Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump the common group with 6 updates #8162

Merged
merged 1 commit into from
Dec 24, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 23, 2024

Bumps the common group with 6 updates:

Package From To
github.com/antchfx/htmlquery 1.3.3 1.3.4
github.com/open-policy-agent/opa 0.70.0 1.0.0
google.golang.org/protobuf 1.36.0 1.36.1
k8s.io/utils 0.0.0-20240711033017-18e509b52bc8 0.0.0-20241104100929-3ea5e8cea738
modernc.org/sqlite 1.34.2 1.34.4

Updates github.com/antchfx/htmlquery from 1.3.3 to 1.3.4

Release notes

Sourced from github.com/antchfx/htmlquery's releases.

v1.3.4

Update packages:

  • update golang.org/x/net from v0.7.0 to v0.33.0
  • update github.com/antchfx/xpath from v1.3.2 to v1.3.3
Commits
  • 8189c48 Bump golang.org/x/net from 0.7.0 to 0.33.0
  • 23f943c update github.com/antchfx/xpath to v1.3.3
  • See full diff in compare view

Updates github.com/open-policy-agent/opa from 0.70.0 to 1.0.0

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.0.0

NOTES:

  • The minimum version of Go required to build the OPA module is 1.22

We are excited to announce OPA 1.0, a milestone release consolidating an improved developer experience for the future of Policy as Code. The release makes new functionality designed to simplify policy writing and improve the language's consistency the default.

Changes to Rego in OPA 1.0

Below we highlight some key changes to the defaults in OPA 1.0:

  • Using if for all rule definitions and contains for multi-value rules is now mandatory, not just when using the rego.v1 import.
  • Other new keywords (every, in) are available without any imports.
  • Previously requirements that were only run in "strict mode" (like opa check --strict) are now the default. Duplicate imports and imports which shadow each other are no longer allowed.
  • OPA 1.0 comes with a range of backwards compatibility features to aid your migrations, please see the v0 compatibility guide if you must continue to support v0 Rego.

Read more about the OPA 1.0 announcement here on our blog.

Following are other changes that are included in OPA 1.0.

Improvements to memory allocations

PRs #7172, #7190, #7193, #7165, #7168, #7191 & #7222 together improve the memory performance of OPA. Key strategies include reusing pointers and optimizing array and object operations, minimizing intermediate object creation, and using sync.Pool to manage memory-heavy operations. These changes cumulatively greatly reduced the number of allocations and improved evaluation speed by 10-20%. Additional benchmarks highlighted significant memory and speed improvements in custom function evaluation.

Authored by @​anderseknert.

Wrap http.RoundTripper for SDK users

PR #7180 adds an EvalHTTPRoundTrip EvalOption and query-level WithHTTPRoundTrip option. Both use a new function type which converts an http.Transport configured by topdown to an http.RoundTripper. This supports use cases requiring the customization of the http.send built in behavior.

Authored by @​evankanderson.

Improvements to scientific notation parsing in units.parse

PR #7147 extends the behaviour of extractNumAndUnit to support scientific notation values. This means values such as 1e3KB can now be handled by this function.

Authored by @​berdanA.

Support customized buckets bundle_loading_duration_ns metric

PR #7156 extends OPA’s Prometheus configuration to allow the setting of user defined buckets for metrics. This aids when debugging the loading of slow bundles.

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.0.0

NOTES:

  • The minimum version of Go required to build the OPA module is 1.22

We are excited to announce OPA 1.0, a milestone release consolidating an improved developer experience for the future of Policy as Code. The release makes new functionality designed to simplify policy writing and improve the language's consistency the default.

Changes to Rego in OPA 1.0

Below we highlight some key changes to the defaults in OPA 1.0:

  • Using if for all rule definitions and contains for multi-value rules is now mandatory, not just when using the rego.v1 import.
  • Other new keywords (every, in) are available without any imports.
  • Previously requirements that were only run in "strict mode" (like opa check --strict) are now the default. Duplicate imports and imports which shadow each other are no longer allowed.
  • OPA 1.0 comes with a range of backwards compatibility features to aid your migrations, please see the v0 compatibility guide if you must continue to support v0 Rego.

Read more about the OPA 1.0 announcement on the OPA blog.

Following are other changes that are included in OPA 1.0.

Improvements to memory allocations

PRs #7172, #7190, #7193, #7165, #7168, #7191 & #7222 together improve the memory performance of OPA. Key strategies include reusing pointers and optimizing array and object operations, minimizing intermediate object creation, and using sync.Pool to manage memory-heavy operations. These changes cumulatively greatly reduced the number of allocations and improved evaluation speed by 10-20%. Additional benchmarks highlighted significant memory and speed improvements in custom function evaluation.

Authored by @​anderseknert.

Wrap http.RoundTripper for SDK users

PR #7180 adds an EvalHTTPRoundTrip EvalOption and query-level WithHTTPRoundTrip option. Both use a new function type which converts an http.Transport configured by topdown to an http.RoundTripper. This supports use cases requiring the customization of the http.send built in behavior.

Authored by @​evankanderson.

Improvements to scientific notation parsing in units.parse

PR #7147 extends the behaviour of extractNumAndUnit to support scientific notation values. This means values such as 1e3KB can now be handled by this function.

Authored by @​berdanA.

... (truncated)

Commits
  • 00cc7ae Prepare v1.0.0 release
  • 94118ac docs/website/scripts: Control eval behavior via the rego.v1 import rather tha...
  • bb10c56 docs/website/scripts: Eval pre-1.0 policies in v0 compatibility mode
  • c91c895 go.mod: require go 1.22.7
  • b8a1376 build(deps): bump the go-opentelemetry-io group with 6 updates (#7217)
  • a190ea3 Fixing optimized numbers.range builtin reversed range bug (#7230)
  • 9a7d920 Update docs and server binding addr per OPA v1.0 specs (#7140)
  • c5757a5 build(deps): bump google.golang.org/grpc from 1.69.0 to 1.69.2
  • c97b640 build(deps): bump golang.org/x/net from 0.32.0 to 0.33.0
  • 50b5ee5 Reduce allocations, chapter III (#7222)
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.0 to 1.36.1

Updates k8s.io/utils from 0.0.0-20240711033017-18e509b52bc8 to 0.0.0-20241104100929-3ea5e8cea738

Commits

Updates modernc.org/sqlite from 1.34.2 to 1.34.4

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 23, 2024
@dependabot dependabot bot requested a review from knqyf263 as a code owner December 23, 2024 14:42
@dependabot dependabot bot added the go Pull requests that update Go code label Dec 23, 2024
@knqyf263
Copy link
Collaborator

@nikpivkin Thanks for your fix. Do you know how to let Dependabot downgrade it? I found that we also needed to update the PR description.

@nikpivkin nikpivkin force-pushed the dependabot/go_modules/common-be1c3b8877 branch from e868abe to 2ea11d8 Compare December 24, 2024 06:27
@nikpivkin
Copy link
Contributor

@knqyf263 There doesn't seem to be a way to force dependabot to update the description.

@knqyf263
Copy link
Collaborator

OK, thanks. Can you update the description manually?

Bumps the common group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/antchfx/htmlquery](https://github.com/antchfx/htmlquery) | `1.3.3` | `1.3.4` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `0.70.0` | `1.0.0` |
| google.golang.org/protobuf | `1.36.0` | `1.36.1` |
| [k8s.io/utils](https://github.com/kubernetes/utils) | `0.0.0-20240711033017-18e509b52bc8` | `0.0.0-20241104100929-3ea5e8cea738` |
| [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `1.34.2` | `1.34.4` |

Updates `github.com/antchfx/htmlquery` from 1.3.3 to 1.3.4
- [Release notes](https://github.com/antchfx/htmlquery/releases)
- [Commits](antchfx/htmlquery@v1.3.3...v1.3.4)

Updates `github.com/open-policy-agent/opa` from 0.70.0 to 1.0.0
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](open-policy-agent/opa@v0.70.0...v1.0.0)

Updates `google.golang.org/protobuf` from 1.36.0 to 1.36.1

Updates `k8s.io/utils` from 0.0.0-20240711033017-18e509b52bc8 to 0.0.0-20241104100929-3ea5e8cea738
- [Commits](https://github.com/kubernetes/utils/commits)

Updates `modernc.org/sqlite` from 1.34.2 to 1.34.4
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.2...v1.34.4)

---
updated-dependencies:
- dependency-name: github.com/antchfx/htmlquery
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: common
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: k8s.io/utils
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: modernc.org/sqlite
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
...

Signed-off-by: dependabot[bot] <[email protected]>
@nikpivkin nikpivkin force-pushed the dependabot/go_modules/common-be1c3b8877 branch from 2ea11d8 to 4f09bf3 Compare December 24, 2024 06:47
@nikpivkin
Copy link
Contributor

@knqyf263 done

@nikpivkin nikpivkin added this pull request to the merge queue Dec 24, 2024
Merged via the queue into main with commit eedefdd Dec 24, 2024
13 checks passed
@nikpivkin nikpivkin deleted the dependabot/go_modules/common-be1c3b8877 branch December 24, 2024 17:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants