting by setting the Rego version based on the provided flags. This change ensures that the fmt command respects v0 and v1 compatibility flags when parsing Rego files.
Commit Log
fmt: Fix v0-compatible fmt with stdin (#7410) Fixes https://github.com/open-policy-agent/opa/issues/7409
AI Summary
The release introduces parameterized Rego tests for data-driven testing, enhancing test coverage and reusability. Performance improvements include optimizations in evaluation, indexing, and formatting, leading to faster execution and reduced resource usage. The version number has been updated to 1.2.0 across multiple files, indicating a stable release with new features and bug fixes.
Commit Log
Release v1.2.0 (#7403)
AI Summary
The code introduces optimizations to reduce memory allocations by reusing interned string terms and improving built-in functions to avoid unnecessary allocations. The changes include an interned string cache, early returns in built-in functions to avoid redundant operations, and replacing StringTerm with InternedStringTerm where applicable.
Commit Log
perf: various small improvements (#7357) Mostly by having more built-in functions check that they actually *did* something, or can return an operand instead of allocating a result. This saves about 200k allocations in `regal lint bundle`.
AI Summary
The commit adds the `fetch-tags` option under the `with` key in multiple GitHub Actions workflows to enable tag fetching. This change is likely intended to ensure that tags are fetched during CI jobs, which may be necessary for versioning or release-related tasks.
Commit Log
ci: Adding `fetch-tags` under `with` in GHA (#7397)
AI Summary
The code explicitly sets the `fetch-tags` option to true in multiple GitHub Actions workflows to ensure Git tags are fetched during CI builds. This change is likely added to ensure that the correct version information is available for Go builds, enabling accurate versioning of binaries.
Commit Log
Explicitly fetching fetching git tags for CI builds (#7395) For go builds to correctly apply version to binary.
AI Summary
The commit adds documentation notes about the behavior of the `--addr` flag in OPA v1.0, specifically how it binds to interfaces. It explains that OPA 1.0 defaults to binding to localhost, unlike previous versions, and provides instructions for replicating v0.x behavior.
Commit Log
docs: Add note about v1.0 addr behaviour (#7398) Fixes https://github.com/open-policy-agent/opa/issues/7360 Also https://github.com/orgs/open-policy-agent/discussions/662#discussioncomment-12338962t
AI Summary
The code diff updates the containerd dependency from version 1.7.25 to 1.7.26, including updated checksums and version strings. This change is likely to incorporate bug fixes, security patches, or minor feature improvements from the containerd release.
Commit Log
build(deps): bump github.com/containerd/containerd from 1.7.25 to 1.7.26 (#7392) Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.25 to 1.7.26. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](https://github.com/containerd/containerd/compare/v1.7.25...v1.7.26) --- updated-dependencies: - dependency-name: github.com/containerd/containerd dependency-type: direct:production update-type: version-update:semver-patch ...
AI Summary
The commit updates the homepage examples to remove the v1 import and replace 'hooli.com' with 'example.com' in the policy examples. It also updates the links to the Playground examples to point to new URLs.
Commit Log
docs: Update homepage examples to drop v1 import (#7391) Also use example.com for the domain in the examples.
AI Summary
The code updates the Prometheus client library from version 1.20.5 to 1.21.0, introducing new features and improvements such as enhanced atomic operations, better error handling, and support for OpenMetrics format. The changes include atomic update functions for counters and gauges, which improve performance and reduce contention, and new methods for handling OpenMetrics data formats with created timestamps.
Commit Log
build(deps): bump github.com/prometheus/client_golang (#7375) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.20.5 to 1.21.0. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/v1.21.0/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.20.5...v1.21.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor ...
AI Summary
The commit updates the rollup dependency from version 2.51.2 to 2.79.2 in the documentation website's live-blocks script. This change likely aims to benefit from newer features, bug fixes, or performance improvements in rollup.
