chore(deps): update openpolicyagent/opa docker tag to v1

[renovate]

This PR contains the following updates:

Package	Update	Change
openpolicyagent/opa (source)	major	0.69.0 -> 1.0.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

open-policy-agent/opa (openpolicyagent/opa)

v1.0.0

Compare Source

NOTES:

• The minimum version of Go required to build the OPA module is 1.22

We are excited to announce OPA 1.0, a milestone release consolidating an improved developer experience for the future of Policy as Code.
The release makes new functionality designed to simplify policy writing and improve the language's consistency the default.

Changes to Rego in OPA 1.0

Below we highlight some key changes to the defaults in OPA 1.0:

• Using if for all rule definitions and contains for multi-value rules is now mandatory, not just when using the rego.v1 import.
• Other new keywords (every, in) are available without any imports.
• Previously requirements that were only run in "strict mode" (like opa check --strict) are now the default. Duplicate imports and imports which shadow each other are no longer allowed.
• OPA 1.0 comes with a range of backwards compatibility features to aid your migrations, please see the v0 compatibility guide
  if you must continue to support v0 Rego.

Read more about the OPA 1.0 announcement on the OPA blog.

Following are other changes that are included in OPA 1.0.

Improvements to memory allocations

PRs #​7172, #​7190,
#​7193, #​7165,
#​7168, #​7191 &
#​7222 together improve the memory performance of OPA. Key strategies
include reusing pointers and optimizing array and object operations, minimizing intermediate object creation, and using sync.Pool
to manage memory-heavy operations. These changes cumulatively greatly reduced the number of allocations and improved
evaluation speed by 10-20%. Additional benchmarks highlighted significant memory and speed improvements in custom
function evaluation.

Authored by @​anderseknert.

Wrap http.RoundTripper for SDK users

PR #​7180 adds an EvalHTTPRoundTrip EvalOption and query-level WithHTTPRoundTrip option.
Both use a new function type which converts an http.Transport configured by topdown to an http.RoundTripper.
This supports use cases requiring the customization of the http.send built in behavior.

Authored by @​evankanderson.

Improvements to scientific notation parsing in units.parse

PR #​7147 extends the behaviour of extractNumAndUnit to support
scientific notation values. This means values such as 1e3KB can now be handled by this function.

Authored by @​berdanA.

Support customized buckets bundle_loading_duration_ns metric

PR #​7156 extends OPA’s Prometheus configuration to allow the
setting of user defined buckets for metrics. This aids when debugging the loading of slow bundles.

Authored by @​jwu730-1.

Test suite performance improvements

PR #​7126 updates tests to improve performance. Topdown and storage/disk/
tests now run around 50% and 75% faster respectively.

Authored by @​philipaconrad.

OPA 1.0 Preparation

• Update v1 capabilities by @​johanfylling in #​7216
• v1 API by @​johanfylling in #​7215
• Updating formatter to not drop rego.v1 and future.keywords imports for v1 by @​johanfylling in #​7224
• Update docs and server binding address per OPA 1.0 specs by @​ashutosh-narkar & @​charlieegan3 in #​7140
• Renaming --rego-v1 cmd flag to --v0-v1 by @​johanfylling in #​7225

Topdown and Rego

• Provide a more useful error message when there are conflicting default rules by @​tjons in #​7164
• Fix test flakes in topdown/cache by @​evankanderson in #​7188
• Add description to all built-in function args and return values by @​anderseknert in #​7153
• Built-in function to_number now rejects "Inf", "Infinity" and "NaN" values by @​sikehish in #​7203
• Update eval_cancel_error logic to separate context canceled, timeout errors by @​mchitten in #​7202

Runtime, Tooling, SDK

• Respect runtime rego-version in RESTful policy API by @​johanfylling in #​7183
• Debugger: allow YAML to be used as input by @​anderseknert in #​7178
• opa build: provide an option to preserve print statements for the "wasm" target (#​7194) by @​me-viper in #​7195
• Fix improper formatter behavior when comprehension contains comment by @​tjons in #​7169
• runtime: send version report less often when OPA long-running by @​srenatus in #​7211
• opa eval: Return error if illegal arguments passed with --unknowns flag by @​kd-labs in #​7149
• Enable direct error handling for bundle plugin trigger method by @​torwunder in #​7143

Docs, Website, Ecosystem

• Add VodafoneZiggo as adopters by @​Parsifal-M in #​7154
• Add opa-java-wasm to docs by @​andreaTP in #​7199

Dependency Updates

• (build) golangci-lint: v1.59.1 -> v1.60.1 by @​srenatus in #​7175
• github.com/containerd/containerd: v1.7.23 -> v1.7.24
• github.com/fsnotify/fsnotify: v1.7.0 -> v1.8.0
• golang.org/x/net: v0.30.0 -> v0.33.0
• golang.org/x/time: v0.7.0 -> v0.8.0
• google.golang.org/grpc: v1.67.1 -> v1.69.2
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.53.0 -> v0.58.0
• go.opentelemetry.io/otel: v1.28.0 -> v1.33.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.28.0 -> v1.33.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.28.0 -> v1.33.0
• go.opentelemetry.io/otel/sdk: v1.28.0 -> v1.33.0
• go.opentelemetry.io/otel/trace: v1.28.0 -> v1.33.0

v0.70.0

Compare Source

This release contains a mix of features, performance improvements, and bugfixes.

Optimized read mode for OPA's in-memory store (#​7125)

A new optimized read mode has been added to the default in-memory store, where data written to the store is eagerly converted
to AST values (the data format used during evaluation). This removes the time spent converting raw data values to AST
during policy evaluation, thereby improving performance.

The memory footprint of the store will increase, as processed AST values generally take up more space in memory than the
corresponding raw data values, but overall memory usage of OPA might remain more stable over time, as pre-converted data
is shared across evaluations and isn't recomputed for each evaluation, which can cause spikes in memory usage.

This mode can be enabled for opa run, opa eval, and opa bench by setting the --optimize-store-for-read-speed flag.

More information about this feature can be found here.

Co-authored by @​johanfylling and @​ashutosh-narkar.

Topdown and Rego

• topdown: Use new Inter-Query Value Cache for json.match_schema built-in function (#​7011) authored by @​anderseknert reported by @​lcarva
• ast: Fix location text attribute for multi-value rules with generated body (#​7128) authored by @​anderseknert
• ast: Fix regression in opa check where a file that referenced non-provided schemas failed validation (#​7124) authored by @​tjons
• test/cases/testdata: Fix bug in test by replacing unification by explicit equality check (#​7093) authored by @​matajoh
• ast: Replace use of yaml.v2 library with yaml.v3. The earlier version would parse yes/no values as boolean. The usage of yaml.v2 in the parser was unintentional and now has been updated to yaml.v3 (#​7090) authored by @​anderseknert

Runtime, Tooling, SDK

• cmd: Make opa check respect --ignore when --bundle flag is set (#​7136) authored by @​anderseknert
• server/writer: Properly handle result encoding errors which earlier on failure would emit logs such as superfluous call to WriteHeader() while still returning 200 HTTP status code. Now, errors encoding the payload properly lead to 500 HTTP status code, without extra logs. Also use Header().Set() not Header().Add() to avoid duplicate content-type headers (#​7114) authored by @​srenatus
• cmd: Support file:// format for TLS key material file flags in opa run (#​7094) authored by @​alexrohozneanu
• plugins/rest/azure: Support managed identity for App Service / Container Apps (#​7085) reported and authored by @​apc-kamezaki
• debug: Fix step-over behaviour when exiting partial rules (#​7096) authored by @​johanfylling
• util+plugins: Fix potential memory leaks with explicit timer cancellation (#​7089) authored by @​philipaconrad

Docs, Website, Ecosystem

• docs: Fix OCI example with updated flag used by the ORAS CLI (#​7130) authored by @​b3n3d17
• docs: Delete Atom editor from supported editor integrations (#​7111) authored by @​KaranbirSingh7
• docs/website: Add Styra OPA ASP.NET Core SDK integration (#​7073) authored by @​philipaconrad
• docs/website: Update compatibility information on the rego-cpp integration (#​7078) authored by @​matajoh

Miscellaneous

• Dependency updates; notably:
  • build(deps): bump github.com/containerd/containerd from 1.7.22 to 1.7.23
  • build(deps): bump github.com/prometheus/client_golang from 1.20.4 to 1.20.5
  • build(deps): bump golang.org/x/net from 0.29.0 to 0.30.0
  • build(deps): bump golang.org/x/time from 0.6.0 to 0.7.0
  • build(deps): bump google.golang.org/grpc from 1.67.0 to 1.67.1

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.