build(deps): bump the all group with 30 updates #224

dependabot · 2025-08-04T21:47:30Z

Bumps the all group with 30 updates:

Package	From	To
cuelang.org/go	`0.11.1`	`0.14.0`
github.com/CycloneDX/cyclonedx-go	`0.9.0`	`0.9.2`
github.com/docker/docker	`27.5.0+incompatible`	`28.3.3+incompatible`
github.com/enterprise-contract/enterprise-contract-controller/api	`0.1.79`	`0.1.122`
github.com/evanphx/json-patch	`5.9.0+incompatible`	`5.9.11+incompatible`
github.com/gkampitakis/go-snaps	`0.5.7`	`0.5.14`
github.com/go-git/go-git/v5	`5.13.2`	`5.16.2`
github.com/go-logr/logr	`1.4.2`	`1.4.3`
github.com/google/go-cmp	`0.6.0`	`0.7.0`
github.com/open-policy-agent/conftest	`0.55.0`	`0.62.0`
github.com/open-policy-agent/opa	`0.70.0`	`1.6.0`
github.com/secure-systems-lab/go-securesystemslib	`0.9.0`	`0.9.1`
github.com/sigstore/cosign/v2	`2.4.1`	`2.5.3`
github.com/sigstore/sigstore	`1.8.9`	`1.9.5`
github.com/spf13/afero	`1.11.0`	`1.12.0`
github.com/spf13/cobra	`1.8.1`	`1.9.1`
github.com/spf13/pflag	`1.0.5`	`1.0.7`
github.com/spf13/viper	`1.19.0`	`1.20.1`
github.com/tektoncd/pipeline	`0.63.0`	`1.3.0`
github.com/testcontainers/testcontainers-go	`0.34.1-0.20241204123437-72be13940122`	`0.38.0`
github.com/testcontainers/testcontainers-go/modules/registry	`0.34.0`	`0.38.0`
golang.org/x/exp	`0.0.0-20240909161429-701f63a606c0`	`0.0.0-20250408133849-7e4ce0ab07d0`
golang.org/x/net	`0.34.0`	`0.42.0`
golang.org/x/sync	`0.10.0`	`0.16.0`
k8s.io/apiextensions-apiserver	`0.31.0`	`0.32.6`
k8s.io/apimachinery	`0.31.0`	`0.33.2`
k8s.io/client-go	`0.31.0`	`0.33.2`
k8s.io/kube-openapi	`0.0.0-20240903163716-9e1beecbcb38`	`0.0.0-20250318190949-c8a335a9a2ff`
oras.land/oras-go/v2	`2.5.0`	`2.6.0`
sigs.k8s.io/yaml	`1.4.0`	`1.6.0`

Updates cuelang.org/go from 0.11.1 to 0.14.0

Updates github.com/CycloneDX/cyclonedx-go from 0.9.0 to 0.9.2

Release notes

Sourced from github.com/CycloneDX/cyclonedx-go's releases.

v0.9.2

Changelog

Features

39ede217f126cfbc80eabf880f6643be3d392a4f: feat: add MarshalXML and UnmarshalXML (@DmitriyLewen)

e9191ed11a269fcb6b3fb54e000ed6d81b5bf9db: feat: add UnmarshalJSON (@DmitriyLewen)

Fixes

80fede1f13a956d35eb14696cd2ca9d2d943f809: fix: add json tag for Identity (@DmitriyLewen)

24e9503293f0837e6e7ea3ff670ef958e6075b87: fix: tests (@DmitriyLewen)

d68a199bc1747e5d6a7d4196c2f270535bbf6e3e: fix: use identity as array in valid-evidence.json (@DmitriyLewen)

ff9cc28f9c9554328bd6c1ad56098be5a692d5e9: fix: use componentEvidence array for Evidence.Identity field (@DmitriyLewen)

Building and Packaging

016ee293d464d6383be3a714f7fb0debebef8ad5: build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (@dependabot[bot])

77153ab5fe005f6484ac1e1225e7152df00db3f1: build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (@dependabot[bot])

4f50d02c1282ac1d0d7448502b231a0e84a1e529: build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (@dependabot[bot])

b84451219e77e0fbbe7d5ba054bcf25dbc7aaea4: build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (@dependabot[bot])

238cbea3479fed9fdfcbfa5f1751828390a05211: build(deps): bump actions/setup-go from 5.1.0 to 5.2.0 (@dependabot[bot])

bbe8f3c2c7c4567514ae966c69bf93fc1b3dba2a: build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (@dependabot[bot])

05f8930fe918a31941ebf90eec627e5e6e908d1c: build(deps): bump github.com/terminalstatic/go-xsd-validate (@dependabot[bot])

082f87791a5e290c9d4c6e8126dc0cc987028a60: build(deps): bump gitpod/workspace-go from 2a9e01c to 9c95281 (@dependabot[bot])

093b1c15164dad5d46768db0e3f6ee43eb60ca20: build(deps): bump gitpod/workspace-go from 9c95281 to 6932342 (@dependabot[bot])

47b7e01ce8f8209894065e9656217b8c00a3c8ea: build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 (@dependabot[bot])

ce6eb841cb1e21aa28efbccd9eb8fe5eea0555c9: build(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 (@dependabot[bot])

Others

4d3aff9fab9ae78bd6fbbc9fd0912fab14c8fb64: UPDATE_SNAPSHOTS=true make test (@DmitriyLewen)

31d954443e6563aeee69d82bdfb82aee83e07df1: refactor (@DmitriyLewen)

0170729e313a681fc8659643601410ae10ffe803: refactor: update convert package (@DmitriyLewen)

v0.9.1

Changelog

Fixes

6f0e0cf025dd99ab903e33f8e043d92b28dab4f6: fix: nil pointer dereference during evidence conversion (@nscuro)

ce43b6f4cb5707d3ef2db1af1d597f5b23bf0e15: fix: make linter happy (@nscuro)

5d799e634b9bed9c86621048544737b210e433e8: fix: remove deprecated goreleaser flag (@nscuro)

Building and Packaging

6d5bcb0e277207551dbc728eb29959f1d3cbd685: build(deps): bump actions/checkout from 4.1.6 to 4.1.7 (@dependabot[bot])

f34fc0c413da74d20d1cc240863aaf2eb6b274f7: build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (@dependabot[bot])

71cff221b8dbbc1d50f839fa76ecea4e42d83a2b: build(deps): bump gitpod/workspace-go from 8d15123 to 2a9e01c (@dependabot[bot])

ea693550558d230b3fbba810b6e75ac2eb0b55c8: build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (@dependabot[bot])

d5cbdad49dfbf54f2dab4ad95bd1a47c710a526c: build(deps): bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (@dependabot[bot])

Commits

cba06ff Merge pull request #205 from CycloneDX/dependabot/go_modules/github.com/termi...
5c81749 Merge pull request #211 from CycloneDX/dependabot/github_actions/actions/setu...
753526c Merge pull request #204 from DmitriyLewen/fix/componentEvidence-as-array
4d3aff9 UPDATE_SNAPSHOTS=true make test
d68a199 fix: use identity as array in valid-evidence.json
24e9503 fix: tests
238cbea build(deps): bump actions/setup-go from 5.1.0 to 5.2.0
a7f7415 Merge branch 'master' of github.com:DmitriyLewen/cyclonedx-go into fix/compon...
05f8930 build(deps): bump github.com/terminalstatic/go-xsd-validate
464d426 Merge pull request #202 from CycloneDX/dependabot/github_actions/actions/chec...
Additional commits viewable in compare view

Updates github.com/docker/docker from 27.5.0+incompatible to 28.3.3+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v28.3.3

28.3.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 28.3.3 milestone

moby/moby, 28.3.3 milestone

Security

This release fixes an issue where, after a firewalld reload, published container ports could be accessed directly from the local network, even when they were intended to be accessible only via a loopback address. CVE-2025-54388 / GHSA-x4rx-4gw3-53p4 / moby/moby#50506.

Packaging updates

Update Buildx to v0.26.1. docker/docker-ce-packaging#1230

Update Compose to v2.39.1. docker/docker-ce-packaging#1234

Update Docker Model CLI plugin to v0.1.36. docker/docker-ce-packaging#1233

Go SDK

cli/command/formatter: add TrunateID() utility as alternative for github.com/docker/docker/pkg/stringid.TrunateID(). docker/cli#6180

28.3.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 28.3.2 milestone

moby/moby, 28.3.2 milestone

Deprecated and removed features, see Deprecated Features.

Changes to the Engine API, see API version history.

Bug fixes and enhancements

Fix --use-api-socket not working correctly when targeting a remote daemon. docker/cli#6157

Fix stray "otel error" logs being printed if debug logging is enabled. docker/cli#6160

Quote SSH arguments when connecting to a remote daemon over an SSH connection to avoid unexpected expansion. docker/cli#6147

Warn when DOCKER_AUTH_CONFIG is set during docker login and docker logout. docker/cli#6163

Packaging updates

Update Compose to v2.38.2. docker/docker-ce-packaging#1225

Update Docker Model CLI plugin to v0.1.33. docker/docker-ce-packaging#1227

Update Go runtime to 1.24.5. moby/moby#50354

28.3.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 28.3.1 milestone

... (truncated)

Commits

bea959c Merge pull request #50506 from robmry/backport-28.x/fix_firewalld_reload
3e9ff78 bridge: Reapply endpoint iptables rules on firewalld reload
29ed80a bridge: Trigger firewalld reload during bridge integration tests
da489a1 Merge pull request #50478 from thaJeztah/28.x_backport_gha_bump_bk
f173e45 Merge pull request #50480 from austinvazquez/cherry-pick-ea29dffaa541289591aa...
e4b1f89 daemon/server: remove compatibility with API v1.4 auth-config on push
0c9e14d hack/buildkit-ref: temporarily bump BuildKit to head of v0.23 branch
bf6d688 Merge pull request #50471 from austinvazquez/cherry-pick-b1ce0c89f0214cc6711c...
4205776 client: always send (empty) body on push
e77ff99 Merge pull request #50354 from vvoland/50353-28.x
Additional commits viewable in compare view

Updates github.com/enterprise-contract/enterprise-contract-controller/api from 0.1.79 to 0.1.122

Release notes

Sourced from github.com/enterprise-contract/enterprise-contract-controller/api's releases.

API Release api/v0.1.122

What's Changed

chore(deps): update github/codeql-action action to v3.29.5 by @renovate[bot] in enterprise-contract/enterprise-contract-controller#548

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.121...api/v0.1.122

API Release api/v0.1.121

What's Changed

chore(deps): update github/codeql-action action to v3.29.4 by @renovate[bot] in enterprise-contract/enterprise-contract-controller#546

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.120...api/v0.1.121

API Release api/v0.1.120

What's Changed

chore(deps): update github/codeql-action action to v3.29.3 by @renovate[bot] in enterprise-contract/enterprise-contract-controller#545

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.119...api/v0.1.120

API Release api/v0.1.119

What's Changed

chore(deps): update registry.access.redhat.com/ubi8/ubi-micro:latest docker digest to c1b052e by @renovate[bot] in enterprise-contract/enterprise-contract-controller#543

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.118...api/v0.1.119

API Release api/v0.1.118

What's Changed

chore(deps): update step-security/harden-runner action to v2.13.0 by @renovate[bot] in enterprise-contract/enterprise-contract-controller#544

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.117...api/v0.1.118

API Release api/v0.1.117

What's Changed

chore: update references to github-workflows repo by @robnester-rh in enterprise-contract/enterprise-contract-controller#542

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.116...api/v0.1.117

API Release api/v0.1.116

What's Changed

chore(deps): update github/codeql-action action to v3.29.2 by @renovate in enterprise-contract/enterprise-contract-controller#541

Full Changelog: enterprise-contract/enterprise-contract-controller@api/v0.1.115...api/v0.1.116

API Release api/v0.1.115

... (truncated)

Commits

06d3e25 chore(deps): update github/codeql-action action to v3.29.5 (#548)
e8aeb57 chore(deps): update github/codeql-action action to v3.29.4 (#546)
254dd32 chore(deps): update github/codeql-action action to v3.29.3 (#545)
3cbefd1 Merge pull request #543 from enterprise-contract/renovate/docker-updates
e9ecb43 chore(deps): update step-security/harden-runner action to v2.13.0 (#544)
6b3b184 chore(deps): update registry.access.redhat.com/ubi8/ubi-micro:latest docker d...
cdbb7f9 Merge pull request #542 from robnester-rh/EC-1118
cec302c chore: update references to github-workflows repo
ef75d55 chore(deps): update github/codeql-action action to v3.29.2 (#541)
c7ff330 chore(deps): update step-security/harden-runner action to v2.12.2 (#540)
Additional commits viewable in compare view

Updates github.com/evanphx/json-patch from 5.9.0+incompatible to 5.9.11+incompatible

Release notes

Sourced from github.com/evanphx/json-patch's releases.

v5.9.11

What's Changed

Export errBadJSONDoc and errBadJSONPatch errors by @skitt in evanphx/json-patch#209

Full Changelog: evanphx/json-patch@v5.9.10...v5.9.11

v5.9.10

What's Changed

Drop the reference to gopkg.in for v5 by @skitt in evanphx/json-patch#203

remove unmaintained errors pkg(github.com/pkg/errors) by @koba1t in evanphx/json-patch#206

New Contributors

@skitt made their first contribution in evanphx/json-patch#203

@koba1t made their first contribution in evanphx/json-patch#206

Full Changelog: evanphx/json-patch@v5.9.0...v5.9.10

Commits

84a4bb1 Merge pull request #209 from skitt/export-errs-v5
7a7a88a Export errBadJSONDoc and errBadJSONPatch errors
bd18525 Upgrade go-flags
42f26cb Fix spacing
0a3482b Merge pull request #206 from koba1t/remove_unmaintained_error_pkg
106306d remove unmaintained errors pkg
e7cfbbb Merge pull request #203 from skitt/drop-gopkgin-v5
61e1ad7 Drop the reference to gopkg.in for v5
See full diff in compare view

Updates github.com/gkampitakis/go-snaps from 0.5.7 to 0.5.14

Release notes

Sourced from github.com/gkampitakis/go-snaps's releases.

v0.5.14

What's Changed

feat: snaps.Clean now returns if snaps dirty and err by @gkampitakis in gkampitakis/go-snaps#131

Full Changelog: gkampitakis/go-snaps@v0.5.13...v0.5.14

v0.5.13

What's Changed

feat: support MatchStandaloneYAML by @gkampitakis in gkampitakis/go-snaps#128

chore: update go-yaml and gh-action deps by @gkampitakis in gkampitakis/go-snaps#129

Full Changelog: gkampitakis/go-snaps@v0.5.12...v0.5.13

v0.5.12

What's Changed

feat: add UPDATE_SNAPS=always for updating and creating snaps on CI setup by @gkampitakis in gkampitakis/go-snaps#126

Full Changelog: gkampitakis/go-snaps@v0.5.11...v0.5.12

v0.5.11

What's Changed

feat: add json format config by @kitimark in gkampitakis/go-snaps#121

New Contributors

@kitimark made their first contribution in gkampitakis/go-snaps#121

Full Changelog: gkampitakis/go-snaps@v0.5.10...v0.5.11

v0.5.10

What's Changed

fix: handle builds with trimpath enabled by @gkampitakis in gkampitakis/go-snaps#120

Full Changelog: gkampitakis/go-snaps@v0.5.9...v0.5.10

v0.5.9

What's Changed

fix: snaps.Update should apply and on snapshot create by @gkampitakis in gkampitakis/go-snaps#119

Full Changelog: gkampitakis/go-snaps@v0.5.8...v0.5.9

Kudos to @orloffv for this issue gkampitakis/go-snaps#116

v0.5.8

... (truncated)

Commits

e303e41 feat: snaps.Clean now returns if snaps dirty and err (#131)
e88f212 chore: update go-yaml and gh-action deps (#129)
2957128 feat: support MatchStandaloneYAML (#128)
66ada09 feat: add UPDATE_SNAPS=always for updating and creating snaps on CI setup (#126)
1bd0d83 chore: add FUNDING details
e004bc1 feat: add json format config (#121)
8740883 fix: handle builds with trimpath enabled (#120)
00f3055 fix: snaps.Update should apply and on snapshot create (#119)
560fde0 feat: implement matchStandaloneJSON (#113)
f81115d feat: implement matchYAML (#114)
See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.13.2 to 5.16.2

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.2

What's Changed

utils: fix diff so subpaths work for sparse checkouts, fixes 1455 to releases/v5.x by @kane8n in go-git/go-git#1567

Full Changelog: go-git/go-git@v5.16.1...v5.16.2

v5.16.1

What's Changed

utils: merkletrie, Fix diff on sparse-checkout index. Fixes #1406 to releases/v5.x by @kane8n in go-git/go-git#1561

New Contributors

@kane8n made their first contribution in go-git/go-git#1561

Full Changelog: go-git/go-git@v5.16.0...v5.16.1

v5.16.0

What's Changed

[v5] plumbing: support mTLS for HTTPS protocol by @hiddeco in go-git/go-git#1510

v5: plumbing: transport, Reintroduce SetHostKeyCallback. Fix #1514 by @pjbgf in go-git/go-git#1515

Full Changelog: go-git/go-git@v5.15.0...v5.16.0

v5.15.0

What's Changed

plumbing: add cert auth support to releases/v5.x by @Javier-varez in go-git/go-git#1482

v5: Bump dependencies by @pjbgf in go-git/go-git#1505

Full Changelog: go-git/go-git@v5.14.0...v5.15.0

v5.14.0

What's Changed

v5: Bump Go and dependencies to mitigate GO-2025-3487 by @pjbgf in go-git/go-git#1436

⚠️ Note that this version requires Go 1.23, due to the bump to golang.org/x/crypto@v0.35.0 which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release.

Full Changelog: go-git/go-git@v5.13.2...v5.14.0

Commits

ed8216c Merge pull request #1567 from kane8n/backport-to-v5-patricsss/fix-1455
4f35eba Merge pull request #1484 from patricsss/patricsss/fix-1455
fd1a836 Merge pull request #1561 from kane8n/backport-to-v5-fix-sparse-checkout-status
c3c8410 Merge pull request #1492 from onee-only/fix-sparse-checkout-status
6d4a5c6 Merge pull request #1515 from pjbgf/regre
beedd6b plumbing: transport, Reintroduce SetHostKeyCallback. Fix #1514
763ce2e Merge pull request #1510 from hiddeco/mtls-support
5320e1b plumbing: surface transport configuration errors
9bbc93b plumbing: fix unintended pointer mutation in test
f3783f4 plumbing: support mTLS for HTTPS protocol
Additional commits viewable in compare view

Updates github.com/go-logr/logr from 1.4.2 to 1.4.3

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.3

Minor release.

What's Changed

Fix slog tests for 1.25 by @hoeppi-google in go-logr/logr#361

Remove one exception from Slog testing by @thockin in go-logr/logr#362

New Contributors

@hoeppi-google made their first contribution in go-logr/logr#361

Full Changelog: go-logr/logr@v1.4.2...v1.4.3

Commits

38a1c47 build(deps): bump github/codeql-action from 3.28.17 to 3.28.18
f08bedd build(deps): bump actions/setup-go from 5.4.0 to 5.5.0
6295e99 build(deps): bump golangci/golangci-lint-action from 7.0.0 to 8.0.0
028840d build(deps): bump github/codeql-action from 3.28.15 to 3.28.17
511e5fa Merge pull request #367 from go-logr/dependabot/github_actions/github/codeql-...
d806463 build(deps): bump github/codeql-action from 3.28.13 to 3.28.15
158c311 Merge pull request #366 from thockin/master
c79ddb3 Update to support golangci-lint v2
20a64ba build(deps): bump github/codeql-action from 3.28.12 to 3.28.13
0385e14 Add comments around slog exceptions
Additional commits viewable in compare view

Updates github.com/google/go-cmp from 0.6.0 to 0.7.0

Release notes

Sourced from github.com/google/go-cmp's releases.

v0.7.0

New API:

(#367) Support compare functions with SortSlices and SortMaps

Panic messaging:

(#370) Detect proto.Message types when failing to export a field

Commits

9b12f36 Detect proto.Message types when failing to export a field (#370)
4dd3d63 fix: type 'aribica' => 'arabica' (#368)
391980c Support compare functions with SortSlices and SortMaps (#367)
See full diff in compare view

Updates github.com/open-policy-agent/conftest from 0.55.0 to 0.62.0

Release notes

Sourced from github.com/open-policy-agent/conftest's releases.

v0.62.0

Changelog

OPA Changes

ebb167d2baab1b09ea133e00213aa0d8b026ad8c: build(deps): bump github.com/open-policy-agent/opa from 1.5.1 to 1.6.0 (#1149) (@dependabot[bot])

Other Changes

4c22f26909a643841925c21a1729830903a62fe3: build(deps): bump alpine from 3.21.3 to 3.22.0 (#1135) (@dependabot[bot])

7cf3311d83d2e394db44378a870664c7203a37ee: build(deps): bump cuelang.org/go from 0.13.0 to 0.13.2 (#1148) (@dependabot[bot])

2d33645066323acef31ba804764acca43d7a23ba: build(deps): bump github.com/moby/buildkit from 0.22.0 to 0.23.2 (#1150) (@dependabot[bot])

89ef4d529994a57f21894f473962db7a3ab93470: build(deps): bump golang from 1.24.3-alpine to 1.24.4-alpine (#1140) (@dependabot[bot])

c7f6f8f392a4445e17a8aef5b8677a39fe54f398: chore: Replace OPA v0 with v1 import paths (#1142) (@jalseth)

91d8de723fa6c47e735e3299feb1b63a636b02aa: chore: Use uppercase for all Dockerfile build keywords (#1143) (@jalseth)

060ea76f042d3784ce43b4d4d7f11dd0ad6af641: ci: Run docker builds in parallel during release (#1139) (@jalseth)

v0.61.2

Changelog

Other Changes

e156f0d72eb9b7d31027715613e38fc16d106354: Switch back to original conftest test --update behavior (#1138) (@iamleot)

v0.61.1

Changelog

OPA Changes

8e47770262f4de9dfafc25b10982bef6a63243b2: build(deps): bump github.com/open-policy-agent/opa from 1.5.0 to 1.5.1 (#1137) (@dependabot[bot])

v0.61.0

Changelog

Bug Fixes

ed0ff0a76feacc1707b0c3b23e533a464c988cd0: fix(test): clean updated policies after test run (#1109) (@kirecek)

f82f55687b0d6386d0c6622897d584930a67d305: fix: Use v1 as rego version for fmt, too (#1128) (@msw-kialo)

OPA Changes

bcba55e516102dfa12d619568bc554b86db7739f: build(deps): bump github.com/open-policy-agent/opa from 1.4.2 to 1.5.0 (#1134) (@dependabot[bot])

Other Changes

a826a0b29a4639716dd0cec608fd4e54c15f9d02: build(deps): bump cuelang.org/go from 0.12.1 to 0.13.0 (#1131) (@dependabot[bot])

d44b4807e11b0be396ba7a5440b692319f254096: build(deps): bump github.com/moby/buildkit from 0.21.1 to 0.22.0 (#1129) (@dependabot[bot])

f09428f5a68982af7bbb292d5dbfea4b6d270bba: build(deps): bump golang from 1.24.2-alpine to 1.24.3-alpine (#1124) (@dependabot[bot])

1e43dc0dd0c39a6c8204df07cfacc48e9dd3caa9: deps: update jsonc import path (#1133) (@st3penta)

v0.60.0

Announcements

⚠️ Breaking Changes ⚠️

We have set the default version of Rego syntax to v1. This is a breaking change if your Rego policies are not compatible with the v1 syntax.

Individual policies can be updated gradually, by adding import rego.v1 to the policy.

The rego-version flag will remain available indefinitely, and users who do not wish to update their Rego policies can continue to use v0 syntax by setting this flag to v0.

For more information about upgrading to Rego v1 syntax, see the upstream docs at https://www.openpolicyagent.org/docs/latest/v0-upgrade/.

Changelog

New Features

... (truncated)

Commits

ebb167d build(deps): bump github.com/open-policy-agent/opa from 1.5.1 to 1.6.0 (#1149)
89ef4d5 build(deps): bump golang from 1.24.3-alpine to 1.24.4-alpine (#1140)
2d33645 build(deps): bump github.com/moby/buildkit from 0.22.0 to 0.23.2 (#1150)
7cf3311 build(deps): bump cuelang.org/go from 0.13.0 to 0.13.2 (#1148)
91d8de7 chore: Use uppercase for all Dockerfile build keywords (#1143)
c7f6f8f chore: Replace OPA v0 with v1 import paths (#1142)
060ea76 ci: Run docker builds in parallel during release (#1139)
4c22f26 build(deps): bump alpine from 3.21.3 to 3.22.0 (#1135)
e156f0d Switch back to original conftest test --update behavior (#1138)
8e47770 build(deps): bump github.com/open-policy-agent/opa from 1.5.0 to 1.5.1 (#1137)
Additional commits viewable in compare view

Updates github.com/open-policy-agent/opa from 0.70.0 to 1.6.0

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.6.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

Improvements to the OPA website and documentation

Allowing keywords in Rego references

Parallel test execution

Faster built-in function execution

Modernized OPA Website (#7037)

We're continuing to modernize the OPA website with a new design and improved user experience.

Some highlights:

Builtins: You can now search them on the docs page!

Sidebar redesign: Making it easier to find what you're looking for in our docs

Feedback forms: Closing the feedback loop between docs authors and readers -- Please let us know if you dislike, or like, a docs page.

Downloads page: Find your OS' installation instructions on a less cluttered page!

And much more

Authored by @sky3n3t and @charlieegan3

Allowing keywords in Rego references (#7709)

Previously, Rego references could not contain terms that conflict with Rego keywords such as package, if, else, not, etc. in certain constructs:
package example
allow if {
input.package.source         # not allowed (before v1.6.0)
input["package"].destination # allowed
}
The constraints for valid Rego references have been relaxed to allow keywords. The above example is now valid and will no longer cause a compilation error.

Authored by @johanfylling

Parallel Test Execution (#7442)

By default, OPA will now run tests in parallel (defaulting to one parallel execution thread per available CPU core), significantly speeding up test execution time for large test suites. The performance boost is closely tied to the number of tests in your project and your selected parallelism level. For larger projects and default settings, 2-3x performance gains have been measured on a MacBook Pro.

Parallelism can be disabled to run tests sequentially by setting the --parallel flag to 1. E.g. opa test . --parallel=1.

Authored by @sspaink reported by @anderseknert

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.6.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

Improvements to the OPA website and documentation

Allowing keywords in Rego references

Parallel test execution

Faster built-in function execution

Modernized OPA Website (#7037)

We're continuing to modernize the OPA website with a new design and improved user experience.

Some highlights:

Builtins: You can now search them on the docs page!

Sidebar redesign: Making it easier to find what you're looking for in our docs

Feedback forms: Closing the feedback loop between docs authors and readers -- Please let us know if you dislike, or like, a docs page.

Downloads page: Find your OS' installation instructions on a less cluttered page!

And much more

Authored by @sky3n3t and @charlieegan3

Allowing keywords in Rego references (#7709)

Previously, Rego references could not contain terms that conflict with Rego keywords such as package, if, else, not, etc. in certain constructs:
package example
allow if {
input.package.source         # not allowed (before v1.6.0)
input["package"].destination # allowed
}
The constraints for valid Rego references have been relaxed to allow keywords. The above example is now valid and will no longer cause a compilation error.

Authored by @johanfylling

Parallel Test Execution (#7442)

By default, OPA will now run tests in parallel (defaulting to one parallel execution thread per available CPU core), significantly speeding up test execution time for large test suites. The performance boost is closely tied to the number of tests in your project and your selected parallelism level. For larger projects and default settings, 2-3x performance gains have been measured on a MacBook Pro.

Parallelism can be disabled to run tests sequentially by setting the --parallel flag to 1. E.g. opa test . --parallel=1.

Authored by @sspaink reported by @anderseknert

... (truncated)

Commits

710b5a6 Prepare v1.6.0 release (#7732)
d3e83fb website: add titles back to the sidebar
fc51c9c docs: Revise sidebar order and layout
13b9e52 ast: Ensure surplus leading zeros always error (#7726)
9750787 perf: Only pass built-in context to calls depending on it (#7728)
2b4722e docs: Redirect old admission control link (#7730)
3a560fa docs: Update sidebar (#7723)
d917e3a plugin/decision: check if event is too large after compression (#7521)
817b663 ast,format: Allowing keywords in Rego references (#7709)
1679d79 docs: Move code example data inside the PlaygroundComponent (#772...
Description has been truncated

Bumps the all group with 30 updates: | Package | From | To | | --- | --- | --- | | cuelang.org/go | `0.11.1` | `0.14.0` | | [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) | `0.9.0` | `0.9.2` | | [github.com/docker/docker](https://github.com/docker/docker) | `27.5.0+incompatible` | `28.3.3+incompatible` | | [github.com/enterprise-contract/enterprise-contract-controller/api](https://github.com/enterprise-contract/enterprise-contract-controller) | `0.1.79` | `0.1.122` | | [github.com/evanphx/json-patch](https://github.com/evanphx/json-patch) | `5.9.0+incompatible` | `5.9.11+incompatible` | | [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps) | `0.5.7` | `0.5.14` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.13.2` | `5.16.2` | | [github.com/go-logr/logr](https://github.com/go-logr/logr) | `1.4.2` | `1.4.3` | | [github.com/google/go-cmp](https://github.com/google/go-cmp) | `0.6.0` | `0.7.0` | | [github.com/open-policy-agent/conftest](https://github.com/open-policy-agent/conftest) | `0.55.0` | `0.62.0` | | [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `0.70.0` | `1.6.0` | | [github.com/secure-systems-lab/go-securesystemslib](https://github.com/secure-systems-lab/go-securesystemslib) | `0.9.0` | `0.9.1` | | [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) | `2.4.1` | `2.5.3` | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.9` | `1.9.5` | | [github.com/spf13/afero](https://github.com/spf13/afero) | `1.11.0` | `1.12.0` | | [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.8.1` | `1.9.1` | | [github.com/spf13/pflag](https://github.com/spf13/pflag) | `1.0.5` | `1.0.7` | | [github.com/spf13/viper](https://github.com/spf13/viper) | `1.19.0` | `1.20.1` | | [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) | `0.63.0` | `1.3.0` | | [github.com/testcontainers/testcontainers-go](https://github.com/testcontainers/testcontainers-go) | `0.34.1-0.20241204123437-72be13940122` | `0.38.0` | | [github.com/testcontainers/testcontainers-go/modules/registry](https://github.com/testcontainers/testcontainers-go) | `0.34.0` | `0.38.0` | | [golang.org/x/exp](https://github.com/golang/exp) | `0.0.0-20240909161429-701f63a606c0` | `0.0.0-20250408133849-7e4ce0ab07d0` | | [golang.org/x/net](https://github.com/golang/net) | `0.34.0` | `0.42.0` | | [golang.org/x/sync](https://github.com/golang/sync) | `0.10.0` | `0.16.0` | | [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.31.0` | `0.32.6` | | [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.31.0` | `0.33.2` | | [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.31.0` | `0.33.2` | | [k8s.io/kube-openapi](https://github.com/kubernetes/kube-openapi) | `0.0.0-20240903163716-9e1beecbcb38` | `0.0.0-20250318190949-c8a335a9a2ff` | | [oras.land/oras-go/v2](https://github.com/oras-project/oras-go) | `2.5.0` | `2.6.0` | | [sigs.k8s.io/yaml](https://github.com/kubernetes-sigs/yaml) | `1.4.0` | `1.6.0` | Updates `cuelang.org/go` from 0.11.1 to 0.14.0 Updates `github.com/CycloneDX/cyclonedx-go` from 0.9.0 to 0.9.2 - [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases) - [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml) - [Commits](CycloneDX/cyclonedx-go@v0.9.0...v0.9.2) Updates `github.com/docker/docker` from 27.5.0+incompatible to 28.3.3+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v27.5.0...v28.3.3) Updates `github.com/enterprise-contract/enterprise-contract-controller/api` from 0.1.79 to 0.1.122 - [Release notes](https://github.com/enterprise-contract/enterprise-contract-controller/releases) - [Commits](enterprise-contract/enterprise-contract-controller@api/v0.1.79...api/v0.1.122) Updates `github.com/evanphx/json-patch` from 5.9.0+incompatible to 5.9.11+incompatible - [Release notes](https://github.com/evanphx/json-patch/releases) - [Commits](evanphx/json-patch@v5.9.0...v5.9.11) Updates `github.com/gkampitakis/go-snaps` from 0.5.7 to 0.5.14 - [Release notes](https://github.com/gkampitakis/go-snaps/releases) - [Commits](gkampitakis/go-snaps@v0.5.7...v0.5.14) Updates `github.com/go-git/go-git/v5` from 5.13.2 to 5.16.2 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.13.2...v5.16.2) Updates `github.com/go-logr/logr` from 1.4.2 to 1.4.3 - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](go-logr/logr@v1.4.2...v1.4.3) Updates `github.com/google/go-cmp` from 0.6.0 to 0.7.0 - [Release notes](https://github.com/google/go-cmp/releases) - [Commits](google/go-cmp@v0.6.0...v0.7.0) Updates `github.com/open-policy-agent/conftest` from 0.55.0 to 0.62.0 - [Release notes](https://github.com/open-policy-agent/conftest/releases) - [Changelog](https://github.com/open-policy-agent/conftest/blob/master/.goreleaser.yml) - [Commits](open-policy-agent/conftest@v0.55.0...v0.62.0) Updates `github.com/open-policy-agent/opa` from 0.70.0 to 1.6.0 - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v0.70.0...v1.6.0) Updates `github.com/secure-systems-lab/go-securesystemslib` from 0.9.0 to 0.9.1 - [Release notes](https://github.com/secure-systems-lab/go-securesystemslib/releases) - [Commits](secure-systems-lab/go-securesystemslib@v0.9.0...v0.9.1) Updates `github.com/sigstore/cosign/v2` from 2.4.1 to 2.5.3 - [Release notes](https://github.com/sigstore/cosign/releases) - [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md) - [Commits](sigstore/cosign@v2.4.1...v2.5.3) Updates `github.com/sigstore/sigstore` from 1.8.9 to 1.9.5 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.9...v1.9.5) Updates `github.com/spf13/afero` from 1.11.0 to 1.12.0 - [Release notes](https://github.com/spf13/afero/releases) - [Commits](spf13/afero@v1.11.0...v1.12.0) Updates `github.com/spf13/cobra` from 1.8.1 to 1.9.1 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.8.1...v1.9.1) Updates `github.com/spf13/pflag` from 1.0.5 to 1.0.7 - [Release notes](https://github.com/spf13/pflag/releases) - [Commits](spf13/pflag@v1.0.5...v1.0.7) Updates `github.com/spf13/viper` from 1.19.0 to 1.20.1 - [Release notes](https://github.com/spf13/viper/releases) - [Commits](spf13/viper@v1.19.0...v1.20.1) Updates `github.com/tektoncd/pipeline` from 0.63.0 to 1.3.0 - [Release notes](https://github.com/tektoncd/pipeline/releases) - [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md) - [Commits](tektoncd/pipeline@v0.63.0...v1.3.0) Updates `github.com/testcontainers/testcontainers-go` from 0.34.1-0.20241204123437-72be13940122 to 0.38.0 - [Release notes](https://github.com/testcontainers/testcontainers-go/releases) - [Commits](https://github.com/testcontainers/testcontainers-go/commits/v0.38.0) Updates `github.com/testcontainers/testcontainers-go/modules/registry` from 0.34.0 to 0.38.0 - [Release notes](https://github.com/testcontainers/testcontainers-go/releases) - [Commits](testcontainers/testcontainers-go@v0.34.0...v0.38.0) Updates `golang.org/x/exp` from 0.0.0-20240909161429-701f63a606c0 to 0.0.0-20250408133849-7e4ce0ab07d0 - [Commits](https://github.com/golang/exp/commits) Updates `golang.org/x/net` from 0.34.0 to 0.42.0 - [Commits](golang/net@v0.34.0...v0.42.0) Updates `golang.org/x/sync` from 0.10.0 to 0.16.0 - [Commits](golang/sync@v0.10.0...v0.16.0) Updates `k8s.io/apiextensions-apiserver` from 0.31.0 to 0.32.6 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](kubernetes/apiextensions-apiserver@v0.31.0...v0.32.6) Updates `k8s.io/apimachinery` from 0.31.0 to 0.33.2 - [Commits](kubernetes/apimachinery@v0.31.0...v0.33.2) Updates `k8s.io/client-go` from 0.31.0 to 0.33.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.31.0...v0.33.2) Updates `k8s.io/kube-openapi` from 0.0.0-20240903163716-9e1beecbcb38 to 0.0.0-20250318190949-c8a335a9a2ff - [Commits](https://github.com/kubernetes/kube-openapi/commits) Updates `oras.land/oras-go/v2` from 2.5.0 to 2.6.0 - [Release notes](https://github.com/oras-project/oras-go/releases) - [Commits](oras-project/oras-go@v2.5.0...v2.6.0) Updates `sigs.k8s.io/yaml` from 1.4.0 to 1.6.0 - [Release notes](https://github.com/kubernetes-sigs/yaml/releases) - [Changelog](https://github.com/kubernetes-sigs/yaml/blob/master/RELEASE.md) - [Commits](kubernetes-sigs/yaml@v1.4.0...v1.6.0) --- updated-dependencies: - dependency-name: cuelang.org/go dependency-version: 0.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/CycloneDX/cyclonedx-go dependency-version: 0.9.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/docker/docker dependency-version: 28.3.3+incompatible dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: github.com/enterprise-contract/enterprise-contract-controller/api dependency-version: 0.1.122 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/evanphx/json-patch dependency-version: 5.9.11+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/gkampitakis/go-snaps dependency-version: 0.5.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.16.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/go-logr/logr dependency-version: 1.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/google/go-cmp dependency-version: 0.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/open-policy-agent/conftest dependency-version: 0.62.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/open-policy-agent/opa dependency-version: 1.6.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: github.com/secure-systems-lab/go-securesystemslib dependency-version: 0.9.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/cosign/v2 dependency-version: 2.5.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/sigstore/sigstore dependency-version: 1.9.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/spf13/afero dependency-version: 1.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/spf13/cobra dependency-version: 1.9.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/spf13/pflag dependency-version: 1.0.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/spf13/viper dependency-version: 1.20.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/tektoncd/pipeline dependency-version: 1.3.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: github.com/testcontainers/testcontainers-go dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/testcontainers/testcontainers-go/modules/registry dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/exp dependency-version: 0.0.0-20250408133849-7e4ce0ab07d0 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: golang.org/x/net dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/sync dependency-version: 0.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: k8s.io/apiextensions-apiserver dependency-version: 0.32.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: k8s.io/apimachinery dependency-version: 0.33.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: k8s.io/client-go dependency-version: 0.33.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: k8s.io/kube-openapi dependency-version: 0.0.0-20250318190949-c8a335a9a2ff dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: oras.land/oras-go/v2 dependency-version: 2.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: sigs.k8s.io/yaml dependency-version: 1.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 4, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump the all group with 30 updates #224

build(deps): bump the all group with 30 updates #224

Uh oh!

dependabot bot commented on behalf of github Aug 4, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

build(deps): bump the all group with 30 updates #224

Are you sure you want to change the base?

build(deps): bump the all group with 30 updates #224

Uh oh!

Conversation

dependabot bot commented on behalf of github Aug 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.9.2

Changelog

Features

Fixes

Building and Packaging

Others

v0.9.1

Changelog

Fixes

Building and Packaging

v28.3.3

28.3.3

Security

Packaging updates

Go SDK

28.3.2

Bug fixes and enhancements

Packaging updates

28.3.1

API Release api/v0.1.122

What's Changed

API Release api/v0.1.121

What's Changed

API Release api/v0.1.120

What's Changed

API Release api/v0.1.119

What's Changed

API Release api/v0.1.118

What's Changed

API Release api/v0.1.117

What's Changed

API Release api/v0.1.116

What's Changed

API Release api/v0.1.115

v5.9.11

What's Changed

v5.9.10

What's Changed

New Contributors

v0.5.14

What's Changed

v0.5.13

What's Changed

v0.5.12

What's Changed

v0.5.11

What's Changed

New Contributors

v0.5.10

What's Changed

v0.5.9

What's Changed

Full Changelog: gkampitakis/go-snaps@v0.5.8...v0.5.9

v0.5.8

v5.16.2

What's Changed

v5.16.1

What's Changed

New Contributors

v5.16.0

What's Changed

v5.15.0

What's Changed

v5.14.0

What's Changed

v1.4.3

What's Changed

New Contributors

v0.7.0

v0.62.0

Changelog

OPA Changes

Other Changes

dependabot bot commented on behalf of github Aug 4, 2025 •

edited

Loading

Full Changelog: gkampitakis/go-snaps@`v0.5.8...v0.5.9`