Commit Log
build(deps-dev): bump rollup in /docs/website/scripts/live-blocks (#7353) Bumps [rollup](https://github.com/rollup/rollup) from 2.51.2 to 2.79.2. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](https://github.com/rollup/rollup/compare/v2.51.2...v2.79.2) --- updated-dependencies: - dependency-name: rollup dependency-type: direct:development ...
AI Summary
The commit updates the version of the GitHub CodeQL Action from 3.28.9 to 3.28.10 across multiple workflows to benefit from the latest patch release. This change likely includes bug fixes, security patches, or minor improvements without introducing major functional changes.
Commit Log
build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 (#7383) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.9 to 3.28.10. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0...b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ...
AI Summary
The commit updates the ossf/scorecard-action dependency from version 2.4.0 to 2.4.1. This change likely aims to incorporate bug fixes, security patches, or minor improvements from the new version.
Commit Log
build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#7384) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.0 to 2.4.1. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/62b2cac7ed8198b15735ed49ab1e5cf35480ba46...f49aabe0b5af0936a0987cfb85d86b75731b0186) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ...
AI Summary
The commit updates the version of the actions/upload-artifact action from 4.6.0 to 4.6.1 across multiple GitHub workflows. This change likely aims to benefit from bug fixes, security patches, or new features introduced in the 4.6.1 release of the action.
Commit Log
build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 (#7385) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.0 to 4.6.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08...4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ...
AI Summary
The code updates the dependency 'github.com/google/go-cmp' from version 0.6.0 to 0.7.0, which includes minor version changes and potential new features or bug fixes. The change introduces support for both 'less' functions and 'compare' functions in sorting and comparison logic, increasing flexibility but requiring updated usage patterns. The update may introduce breaking changes if existing code relies on the previous behavior of the 'less' function only.
Commit Log
build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 (#7386) Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/google/go-cmp/releases) - [Commits](https://github.com/google/go-cmp/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: github.com/google/go-cmp dependency-type: direct:production update-type: version-update:semver-minor ...
AI Summary
The code introduces a ServerStatus enum to replace a boolean flag, improving synchronization between plugin initialization and runtime readiness, and fixes race conditions in tests and telemetry. The changes also address issues with AWS signing tests by using a mock random reader and restructuring test logic to ensure correct behavior. Potential risks include compatibility issues if existing code relies on the old boolean flag, and the need to update all references to the new ServerStatus enum.
Commit Log
test: Fixing broken tests (#7387) `TestControlPlaneSpans` could case a race condition, where the discovery plugin is manually triggered before/during server initialization, resulting in the manager config being changed while actively consumed. Replacing `Runtime.serverInitialized` boolean field with more granular enum type state, to allow test-runtime to hold off on triggering plugins until runtime is actively waiting for plugin ready state. Currently, manager config writes are guarded by an internal mutex, while config reads are largely unguarded. A broader fix here might be to deprecate the public `plugins.Manager.Context` field, replacing it with a getter that guards the config with an r/w-lock. Also fixing: * Possible race condition in telemetry reporter by using r/w-mutex guarded compiler getter instead of direct field access * AWS signing tests where signing randomly failed because of too small mock random value used in test
AI Summary
The code diff introduces the gocritic linter to enforce code style and quality improvements across the project, with specific rules enabled and others disabled for now. Several files have been updated to fix issues identified by gocritic, including formatting changes, error handling, and path construction improvements. Potential risks include compatibility issues if the gocritic rules are too strict or if the codebase is not fully compatible with the new rules, especially with the disabled rules that may need future attention.
Commit Log
Add gocritic linter, fix a bunch of stuff (#7377) Brace yourselves! For there are many touched files here. No changes in semantics however. Spent a long time trying out the various optional rules gocritic provides, and settled for a few of them. There are more I really like, but that would take many hours to address across the codebase. Perhaps others find gocritic too pedantic? If so, we can merge the fixes without enabling the rule.
AI Summary
The code adds a test case for the InterfaceToValue function to handle base64-encoded []byte values. The test case ensures that base64-encoded byte slices are correctly converted to their string representations.
Commit Log
ast.InterfaceToValue: add test case for []byte (#7379)
AI Summary
The code changes are focused on fixing test failures caused by differences in Go versions, particularly Go 1.24, by updating test expectations and build constraints. The changes include updating test signatures, build tags, and test logic to ensure compatibility with Go 1.24 and avoid test failures due to version-specific behavior changes.
Commit Log
Fix test failures with Go 1.24 (#7376) CI build will have to determine whether they also work in Go 1.23 :)
AI Summary
The code change replaces the xxhash implementation with a faster version from cespare/xxhash/v2 to improve performance in term hashing operations. The benchmark results show significant performance improvements, with up to a 24.1% reduction in time for the TermHashing benchmarks.
Commit Log
perf: switch to a faster xxhash package go test -v -benchmem -bench '^BenchmarkTermHashing$' -run='^$' -count=10 github.com/open-policy-agent/opa/v1/ast goos: linux goarch: amd64 pkg: github.com/open-policy-agent/opa/v1/ast cpu: AMD Ryzen 7 PRO 4750U with Radeon Graphics │ old.txt │ new.txt │ │ sec/op │ sec/op vs base │ TermHashing/10-16 18.68n ± 2% 11.30n ± 0% -39.49% (p=0.000 n=10) TermHashing/100-16 42.94n ± 2% 33.71n ± 1% -21.48% (p=0.000 n=10) TermHashing/1000-16 179.4n ± 0% 165.1n ± 1% -7.97% (p=0.000 n=10) geomean 52.39n 39.77n -24.10%
AI Summary
The code diff introduces performance improvements, primarily through indexer optimizations that reduce memory allocations and improve efficiency by avoiding storing values on structs. Changes include replacing dynamic value storage with a more efficient approach, using sync.Pool for reusing IndexResult objects, and replacing sort functions with slices.SortFunc for better performance. The diff also includes minor improvements like using pre-defined string terms and replacing panic with error handling in schema loading.
Commit Log
perf: cost of indexing greatly reduced (#7370) And many smaller performance improvements. The indexer recycling results is one of the most impactful performance improvements as of yet, and alone saves more than 2 million allocations in the Regal lint benchmark. The indexer is also more efficient, as `values` are no longer stored on the struct. Thanks @tsandall for that code! Also included a bunch of small improvements from my perf branches. **Before** ``` 1209043041 ns/op 3255157224 B/op 64026192 allocs/op ``` **After** ``` 1197131792 ns/op 3194124864 B/op 61876276 allocs/op ```
AI Summary
The code updates golangci-lint to version 1.64.5 and replaces the deprecated tenv linter with usetesting, addressing reported issues. Changes include replacing manual temp directory creation with t.TempDir() in multiple test files to simplify cleanup and improve test reliability.
Commit Log
Bump golangci-lint -> 1.64.5 (#7374) Also: - Replace deprecated tenv linter with usetesting, and address the issues it reported (nice!)
AI Summary
The code change replaces calls to Get with GetByValue and GetByRef to avoid boxing to interface{} and improve performance by reducing allocations. It also introduces shorthand types like SetOfAny, SetOfStr, and SetOfNum to further optimize type handling and reduce runtime overhead.
Commit Log
perf: use GetByValue to avoid boxing to interface{} (#7372) And make shorthand types boxed types to avoid allocations at runtime. Below stats show the difference running Regal lint with all rules disabled (to better highlight compilation costs). @srenatus will be pleased by this format, I'm sure. ``` goos: darwin goarch: arm64 pkg: github.com/styrainc/regal/pkg/linter cpu: Apple M4 Pro │ main.txt │ pr.txt │ │ sec/op │ sec/op vs base │ RegalNoEnabledRules-12 190.8m ± 2% 181.8m ± 2% -4.72% (p=0.002 n=6) │ main.txt │ pr.txt │ │ B/op │ B/op vs base │ RegalNoEnabledRules-12 474.4Mi ± 0% 471.3Mi ± 0% -0.65% (p=0.002 n=6)
AI Summary
The code introduces parameterized tests in OPA, allowing multiple test cases to be defined within a single test rule for better test coverage and reporting. It adds the 'internal.test_case' function and updates the tester to handle nested and parameterized test cases, including detailed reporting and sub-result tracking. Potential risks include compatibility issues with existing test rules that rely on the old test structure and possible performance overhead from the new test-case injection logic.
Commit Log
cmd+tester: Parameterized tests (#7366) Adding the ability to parameterize Rego `test_*` rules, effectively declaring multiple "test cases" within the rule, which is then individually reported (grouped under their parent rule) when running `opa test`. Fixes: #2176
AI Summary
The code introduces optimizations to reduce memory allocations by reusing slices in evalOneRule and using a sync.Pool for deferred error containers. The changes aim to improve performance by minimizing heap allocations, particularly in the `regal lint bundle` command, with measurable improvements in allocation counts.
Commit Log
perf: eval optimizations (#7367) Another changeset I've kept around without pushing. Nothing *that* exciting here, but still significant enough to want to keep, I think. Most notable improvement is in evalValue, where we now reuse the same term slice for args across all evalOneRule calls. These are always invoked in sequence over the same args (for any given incremental rule/function), so allocating a new slice for them each time isn't needed. The result is approximatelu 300k less allocations needed in `regal lint bundle`. **main** ``` 1239432250 ns/op 3254824064 B/op 64160920 allocs/op ``` **change** ``` 1195618209 ns/op 3249758040 B/op 63847644 allocs/op
AI Summary
The diff updates the golang.org/x/net dependency from version 0.34.0 to 0.35.0, along with related dependencies like x/sync, x/sys, and x/text to their newer versions. The changes include new files and modifications in the http2 package, such as the introduction of internal/httpcommon package and related functions for handling HTTP/2 headers and encoding.
Commit Log
build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0 (#7356) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.34.0 to 0.35.0. - [Commits](https://github.com/golang/net/compare/v0.34.0...v0.35.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ...
AI Summary
The code diff updates the version of the cobra library from 1.8.1 to 1.9.1, which includes several improvements and bug fixes. The update also upgrades the go-md2man dependency from version 2.0.4 to 2.0.6, which may include enhancements or bug fixes related to man page generation.
Commit Log
build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#7371) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.8.1 to 1.9.1. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.8.1...v1.9.1) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ...
AI Summary
The code introduces micro-optimizations to reduce memory allocations and improve performance in the scanner by replacing byteSliceToString with util.ByteSliceToString and using maps.Clone for copying token keywords. The changes aim to reduce the number of heap allocations during string conversion and improve efficiency in copying token keyword maps, resulting in a modest but measurable performance improvement.
Commit Log
perf: slightly more efficient policy scanning (#7368) A couple of micro-optimizations, really. But when applied together makes enough of a difference to be taken seriously. Benchmark showing the difference in the `BenchmarkRegalNoEnabledRules` test in Regal, which was used here simply because the change has no impact outside of parsing. ``` 499003281 B/op 9746024 allocs/op // before 496497404 B/op 9677104 allocs/op // after ``` A modest improvement, but an improvement nonetheless.
AI Summary
The code introduces performance improvements by reducing memory allocation during annotation printing and optimizing string comparisons using slices package functions. It also refactors string handling to use predefined terms for consistency and clarity, which may improve readability and maintainability.
Commit Log
perf: intern annotation terms (#7365) From my long list of not-yet-submitted perf PRs. I figured I need to split up that work for it to be manageable.. so this is a small one! No need to allocate memory every time we print a known attribute from annotations. Also some minor cleaning up.
AI Summary
The code adds a `make test-short` task to run tests with the `-short` flag, skipping slow tests for faster development cycles. It modifies multiple test functions to skip execution when `testing.Short()` is true, reducing runtime for local development. The change also removes outdated benchmarking documentation that referenced a no longer used resource.
Commit Log
Add `make test-short` task (#7364) By tagging the worst offenders, we can make use of `go test -short` to avoid them for a quicker dev-test cycle. Compare: ``` make test 200.69s user 209.81s system 170% cpu 4:01.20 total ``` ``` make test-short 70.32s user 29.17s system 350% cpu 28.367 total ``` From 4 minutes down to under 30 seconds. The short tests can either be run with `go test -short ./...` or `make test-short`. We'll still run the full test suite in CI, naturally. Also: - Remove section on benchmarking that linked to a no longer used resource.
AI Summary
The code introduces a new HasherMap type that simplifies key handling by using Hasher interfaces and eliminates the need for explicit equality functions, improving performance and usability. This change replaces multiple instances of util.HashMap with util.HasherMap, which is more efficient and reduces memory allocations, particularly in performance-critical paths like `regal lint bundle`. The update includes several minor optimizations, such as using strings.Builder instead of fmt.Sprintf and removing unused code, which further improves performance and maintainability.
Commit Log
Add util.HasherMap (#7363) This is a simpler version of util.TypedHashMap where the keys implement a `.Hash()` method and as such won't need one to be passed in, and where the values are largely ignored by the map. These maps are smaller / more performant, but most importantly, they are nicer to work with. Perf wise, this saves about 600k+ allocs and 40 MB allocated memory in `regal lint bundle`: ``` 1207614875 ns/op 3293454016 B/op 64802095 allocs/op 1197978125 ns/op 3256960504 B/op 64164871 allocs/op ``` Also: - Use `strings.Builder` instead of `fmt.Sprintf` in one location - Remove `ValueMap.Copy` as it was only used in a test
AI Summary
The commit adds a support link to the README.md file, directing users to the official support page for commercial support options. This change improves user experience by providing clear access to support resources, especially for enterprise or commercial users.
Commit Log
Add support link to README (#7359)
AI Summary
The commit updates the serialize-javascript dependency from version 6.0.0 to 6.0.2 in the project's development dependencies. This change likely aims to address security vulnerabilities, bug fixes, or performance improvements introduced in version 6.0.2.
Commit Log
build(deps-dev): bump serialize-javascript (#7358) Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) from 6.0.0 to 6.0.2. - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](https://github.com/yahoo/serialize-javascript/compare/v6.0.0...v6.0.2) --- updated-dependencies: - dependency-name: serialize-javascript dependency-type: direct:development ...
AI Summary
The code allows passing a custom compiler to the Oracle, enabling more flexible compilation control. A test case was added to verify that the custom compiler is used correctly and metrics are updated.
Commit Log
Allow passing own compiler to oracle (#7354) Verified that this works in Regal, but also added a trivial test to assert that a custom compiler passed is used.
AI Summary
The commit updates the docker/setup-buildx-action dependency from version 3.8.0 to 3.9.0 in the GitHub workflows. This change likely aims to benefit from new features, bug fixes, or security updates introduced in the newer version of the action.
Commit Log
build(deps): bump docker/setup-buildx-action from 3.8.0 to 3.9.0 (#7343) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.8.0 to 3.9.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/6524bf65af31da8d45b59e8c27de4bd072b392f5...f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ...
AI Summary
The commit updates the docker/setup-qemu-action dependency from version 3.3.0 to 3.4.0. This change likely aims to benefit from new features, bug fixes, or security updates in the newer version.
Commit Log
build(deps): bump docker/setup-qemu-action from 3.3.0 to 3.4.0 (#7344) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/53851d14592bedcffcf25ea515637cff71ef929a...4574d27a4764455b42196d70a065bc6853246a25) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor ...