Skip to content

chore(deps): bump github.com/open-policy-agent/opa from 1.17.1 to 1.18.0 in the go-dependencies group#975

Merged
mbevc1 merged 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-c57c3fe1e0
Jun 26, 2026
Merged

chore(deps): bump github.com/open-policy-agent/opa from 1.17.1 to 1.18.0 in the go-dependencies group#975
mbevc1 merged 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-c57c3fe1e0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 26, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-dependencies group with 1 update: github.com/open-policy-agent/opa.

Updates github.com/open-policy-agent/opa from 1.17.1 to 1.18.0

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.18.0

This release contains a mix of bugfixes and small features. Notably:

  • A breaking fix to the outbound User-Agent header so it conforms to RFC 9110 (see below)
  • Container-aware resource limits: automatic GOMAXPROCS is restored and automatic GOMEMLIMIT is now supported
  • Several opa fmt correctness fixes
  • Improvements to opa test --coverage (ranges in report, inline rule head tracking, conjunction-expression coverage)

Breaking: Fix User-Agent according to RFC9110 (#8792)

OPA's outbound HTTP requests (bundle, discovery, decision log, status, http.send, AWS KMS/ECR) previously sent User-Agent: Open Policy Agent/<version> (<os>, <arch>), which is not a valid RFC 9110 User-Agent value because the product token cannot contain spaces. The header is now Open-Policy-Agent/<version> (<os>, <arch>). Server-side log filters or WAF rules that exact-match the old string will need to be updated.

Authored by @​sspaink, reported by @​SpecLad

Runtime, SDK, Tooling

Compiler, Topdown and Rego

Docs, Website, Ecosystem

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.18.0

This release contains a mix of bugfixes and small features. Notably:

  • A breaking fix to the outbound User-Agent header so it conforms to RFC 9110 (see below)
  • Container-aware resource limits: automatic GOMAXPROCS is restored and automatic GOMEMLIMIT is now supported
  • Several opa fmt correctness fixes
  • Improvements to opa test --coverage (ranges in report, inline rule head tracking, conjunction-expression coverage)

Breaking: Fix User-Agent according to RFC9110 (#8792)

OPA's outbound HTTP requests (bundle, discovery, decision log, status, http.send, AWS KMS/ECR) previously sent User-Agent: Open Policy Agent/<version> (<os>, <arch>), which is not a valid RFC 9110 User-Agent value because the product token cannot contain spaces. The header is now Open-Policy-Agent/<version> (<os>, <arch>). Server-side log filters or WAF rules that exact-match the old string will need to be updated.

Authored by @​sspaink, reported by @​SpecLad

Runtime, SDK, Tooling

Compiler, Topdown and Rego

Docs, Website, Ecosystem

... (truncated)

Commits
  • cc2c5c6 Prepare v1.18 release (#8820)
  • e72a98f format: keep lone with on the closing-bracket line of multi-line expression...
  • 03646dd topdown: Fix PE not namespacing vars in comprehensions nested inside every ...
  • bf2bb52 benchmarks: split off script, emit markdown table
  • 02ce276 version: fix ill-formed User-Agent header (#8796)
  • 1fdbb77 build(deps): bump the dependencies group across 2 directories with 6 updates
  • 954196a cover: Add support for coverage of conjunction exprs (#8809)
  • dec8333 deduplicate change-detection output in pr CI checks (#8808)
  • 09679ab benchmarks: use details+summary comments for benchlab results (#8811)
  • 57742e8 build(deps): bump webpack-dev-server from 5.2.4 to 5.2.5 in /docs (#8807)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-dependencies group with 1 update: [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa).


Updates `github.com/open-policy-agent/opa` from 1.17.1 to 1.18.0
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](open-policy-agent/opa@v1.17.1...v1.18.0)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 26, 2026
@claude

claude Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Claude finished @dependabot[bot]'s task in 58s —— View job


Dependency upgrade review — OPA 1.17.1 → 1.18.0

  • Identify changed dependencies
  • Review changelog for breaking/behavior changes
  • Check how OPA is used in this repo
  • Assess upgrade safety

Verdict: low risk — safe to merge.

What changed

Direct dep: github.com/open-policy-agent/opa 1.17.1 → 1.18.0 (minor, same v1 major). The rest of the diff is transitive bumps pulled in by OPA (grpc-gateway, gqlparser, OpenTelemetry, genproto) — no API surface of ours touches those directly.

How OPA is used here

Only one file uses it — internal/evaluate/rego.go — via three stable v1 packages:

  • v1/astParseModuleWithOpts, ParserOptions, module.Package.Path, module.Rules, rule.Head.Name
  • v1/regoNew, Query, Module, Input, Store, Eval
  • v1/storage/inmemNewFromObject

All are core, long-stable APIs. Usage is purely local, in-memory policy evaluation — no bundles, discovery, decision logs, http.send, AWS, or the OPA runtime/server.

Changelog items checked against our usage

Change in 1.18.0 Affects us?
Breaking: outbound User-Agent fixed to RFC 9110 (Open-Policy-Agent/...) for bundle/discovery/decision-log/http.send/AWS KMS/ECR No — we make no outbound OPA HTTP requests
Container-aware GOMAXPROCS restored + GOMEMLIMIT auto No — only applies via OPA's runtime package, which we don't import
opa fmt correctness fixes No — CLI tooling, not used
opa test --coverage improvements No — tooling, not used
Compiler/topdown PE & ast.Not fixes Minimal — these touch partial evaluation; our code does straightforward Eval (no PE), so behavior is unchanged

Notes / follow-up

  • I could not run go build/go vet/tests here (sandbox blocks build commands), so please let CI confirm the module resolves and compiles. The public API we depend on is unchanged, so I expect a clean build.
  • No code changes needed in this repo for this bump.
    · branch dependabot/go_modules/go-dependencies-c57c3fe1e0

@mbevc1 mbevc1 enabled auto-merge (squash) June 26, 2026 09:42
@mbevc1 mbevc1 merged commit af583ed into main Jun 26, 2026
11 checks passed
@mbevc1 mbevc1 deleted the dependabot/go_modules/go-dependencies-c57c3fe1e0 branch June 26, 2026 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant