Skip to content

build(deps): Bump github.com/open-policy-agent/opa from 1.4.2 to 1.17.1 in /authbridge/authlib#489

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/authbridge/authlib/github.com/open-policy-agent/opa-1.17.1
Closed

build(deps): Bump github.com/open-policy-agent/opa from 1.4.2 to 1.17.1 in /authbridge/authlib#489
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/authbridge/authlib/github.com/open-policy-agent/opa-1.17.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/open-policy-agent/opa from 1.4.2 to 1.17.1.

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.17.1

This release uses the latest version of Go (1.26.4) to build OPA, fixing stdlib vulnerabilities in code that OPA's HTTP handler and crypto builtins use:

It is otherwise the same code as v1.17.0.

Note that users building their own OPA binaries and images already control the Golang version, so this is not relevant for them.

Miscellaneous

  • build: bump go 1.26.3 -> 1.26.4 (authored by @​srenatus)

v1.17.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

  • A new future.keywords.not import that adds improved semantics to the not keyword.
  • Rule Labels in Decision Logs
  • Published json schema for IR and bundle manifest
  • Dropped automaxprocs and x/net dependencies

Improved Negation Semantics (#8387)

This OPA release introduces a new future.keywords.not import that fixes a long-standing semantic issue with negation in Rego.

Without the import, the compiler expands a negated composite expression like not f(g(input.x)) into a series of sub-expressions evaluated before the not:

__local0__ = input.x
g(__local0__, __local1__)
not f(__local1__)

If any sub-expression fails — for example, input.x is undefined or g produces an undefined result — the entire rule fails rather than the not succeeding. This is unintuitive: the user's intent is "the condition does not hold," but an undefined intermediate value causes a silent failure instead of the expected not result.

With import future.keywords.not, composite-expression negation wraps the full compiler expansion in an implicit body:

not { __local0__ = input.x; g(__local0__, __local1__); f(__local1__) }

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.17.1

This release uses the latest version of Go (1.26.4) to build OPA, fixing stdlib vulnerabilities in code that OPA's HTTP handler and crypto builtins use:

It is otherwise the same code as v1.17.0.

Note that users building their own OPA binaries and images already control the Golang version, so this is not relevant for them.

Miscellaneous

  • build: bump go 1.26.3 -> 1.26.4 (authored by @​srenatus)

1.17.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

  • A new future.keywords.not import that adds improved semantics to the not keyword.
  • Rule Labels in Decision Logs
  • Published json schema for IR and bundle manifest
  • Dropped automaxprocs and x/net dependencies

Improved Negation Semantics (#8387)

This OPA release introduces a new future.keywords.not import that fixes a long-standing semantic issue with negation in Rego.

Without the import, the compiler expands a negated composite expression like not f(g(input.x)) into a series of sub-expressions evaluated before the not:

__local0__ = input.x
g(__local0__, __local1__)
not f(__local1__)

If any sub-expression fails — for example, input.x is undefined or g produces an undefined result — the entire rule fails rather than the not succeeding. This is unintuitive: the user's intent is "the condition does not hold," but an undefined intermediate value causes a silent failure instead of the expected not result.

With import future.keywords.not, composite-expression negation wraps the full compiler expansion in an implicit body:

... (truncated)

Commits
  • 187c696 Release v1.17.1
  • a0c116e build: bump go 1.26.3 -> 1.26.4
  • 64a3625 Release v1.17.0 (#8710)
  • 68c9de5 benchmarks: tweak per-PR benchmark regression check based on pr-check
  • 7fe3066 server: remove dead code (s.partials) (#8708)
  • 37830be ast,storage/inmem: Add inmem.NewFromASTObject and add missing string case t...
  • 1661f22 ast: add some schema $ref tests
  • 3e22f56 benchmarks: only run for go changes
  • 13aaeab benchmarks: move env vars, remove zizmor-ignore comment
  • 93e1708 benchmarks: fix PR message, skip tests
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 8, 2026
@coderabbitai

coderabbitai Bot commented Jun 8, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR updates authbridge/authlib/go.mod to target Go 1.25.0 and refreshes the module dependency graph. Direct dependencies including OPA, gRPC, protobuf, and YAML parsing are bumped, and the indirect dependency block is extensively updated across ecosystem libraries (Prometheus, OpenTelemetry, protobuf, golang.org/x packages). Notable changes include a wasmtime-go major version transition and removal of an OpenTelemetry HTTP instrumentation module.

Changes

Go Module Dependency Refresh

Layer / File(s) Summary
Go module and dependency version updates
authbridge/authlib/go.mod
Go toolchain updated to 1.25.0; direct dependencies (OPA, golang.org/x/sys, google.golang.org/genproto, gRPC, yaml.v3) refreshed; large indirect dependency block updated across JSON handling, Prometheus client stack, OpenTelemetry SDK, multiple golang.org/x/* packages, container/XDS/protobuf ecosystem; wasmtime-go/v3 replaced with v44; otelhttp instrumentation removed.

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly Related PRs

  • kagenti/kagenti-extensions#427: Both PRs modify authbridge/authlib/go.mod's dependency declarations—this PR refreshes versions of the OPA module and related transitive dependencies initially added in that PR.
  • kagenti/kagenti-extensions#465: Both PRs update authbridge/authlib/go.mod to target Go 1.25.0 and refresh overlapping dependency versions including gRPC and genproto.

Suggested Reviewers

  • huang195

🐰 A version bump, oh what a sight,
Dependencies dancing in morning light,
From 1.24 to twenty-five we go,
New wasmtime versions steal the show,
While otelhttp takes its graceful bow. ✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the primary change: bumping the OPA dependency from v1.4.2 to v1.17.1, which is the main focus of this dependency update PR.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/go_modules/authbridge/authlib/github.com/open-policy-agent/opa-1.17.1

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.4.2 to 1.17.1.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](open-policy-agent/opa@v1.4.2...v1.17.1)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.17.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/go_modules/authbridge/authlib/github.com/open-policy-agent/opa-1.17.1 branch from 2825f16 to 4dc630c Compare June 18, 2026 15:49
@dependabot
dependabot Bot requested a review from a team as a code owner June 18, 2026 15:49
@clawgenti

Copy link
Copy Markdown

Dependency Update Analysis

Package: github.com/open-policy-agent/opa (1.4.2 -> 1.17.1)
Ecosystem: pip | Age: 16 days (SLA: 14 days)
CI Status: unknown

Changelog Summary

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.17.1

This release uses the latest version of Go (1.26.4) to build OPA, fixing stdlib vulnerabilities in code that OPA's HTTP handler and crypto builtins use:

It is otherwise the same code as v1.17.0.

Note that users building their own OPA binaries and images already control the Golang version, so this is not relevant for them.

Miscellaneous

  • build: bump go 1.26.3 -> 1.26.4 (authored by @​srenatus)

v1.17.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

  • A new future.keywords.not import that adds improved semantics to the not keyword.
  • Rule Labels in Decision Logs
  • Published json schema for IR and bundle manifest
  • Dropped automaxprocs and x/net dependencies

Improved Negation Semantics (#8387)

This OPA release introduces a new

@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #628.

@dependabot dependabot Bot closed this Jun 29, 2026
@dependabot
dependabot Bot deleted the dependabot/go_modules/authbridge/authlib/github.com/open-policy-agent/opa-1.17.1 branch June 29, 2026 23:15
@github-project-automation github-project-automation Bot moved this from New/ToDo to Done in Kagenti Issue Prioritization Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

2 participants