Skip to content

chore(deps): bump the go-dependencies group with 2 updates#980

Merged
mbevc1 merged 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-f5859fb72d
Jun 29, 2026
Merged

chore(deps): bump the go-dependencies group with 2 updates#980
mbevc1 merged 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-f5859fb72d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-dependencies group with 2 updates: github.com/aws/smithy-go and github.com/open-policy-agent/opa.

Updates github.com/aws/smithy-go from 1.27.2 to 1.27.3

Changelog

Sourced from github.com/aws/smithy-go's changelog.

Release (2026-06-26)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.27.3
    • Bug Fix: Fix bug in JSON doc encoder and endpoint host label format validation

Release (2026-06-05)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.27.2
    • Bug Fix: Fix incorrect serialization of unions in CBOR-based protocols.

Release (2026-06-04)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.27.1
    • Bug Fix: Fixed a deserialization failure in all protocols when encountering a union with explicit null members.
    • Bug Fix: Fixed a panic when deserializing nested unions in JSON- and CBOR-based protocols.

Release (2026-06-02)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.27.0
    • Feature: Add APIs for schema-based serialization.
    • Feature: Add support for all current AWS and Smithy protocols.
    • Bug Fix: Enforce max nesting depth of 128 on CBOR payloads.
  • github.com/aws/smithy-go/aws-http-auth: v1.2.0
    • Feature: Add event stream signer.

Release (2026-05-27)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.26.0
    • Feature: Add StringSlice to endpoint rulesfn.

... (truncated)

Commits
  • 9445927 Release 2026-06-26
  • 7617c7e add prefix/suffix hyphen rejection for host label validation based on rfc1123...
  • 49402bd Fix document.Number serialization and BigDecimal negative zero sign loss (#681)
  • 648e8ad feat: move common middlewares to shared addCommonMiddlewares (#674)
  • See full diff in compare view

Updates github.com/open-policy-agent/opa from 1.18.0 to 1.18.1

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.18.1

This release fixes a memory leak introduced in OPA v1.17.0. It is advised to update if you notice excess memory usage when running OPA server.

Fixes

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

Change Log

All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.

Unreleased

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-dependencies group with 2 updates: [github.com/aws/smithy-go](https://github.com/aws/smithy-go) and [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa).


Updates `github.com/aws/smithy-go` from 1.27.2 to 1.27.3
- [Release notes](https://github.com/aws/smithy-go/releases)
- [Changelog](https://github.com/aws/smithy-go/blob/main/CHANGELOG.md)
- [Commits](aws/smithy-go@v1.27.2...v1.27.3)

Updates `github.com/open-policy-agent/opa` from 1.18.0 to 1.18.1
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](open-policy-agent/opa@v1.18.0...v1.18.1)

---
updated-dependencies:
- dependency-name: github.com/aws/smithy-go
  dependency-version: 1.27.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.18.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 29, 2026
@claude

claude Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Claude finished @dependabot[bot]'s task in 47s —— View job


Dependency Update Review

  • Identify changed dependencies
  • Assess changelogs / semver for breaking changes
  • Check repo usage of each dependency
  • Post review summary

Verdict: ✅ Safe to merge. Both are patch-level (z-version) bumps containing only bug fixes — no breaking changes, no API surface changes affecting this repo.

Dependency Change Type Notes
github.com/aws/smithy-go 1.27.2 → 1.27.3 patch Bug fix in JSON doc encoder + endpoint host-label format validation
github.com/open-policy-agent/opa 1.18.0 → 1.18.1 patch Fixes an AnnotationSet memory leak introduced in OPA 1.17.0 (runtime.AddCleanup cycle)

Usage analysis

smithy-go — used in exactly one place: internal/azure/azure_apps.go:23,592,597 via smithyTime.ParseDateTime. The 1.27.3 changelog touches the JSON doc encoder and host-label validation; neither is on the time.ParseDateTime path, so this usage is unaffected.

opa — used in internal/evaluate/rego.go via the v1/ast, v1/rego, and v1/storage/inmem packages (rego.New, rego.Query, ast.ParseModuleWithOpts, inmem.NewFromObject). The 1.18.1 fix is an internal memory-leak fix in AnnotationSet cleanup — no public API change. Note the go.mod hash changes but the go.sum /go.mod hash is unchanged (9GY+...), confirming the module's go.mod is identical between the two versions, i.e. no dependency-tree changes.

The OPA leak fix is mildly beneficial here since ast.ParseModuleWithOpts builds annotation sets during policy evaluation.

Suggested follow-up

  • No code changes needed. A green CI run (build + internal/evaluate and internal/azure tests) is sufficient confidence for these patch bumps.

@mbevc1 mbevc1 enabled auto-merge (squash) June 29, 2026 15:23
@mbevc1 mbevc1 merged commit a03d44d into main Jun 29, 2026
11 checks passed
@mbevc1 mbevc1 deleted the dependabot/go_modules/go-dependencies-f5859fb72d branch June 29, 2026 15:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant