Bump github.com/open-policy-agent/opa from 0.44.0 to 0.50.1

[dependabot]

Bumps github.com/open-policy-agent/opa from 0.44.0 to 0.50.1.

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v0.50.1

This is a bug fix release addressing the following issues:

Fixes

• ast/compile: Guard recursive module equality check. (#5756) authored by @​philipaconrad. Resolves a performance regression when using large bundles.
• ast: Relaxing strict-mode check for unused args in else-branching functions (#5758) authored by @​johanfylling reported by @​ethanjli.

Miscellaneous

• Use normalized policy paths as compiler module keys and store IDs (authored by @​ashutosh-narkar). Resolves an issue with bundle loading on Windows.

v0.50.0

This release contains a mix of new features, bugfixes, security fixes, optimizations and build updates related to OPA's published images.

New Built-in Functions: JSON Schema Verification and Validation

These new built-in functions add functionality to verify and validate JSON Schema (#5486) (co-authored by @​jkulvich and @​johanfylling).

• json.verify_schema: Checks that the input is a valid JSON schema object
• json.match_schema: Checks that the document matches the JSON schema

See the documentation for all details.

Annotations scoped to package carries across modules

package scoped schema annotations are now applied across modules instead of only local to the module where it's declared (#5251) (authored by @​johanfylling). This change may cause compile-time errors and behavioural changes to type checking when the schemas annotation is used, and to rules calling the rego.metadata.chain() built-in function:

• Existing projects with the same package declared in multiple files will trigger a rego_type_error: package annotation redeclared error if two or more of these are annotated with the package scope.
• If using the package scope, the schemas annotation will be applied to type checking also for rules declared in another file than the annotation declaration, as long as the package is the same.
• The chain of metadata returned by the rego.metadata.chain() built-in function will now contain an entry for the package even if the annotations are declared in another file, if the scope is package.

Remote bundle URL shorthand for run command

To load a remote bundle using opa run, the set directive can be provided multiple times as shown below:

 $ opa run -s --set "services.default.url=https://example.com" \
              --set "bundles.example.service=default" \
              --set "bundles.example.resource=/bundles/bundle.tar.gz" \
              --set "bundles.example.persist=true"

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

0.50.1

This is a bug fix release addressing the following issues:

Fixes

• ast/compile: Guard recursive module equality check. (#5756) authored by @​philipaconrad. Resolves a performance regression when using large bundles.
• ast: Relaxing strict-mode check for unused args in else-branching functions (#5758) authored by @​johanfylling reported by @​ethanjli.

Miscellaneous

• Use normalized policy paths as compiler module keys and store IDs (authored by @​ashutosh-narkar). Resolves an issue with bundle loading on Windows.

0.50.0

This release contains a mix of new features, bugfixes, security fixes, optimizations and build updates related to OPA's published images.

New Built-in Functions: JSON Schema Verification and Validation

These new built-in functions add functionality to verify and validate JSON Schema (#5486) (co-authored by @​jkulvich and @​johanfylling).

• json.verify_schema: Checks that the input is a valid JSON schema object
• json.match_schema: Checks that the document matches the JSON schema

See the documentation for all details.

Annotations scoped to package carries across modules

package scoped schema annotations are now applied across modules instead of only local to the module where it's declared (#5251) (authored by @​johanfylling). This change may cause compile-time errors and behavioural changes to type checking when the schemas annotation is used, and to rules calling the rego.metadata.chain() built-in function:

• Existing projects with the same package declared in multiple files will trigger a rego_type_error: package annotation redeclared error if two or more of these are annotated with the package scope.
• If using the package scope, the schemas annotation will be applied to type checking also for rules declared in another file than the annotation declaration, as long as the package is the same.
• The chain of metadata returned by the rego.metadata.chain() built-in function will now contain an entry for the package even if the annotations are declared in another file, if the scope is package.

Remote bundle URL shorthand for run command

To load a remote bundle using opa run, the set directive can be provided multiple times as shown below:

 $ opa run -s --set "services.default.url=https://example.com" \
              --set "bundles.example.service=default" \
              --set "bundles.example.resource=/bundles/bundle.tar.gz" \
              --set "bundles.example.persist=true"
</tr></table> 

... (truncated)

Commits

• c2af620 Prepare v0.50.1 release
• e2fb387 ast: Relaxing strict-mode check for unused args in else-branching functions (...
• 804c158 Use Normalized policy paths as compiler module keys and store ids
• a9d4665 ast/compile: Guard recursive module equality check. (#5757)
• 50d14ac Prepare v0.50.0 release
• ed97b78 docs: Add example of decision log error surfaced via status (#5745)
• dadf43f build(deps): bump github.com/golang/protobuf from 1.5.2 to 1.5.3
• b36da40 [server/identifier] Support SPIFFEID use in authz (#5742)
• f24f18e Retract pre go module OPA versions (#5741)
• 85a10ff build: bump golang 1.20.1 -> 1.20.2 (#5740)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #3761.