chore(deps): update dependency open-policy-agent/opa to v1.5.1 (opa/dockerfile) (master) #1063
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7617b68 to
07fe1bf
Compare
ce451ca to
e84f457
Compare
e84f457 to
6b2b046
Compare
b9fee03 to
6441c89
Compare
4ebc916 to
e927c47
Compare
<
789E
div data-view-component="true" class="TimelineItem-badge">
e927c47 to
77e81e3
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.3.0->1.5.1Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
open-policy-agent/opa (open-policy-agent/opa)
v1.5.1Compare Source
This is a bug fix release addressing a regression to the walk built-in function, introduced in v1.5.0. See #7656 (authored by @anderseknert reported by @robmyersrobmyers)
v1.5.0Compare Source
This release contains a mix of new features, performance improvements, and bugfixes. Among others:
object.get,walkand builtin-function evaluationModernized OPA Website (#7037)
The OPA website has been modernized with a new design and improved user experience.
The new site is based on Docusaurus and React which makes it easier to build live functionality and add non-documentation resources. This lays the groundwork for even more improvements in the future!
Documentation for older OPA versions are still available in the version archive.
Authored by @charlieegan3
Runtime, Tooling, SDK
SomeDeclLocationfield when compiler resolves refs (#7543) authored by @johanfyllingcommitandtimestamp(#7471) reported by @kastl-ars authored by @sspainkPlanner, Topdown and Rego
object.getbuilt-in function (#7593) authored by @anderseknertwalkbuilt-in function (#7612) authored by @anderseknertDocs, Website, Ecosystem
Miscellaneous
Ref.String()shortcut on single var term ref (#7595) authored by @anderseknertopaTest(#7560) authored by @sspainkanyin place ofinterface{}(#7566) authored by @anderseknertv1.4.2Compare Source
This is a bug fix release addressing the missing
capabilities/v1.4.1.jsonin the v1.4.1 release.v1.4.1Compare Source
This release is broken due to a mistake during the release process and the artifacts are missing a crucial capabilities file.
Sorry for any inconvenience.
This is a security fix release for the fixes published in Go 1.24.1 and 1.24.2
Addressing
CVE-2025-22870andCVE-2025-22871vulnerabilities in the Go runtime.v1.4.0Compare Source
This release contains a security fix addressing CVE-2025-46569.
It also includes a mix of new features, bugfixes, and dependency updates.
Security Fix: CVE-2025-46569 - OPA server Data API HTTP path injection of Rego (GHSA-6m8w-jc87-6cr7)
A vulnerability in the OPA server's Data API allows an attacker to craft the HTTP path in a way that injects Rego code into the query that is evaluated.
The evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results.
Furthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack.
Users are only impacted if all of the following apply:
or, if all of the following apply:
Note: With no Authorization Policy configured for restricting API access (the default configuration), the RESTful Data API provides access for managing Rego policies; and the RESTful Query API facilitates advanced queries.
Full access to these APIs provides both simpler, and broader access than what the security issue describes here can facilitate.
As such, OPA servers exposed to a network are not considered affected by the attack described here if they are knowingly not restricting access through an Authorization Policy.
This issue affects all versions of OPA prior to 1.4.0.
See the Security Advisory for more details.
Reported by @GamrayW, @HyouKash, @AdrienIT, authored by @johanfylling
Runtime, Tooling, SDK
rego_v1feature to--v0-compatiblecapabilities (#7474) authored by @johanfyllingTopdown and Rego
internal/gqlparser/astto Position fields (#7509) authored by @robmyersrobmyersPartialRun()(#7490) authored by @srenatusDocs, Website, Ecosystem
/docs/edge/path (#7529) authored by @charlieegan3Miscellaneous
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Renovate Bot.