Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency open-policy-agent/opa to v0.62.1 #248

Merged
merged 1 commit into from
Mar 11, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 4, 2024

Mend Renovate

This PR contains the following updates:

Package Update Change
open-policy-agent/opa minor v0.61.0 -> v0.62.1

Release Notes

open-policy-agent/opa (open-policy-agent/opa)

v0.62.1

Compare Source

This is a security fix release for the fixes published in Go 1.22.1.

OPA servers using --authentication=tls would be affected: crafted malicious client certificates could cause a panic in the server.

Also, crafted server certificates could panic OPA's HTTP clients, in bundle plugin, status and decision logs; and http.send calls that verify TLS.

This is CVE-2024-24783 (https://pkg.go.dev/vuln/GO-2024-2598).

Note that there are other security fixes in this Golang release, but whether or not OPA is affected is harder to assess. An update is advised.

Miscellaneous

v0.62.0

Compare Source

NOTES:

  • The minimum version of Go required to build the OPA module is 1.20

This release contains a mix of improvements and bugfixes.

Runtime, Tooling, SDK
  • cmd: Add environment variable backups for command-line flags (#​6508) authored by @​colinjlacy
  • download/oci: Add missing WithBundleParserOpts method to OCI downloader (#​6571) authored by @​slonka
  • logging: avoid %!F(MISSING) in logs by skipping calls to the {Debug,Info,Warn,Error}f functions when there are no arguments (#​6555) authored by @​srenatus
Topdown and Rego
Docs + Website + Ecosystem
Miscellaneous
  • Add Elastic to ADOPTERS.md (#​6568) authored by @​orouz
  • Dependency updates; notably:
    • bump golang 1.21.5 -> 1.22 (#​6595) authored by @​srenatus
    • bump google.golang.org/grpc from 1.61.0 to 1.62.0
    • bump golang.org/x/net from 0.19.0 to 0.21.0
    • bump github.com/containerd/containerd from 1.7.12 to 1.7.13
    • bump aquasecurity/trivy-action from 0.16.1 to 0.17.0
    • bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0
    • bump github.com/opencontainers/image-spec from 1.1.0-rc5 to 1.1.0-rc6

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot requested a review from a team as a code owner March 4, 2024 03:57
@renovate renovate bot changed the title Update dependency open-policy-agent/opa to v0.62.0 Update dependency open-policy-agent/opa to v0.62.1 Mar 6, 2024
@renovate renovate bot force-pushed the renovate/open-policy-agent-opa-0.x branch from 38659bd to b3af28a Compare March 6, 2024 11:41
@garethahealy garethahealy merged commit 7dc8916 into main Mar 11, 2024
14 checks passed
@renovate renovate bot deleted the renovate/open-policy-agent-opa-0.x branch March 11, 2024 09:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant