Skip to content

chore(deps): bump github.com/open-policy-agent/opa from 1.17.1 to 1.18.2#1995

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/open-policy-agent/opa-1.18.2
Open

chore(deps): bump github.com/open-policy-agent/opa from 1.17.1 to 1.18.2#1995
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/open-policy-agent/opa-1.18.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/open-policy-agent/opa from 1.17.1 to 1.18.2.

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.18.2

This release includes a bug fix for a opa fmt regression introduced in v1.18.0.

The original fix for #8557 had the formatter enforce newlines in single-item collections (arrays, objects, sets) rather than merely honoring existing ones. As a result, running opa fmt on already-formatted policies could introduce a large number of unwanted changes. This patch release restores the intended behavior: only newlines already present in the source determine whether a single-item collection is formatted on one line or across multiple lines.

Fixes

v1.18.1

This release fixes a memory leak introduced in OPA v1.17.0. It is advised to update if you notice excess memory usage when running OPA server.

Fixes

v1.18.0

This release contains a mix of bugfixes and small features. Notably:

  • A breaking fix to the outbound User-Agent header so it conforms to RFC 9110 (see below)
  • Container-aware resource limits: automatic GOMAXPROCS is restored and automatic GOMEMLIMIT is now supported
  • Several opa fmt correctness fixes
  • Improvements to opa test --coverage (ranges in report, inline rule head tracking, conjunction-expression coverage)

Breaking: Fix User-Agent according to RFC9110 (#8792)

OPA's outbound HTTP requests (bundle, discovery, decision log, status, http.send, AWS KMS/ECR) previously sent User-Agent: Open Policy Agent/<version> (<os>, <arch>), which is not a valid RFC 9110 User-Agent value because the product token cannot contain spaces. The header is now Open-Policy-Agent/<version> (<os>, <arch>). Server-side log filters or WAF rules that exact-match the old string will need to be updated.

Authored by @​sspaink, reported by @​SpecLad

Runtime, SDK, Tooling

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.18.2

This release includes a bug fix for a opa fmt regression introduced in v1.18.0.

The original fix for #8557 had the formatter enforce newlines in single-item collections (arrays, objects, sets) rather than merely honoring existing ones. As a result, running opa fmt on already-formatted policies could introduce a large number of unwanted changes. This patch release restores the intended behavior: only newlines already present in the source determine whether a single-item collection is formatted on one line or across multiple lines.

Fixes

1.18.1

This release fixes a memory leak introduced in OPA v1.17.0. It is advised to update if you notice excess memory usage when running OPA server.

Fixes

1.18.0

This release contains a mix of bugfixes and small features. Notably:

  • A breaking fix to the outbound User-Agent header so it conforms to RFC 9110 (see below)
  • Container-aware resource limits: automatic GOMAXPROCS is restored and automatic GOMEMLIMIT is now supported
  • Several opa fmt correctness fixes
  • Improvements to opa test --coverage (ranges in report, inline rule head tracking, conjunction-expression coverage)

Breaking: Fix User-Agent according to RFC9110 (#8792)

OPA's outbound HTTP requests (bundle, discovery, decision log, status, http.send, AWS KMS/ECR) previously sent User-Agent: Open Policy Agent/<version> (<os>, <arch>), which is not a valid RFC 9110 User-Agent value because the product token cannot contain spaces. The header is now Open-Policy-Agent/<version> (<os>, <arch>). Server-side log filters or WAF rules that exact-match the old string will need to be updated.

Authored by @​sspaink, reported by @​SpecLad

Runtime, SDK, Tooling

... (truncated)

Commits
  • e695c9e Patch release v1.18.2
  • d473969 Fix regression in fix of #8557 (#8845)
  • acc8bf9 Release v1.18.1
  • 713dc6a ast: fix AnnotationSet memory leak via runtime.AddCleanup cycle
  • cc2c5c6 Prepare v1.18 release (#8820)
  • e72a98f format: keep lone with on the closing-bracket line of multi-line expression...
  • 03646dd topdown: Fix PE not namespacing vars in comprehensions nested inside every ...
  • bf2bb52 benchmarks: split off script, emit markdown table
  • 02ce276 version: fix ill-formed User-Agent header (#8796)
  • 1fdbb77 build(deps): bump the dependencies group across 2 directories with 6 updates
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 6, 2026
@elsapet

elsapet commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.17.1 to 1.18.2.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](open-policy-agent/opa@v1.17.1...v1.18.2)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.18.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/open-policy-agent/opa-1.18.2 branch from 29f782d to 63ff0a2 Compare July 6, 2026 08:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant