Update go modules (main) (minor) by renovate[bot] · Pull Request #1632 · conforma/policy

renovate · 2026-01-19T02:14:55Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/conforma/go-containerregistry	`v0.20.7-0.20251103083939-3459088e4bae` → `v0.21.7`
github.com/open-policy-agent/conftest	`v0.66.0` → `v0.68.2`
github.com/open-policy-agent/opa	`v1.12.3` → `v1.18.0`
github.com/open-policy-agent/regal	`v0.37.0` → `v0.41.1`
github.com/tektoncd/cli	`v0.42.1` → `v0.45.0`

Release Notes

conforma/go-containerregistry (github.com/conforma/go-containerregistry)

`v0.21.7`

Compare Source

open-policy-agent/conftest (github.com/open-policy-agent/conftest)

`v0.68.2`

Compare Source

Changelog

OPA Changes

36f23bf: build(deps): bump github.com/open-policy-agent/opa from 1.15.1 to 1.15.2 (#1311) (@dependabot[bot])

Other Changes

479de13: build(deps): bump github.com/hashicorp/go-getter from 1.8.5 to 1.8.6 (#1307) (@dependabot[bot])

`v0.68.1`

Compare Source

Changelog

Bug Fixes

2631477: fix(push): Use Rego v1 by default (#1290) (@jalseth)

`v0.68.0`

Compare Source

Changelog

New Features

a604f55: feat(parser): Add nginx parser (#1289) (@jalseth)

Bug Fixes

487a2e1: fix: Skip extensionless files that are not recognized types (#1302) (@ricardbejarano)

OPA Changes

472e4e3: build(deps): bump github.com/open-policy-agent/opa from 1.14.1 to 1.15.1 (#1303) (@dependabot[bot])

Other Changes

6d521ef: build(deps): bump github.com/google/go-jsonnet from 0.21.0 to 0.22.0 (#1299) (@dependabot[bot])
2d5f1c2: build(deps): bump github.com/moby/buildkit from 0.28.0 to 0.29.0 (#1306) (@dependabot[bot])

`v0.67.1`

Compare Source

Changelog

Bug Fixes

9cef5a2: fix(releasing): Ensure GoReleaser creates a tar for linux_amd64 (#1294) (@jalseth)

Other Changes

8bc9477: build(deps): bump actions/setup-go from 6.0.0 to 6.3.0 (#1278) (@dependabot[bot])
7655171: build(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 (#1284) (@dependabot[bot])
35ab0ca: build(deps): bump docker/login-action from 3.6.0 to 4.0.0 (#1283) (@dependabot[bot])
94e5286: build(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 (#1275) (@dependabot[bot])
45a3835: ci: Update Nix devshell to use go-overlay (#1287) (@jalseth)

`v0.67.0`

Compare Source

Changelog

Bug Fixes

69f41ed: fix(plugin): Handle spaces in the plugin command path (#1242) (@jalseth)

OPA Changes

59cb419: build(deps): bump github.com/open-policy-agent/opa from 1.12.1 to 1.13.1 (#1262) (@dependabot[bot])
507345f: build(deps): bump github.com/open-policy-agent/opa from 1.13.1 to 1.13.2 (#1274) (@dependabot[bot])
69b7329: build(deps): bump github.com/open-policy-agent/opa from 1.13.2 to 1.14.1 (#1282) (@dependabot[bot])

Other Changes

8ec8ba0: build(deps): bump actions/checkout from 5.0.0 to 6.0.1 (#1230) (@dependabot[bot])
fb1d20e: build(deps): bump alpine from 3.23.2 to 3.23.3 (#1264) (@dependabot[bot])
84ee4f1: build(deps): bump bats-core/bats-action from 3.0.1 to 4.0.0 (#1270) (@dependabot[bot])
06f26a6: build(deps): bump cuelang.org/go from 0.15.1 to 0.15.3 (#1244) (@dependabot[bot])
d01f783: build(deps): bump cuelang.org/go from 0.15.3 to 0.15.4 (#1259) (@dependabot[bot])
b7f9627: build(deps): bump cuelang.org/go from 0.15.4 to 0.16.0 (#1279) (@dependabot[bot])
3e4cf98: build(deps): bump docker/build-push-action from 6.18.0 to 6.19.2 (#1273) (@dependabot[bot])
b7060d3: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.3 to 0.10.0 (#1265) (@dependabot[bot])
e130513: build(deps): bump github.com/hashicorp/go-getter from 1.8.3 to 1.8.4 (#1245) (@dependabot[bot])
e5afd3f: build(deps): bump github.com/hashicorp/go-getter from 1.8.4 to 1.8.5 (#1285) (@dependabot[bot])
d6f5fb2: build(deps): bump github.com/moby/buildkit from 0.26.3 to 0.27.1 (#1260) (@dependabot[bot])
c1ba806: build(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.0 (#1280) (@dependabot[bot])
fc57996: build(deps): bump github.com/spdx/tools-golang from 0.5.5 to 0.5.6 (#1243) (@dependabot[bot])
95d756f: build(deps): bump github.com/spdx/tools-golang from 0.5.6 to 0.5.7 (#1251) (@dependabot[bot])
a59b8bd: build(deps): bump golang from 1.25.5-alpine to 1.25.6-alpine (#1256) (@dependabot[bot])
bde1457: build(deps): bump golang from 1.25.6-alpine to 1.26.1-alpine (#1281) (@dependabot[bot])
b2e58f0: build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.2.0 (#1231) (@dependabot[bot])
b1e9f30: ci: Update Dependabot config (#1267) (@jalseth)
bf63002: ci: Update setup-go to use Go version from go.mod (#1268) (@jalseth)

open-policy-agent/opa (github.com/open-policy-agent/opa)

`v1.18.0`

Compare Source

This release contains a mix of bugfixes and small features. Notably:

A breaking fix to the outbound User-Agent header so it conforms to RFC 9110 (see below)
Container-aware resource limits: automatic GOMAXPROCS is restored and automatic GOMEMLIMIT is now supported
Several opa fmt correctness fixes
Improvements to opa test --coverage (ranges in report, inline rule head tracking, conjunction-expression coverage)

Breaking: Fix User-Agent according to RFC9110 (#8792)

OPA's outbound HTTP requests (bundle, discovery, decision log, status, http.send, AWS KMS/ECR)
previously sent User-Agent: Open Policy Agent/<version> (<os>, <arch>), which is not a valid
RFC 9110 User-Agent value because the product token cannot contain spaces. The header is now
Open-Policy-Agent/<version> (<os>, <arch>). Server-side log filters or WAF rules that
exact-match the old string will need to be updated.

Authored by @sspaink, reported by @SpecLad

Runtime, SDK, Tooling

bundle: fix per-module rego version lookup (#8797) authored by @sspaink, reported by @xubinzheng
bundle: improve determinism of file_rego_versions patterns with overlap (#8733) authored by @philipaconrad
cover: Track inline rule head in post trace walk (#6531) authored by @charlieegan3, reported by @anderseknert
cover: Update report to include ranges (#8748) reported and authored by @charlieegan3
cover: Add support for coverage of conjunction exprs (#8809) authored by @charlieegan3
download/oci: Set Accept headers (#8720) authored by @charlieegan3
fmt: preserve the multiline but single entry iterables (#8557) authored by @unichronic, reported by @anderseknert
format: Fix dropped with-clause after comment in object value (#8765) authored by @sspaink, reported by @srabraham
format: keep lone with on the closing-bracket line of multi-line expressions (#8804) authored by @anneheartrecord, reported by @burnster
oracle: Fix find-definition on expressions inside ast.Not nodes (#8731) authored by @johanfylling
runtime: Restore goautomaxprocs, add automemlimit (#8784) authored by @charlieegan3

Compiler, Topdown and Rego

ast: Apply location to inner ast.Not expressions (#8717) authored by @johanfylling, reported by @anderseknert
ast: Clean up code for value comparisons (#8737) authored by @anderseknert
ast: Fix PE regression for future.keywords.not negation inside every (#8781) authored by @johanfylling
internal/edittree: Add recursive tree node recycling (#8693) authored by @philipaconrad
internal: compile,planner: improve determinism of plan/wasm bundle builds (#8732) authored by @philipaconrad
perf: avoid allocations in object.get (#8729) authored by @anderseknert
topdown: Fix PE not namespacing vars in comprehensions nested inside every (#8816) authored by @johanfylling
topdown: remove dst.Compare(src) shortcut (#8739) authored by @srenatus
topdown: skip strconv.ParseInt in format_int base-10 fast path (#8801) authored by @srenatus

Docs, Website, Ecosystem

docs/chore: Remove broken links (#8714) authored by @charlieegan3, reported by @github-actions
docs: PoC for kapa.ai (#8125) reported and authored by @charlieegan3
docs(ecosystem): update OPA MCP entry with video, blog, and distribution links (#8712) authored by @OrygnsCode
docs/contributing: add formatting (#8740) authored by @mmzzuu
docs: Add SDK references for evaluating IR plans (#8783) authored by @charlieegan3
docs: Add depkeep to enterprise support (#8685) authored by @pkuzco
docs: Add notes about use of GOMEMLIMIT (#8771) authored by @charlieegan3
docs: Add we/our/us check to spell check (#8787) authored by @charlieegan3
docs: Update built-in index page titles (#8728) authored by @charlieegan3
docs: Update documentation to be more consistent and sound more like reference docs (#8786) authored by @charlieegan3
docs: Update regal docs for 0.41.1 release (#8730) authored by @charlieegan3
docs: Update to agents.md regarding security dependences 'fixes' (#8754) authored by @charlieegan3
docs: clarify environment variable substitution behaviour (#8713) authored by @taurelius
docs: remove duplicated word in Rego style guide (#8800) authored by @s3onghyun
website: Add .md alternate content types for llms (#8725) authored by @charlieegan3
website: Add support page disclaimer and sort by date added (#8736) authored by @charlieegan3
website: Fix build from missing dateAdded (#8764) authored by @charlieegan3
website: Update docusaurus (#8756) authored by @charlieegan3
website: Update homepage AI example to tool calls (#8755) authored by @charlieegan3
website: Various updates to node and website deps (#8768) authored by @charlieegan3
website: add ossrisk to ecosystem (#8780) authored by @pkuzco

Miscellaneous

benchmarks: smaller tweaks (#8759) authored by @srenatus
benchmarks: split off script, emit markdown table (#8812) authored by @srenatus
benchmarks: use details+summary comments for benchlab results (#8811) authored by @srenatus
capabilities: Integrate 1.17.1 patch release (#8798) authored by @sspaink
chore: tidy go.mod to remove untagged versions (#8791) authored by @thaJeztah
e2e: Add proto schemas for the IR plan and bundle manifest (#8766) reported and authored by @sspaink
gha: deduplicate change-detection output in pr CI checks (#8808) authored by @sspaink
nightly: use regal@main (#8735) authored by @srenatus
workflow: remove tests from docker (edge) image build (#8721) authored by @srenatus
workflows: bring back docker edge tags for post-merge (#8718) authored by @srenatus
workflows: use go-version-file with actions/setup-go (#8751) authored by @srenatus
Dependency updates; notably:
- build(deps): Add github.com/KimMachineGun/automemlimit v0.7.5
- build(deps): Add go.uber.org/automaxprocs v1.6.0
- build(deps): Bump github.com/dgraph-io/badger/v4 from v4.9.1 to v4.9.2
- build(deps): Bump github.com/vektah/gqlparser/v2 from v2.5.33 to v2.5.34
- build(deps): Bump go.opentelemetry.io/contrib/bridges/prometheus from v0.68.0 to v0.69.0
- build(deps): Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from v0.68.0 to v0.69.0
- build(deps): Bump go.opentelemetry.io/otel from v1.43.0 to v1.44.0
- build(deps): Bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc from v1.43.0 to v1.44.0
- build(deps): Bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from v1.43.0 to v1.44.0
- build(deps): Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace from v1.43.0 to v1.44.0
- build(deps): Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc from v1.43.0 to v1.44.0
- build(deps): Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from v1.43.0 to v1.44.0
- build(deps): Bump go.opentelemetry.io/otel/sdk from v1.43.0 to v1.44.0
- build(deps): Bump go.opentelemetry.io/otel/sdk/metric from v1.43.0 to v1.44.0
- build(deps): Bump go.opentelemetry.io/otel/trace from v1.43.0 to v1.44.0
- build(deps): Bump golang.org/x/sync from v0.20.0 to v0.21.0
- build(deps): Bump golang.org/x/text from v0.37.0 to v0.38.0
- build(deps): Bump google.golang.org/grpc from v1.81.0 to v1.81.1
- build(deps): Bump gopkg.in/ini.v1 from v1.67.2 to v1.67.3
- build(deps): Bump oras.land/oras-go/v2 from v2.6.0 to v2.6.1
- build(deps): bump golang.org/x/crypto to v0.52.0 and golang.org/x/net to v0.55.0 (#8745) authored by @BGebken
- build: bump go 1.26.3 -> 1.26.4 (#8726) authored by @srenatus

`v1.17.1`

Compare Source

This release uses the latest version of Go (1.26.4) to build OPA, fixing stdlib vulnerabilities in code that OPA's HTTP handler and crypto builtins use:

It is otherwise the same code as v1.17.0.

Note that users building their own OPA binaries and images already control the Golang version, so this is not relevant for them.

Miscellaneous

build: bump go 1.26.3 -> 1.26.4 (authored by @srenatus)

`v1.17.0`

Compare Source

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

A new future.keywords.not import that adds improved semantics to the not keyword.
Rule Labels in Decision Logs
Published json schema for IR and bundle manifest
Dropped automaxprocs and x/net dependencies

Improved Negation Semantics (#8387)

This OPA release introduces a new future.keywords.not import
that fixes a long-standing semantic issue with negation in Rego.

Without the import, the compiler expands a negated composite expression like
not f(g(input.x)) into a series of sub-expressions evaluated before the
not:

__local0__ = input.x
g(__local0__, __local1__)
not f(__local1__)

If any sub-expression fails — for example, input.x is undefined or g
produces an undefined result — the entire rule fails rather than the not succeeding.
This is unintuitive: the user's intent is "the condition does not hold," but
an undefined intermediate value causes a silent failure instead of the expected
not result.

With import future.keywords.not, composite-expression negation wraps the full compiler
expansion in an implicit body:

not { __local0__ = input.x; g(__local0__, __local1__); f(__local1__) }

Now, if any sub-expression is undefined or fails, the body is unsatisfiable
and the not expression succeeds; matching the intuition that "the condition does not hold."

NOTE:

Users are recommended to import future.keywords.not whenever the not keyword is used in a policy.

Authored by @johanfylling

Rule Labels in Decision Logs (#2089)

Rule annotations now support a labels field. Labels from all successfully evaluated
rules are collected and included in each decision log entry as a top-level rule_labels
array. Each element is the merged label map for one successfully evaluated rule, with
inner-scope-wins precedence across the rule's annotation chain
(subpackages < package < document < rule). Merged maps are deduplicated
across rules so that identical label sets collapse to a single entry.

# METADATA
# scope: package

# labels:
#   service: authz

#   severity: info
package myapp

# METADATA

# labels:
#   severity: low

#   team: platform
allow if input.role == "admin"

The resulting decision log entry will contain:

{"rule_labels": [{"service": "authz", "severity": "low", "team": "platform"}]}

Note how severity: info from the package scope is overridden by severity: low from
the rule scope. Queries against rule_labels can now rely on each entry carrying the
full label context for a single rule, rather than one entry per contributing scope.

Both the runtime and the Go SDK now process metadata annotations by default.

Authored by @srenatus, reported by @tsandall

Runtime, SDK, Tooling

ast: Allow $ref in allOf in JSON schemas (#6523) authored by @deeglaze reported by @mosiac1
bundle: Update bundle roots conflict detection algorithm. (#8664) authored by @philipaconrad
download: Use oras, not containerd (#8639) authored by @srenatus
server: Remove dead code (s.partials) (#8708) authored by @srenatus
server: Wire in response/request metadata for compile handler (#8650) authored by @srenatus
server/types: generalize request/response metadata (#8650) authored by @srenatus

Compiler, Topdown and Rego

builtins: Enable pattern validation in json.verify_schema and json.match_schema built-in functions (#6089) authored by @sspaink reported by @ewout8
ir: Don't capitalize index field in MakeNumberRefStmt IR statement (#6266) authored by @sspaink reported by @johanfylling
perf: Avoid allocating in binary and/or operators when possible (#8689) authored by @anderseknert
rego: Allow per-eval GenerateJSON function (#8690) authored by @anderseknert

Docs, Website, Ecosystem

ecosystem: add OPA MCP (#8618) authored by @OrygnsCode
docs: Add explicit address binding to examples (#8688) authored by @charlieegan3
docs: Add titles to code blocks in policy-testing (#8649) authored by @charlieegan3
docs: Correct OCP SSH key docs (#8675) authored by @taurelius
docs: Update diagram to match index examples (#8667) authored by @charlieegan3

Miscellaneous

ast,storage/inmem: Add inmem.NewFromASTObject and add missing string case to ast.InternedValue (#8707) authored by @anderseknert
build: go install -> go install tool to control checksums (#8646) authored by @srenatus
build: Push edge binaries to bucket (#8668) authored by @charlieegan3
workflows: Fix benchmarks workflow (replace action, avoid stackoverflow) (#8655) authored by @srenatus
workflows: Note improvements in benchmark comments (#8673) authored by @srenatus
Generate a JSON Schema for the IR plan (#8662) authored by @sspaink reported by @kroekle
Generate a JSON Schema for the bundle manifest (#8661) authored by @sspaink reported by @kroekle
Dependency updates; notably:
- build(deps): Remove automaxprocs dependency (#8696) authored by @anderseknert
- build(deps): Remove direct x/net dependency (#8697) authored by @anderseknert
- build(deps): Bump github.com/bytecodealliance/wasmtime-go from 43.0.2 to 44.0.0 (8652) authored by @srenatus
- build(deps): Bump github.com/fsnotify/fsnotify from 1.9.0 to 1.10.1
- build(deps): Bump github.com/huandu/go-sqlbuilder from 1.40.2 to 1.41.0
- build(deps): Bump github.com/lestrrat-go/jwx/v3 from 3.1.0 to 3.1.1
- build(deps): Bump github.com/vektah/gqlparser/v2 from 2.5.32 to 2.5.33
- build(deps): Bump google.golang.org/grpc from 1.80.0 to 1.81.0
- build(deps): Bump gopkg.in/ini.v1 from 1.67.1 to 1.67.2

`v1.16.2`

Compare Source

This release updates the version of Go used to build the OPA binaries and images to 1.26.3;
addressing a number of vulnerabilities.

`v1.16.1`

Compare Source

This is a patch release addressing a regression in the plugin manager that may cause the service to hang on shutdown (#8590).

`v1.16.0`

Compare Source

[!WARNING]

A regression has been found in the plugin manager, which may cause the service to hang on shutdown.
Users are advised to go directly to v1.16.1.

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

New uri.parse and uri.is_valid built-in functions
Data API Request/Response Metadata
Prometheus metrics exported via OTLP
Formatter improvements

NOTE:

In v1.15.x, OPA was dropping logs for bundle downloads, print() calls and other plugin-originated logs.
Users are advised to update, v1.16.0 fixes this bug in (#8544).

New `uri.parse` and `uri.is_valid` built-in functions (#8263)

Two new built-in functions have been added: uri.parse for parsing a given URI, and uri.is_valid for verifying the structure of a given URI.

uri.parse

Parses a URI and returns an object containing its components according to RFC 3986. Empty components are omitted.

package example

test_uri if {
	uri.parse("https://example.com:8080/api?q=1#top") == {
		"scheme": "https",
		"hostname": "example.com",
		"port": "8080",
		"path": "/api",
		"raw_path": "/api",
		"raw_query": "q=1",
		"fragment": "top",
	}
}

uri.is_valid

Returns true if the input can be parsed as a URI, false otherwise.

package example

deny contains "invalid URI" if {
    not uri.is_valid("http://[invalid")
}

Authored by @charlieegan3 reported by @anivar

Data API Request/Response Metadata (#8570)

Wrapping projects can now attach custom metadata to Data API requests and have evaluation produce response metadata.

Two distinct metadata paths are introduced:

Request metadata: parsed from extra top-level keys in the request body, made available to builtins via BuiltinContext.RequestMetadata. Logged in the decision log under Custom["request_metadata"].
Response metadata: a separate map (BuiltinContext.ResponseMetadata) that builtins can populate during evaluation. Only included in the API response and decision log if non-empty.

In vanilla OPA, no builtins write response metadata, so responses are unchanged. The request metadata map is only allocated when the request carries extra fields; the response map is one empty map per request.

To avoid conflicts with future OPA top-level keys, callers should use a namespaced key: {"input": {...}, "com.example.opa/md": {...}}.

Request with metadata:

curl -H 'Content-Type: application/json' \
  -d '{"input": {"user": "alice"}, "com.example.opa/metadata": {"corp-id": "acme-42"}}' \
  http://localhost:8181/v1/data/example/allow

Response (response metadata included if, for example, set by a custom builtin):

{
  "decision_id": "04789f85-de5a-477b-8aa5-6d59d7742135",
  "result": true,
  "com.example.opa/response": {
    "snapshot_version": "v3"
  }
}

Decision log entry:

{
  "custom": {
    "request_metadata": {
      "com.example.opa/metadata": {
        "corp-id": "acme-42"
      }
    },
    "response_metadata": {
      "com.example.opa/response": {
        "snapshot_version": "v3"
      }
    }
  },
  "decision_id": "04789f85-de5a-477b-8aa5-6d59d7742135",
  "input": { "user": "alice" },
  "msg": "Decision Log",
  "path": "example/allow",
  "result": true
}

Authored by @srenatus

Runtime, SDK, Tooling

distributedtracing: Export Prometheus metrics via OTLP (#7591) reported and authored by @Munken
cmd,tester: Update opa test to stream test case results (#3676) authored by @sspaink reported by @tsandall
cmd,tester: Show full errors when test fails and using --coverage (#8438) authored by @grosser
format: Add new line between METADATA blocks (#8483) authored by @sspaink
format: Allow indenting all withs in expression (#8508) authored by @anderseknert
format: Fix dropping comments after handling unexpectedCommentError (#8553) authored by @sspaink
format: Preserve location of trailing comments inside every body (#8558) authored by @johanfylling
format: Prevent opa fmt from formatting single attribute objects with comments (#7565) authored by @sspaink reported by @anderseknert
logging: Keep forwarding from BufferedLogger after Flush() (#8544) authored by @srenatus reported by @annieyhuang
plugins/logs: Fix logBuffer eviction loop only dropping one element (#8543) authored by @sspaink
plugins/logs: Fix out-of-order plugin status notifications (#8009) authored by @sspaink reported by @Pushpalanka
plugins/rest: Carry over all of *tls.Config (#8473) authored by @srenatus reported by @ashu2496
server: Drop HTML index page query form (#8477) authored by @johanfylling reported by @srenatus and @r0binak
server: Skip chmod for abstract Unix domain sockets (#8536) authored by @bakayolo
storage/inmem: Avoid allocations from Read() in MakeDir() (#8561) authored by @srenatus
tester: Add method to match tests by ref prefixes (#6696) authored by @anderseknert
Note: Experimental.

Compiler, Topdown and Rego

ast: Allow Back-to-back metadata blocks (#8482) authored by @sspaink reported by @johanfylling
ast: Catch functions in dynamic extent of ref head rule (#8461) authored by @srenatus reported by @johanfylling
ast: Fix parenthesis in String() of {obj,arr,set} comprehensions (#8511) authored by @srenatus
ast: Fix parsing of unary - in front of a ref (#5014) authored by @mmzzuu reported by @philipaconrad
ast: Fix type checker match error for objects with set keys (#6260) authored by @sspaink reported by @tsandall
ast: Fix type checker to recognize numeric index in generated map (#6736) authored by @sspaink reported by @anderseknert
ast: Handle underdetermined function args (#5234) authored by @sspaink reported by @obataku
ast: Identify compatible type from reference in type checker (#7273) authored by @sspaink reported by @anderseknert
ast: Support recursive JSON Schemas (#6099) authored by @sspaink reported by @anderseknert
builtins: Add support for days, weeks and years in time.parse_duration_ns built-in function (#2719) authored by @sspaink reported by @freeseacher
builtins: Fix graph.reachable_paths to return all reachable paths (#5871) authored by @davidmarne-wf reported by @ericjkao
builtins: Limit exponent size in units.parse_bytes built-in function to prevent timeout bypass (#8326) authored by @isaiahvita reported by @anderseknert
perf: Add CopyNonGround() methods for Array, Set, and Object (#8323) authored by @alex60217101990
resolver/wasm: Add NewWithContext to allow passing context (#8499) authored by @dominikschulz

Docs, Website, Ecosystem

docs: Add aggregates examples for count and sum built-in functions (#8566) authored by @alliasgher reported by @srenatus
docs: Add generated output.jsons for docs examples (#8535) authored by @charlieegan3
docs: Add spec for OCP bundle status tracking API (#8502) authored by @ashutosh-narkar
docs: Add the latest videos to the README presentations section (#8523) authored by @sspaink
docs: Add Windows development notes to dev reference guide (#8422) authored by @raajheshkannaa
docs: Fix input value type in not undefined example (#8580) authored by @menma1234
docs: Update Regal docs to v0.40.0 (#8538) authored by @charlieegan3
docs: Updated roadmap link (#8501) authored by @johanfylling
docs: Various typo fixes ([#8529](https://redirect.github.com/open-policy-agent/opa/pull/

✂ Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

Branch creation
- Between 12:00 AM and 03:59 AM (* 0-3 * * *)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2026-02-05T09:04:45Z

ℹ️ Artifact update notice

File name: docs/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

1 additional dependency was updated
The go directive was updated for compatibility reasons

Details:

Package	Change
`go`	`1.24.6` -> `1.25.0`
`go.yaml.in/yaml/v2`	`v2.4.2` -> `v2.4.4`

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

125 additional dependencies were updated
The go directive was updated for compatibility reasons

Details:

Package	Change
`go`	`1.25.5` -> `1.26`
`cloud.google.com/go`	`v0.121.6` -> `v0.123.0`
`cloud.google.com/go/auth`	`v0.18.0` -> `v0.18.2`
`cloud.google.com/go/firestore`	`v1.20.0` -> `v1.21.0`
`cloud.google.com/go/kms`	`v1.23.2` -> `v1.25.0`
`cloud.google.com/go/longrunning`	`v0.7.0` -> `v0.8.0`
`cloud.google.com/go/storage`	`v1.57.1` -> `v1.61.3`
`cuelang.org/go`	`v0.15.3` -> `v0.16.0`
`github.com/CycloneDX/cyclonedx-go`	`v0.9.3` -> `v0.10.0`
`github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric`	`v0.54.0` -> `v0.55.0`
`github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping`	`v0.54.0` -> `v0.55.0`
`github.com/anchore/go-struct-converter`	`v0.0.0-20230627203149-c72ef8859ca9` -> `v0.1.0`
`github.com/arl/statsviz`	`v0.7.2` -> `v0.8.0`
`github.com/aws/aws-sdk-go-v2`	`v1.41.0` -> `v1.41.4`
`github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream`	`v1.7.2` -> `v1.7.7`
`github.com/aws/aws-sdk-go-v2/config`	`v1.32.5` -> `v1.32.12`
`github.com/aws/aws-sdk-go-v2/credentials`	`v1.19.5` -> `v1.19.12`
`github.com/aws/aws-sdk-go-v2/feature/ec2/imds`	`v1.18.16` -> `v1.18.20`
`github.com/aws/aws-sdk-go-v2/internal/configsources`	`v1.4.16` -> `v1.4.20`
`github.com/aws/aws-sdk-go-v2/internal/endpoints/v2`	`v2.7.16` -> `v2.7.20`
`github.com/aws/aws-sdk-go-v2/internal/ini`	`v1.8.4` -> `v1.8.6`
`github.com/aws/aws-sdk-go-v2/internal/v4a`	`v1.4.12` -> `v1.4.21`
`github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding`	`v1.13.4` -> `v1.13.7`
`github.com/aws/aws-sdk-go-v2/service/internal/checksum`	`v1.9.3` -> `v1.9.12`
`github.com/aws/aws-sdk-go-v2/service/internal/presigned-url`	`v1.13.16` -> `v1.13.20`
`github.com/aws/aws-sdk-go-v2/service/internal/s3shared`	`v1.19.12` -> `v1.19.20`
`github.com/aws/aws-sdk-go-v2/service/s3`	`v1.89.1` -> `v1.97.1`
`github.com/aws/aws-sdk-go-v2/service/signin`	`v1.0.4` -> `v1.0.8`
`github.com/aws/aws-sdk-go-v2/service/sso`	`v1.30.7` -> `v1.30.13`
`github.com/aws/aws-sdk-go-v2/service/ssooidc`	`v1.35.12` -> `v1.35.17`
`github.com/aws/aws-sdk-go-v2/service/sts`	`v1.41.5` -> `v1.41.9`
`github.com/aws/smithy-go`	`v1.24.0` -> `v1.24.2`
`github.com/clipperhouse/displaywidth`	`v0.6.0` -> `v0.11.0`
`github.com/clipperhouse/uax29/v2`	`v2.3.0` -> `v2.7.0`
`github.com/cloudflare/circl`	`v1.6.1` -> `v1.6.3`
`github.com/cncf/xds/go`	`v0.0.0-20251022180443-0feb69152e9f` -> `v0.0.0-20251210132809-ee656c7534f5`
`github.com/containerd/containerd/v2`	`v2.2.0` -> `v2.2.2`
`github.com/containerd/stargz-snapshotter/estargz`	`v0.18.1` -> `v0.18.2`
`github.com/cyphar/filepath-securejoin`	`v0.5.0` -> `v0.6.0`
`github.com/decred/dcrd/dcrec/secp256k1/v4`	`v4.4.0` -> `v4.4.1`
`github.com/dgraph-io/badger/v4`	`v4.8.0` -> `v4.9.1`
`github.com/dgraph-io/ristretto/v2`	`v2.3.0` -> `v2.4.0`
`github.com/docker/cli`	`v29.0.3+incompatible` -> `v29.3.1+incompatible`
`github.com/docker/docker-credential-helpers`	`v0.9.4` -> `v0.9.5`
`github.com/emicklei/proto`	`v1.14.2` -> `v1.14.3`
`github.com/envoyproxy/go-control-plane/envoy`	`v1.35.0` -> `v1.36.0`
`github.com/envoyproxy/protoc-gen-validate`	`v1.2.1` -> `v1.3.0`
`github.com/fatih/color`	`v1.18.0` -> `v1.19.0`
`github.com/go-git/go-billy/v5`	`v5.6.2` -> `v5.8.0`
`github.com/go-git/go-git/v5`	`v5.16.5` -> `v5.18.0`
`github.com/go-jose/go-jose/v4`	`v4.1.3` -> `v4.1.4`
`github.com/go-openapi/analysis`	`v0.24.1` -> `v0.24.3`
`github.com/go-openapi/errors`	`v0.22.6` -> `v0.22.7`
`github.com/go-openapi/jsonpointer`	`v0.22.4` -> `v0.22.5`
`github.com/go-openapi/jsonreference`	`v0.21.4` -> `v0.21.5`
`github.com/go-openapi/loads`	`v0.23.2` -> `v0.23.3`
`github.com/go-openapi/spec`	`v0.22.3` -> `v0.22.4`
`github.com/go-openapi/strfmt`	`v0.25.0` -> `v0.26.1`
`github.com/go-openapi/swag/conv`	`v0.25.4` -> `v0.25.5`
`github.com/go-openapi/swag/fileutils`	`v0.25.4` -> `v0.25.5`
`github.com/go-openapi/swag/jsonname`	`v0.25.4` -> `v0.25.5`
`github.com/go-openapi/swag/jsonutils`	`v0.25.4` -> `v0.25.5`
`github.com/go-openapi/swag/loading`	`v0.25.4` -> `v0.25.5`
`github.com/go-openapi/swag/mangling`	`v0.25.4` -> `v0.25.5`
`github.com/go-openapi/swag/stringutils`	`v0.25.4` -> `v0.25.5`
`github.com/go-openapi/swag/typeutils`	`v0.25.4` -> `v0.25.5`
`github.com/go-openapi/swag/yamlutils`	`v0.25.4` -> `v0.25.5`
`github.com/go-openapi/validate`	`v0.25.1` -> `v0.25.2`
`github.com/go-viper/mapstructure/v2`	`v2.4.0` -> `v2.5.0`
`github.com/google/cel-go`	`v0.26.1` -> `v0.27.0`
`github.com/google/flatbuffers`	`v25.9.23+incompatible` -> `v25.12.19+incompatible`
`github.com/google/go-containerregistry`	`v0.20.7` -> `v0.21.0`
`github.com/google/go-jsonnet`	`v0.21.0` -> `v0.22.0`
`github.com/googleapis/enterprise-certificate-proxy`	`v0.3.9` -> `v0.3.14`
`github.com/googleapis/gax-go/v2`	`v2.16.0` -> `v2.17.0`
`github.com/grpc-ecosystem/grpc-gateway/v2`	`v2.27.3` -> `v2.27.7`
`github.com/hashicorp/aws-sdk-go-base/v2`	`v2.0.0-beta.65` -> `v2.0.0-beta.72`
`github.com/hashicorp/go-getter`	`v1.8.3` -> `v1.8.6`
`github.com/hashicorp/go-version`	`v1.7.0` -> `v1.8.0`
`github.com/huandu/go-sqlbuilder`	`v1.38.1` -> `v1.39.1`
`github.com/in-toto/go-witness`	`v0.8.6` -> `v0.9.1`
`github.com/klauspost/compress`	`v1.18.2` -> `v1.18.5`
`github.com/lestrrat-go/httprc/v3`	`v3.0.1` -> `v3.0.4`
`github.com/lestrrat-go/jwx/v3`	`v3.0.12` -> `v3.0.13`
`github.com/mattn/go-runewidth`	`v0.0.19` -> `v0.0.20`
`github.com/moby/buildkit`	`v0.26.3` -> `v0.29.0`
`github.com/morikuni/aec`	`v1.0.0` -> `v1.1.0`
`github.com/olekukonko/errors`	`v1.1.0` -> `v1.2.0`
`github.com/olekukonko/ll`	`v0.1.3` -> `v0.1.7`
`github.com/olekukonko/tablewriter`	`v1.1.2` -> `v1.1.3`
`github.com/open-policy-agent/opa`	`v1.12.1` -> `v1.15.2`
`github.com/prometheus/common`	`v0.67.4` -> `v0.67.5`
`github.com/protocolbuffers/txtpbfmt`	`v0.0.0-20251016062345-16587c79cd91` -> `v0.0.0-20260217160748-a481f6a22f94`
`github.com/sigstore/fulcio`	`v1.8.4` -> `v1.8.5`
`github.com/spdx/tools-golang`	`v0.5.5` -> `v0.5.7`
`github.com/tektoncd/chains`	`v0.26.0` -> `v0.26.2`
`github.com/tektoncd/hub`	`v1.22.2` -> `v1.23.6`
`github.com/tektoncd/pipeline`	`v1.3.1` -> `v1.9.2`
`github.com/tektoncd/triggers`	`v0.33.0` -> `v0.35.0`
`github.com/valyala/fastjson`	`v1.6.4` -> `v1.6.10`
`github.com/vektah/gqlparser/v2`	`v2.5.31` -> `v2.5.32`
`go.opentelemetry.io/contrib/detectors/gcp`	`v1.38.0` -> `v1.39.0`
`go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp`	`v0.63.0` -> `v0.65.0`
`go.opentelemetry.io/otel`	`v1.39.0` -> `v1.42.0`
`go.opentelemetry.io/otel/exporters/otlp/otlptrace`	`v1.38.0` -> `v1.40.0`
`go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`	`v1.38.0` -> `v1.40.0`
`go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`	`v1.38.0` -> `v1.40.0`
`go.opentelemetry.io/otel/metric`	`v1.39.0` -> `v1.42.0`
`go.opentelemetry.io/otel/sdk`	`v1.39.0` -> `v1.42.0`
`go.opentelemetry.io/otel/sdk/metric`	`v1.39.0` -> `v1.42.0`
`go.opentelemetry.io/otel/trace`	`v1.39.0` -> `v1.42.0`
`golang.org/x/crypto`	`v0.47.0` -> `v0.49.0`
`golang.org/x/mod`	`v0.31.0` -> `v0.33.0`
`golang.org/x/net`	`v0.49.0` -> `v0.52.0`
`golang.org/x/oauth2`	`v0.34.0` -> `v0.36.0`
`golang.org/x/sync`	`v0.19.0` -> `v0.20.0`
`golang.org/x/sys`	`v0.40.0` -> `v0.42.0`
`golang.org/x/term`	`v0.39.0` -> `v0.41.0`
`golang.org/x/text`	`v0.33.0` -> `v0.35.0`
`golang.org/x/time`	`v0.14.0` -> `v0.15.0`
`golang.org/x/tools`	`v0.40.0` -> `v0.42.0`
`google.golang.org/api`	`v0.260.0` -> `v0.271.0`
`google.golang.org/genproto`	`v0.0.0-20251202230838-ff82c1b0f217` -> `v0.0.0-20260128011058-8636f8732409`
`google.golang.org/genproto/googleapis/api`	`v0.0.0-20251202230838-ff82c1b0f217` -> `v0.0.0-20260203192932-546029d2fa20`
`google.golang.org/genproto/googleapis/rpc`	`v0.0.0-20260203192932-546029d2fa20` -> `v0.0.0-20260226221140-a57be14db171`
`google.golang.org/grpc`	`v1.78.0` -> `v1.79.3`

codecov · 2026-02-05T09:11:01Z

Codecov Report

✅ All modified and coverable lines are covered by tests.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

fullsend-ai-review · 2026-06-08T16:57:32Z

🤖 Review · Started 4:57 PM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review · 2026-06-08T17:02:11Z

Review

Findings

Critical

[API contract violation] go.mod — The root go.mod is updated with new dependency versions (conftest v0.68.2, regal v0.41.1, tektoncd/cli v0.45.0, and the go-containerregistry replace directive updated to v0.21.7), but the root go.sum file is not included in the PR diff. The current go.sum on main contains checksums only for the old versions and has no entries for the new versions. Additionally, the root go.mod lacks updates to indirect dependencies, which would normally change when bumping these direct dependencies. This indicates go mod tidy was not run for the root module, and the module will fail to build.
Remediation: Run go mod tidy in the repository root to update both go.mod (indirect dependencies) and go.sum with the correct checksums for the new dependency versions. The resulting changes must be included in this PR.

Previous run

Review

Findings

Critical

[api-contract] go.mod:498 — The replace directive uses a bare commit hash b75247998fd1 instead of a valid Go module pseudo-version. The current base branch correctly uses v0.20.7-0.20251103083939-3459088e4bae, and the PR's own acceptance/go.mod correctly uses v0.20.7-0.20260625125002-b75247998fd1 for the new commit. The bare hash form is invalid for replace directives targeting modules that contain a go.mod file, and will cause go mod tidy and all builds to fail.
Remediation: Change the replace directive in go.mod to use the full pseudo-version: replace github.com/google/go-containerregistry => github.com/conforma/go-containerregistry v0.20.7-0.20260625125002-b75247998fd1 (matching the format used in acceptance/go.mod).

Medium

[missing-artifact] go.mod — The root go.sum is not included in the PR's changed files despite version bumps to conftest, regal, and tektoncd/cli in go.mod. This is largely a downstream consequence of the broken replace directive: go mod tidy cannot succeed with the invalid bare commit hash, so a valid go.sum cannot be generated until that is fixed first.
Remediation: After fixing the replace directive, run go mod tidy in the root module directory and include the resulting go.sum changes in the PR.

Labels: Go dependency update PR should carry the go and dependencies labels.

Previous run (2)

Review

Findings

Critical

[Invalid Go module syntax] go.mod:498 — The replace directive uses a bare commit hash b75247998fd1 without a version prefix: replace github.com/google/go-containerregistry => github.com/conforma/go-containerregistry b75247998fd1. Go modules require a valid semver or pseudo-version. This will cause go mod tidy, go build, and all other Go tooling to fail with a parse error. The acceptance/go.mod correctly uses the full pseudo-version format v0.20.7-0.20260625125002-b75247998fd1 for the same commit, confirming this is an error in the root go.mod only.
Remediation: Change the replace directive to use the proper pseudo-version: replace github.com/google/go-containerregistry => github.com/conforma/go-containerregistry v0.20.7-0.20260625125002-b75247998fd1.

Medium

[Missing go.sum update] go.mod — The root go.mod updates direct dependencies (conftest, regal, tektoncd/cli) and the replace directive, but the root go.sum is not updated. This is likely a downstream effect of the broken replace directive preventing go mod tidy from completing. Fix the replace directive first, then run go mod tidy to regenerate go.sum.

Low

[API compatibility risk] regal.go:34 — The regal dependency jumps from v0.37.0 to v0.41.1 (4 minor versions). The code directly uses cmd.RootCommand and cmd.ExitError. While likely stable, verify these symbols have compatible signatures in v0.41.1.

Previous run (3)

Review

Findings

High

[api-contract] go.mod:8 — The root go.mod bumps three direct dependencies (conftest v0.66.0→v0.68.2, regal v0.37.0→v0.41.1, tektoncd/cli v0.42.1→v0.45.0) but the corresponding go.sum file is not updated in this PR. The current go.sum on the base branch only contains checksum entries for the old versions. Any build or go mod verify will fail with missing checksum errors.
Remediation: Run go mod tidy in the root module directory to regenerate go.sum with the correct checksums for the updated dependencies, and include the updated go.sum in the PR.

Info

[sub-agent-failure] N/A — The style-conventions sub-agent did not return findings: model unavailability on deployment. This dimension was not evaluated. Given the mechanical nature of this dependency bump, no style issues are expected.

fullsend-ai-review

See the review comment for full details.

fullsend-ai-review · 2026-06-08T17:02:12Z

-	github.com/open-policy-agent/conftest v0.66.0
-	github.com/open-policy-agent/regal v0.37.0
-	github.com/tektoncd/cli v0.42.1
+	github.com/open-policy-agent/conftest v0.68.2


[high] api-contract

The root go.mod bumps three direct dependencies (conftest v0.66.0→v0.68.2, regal v0.37.0→v0.41.1, tektoncd/cli v0.42.1→v0.45.0) but the corresponding go.sum file is not updated in this PR. The current go.sum on the base branch only contains checksum entries for the old versions, so any build or go mod verify will fail with missing checksum errors.

Suggested fix: Run go mod tidy in the root module directory to regenerate go.sum with the correct checksums for the updated dependencies, and include the updated go.sum in the PR.

fullsend-ai-review · 2026-06-08T17:02:17Z

🤖 Finished Review · ✅ Success · Started 4:57 PM UTC · Completed 5:02 PM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review · 2026-06-25T13:17:56Z

🤖 Finished Review · ✅ Success · Started 1:17 PM UTC · Completed 1:27 PM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review

See the review comment for full details.

fullsend-ai-review · 2026-06-25T13:27:46Z

 exclude google.golang.org/grpc/stats/opentelemetry v0.0.0-20241028142157-ada6787961b3

-replace github.com/google/go-containerregistry => github.com/conforma/go-containerregistry v0.20.7-0.20251103083939-3459088e4bae
+replace github.com/google/go-containerregistry => github.com/conforma/go-containerregistry b75247998fd1


[critical] Invalid Go module syntax

The replace directive uses a bare commit hash b75247998fd1 without a version prefix. Go modules require a valid semver or pseudo-version. This will cause all Go tooling to fail with a parse error. The acceptance/go.mod correctly uses the full pseudo-version format for the same commit.

Suggested fix: Change the replace directive to: replace github.com/google/go-containerregistry => github.com/conforma/go-containerregistry v0.20.7-0.20260625125002-b75247998fd1

fullsend-ai-review · 2026-06-25T18:35:14Z

🤖 Finished Review · ✅ Success · Started 6:35 PM UTC · Completed 6:43 PM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review

See the review comment for full details.

fullsend-ai-review · 2026-06-25T18:43:47Z

 exclude google.golang.org/grpc/stats/opentelemetry v0.0.0-20241028142157-ada6787961b3

-replace github.com/google/go-containerregistry => github.com/conforma/go-containerregistry v0.20.7-0.20251103083939-3459088e4bae
+replace github.com/google/go-containerregistry => github.com/conforma/go-containerregistry b75247998fd1


[critical] api-contract

The replace directive uses a bare commit hash b75247998fd1 instead of a valid Go module pseudo-version. The current base branch correctly uses v0.20.7-0.20251103083939-3459088e4bae, and the PRs own acceptance/go.mod correctly uses v0.20.7-0.20260625125002-b75247998fd1 for the new commit. The bare hash form is invalid for replace directives targeting modules that contain a go.mod file, and will cause go mod tidy and all builds to fail.

Suggested fix: Change the replace directive in go.mod to use the full pseudo-version: replace github.com/google/go-containerregistry => github.com/conforma/go-containerregistry v0.20.7-0.20260625125002-b75247998fd1 (matching the format used in acceptance/go.mod).

fullsend-ai-review · 2026-06-26T19:21:41Z

🤖 Finished Review · ✅ Success · Started 7:21 PM UTC · Completed 7:29 PM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review

See the review comment for full details.

renovate Bot added main renovate labels Jan 19, 2026

github-actions Bot added the size: XS label Jan 19, 2026

renovate Bot force-pushed the renovate/main-go-modules branch 3 times, most recently from 6530ff8 to 6421e02 Compare February 5, 2026 09:04

renovate Bot force-pushed the renovate/main-go-modules branch 3 times, most recently from 7f6a07a to 4f6e0d5 Compare February 18, 2026 13:04

renovate Bot force-pushed the renovate/main-go-modules branch from 4f6e0d5 to cf70ec7 Compare February 23, 2026 14:13

github-actions Bot added size: L and removed size: XS labels Feb 23, 2026

renovate Bot force-pushed the renovate/main-go-modules branch 4 times, most recently from 903a958 to 915f933 Compare February 26, 2026 21:59

github-actions Bot added size: XL and removed size: L labels Feb 26, 2026

renovate Bot force-pushed the renovate/main-go-modules branch 3 times, most recently from 8051b1b to b414ed3 Compare March 9, 2026 13:05

renovate Bot force-pushed the renovate/main-go-modules branch 3 times, most recently from 5c9e490 to 6625ab3 Compare March 19, 2026 14:20

renovate Bot force-pushed the renovate/main-go-modules branch 3 times, most recently from e54a0a3 to 830dcc8 Compare March 27, 2026 02:28

renovate Bot force-pushed the renovate/main-go-modules branch from 0633f9c to 39640f3 Compare May 18, 2026 09:36

renovate Bot force-pushed the renovate/main-go-modules branch 2 times, most recently from 3a7e83a to ebad324 Compare June 1, 2026 23:03

github-actions Bot added size: XS and removed size: M labels Jun 1, 2026

renovate Bot force-pushed the renovate/main-go-modules branch from ebad324 to 34c1bd8 Compare June 2, 2026 02:06

github-actions Bot added size: M and removed size: XS labels Jun 2, 2026

renovate Bot force-pushed the renovate/main-go-modules branch 2 times, most recently from d4b7deb to 9444e90 Compare June 8, 2026 16:55

fullsend-ai-review Bot suggested changes Jun 8, 2026

View reviewed changes

renovate Bot force-pushed the renovate/main-go-modules branch from 9444e90 to bde67c4 Compare June 25, 2026 13:15

renovate Bot changed the title ~~Update go modules (main) (minor)~~ Update go modules (main) Jun 25, 2026

github-actions Bot added size: L and removed size: M labels Jun 25, 2026

fullsend-ai-review Bot suggested changes Jun 25, 2026

View reviewed changes

renovate Bot force-pushed the renovate/main-go-modules branch from bde67c4 to 8b963ab Compare June 25, 2026 18:31

fullsend-ai-review Bot suggested changes Jun 25, 2026

View reviewed changes

fullsend-ai-review Bot added go Pull requests that update Go code dependencies Pull requests that update a dependency file labels Jun 25, 2026

Update go modules

29b5e67

renovate Bot force-pushed the renovate/main-go-modules branch from 8b963ab to 29b5e67 Compare June 26, 2026 19:18

renovate Bot changed the title ~~Update go modules (main)~~ Update go modules (main) (minor) Jun 26, 2026

fullsend-ai-review Bot suggested changes Jun 26, 2026

View reviewed changes

Uh oh!

Conversation

renovate Bot commented Jan 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Changelog

OPA Changes

Other Changes

Changelog

Bug Fixes

Changelog

New Features

Bug Fixes

OPA Changes

Other Changes

Changelog

Bug Fixes

Other Changes

Changelog

Bug Fixes

OPA Changes

Other Changes

Breaking: Fix User-Agent according to RFC9110 (#​8792)

Runtime, SDK, Tooling

Compiler, Topdown and Rego

Docs, Website, Ecosystem

Miscellaneous

Miscellaneous

Improved Negation Semantics (#​8387)

Rule Labels in Decision Logs (#​2089)

Runtime, SDK, Tooling

Compiler, Topdown and Rego

Docs, Website, Ecosystem

Miscellaneous

New uri.parse and uri.is_valid built-in functions (#​8263)

uri.parse

uri.is_valid

Data API Request/Response Metadata (#​8570)

Runtime, SDK, Tooling

Compiler, Topdown and Rego

Docs, Website, Ecosystem

Configuration

Uh oh!

renovate Bot commented Feb 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

ℹ️ Artifact update notice

File name: docs/go.mod

File name: go.mod

Uh oh!

codecov Bot commented Feb 5, 2026

Codecov Report

Uh oh!

fullsend-ai-review Bot commented Jun 8, 2026

Uh oh!

fullsend-ai-review Bot commented Jun 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review

Findings

Critical

Review

Findings

Critical

Medium

Review

Findings

Critical

Medium

Low

Review

Findings

High

Info

Uh oh!

fullsend-ai-review Bot left a comment

Choose a reason for hiding this comment

Uh oh!

fullsend-ai-review Bot Jun 8, 2026

Choose a reason for hiding this comment

Uh oh!

fullsend-ai-review Bot commented Jun 8, 2026

renovate Bot commented Jan 19, 2026 •

edited

Loading

Breaking: Fix User-Agent according to RFC9110 (#8792)

Improved Negation Semantics (#8387)

Rule Labels in Decision Logs (#2089)

New `uri.parse` and `uri.is_valid` built-in functions (#8263)

Data API Request/Response Metadata (#8570)

renovate Bot commented Feb 5, 2026 •

edited

Loading

fullsend-ai-review Bot commented Jun 8, 2026 •

edited

Loading

fullsend-ai-review Bot commented Jun 25, 2026 •

edited

Loading

fullsend-ai-review Bot commented Jun 25, 2026 •

edited

Loading

fullsend-ai-review Bot commented Jun 26, 2026 •

edited

Loading