rego-policies
rego-policies copied to clipboard
redhat-cop
Update dependency open-policy-agent/opa to v0.62.1
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| open-policy-agent/opa | minor | v0.61.0 -> v0.62.1 |
Release Notes
open-policy-agent/opa (open-policy-agent/opa)
v0.62.1
This is a security fix release for the fixes published in Go 1.22.1.
OPA servers using --authentication=tls would be affected: crafted malicious client certificates could cause a panic in the server.
Also, crafted server certificates could panic OPA's HTTP clients, in bundle plugin, status and decision logs; and http.send calls that verify TLS.
This is CVE-2024-24783 (https://pkg.go.dev/vuln/GO-2024-2598).
Note that there are other security fixes in this Golang release, but whether or not OPA is affected is harder to assess. An update is advised.
Miscellaneous
- Add Trino to OPA ecosystem (authored by @mosabua)
- update: ADOPTERS.md (#6608) (authored by @fredmaggiowski)
v0.62.0
NOTES:
- The minimum version of Go required to build the OPA module is 1.20
This release contains a mix of improvements and bugfixes.
Runtime, Tooling, SDK
- cmd: Add environment variable backups for command-line flags (#6508) authored by @colinjlacy
- download/oci: Add missing
WithBundleParserOptsmethod to OCI downloader (#6571) authored by @slonka - logging: avoid
%!F(MISSING)in logs by skipping calls to the{Debug,Info,Warn,Error}ffunctions when there are no arguments (#6555) authored by @srenatus
Topdown and Rego
- ast+cmd: Allow bundle to contain calls to unknown Rego functions when inspected (#6591) authored by @johanfylling
- topdown/http: Respect
raise_errorflag during input validation (#6553) authored by @ashutosh-narkar
Docs + Website + Ecosystem
- Add OpaDotNet to ecosystem projects (#6554) authored by @me-viper
- Add updated logos for Permit.io and OPAL (#6562) authored by @danielbass37
- docs: Update description of the url path usage when accessing values inside object and array documents for v1/data GET and POST (#6567) authored by @ashutosh-narkar
- docs: Use
application/yamlinstead ofapplication/x-yamlas the former is now a recognized content type (#6565) authored by @anderseknert
Miscellaneous
- Add Elastic to ADOPTERS.md (#6568) authored by @orouz
- Dependency updates; notably:
- bump golang 1.21.5 -> 1.22 (#6595) authored by @srenatus
- bump google.golang.org/grpc from 1.61.0 to 1.62.0
- bump golang.org/x/net from 0.19.0 to 0.21.0
- bump github.com/containerd/containerd from 1.7.12 to 1.7.13
- bump aquasecurity/trivy-action from 0.16.1 to 0.17.0
- bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0
- bump github.com/opencontainers/image-spec from 1.1.0-rc5 to 1.1.0-rc6
Configuration
📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}