Bump github.com/open-policy-agent/opa from 0.16.2 to 0.24.0

[dependabot-preview]

Bumps github.com/open-policy-agent/opa from 0.16.2 to 0.24.0.

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v0.24.0

This release contains a number of small enhancements and bug fixes.

Bundle Persistence

This release adds support for persisting bundles for recovery purposes. When persistence is enabled, OPA will save activated bundles to disk. On startup, OPA checks for persisted bundles and activates them immediately. This allows OPA to startup if the bundle server is unavailable (#2097). For more information see the Bundle documentation.

Built-in Functions

This release includes a few new built-in functions:

• base64.is_valid for testing if strings are valid base64 encodings (#2690) authored by @carlpett
• net.cidr_merge function for merging sets of IPs and CIDRs (#2692)
• urlquery.decode_object for parsing URL query parameters into objects (#2647) authored by @GBrawl

In addition, http.send has been enhanced to support caching overrides and in-band error handling (#2666 and #2187).

Fixes

• Fix opa build to support custom built-in functions (#2738) authored by @gshively11
• Fix for file watching volume mounted configmaps (#2588) authored by @drewwells
• Fix discovery plugin to set last request and last successful request timestamps in status updates (#2630)
• Fix planner crash on virtual document iteration (#2601)
• Fix decision logger to requeue failed chunks (#2724 authored by @anderseknert)
• Fix object/set implementation in WASM-C library to avoid resizing.
• Fix JSON parser in WASM-C library to copy memory for strings and numbers.
• Improve WASM-C library to recycle object and set element structures while growing.

In addition, this release contains several fixes for panics identified by fuzzing:

• ast: Fix compiler to expand exprs in rule args (#2649)
• ast: Fix output var analysis to accept refs with non-var heads (#2678)
• ast: Fix panic during local var rewriting (#2720)
• ast: Fix panic in local var rewriting caused by object corruption (#2661)
• ast: Fix panic in parser post-processing of expressions (#2714)
• ast: Fix parser to ignore rules with args and key in head (#2662)
• ast: Fix object corruption during safety reordering
• types: Fix panic on reference to object with composite key (#2648)

Backwards Compatibility

• Renamed timer_rego_builtin_http.send_ns to timer_rego_builtin_http_send_ns to avoid issues with periods in metric keys.
• Removed deprecated watch package (#2265)

Miscellaneous

• Add support for H2C on HTTP listener (#2739 thanks @srenatus!).
• Add Go version information to opa version output (thanks @srenatus!)
• The official OPA build has been updated to Go v1.14.9. Previously it was using v1.13.7 which is no longer supported (thanks @srenatus!)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

0.24.0

This release contains a number of small enhancements and bug fixes.

Bundle Persistence

This release adds support for persisting bundles for recovery purposes. When persistence is enabled, OPA will save activated bundles to disk. On startup, OPA checks for persisted bundles and activates them immediately. This allows OPA to startup if the bundle server is unavailable (#2097). For more information see the Bundle documentation.

Built-in Functions

This release includes a few new built-in functions:

• base64.is_valid for testing if strings are valid base64 encodings (#2690) authored by @carlpett
• net.cidr_merge function for merging sets of IPs and CIDRs (#2692)
• urlquery.decode_object for parsing URL query parameters into objects (#2647) authored by @GBrawl

In addition, http.send has been enhanced to support caching overrides and in-band error handling (#2666 and #2187).

Fixes

• Fix opa build to support custom built-in functions (#2738) authored by @gshively11
• Fix for file watching volume mounted configmaps (#2588) authored by @drewwells
• Fix discovery plugin to set last request and last successful request timestamps in status updates (#2630)
• Fix planner crash on virtual document iteration (#2601)
• Fix decision logger to requeue failed chunks (#2724 authored by @anderseknert)
• Fix object/set implementation in WASM-C library to avoid resizing.
• Fix JSON parser in WASM-C library to copy memory for strings and numbers.
• Improve WASM-C library to recycle object and set element structures while growing.

In addition, this release contains several fixes for panics identified by fuzzing:

• ast: Fix compiler to expand exprs in rule args (#2649)
• ast: Fix output var analysis to accept refs with non-var heads (#2678)
• ast: Fix panic during local var rewriting (#2720)
• ast: Fix panic in local var rewriting caused by object corruption (#2661)
• ast: Fix panic in parser post-processing of expressions (#2714)
• ast: Fix parser to ignore rules with args and key in head (#2662)
• ast: Fix object corruption during safety reordering
• types: Fix panic on reference to object with composite key (#2648)

Backwards Compatibility

• Renamed timer_rego_builtin_http.send_ns to timer_rego_builtin_http_send_ns to avoid issues with periods in metric keys.
• Removed deprecated watch package (#2265)

Miscellaneous

• Add support for H2C on HTTP listener (#2739 thanks @srenatus!).
• Add Go version information to opa version output (thanks @srenatus!)
• The official OPA build has been updated to Go v1.14.9. Previously it was using v1.13.7 which is no longer supported (thanks @srenatus!)

Commits

• b69b80b Prepare v0.24.0 release
• cc4fc16 docs: Add note about valid package syntax
• 63560e0 topdown/http: handle http.send errors in-band
• 4851c4b wasm: Fix JSON parser to copy memory for strings and numbers
• 80bb853 topdown/http: validate force_cache parameters
• b84dfea wasm: Update node test image version
• 5052efd wasm: Support debug builds
• 0c63381 Fix plugin config instantiation tests
• 02a3b42 wasm: "Reset" the heap for malloc unit tests
• fa2538c wasm: Add minimum malloc size and split threshold
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #24.