srenatus
Repos
249
Followers
86
Following
7

An open source, general-purpose policy engine.

7453
1025

Events

Bump decode-uri-component from 0.2.0 to 0.2.2 (#11)

Bumps decode-uri-component from 0.2.0 to 0.2.2.


updated-dependencies:

  • dependency-name: decode-uri-component dependency-type: indirect ...

Signed-off-by: dependabot[bot] support@github.com

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Created at 3 seconds ago
pull request closed
Bump decode-uri-component from 0.2.0 to 0.2.2

Bumps decode-uri-component from 0.2.0 to 0.2.2.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Created at 3 seconds ago

build(deps): bump github.com/containerd/containerd from 1.6.11 to 1.6.12 (#5458)

Bumps github.com/containerd/containerd from 1.6.11 to 1.6.12.


updated-dependencies:

  • dependency-name: github.com/containerd/containerd dependency-type: direct:production ...

Signed-off-by: dependabot[bot] support@github.com

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Created at 1 hour ago
pull request closed
build(deps): bump github.com/containerd/containerd from 1.6.11 to 1.6.12

Bumps github.com/containerd/containerd from 1.6.11 to 1.6.12.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
Created at 1 hour ago
started
Created at 3 hours ago
started
Created at 3 hours ago
delete branch
srenatus delete branch sr/fix-build-trigger
Created at 20 hours ago

build: add CHANGELOG.md to website build triggers (#5456)

Before, the commit integrating the 0.46.2 and 0.47.1 patch releases failed to trigger a website build.

Signed-off-by: Stephan Renatus stephan.renatus@gmail.com

Created at 20 hours ago
pull request closed
build: add CHANGELOG.md to website build triggers

this change itself will also trigger the website build, since it contains a change in build/.

Created at 20 hours ago
pull request opened
build: add CHANGELOG.md to website build triggers

this change itself will also trigger the website build, since it contains a change in build/.

Created at 20 hours ago
create branch
srenatus create branch sr/fix-build-trigger
Created at 20 hours ago
delete branch
srenatus delete branch load-0.47
Created at 20 hours ago
create branch
srenatus create branch load-0.47
Created at 20 hours ago
delete branch
srenatus delete branch sr/integrate-0.46.2-and-0.47.1
Created at 20 hours ago

Integrate v0.46.2 and v0.47.1 (#5455)

Signed-off-by: Stephan Renatus stephan.renatus@gmail.com

Created at 20 hours ago
pull request closed
Integrate v0.46.2 and v0.47.1

This should conclude the release process. When the website builds for this commit, the patch releases should show up on it.

Created at 20 hours ago
pull request opened
Integrate v0.46.2 and v0.47.1

This should conclude the release process. When the website builds for this commit, the patch releases should show up on it.

Created at 20 hours ago
create branch
srenatus create branch sr/integrate-0.46.2-and-0.47.1
Created at 20 hours ago
srenatus create tag v0.47.1
Created at 20 hours ago
delete branch
srenatus delete branch sr/release-0.47.1
Created at 20 hours ago

build: bump golang 1.19.3 -> 1.19.4 (#5448)

Fixes CVE-2022-41717:

net/http: limit canonical header cache by bytes, not entries

https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU

Signed-off-by: Stephan Renatus stephan.renatus@gmail.com

format: only use ref heads for all rule heads if necessary (#5450)

Before, we'd end up formatting

ps["foo"] = "bar" { true }

as

ps.foo = "bar" { true }

and older OPA version know how to parse the former, but not the latter.

Fixes #5449.

Also includes:

  • format: pass internal options via struct; because adding a third (in some cases fifth) boolean argument just didn't seem right.

Signed-off-by: Stephan Renatus stephan.renatus@gmail.com

Prepare Release v0.47.1

Signed-off-by: Stephan Renatus stephan.renatus@gmail.com

Created at 20 hours ago
pull request closed
Prepare Release 0.47.1

This is a bug fix release addressing two issues: one security issue, and one bug related to formatting backwards-compatibility.

Golang security fix CVE-2022-41717

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. Since we advise against running an OPA service exposed to the general public of the internet, potential attackers would be limited to people that are already capable of sending direct requests to the OPA service.

opa fmt and backwards compatibility (#5449)

In v0.46.1, it was possible that opa fmt would format a rule in such a way that:

  1. Before formatting, it was working fine with older OPA versions, and
  2. after formatting, it would only work with OPA version >= 0.46.1.

This backwards incompatibility wasn't intended, and has now been fixed.


I've included the release notes of 0.46.2 as a "and 0.46.2", it would only have been boring duplication otherwise.

But this release commit includes the capabilities of 0.46.2 and 0.47.1, so all binaries have a complete view of their history.

Created at 20 hours ago
pull request opened
Prepare Release 0.47.1

This is a bug fix release addressing two issues: one security issue, and one bug related to formatting backwards-compatibility.

Golang security fix CVE-2022-41717

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. Since we advise against running an OPA service exposed to the general public of the internet, potential attackers would be limited to people that are already capable of sending direct requests to the OPA service.

opa fmt and backwards compatibility (#5449)

In v0.46.1, it was possible that opa fmt would format a rule in such a way that:

  1. Before formatting, it was working fine with older OPA versions, and
  2. after formatting, it would only work with OPA version >= 0.46.1.

This backwards incompatibility wasn't intended, and has now been fixed.


I've included the release notes of 0.46.2 as a "and 0.46.2", it would only have been boring duplication otherwise.

But this release commit includes the capabilities of 0.46.2 and 0.47.1, so all binaries have a complete view of their history.

Created at 21 hours ago
create branch
srenatus create branch sr/release-0.47.1
Created at 21 hours ago
delete branch
srenatus delete branch sr/release-0.46.2
Created at 21 hours ago