build(deps): bump the all group across 1 directory with 25 updates

[dependabot]

Bumps the all group with 14 updates in the / directory:

Package	From	To
cuelang.org/go	0.11.1	0.12.0
github.com/CycloneDX/cyclonedx-go	0.9.0	0.9.2
github.com/docker/docker	27.5.0+incompatible	28.0.2+incompatible
github.com/enterprise-contract/enterprise-contract-controller/api	0.1.79	0.1.84
github.com/evanphx/json-patch	5.9.0+incompatible	5.9.11+incompatible
github.com/gkampitakis/go-snaps	0.5.7	0.5.11
github.com/go-git/go-git/v5	5.13.2	5.14.0
github.com/open-policy-agent/conftest	0.55.0	0.58.0
github.com/sigstore/cosign/v2	2.4.1	2.4.3
github.com/spf13/afero	1.11.0	1.14.0
github.com/spf13/viper	1.19.0	1.20.0
github.com/tektoncd/pipeline	0.63.0	0.69.1
github.com/testcontainers/testcontainers-go	0.34.1-0.20241204123437-72be13940122	0.35.0
github.com/testcontainers/testcontainers-go/modules/registry	0.34.0	0.35.0

Updates cuelang.org/go from 0.11.1 to 0.12.0

Updates github.com/CycloneDX/cyclonedx-go from 0.9.0 to 0.9.2

Release notes

Sourced from github.com/CycloneDX/cyclonedx-go's releases.

v0.9.2

Changelog

Features

• 39ede217f126cfbc80eabf880f6643be3d392a4f: feat: add MarshalXML and UnmarshalXML (@​DmitriyLewen)
• e9191ed11a269fcb6b3fb54e000ed6d81b5bf9db: feat: add UnmarshalJSON (@​DmitriyLewen)

Fixes

• 80fede1f13a956d35eb14696cd2ca9d2d943f809: fix: add json tag for Identity (@​DmitriyLewen)
• 24e9503293f0837e6e7ea3ff670ef958e6075b87: fix: tests (@​DmitriyLewen)
• d68a199bc1747e5d6a7d4196c2f270535bbf6e3e: fix: use identity as array in valid-evidence.json (@​DmitriyLewen)
• ff9cc28f9c9554328bd6c1ad56098be5a692d5e9: fix: use componentEvidence array for Evidence.Identity field (@​DmitriyLewen)

Building and Packaging

• 016ee293d464d6383be3a714f7fb0debebef8ad5: build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (@​dependabot[bot])
• 77153ab5fe005f6484ac1e1225e7152df00db3f1: build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (@​dependabot[bot])
• 4f50d02c1282ac1d0d7448502b231a0e84a1e529: build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (@​dependabot[bot])
• b84451219e77e0fbbe7d5ba054bcf25dbc7aaea4: build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (@​dependabot[bot])
• 238cbea3479fed9fdfcbfa5f1751828390a05211: build(deps): bump actions/setup-go from 5.1.0 to 5.2.0 (@​dependabot[bot])
• bbe8f3c2c7c4567514ae966c69bf93fc1b3dba2a: build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (@​dependabot[bot])
• 05f8930fe918a31941ebf90eec627e5e6e908d1c: build(deps): bump github.com/terminalstatic/go-xsd-validate (@​dependabot[bot])
• 082f87791a5e290c9d4c6e8126dc0cc987028a60: build(deps): bump gitpod/workspace-go from 2a9e01c to 9c95281 (@​dependabot[bot])
• 093b1c15164dad5d46768db0e3f6ee43eb60ca20: build(deps): bump gitpod/workspace-go from 9c95281 to 6932342 (@​dependabot[bot])
• 47b7e01ce8f8209894065e9656217b8c00a3c8ea: build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 (@​dependabot[bot])
• ce6eb841cb1e21aa28efbccd9eb8fe5eea0555c9: build(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 (@​dependabot[bot])

Others

• 4d3aff9fab9ae78bd6fbbc9fd0912fab14c8fb64: UPDATE_SNAPSHOTS=true make test (@​DmitriyLewen)
• 31d954443e6563aeee69d82bdfb82aee83e07df1: refactor (@​DmitriyLewen)
• 0170729e313a681fc8659643601410ae10ffe803: refactor: update convert package (@​DmitriyLewen)

v0.9.1

Changelog

Fixes

• 6f0e0cf025dd99ab903e33f8e043d92b28dab4f6: fix: nil pointer dereference during evidence conversion (@​nscuro)
• ce43b6f4cb5707d3ef2db1af1d597f5b23bf0e15: fix: make linter happy (@​nscuro)
• 5d799e634b9bed9c86621048544737b210e433e8: fix: remove deprecated goreleaser flag (@​nscuro)

Building and Packaging

• 6d5bcb0e277207551dbc728eb29959f1d3cbd685: build(deps): bump actions/checkout from 4.1.6 to 4.1.7 (@​dependabot[bot])
• f34fc0c413da74d20d1cc240863aaf2eb6b274f7: build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (@​dependabot[bot])
• 71cff221b8dbbc1d50f839fa76ecea4e42d83a2b: build(deps): bump gitpod/workspace-go from 8d15123 to 2a9e01c (@​dependabot[bot])
• ea693550558d230b3fbba810b6e75ac2eb0b55c8: build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (@​dependabot[bot])
• d5cbdad49dfbf54f2dab4ad95bd1a47c710a526c: build(deps): bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (@​dependabot[bot])

Commits

• cba06ff Merge pull request #205 from CycloneDX/dependabot/go_modules/github.com/termi...
• 5c81749 Merge pull request #211 from CycloneDX/dependabot/github_actions/actions/setu...
• 753526c Merge pull request #204 from DmitriyLewen/fix/componentEvidence-as-array
• 4d3aff9 UPDATE_SNAPSHOTS=true make test
• d68a199 fix: use identity as array in valid-evidence.json
• 24e9503 fix: tests
• 238cbea build(deps): bump actions/setup-go from 5.1.0 to 5.2.0
• a7f7415 Merge branch 'master' of github.com:DmitriyLewen/cyclonedx-go into fix/compon...
• 05f8930 build(deps): bump github.com/terminalstatic/go-xsd-validate
• 464d426 Merge pull request #202 from CycloneDX/dependabot/github_actions/actions/chec...
• Additional commits viewable in compare view

Updates github.com/docker/docker from 27.5.0+incompatible to 28.0.2+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v28.0.2

28.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.0.2 milestone
• moby/moby, 28.0.2 milestone

Bug fixes and enhancements

• Fix CLI-specific attributes (docker.cli.*) being unintentionally passed to downstream OTel services. docker/cli#5842
• Fix an issue where user-specified OTEL_RESOURCE_ATTRIBUTES were being overridden by CLI's internal telemetry attributes. The CLI now properly merges user-specified attributes with internal ones, allowing both to coexist. docker/cli#5842
• Fix daemon failing to start on Windows when a container created before v28.0.0 was present. moby/moby#49626
• Fix possible error on docker buildx prune with the --min-free-space. moby/moby#49623
• Fix spurious io: read/write on closed pipe error in the daemon log when closing container. moby/moby#49590
• Fix the Docker daemon failing too early if the containerd socket isn't immediately available. moby/moby#49603
• Mask Linux thermal interrupt info in a container's /proc and /sys by default. moby/moby#49560
• Update contrib/check-config.sh to check for more kernel modules related to iptables. moby/moby#49622
• containerd image store: Fix integer overflow in User ID handling passed via --user. moby/moby#49652
• containerd image store: Fix spurious reference for unknown type: application/vnd.in-toto+json warning being logged to the daemon's log. moby/moby#49652
• containerd image store: Improve performance of docker ps when running large number of containers. moby/moby#49365

Packaging updates

• Update BuildKit to v0.20.1. moby/moby#49587
• Update Buildx to v0.22.0. docker/docker-ce-packaging#1175
• Update Compose to v2.34.0. docker/docker-ce-packaging#1172
• Update Go runtime to 1.23.7. docker/cli#5890, docker/docker-ce-packaging#1171, moby/moby#49580
• Update RootlessKit to v2.3.4. moby/moby#49614
• Update containerd (static binaries only) to v1.7.27. moby/moby#49656

Networking

• Add environment variable DOCKER_INSECURE_NO_IPTABLES_RAW=1 to allow Docker to run on systems where the Linux kernel can't provide CONFIG_IP_NF_RAW support. When enabled, Docker will not create rules in the iptables raw table. Warning: This is not recommended for production environments as it reduces security by allowing other hosts on the local network to route to ports published to host addresses, even when they are published to 127.0.0.1. This option bypasses some of the security hardening introduced in Docker Engine 28.0.0. moby/moby#49621
• Allow container startup when an endpoint is attached to a macvlan network where the parent interface is down. moby/moby#49630
• Do not skip DNAT for packets originating in a gateway_mode=routed network. moby/moby#49577
• Fix a bug causing docker ps to inconsistently report dual-stack port mappings. moby/moby#49657
• Fix a bug that could cause docker-proxy to stop forwarding UDP datagrams to containers. moby/moby#49649
• Fix a bug that was causing docker-proxy to close UDP connections to containers eagerly and resulting in the source address to change needlessly. moby/moby#49649

Go SDK

• Move various types and consts from cli-plugins/manager to a separate package. docker/cli#5902
• Update minimum required Go version to go1.23. moby/moby#49541
• cli/command: Move PrettyPrint utility to cli/command/formatter. docker/cli#5916
• runconfig/errors: split ErrConflictHostNetwork into ErrConflictConnectToHostNetwork and ErrConflictDisconnectFromHostNetwork. moby/moby#49605

Deprecations

• Go-SDK: Deprecate cli-plugins/manager.ResourceAttributesEnvvar constant. It was used internally, but holds the OTEL_RESOURCE_ATTRIBUTES name, which is part of the OpenTelemetry specification. Users of this constant should define their own. It will be removed in the next release. docker/cli#5881

... (truncated)

Commits

• bea4de2 Merge pull request #49656 from austinvazquez/bump-container-1.7.27-binary
• 97ee08e Merge pull request #49657 from akerouanton/fix-missing-port-mappings
• f2a183a daemon: return port-mappings from all endpoints
• 6b3b479 daemon: getEndpointPortMapInfo: err is never used
• 35766af Dockerfile: update containerd binary to v1.7.27
• b2363f0 Merge pull request #49602 from thaJeztah/remove_layerstore_experimental
• c9a763e daemon: remove redundant call to getEndpointPortMapInfo
• 2043aa9 Merge pull request #49652 from vvoland/vendor-containerd
• 7cdd1b5 Merge pull request #49649 from akerouanton/proxy-concurrent-write-close
• fb3cce1 vendor: github.com/containerd/containerd/v2 v2.0.4
• Additional commits viewable in compare view

Updates github.com/enterprise-contract/enterprise-contract-controller/api from 0.1.79 to 0.1.84

Release notes

Sourced from github.com/enterprise-contract/enterprise-contract-controller/api's releases.

API Release api/v0.1.84

What's Changed

• Bump github/codeql-action from 3.28.10 to 3.28.11 by @​dependabot in enterprise-contract/enterprise-contract-controller#486
• Bump actions/download-artifact from 4.1.8 to 4.1.9 by @​dependabot in enterprise-contract/enterprise-contract-controller#487

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.83...api/v0.1.84

API Release api/v0.1.83

What's Changed

• Bump actions/setup-go from 5.2.0 to 5.3.0 by @​dependabot in enterprise-contract/enterprise-contract-controller#470

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.82...api/v0.1.83

API Release api/v0.1.82

What's Changed

• Bump actions/upload-artifact from 4.6.0 to 4.6.1 by @​dependabot in enterprise-contract/enterprise-contract-controller#480

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.81...api/v0.1.82

API Release api/v0.1.81

What's Changed

• Bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @​dependabot in enterprise-contract/enterprise-contract-controller#482
• Bump github/codeql-action from 3.28.1 to 3.28.10 by @​dependabot in enterprise-contract/enterprise-contract-controller#481

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.80...api/v0.1.81

API Release api/v0.1.80

What's Changed

• Bump codecov/codecov-action from 5.1.2 to 5.4.0 by @​dependabot in enterprise-contract/enterprise-contract-controller#485

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.79...api/v0.1.80

Commits

• 14dbd07 Merge pull request #487 from enterprise-contract/dependabot/github_actions/ac...
• 9f76a92 Merge pull request #486 from enterprise-contract/dependabot/github_actions/gi...
• 47475ab Bump actions/download-artifact from 4.1.8 to 4.1.9
• e357751 Bump github/codeql-action from 3.28.10 to 3.28.11
• 6f293a9 Merge pull request #470 from enterprise-contract/dependabot/github_actions/ac...
• 3bbb0b4 Merge pull request #480 from enterprise-contract/dependabot/github_actions/ac...
• c84deab Merge pull request #481 from enterprise-contract/dependabot/github_actions/gi...
• 0a8bb0c Merge pull request #482 from enterprise-contract/dependabot/github_actions/os...
• cb28e70 Merge pull request #485 from enterprise-contract/dependabot/github_actions/co...
• 0c1d3d1 Bump codecov/codecov-action from 5.1.2 to 5.4.0
• Additional commits viewable in compare view

Updates github.com/evanphx/json-patch from 5.9.0+incompatible to 5.9.11+incompatible

Release notes

Sourced from github.com/evanphx/json-patch's releases.

v5.9.11

What's Changed

• Export errBadJSONDoc and errBadJSONPatch errors by @​skitt in evanphx/json-patch#209

Full Changelog: evanphx/json-patch@v5.9.10...v5.9.11

v5.9.10

What's Changed

• Drop the reference to gopkg.in for v5 by @​skitt in evanphx/json-patch#203
• remove unmaintained errors pkg(github.com/pkg/errors) by @​koba1t in evanphx/json-patch#206

New Contributors

• @​skitt made their first contribution in evanphx/json-patch#203
• @​koba1t made their first contribution in evanphx/json-patch#206

Full Changelog: evanphx/json-patch@v5.9.0...v5.9.10

Commits

• 84a4bb1 Merge pull request #209 from skitt/export-errs-v5
• 7a7a88a Export errBadJSONDoc and errBadJSONPatch errors
• bd18525 Upgrade go-flags
• 42f26cb Fix spacing
• 0a3482b Merge pull request #206 from koba1t/remove_unmaintained_error_pkg
• 106306d remove unmaintained errors pkg
• e7cfbbb Merge pull request #203 from skitt/drop-gopkgin-v5
• 61e1ad7 Drop the reference to gopkg.in for v5
• See full diff in compare view

Updates github.com/gkampitakis/go-snaps from 0.5.7 to 0.5.11

Release notes

Sourced from github.com/gkampitakis/go-snaps's releases.

v0.5.11

What's Changed

• feat: add json format config by @​kitimark in gkampitakis/go-snaps#121

New Contributors

• @​kitimark made their first contribution in gkampitakis/go-snaps#121

Full Changelog: gkampitakis/go-snaps@v0.5.10...v0.5.11

v0.5.10

What's Changed

• fix: handle builds with trimpath enabled by @​gkampitakis in gkampitakis/go-snaps#120

Full Changelog: gkampitakis/go-snaps@v0.5.9...v0.5.10

v0.5.9

What's Changed

• fix: snaps.Update should apply and on snapshot create by @​gkampitakis in gkampitakis/go-snaps#119

Full Changelog: gkampitakis/go-snaps@v0.5.8...v0.5.9

Kudos to @​orloffv for this issue gkampitakis/go-snaps#116

v0.5.8

What's Changed

• feat: implement matchYAML by @​gkampitakis in gkampitakis/go-snaps#114
• feat: implement matchStandaloneJSON by @​gkampitakis in gkampitakis/go-snaps#113

Full Changelog: gkampitakis/go-snaps@v0.5.7...v0.5.8

Commits

• e004bc1 feat: add json format config (#121)
• 8740883 fix: handle builds with trimpath enabled (#120)
• 00f3055 fix: snaps.Update should apply and on snapshot create (#119)
• 560fde0 feat: implement matchStandaloneJSON (#113)
• f81115d feat: implement matchYAML (#114)
• See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.13.2 to 5.14.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.14.0

What's Changed

• v5: Bump Go and dependencies to mitigate GO-2025-3487 by @​pjbgf in go-git/go-git#1436

⚠️ Note that this version requires Go 1.23, due to the bump to golang.org/x/[email protected] which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release.

Full Changelog: go-git/go-git@v5.13.2...v5.14.0

Commits

• 863c621 Merge pull request #1436 from pjbgf/v5-bumps
• 2e69e81 build: Bump dependencies
• b2c1ec9 build: Bump Go versions
• See full diff in compare view

Updates github.com/google/go-cmp from 0.6.0 to 0.7.0

Release notes

Sourced from github.com/google/go-cmp's releases.

v0.7.0

New API:

• (#367) Support compare functions with SortSlices and SortMaps

Panic messaging:

• (#370) Detect proto.Message types when failing to export a field

Commits

• 9b12f36 Detect proto.Message types when failing to export a field (#370)
• 4dd3d63 fix: type 'aribica' => 'arabica' (#368)
• 391980c Support compare functions with SortSlices and SortMaps (#367)
• See full diff in compare view

Updates github.com/open-policy-agent/conftest from 0.55.0 to 0.58.0

Release notes

Sourced from github.com/open-policy-agent/conftest's releases.

v0.58.0

Announcements

⚠️ Upcoming Breaking Changes ⚠️

In the v0.59 release of conftest (in April 2025), we will bump the hcl2json library which is used by the HCL2 parser. This makes the behavior of the conversion more consistent by always using arrays for blocks that can be repeated. See open-policy-agent/conftest#1074 and open-policy-agent/conftest#1006 for more info.

ℹ️ Breaking Changes Reminder ℹ️

In the v0.60 release of conftest (in May 2025), we will change the default version of Rego syntax from v0 to v1. This will be a breaking change if your Rego policies are not compatible with the v1 syntax.

• Individual policies can be updated gradually, by adding import rego.v1 to the policy.
• The rego-version flag will remain available indefinitely, and users who do not wish to update their Rego policies can continue to use v0 syntax by setting this flag to v0.

For more information about upgrading to Rego v1 syntax, see the upstream docs at https://www.openpolicyagent.org/docs/latest/v0-upgrade/.

Changelog

New Features

• 41549499ab4e816b47a4b21003bd1b1528bd80b9: feat(test): Enable inter-query cache (#1073) (@​jalseth)
• d62aa8d90c9c023bedc76151cb44dcbe4f6e7a79: feat: add --absolute-paths flag to pull command (#1078) (@​thevilledev)

Bug Fixes

• 4435c65cd37eddf69b9ee710bd4a84addaefbc5c: fix: Conftest can now successfully load files using a file URL (e.g., file:///C:/path/to/data.yaml) on windows (#999) (@​pckvcode)

OPA Changes

• 6424545eb03efbc0bdd2e773eea7539ecd9557d5: build(deps): bump github.com/open-policy-agent/opa from 1.1.0 to 1.2.0 (#1080) (@​dependabot[bot])

Other Changes

• 8e0fdf294b342f01d20d11365e8ac2085bc98248: build(deps): bump alpine from 3.21.2 to 3.21.3 (#1072) (@​dependabot[bot])
• 6cb9d19737ce7e7aac4cdf0cb4021474879efefd: build(deps): bump github.com/moby/buildkit from 0.19.0 to 0.20.0 (#1076) (@​dependabot[bot])
• 43264f4e481d7248dc4af141502315c718b759c2: build(deps): bump golang from 1.23.6-alpine to 1.24.0-alpine (#1071) (@​dependabot[bot])
• 155cd3c95342d627d3160888d804df3d228352c9: chore: Change empty interface{} to any throughout the codebase (#1057) (@​jalseth)
• 278f7355cd0f2dab8615777c5e823222140570f8: chore: Update all examples to OPA V1 syntax (#1058) (@​jalseth)
• 39bd5fcee10393a902ebd48387920bf89411a5b7: ci: Revert "replace Makefile-based Docker builds with GitHub Action… (#1075)" (#1081) (@​jalseth)
• 854183bc52bd266750b1f66a7ace9fa5717a7f0a: refactor(ci): replace Makefile-based Docker builds with GitHub Action… (#1075) (@​Amamgbu)
• cdd65ba3a46b8292a96ac4a30ca3c04d4a28674e: refactor(output): Add CheckResults type and helpers (#1063) (@​jalseth)

v0.57.0

Announcements

⚠️ Upcoming Breaking Changes ⚠️

In the May 2025 release of conftest, we will change the default version of Rego syntax from v0 to v1. This will be a breaking change if your Rego policies are not compatible with the v1 syntax.

• With this release of conftest, users may opt-in to this behavior early by setting the --rego-version flag to v1.
• Individual policies can be updated gradually, by adding import rego.v1 to the policy.
• The rego-version flag will remain available indefinitely, and users who do not wish to update their Rego policies can continue to use v0 syntax by setting this flag to v0.

For more information about upgrading to Rego v1 syntax, see the upstream docs at https://www.openpolicyagent.org/docs/latest/v0-upgrade/.

Changelog

New Features

... (truncated)

Commits

• 39bd5fc ci: Revert "replace Makefile-based Docker builds with GitHub Action… (#1075)"...
• 4435c65 fix: Conftest can now successfully load files using a file URL (e.g., `file:/...
• 5ae180f docs: clarify --trace flag behavior with --output flag (#1060)
• d62aa8d feat: add --absolute-paths flag to pull command (#1078)
• 43264f4 build(deps): bump golang from 1.23.6-alpine to 1.24.0-alpine (#1071)
• 854183b refactor(ci): replace Makefile-based Docker builds with GitHub Action… (#1075)
• 6cb9d19 build(deps): bump github.com/moby/buildkit from 0.19.0 to 0.20.0 (#1076)
• 8e0fdf2 build(deps): bump alpine from 3.21.2 to 3.21.3 (#1072)
• 6424545 build(deps): bump github.com/open-policy-agent/opa from 1.1.0 to 1.2.0 (#1080)
• 4154949 feat(test): Enable inter-query cache (#1073)
• Additional commits viewable in compare view

Updates github.com/open-policy-agent/opa from 0.70.0 to 1.2.0

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.2.0

This release contains a mix of features, performance improvements, and bugfixes.

Parameterized Rego Tests (#2176)

Rego tests now support parameterization, allowing a single test rule to include multiple, hierarchical, named test cases. This feature is useful for data-driven testing, where a single test rule can be used for multiple test cases with different inputs and expected outputs.

package example_test
test_concat[note] if {
some note, tc in {
"empty + empty": {
"a": [],
"b": [],
"exp": [],
},
"empty + filled": {
"a": [],
"b": [1, 2],
"exp": [1, 2],
},
"filled + filled": {
"a": [1, 2],
"b": [3, 4],
"exp": [1, 2, 3], # Faulty expectation, this test case will fail
},
}
act := array.concat(tc.a, tc.b)
act == tc.exp

}

$ opa test example_test.rego
example_test.rego:
data.example_test.test_concat: FAIL (263.375µs)
  empty + empty: PASS
  empty + filled: PASS
  filled + filled: FAIL
--------------------------------------------------------------------------------
FAIL: 1/1

See the documentation for more information.

Authored by @​johanfylling, reported by @​anderseknert

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.2.0

This release contains a mix of features, performance improvements, and bugfixes.

Parameterized Rego Tests (#2176)

Rego tests now support parameterization, allowing a single test rule to include multiple, hierarchical, named test cases. This feature is useful for data-driven testing, where a single test rule can be used for multiple test cases with different inputs and expected outputs.

package example_test
test_concat[note] if {
some note, tc in {
"empty + empty": {
"a": [],
"b": [],
"exp": [],
},
"empty + filled": {
"a": [],
"b": [1, 2],
"exp": [1, 2],
},
"filled + filled": {
"a": [1, 2],
"b": [3, 4],
"exp": [1, 2, 3], # Faulty expectation, this test case will fail
},
}
act := array.concat(tc.a, tc.b)
act == tc.exp

}

$ opa test example_test.rego
example_test.rego:
data.example_test.test_concat: FAIL (263.375µs)
  empty + empty: PASS
  empty + filled: PASS
  filled + filled: FAIL
--------------------------------------------------------------------------------
FAIL: 1/1

See the documentation for more information.

Authored by @​johanfylling, reported by @​anderseknert

... (truncated)

Commits

• d537788 Release v1.2.0 (#7403)
• d6b8e6d perf: various small improvements (#7357)
• e46696e ci: Using fetch-depth when fetching tags (#7400)
• 85eaacd docs: Add note about v1.0 addr behaviour (#7398)
• 83c8e0e ci: Adding fetch-tags under with in GHA (#7397)
• 10d1a54 Explicitly fetching fetching git tags for CI builds (#7395)
• 6088316 build(deps): bump github.com/containerd/containerd from 1.7.25 to 1.7.26 (#7392)
• 3ab892f docs: Update homepage examples to drop v1 import (#7391)
• bad1b1a build(deps): bump github.com/prometheus/client_golang (#7375)
• e75f583 build(deps): bump actions/download-artifact from 4.1.8 to 4.1.9 (#7389)
• Additional commits viewable in compare view

Updates github.com/sigstore/cosign/v2 from 2.4.1 to 2.4.3

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.4.3

Features

• Bump sigstore/sigstore to support KMS plugins (#4073)
• Enable fetching signatures without remote get. (#4047)
• Feat/file flag completion improvements (#4028)
• Update builder to use go1.23.6 (#4052)

Bug Fixes

• fix parsing error in --only for cosign copy (#4049)

Cleanup

• Refactor verifyNewBundle into library function (#4013)
• fix comment typo and imports order (#4061)
• sync comment with parameter name in function signature (#4063)
• sort properly Go imports (#4071)

Contributors

• Bob Callaway
• Carlos Tadeu Panato Junior
• Cody Soyland
• Dmitry Savintsev
• Hayden B
• Tomasz Janiszewski
• Ville Skyttä

v2.4.2

Features

• Updated open-policy-agent to 1.1.0 library (#4036)
  • Note that only Rego v0 policies are supported at this time
• Add UseSignedTimestamps to CheckOpts, refactor TSA options (#4006)
• Add support for verifying root checksum in cosign initialize (#3953)
• Detect if user supplied a valid protobuf bundle (#3931)
• Add a log message if user doesn't provide --trusted-root (#3933)
• Support mTLS towards container registry (#3922)
• Add bundle create helper command (#3901)
• Add trusted-root create helper command (#3876)

Bug Fixes

• fix: set tls config while retaining other fields from default http transport (#4007)
• policy fuzzer: ignore known panics (#3993)
• Fix for multiple WithRemote options (#3982)
• Add nightly conformance test workflow (#3979)
• Fix copy --only for signatures + update/align docs (#3904)

... (truncated)

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.4.3

Features

• Bump sigstore/sigstore to support KMS plugins (#4073)
• Enable fetching signatures without remote get. (#4047)
• Feat/file flag completion improvements (#4028)
• Update builder to use go1.23.6 (#4052)

Bug Fixes

• fix parsing error in --only for cosign copy (#4049)

Cleanup

• Refactor verifyNewBundle into library function (#4013)
• fix comment typo and imports order (#4061)
• sync comment with parameter name in function signature (#4063)
• sort properly Go imports (#4071)

Contributors

• Bob Callaway
• Carlos Tadeu Panato Junior
• Cody Soyland
• Dmitry Savintsev
• Hayden B
• Tomasz Janiszewski
• Ville Skyttä

v2.4.2

Features

• Updated open-policy-agent to 1.1.0 library (#4036)
  • Note that only Rego v0 policies are supported at this time
• Add UseSignedTimestamps to CheckOpts, refactor TSA options (#4006)
• Add support for verifying root checksum in cosign initialize (#3953)
• Detect if user supplied a valid protobuf bundle (#3931)
• Add a log message if user doesn't provide --trusted-root (#3933)
• Support mTLS towards container registry (#3922)
• Add bundle create helper command (#3901)
• Add trusted-root create helper command (#3876)

Bug Fixes

• fix: set tls config while retaining other fields from default http transport (#4007)
• policy fuzzer: ignore known panics (#3993)
• Fix for multiple WithRemote options (#3982)
• Add nightly conformance test workflow (#3979)

... (truncated)

Commits

• 6a7abbf chore(deps): bump the gomod group across 1 directory with 4 updates (#4074)
• 0b69cc5 chore(deps): bump github.com/buildkite/agent/v3 from 3.91.0 to 3.92.1 (#4066)
• 3564b3e chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4065)
• d6aeeb2 Enable fetching signatures without remote get. (#4047)
• 26d0ee5 Bump sigstore/sigstore to support KMS plugins (#4073)
• 5181623 chore(deps): bump golangci/golangci-lint-action in the actions group (#4070)
• c1b1a78 chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#4067)
• a0b20b7 sort properly Go imports (#4071)
• b4be5f7 chore(deps): bump google.golang.org/api from 0.220.0 to 0.221.0 (#4068)
• 01fde81 sync comment with parameter name in function signature (#4063)
• Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.8.9 to 1.8.15

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.15

What's Changed

• pkg/signature: fix RSA PSS 3072 key size in algorithm registry in sigstore/sigstore#1981
• check concrete type for non-nil to stop fuzzing crash in sigstore/sigstore#1983
• fix: cliplugin: return ErrorProviderNotFound when calling Get with a path in sigstore/sigstore#1982

Full Changelog: sigstore/sigstore@v1.8.14...v1.8.15

v1.8.14

What's Changed

This is the same content as v1.8.13, with a CI/CD fix.

• add initial plugin support for KMSs in sigstore/sigstore#1901
• cliplugin: add mocks and serialization testing in sigstore/sigstore#1918
• kms plugin: add SignMessage in sigstore/sigstore#1919
• cliplugin: add VerifySignat...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.