Skip to content

chore(deps): bump the dependencies group with 2 updates#720

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/dependencies-3fec49a7f0
Open

chore(deps): bump the dependencies group with 2 updates#720
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/dependencies-3fec49a7f0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 2 updates: github.com/openfga/openfga and github.com/schollz/progressbar/v3.

Updates github.com/openfga/openfga from 1.18.0 to 1.18.1

Release notes

Sourced from github.com/openfga/openfga's releases.

v1.18.1

Added

  • Added diagnostic logging in experimental weighted_graph_check when v2 Check resolution might produce a different result than v1 for the same query. These logs surface authorization models that may be affected by a future v1 deprecation, and no operator action is required. #3149
  • Added diagnostic logging in Expand and ListUsers when v2 resolution might produce a different result than v1 for the same query. Note that v2 has not been created yet for these endpoints, these logs purely add visibility for a future v1 deprecation, and no operator action is required. #3182

Changed

  • Extended experimental weighted_graph_check to BatchCheck: when the flag is enabled, each item in the batch is evaluated using the weighted graph algorithm, with per-item fallback to the standard algorithm on non-terminal errors. #3154
  • Use proto.MarshalOptions{Deterministic: true} when serializing authorization models to the serialized_protobuf column, ensuring consistent stored bytes within a given OpenFGA version for models with map-keyed type definitions. #3171
  • The in_cidr condition now treats IPv4-mapped IPv6 addresses as their IPv4 equivalents (RFC 4291 §2.5.5.2), so ::ffff:192.168.1.1 matches an IPv4 CIDR such as 192.168.1.0/24. See internal/condition/types/ipaddress.go. #3181

New Contributors

Full Changelog: openfga/openfga@v1.18.0...v1.18.1

Changelog

Sourced from github.com/openfga/openfga's changelog.

[1.18.1] - 2026-06-29

Added

  • Added diagnostic logging in experimental weighted_graph_check when v2 Check resolution might produce a different result than v1 for the same query. These logs surface authorization models that may be affected by a future v1 deprecation, and no operator action is required. #3149

Changed

  • Extended experimental weighted_graph_check to BatchCheck: with the flag enabled, each item in the batch is evaluated using the weighted graph algorithm, with per-item fallback to the standard algorithm on non-terminal errors. #3154
  • Use proto.MarshalOptions{Deterministic: true} when serializing authorization models to the serialized_protobuf column, ensuring consistent stored bytes within a given OpenFGA version for models with map-keyed type definitions. #3171
  • The in_cidr condition now treats IPv4-mapped IPv6 addresses as their IPv4 equivalents (RFC 4291 §2.5.5.2), so ::ffff:192.168.1.1 matches an IPv4 CIDR such as 192.168.1.0/24. See internal/condition/types/ipaddress.go. #3181
Commits
  • 69efbd9 release: update changelog for release 1.18.1 (#3188)
  • a7f48e2 release: Update changelog to prep for 1.18.1 release (#3186)
  • bccdbbd test: fix flaky TestV2CheckWithIteratorCache_HigherConsistencyBypassesCache (...
  • 171806c Merge commit from fork
  • 334b3d5 fix: match IPv4-mapped IPv6 addresses in the in_cidr condition (#3181)
  • c08baa7 fix: use deterministic proto marshaling for stored authorization models (#3171)
  • dcaccbf chore: create draft release and publish after provenance succeeds for immutab...
  • 9a556d8 docs: fix changelog entry (#3177)
  • e630bc8 feat: add v2Check logs for resolution breaking change (#3149)
  • 096f1f5 feat: BatchCheck uses v2Check when ExperimentalWeightedGraphCheck is enabled ...
  • Additional commits viewable in compare view

Updates github.com/schollz/progressbar/v3 from 3.19.0 to 3.19.1

Release notes

Sourced from github.com/schollz/progressbar/v3's releases.

v3.19.1

What's Changed

Full Changelog: schollz/progressbar@v3.19.0...v3.19.1

Commits
  • 28775d4 Merge pull request #230 from schollz/zack/fix-progressbar
  • 5532003 fix: width issues
  • 4f72a65 Merge pull request #227 from polymorcodeus/main
  • bbedc95 Don't add colorstring if EnableColorCodes is not enabled.
  • c6fe7bc Added OptionSetSpinnerColorCode to support color codes for spinners.
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 2 updates: [github.com/openfga/openfga](https://github.com/openfga/openfga) and [github.com/schollz/progressbar/v3](https://github.com/schollz/progressbar).


Updates `github.com/openfga/openfga` from 1.18.0 to 1.18.1
- [Release notes](https://github.com/openfga/openfga/releases)
- [Changelog](https://github.com/openfga/openfga/blob/main/CHANGELOG.md)
- [Commits](openfga/openfga@v1.18.0...v1.18.1)

Updates `github.com/schollz/progressbar/v3` from 3.19.0 to 3.19.1
- [Release notes](https://github.com/schollz/progressbar/releases)
- [Commits](schollz/progressbar@v3.19.0...v3.19.1)

---
updated-dependencies:
- dependency-name: github.com/openfga/openfga
  dependency-version: 1.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github.com/schollz/progressbar/v3
  dependency-version: 3.19.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 6, 2026
Copilot AI review requested due to automatic review settings July 6, 2026 12:53
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 6, 2026 12:53
@dependabot dependabot Bot added the go Pull requests that update Go code label Jul 6, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot can't review bot-authored pull requests automatically. A user with Copilot access can request a review manually.

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedgithub.com/​openfga/​openfga@​v1.18.0 ⏵ v1.18.175 +1100100100100
Updatedgithub.com/​schollz/​progressbar/​v3@​v3.19.0 ⏵ v3.19.199100100100100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant