Skip to content

chore(deps): bump the common group with 4 updates#10946

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/common-eccb2e418d
Open

chore(deps): bump the common group with 4 updates#10946
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/common-eccb2e418d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the common group with 4 updates: github.com/open-policy-agent/opa, github.com/sigstore/rekor, golang.org/x/sync and golang.org/x/text.

Updates github.com/open-policy-agent/opa from 1.18.0 to 1.18.2

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.18.2

This release includes a bug fix for a opa fmt regression introduced in v1.18.0.

The original fix for #8557 had the formatter enforce newlines in single-item collections (arrays, objects, sets) rather than merely honoring existing ones. As a result, running opa fmt on already-formatted policies could introduce a large number of unwanted changes. This patch release restores the intended behavior: only newlines already present in the source determine whether a single-item collection is formatted on one line or across multiple lines.

Fixes

v1.18.1

This release fixes a memory leak introduced in OPA v1.17.0. It is advised to update if you notice excess memory usage when running OPA server.

Fixes

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.18.2

This release includes a bug fix for a opa fmt regression introduced in v1.18.0.

The original fix for #8557 had the formatter enforce newlines in single-item collections (arrays, objects, sets) rather than merely honoring existing ones. As a result, running opa fmt on already-formatted policies could introduce a large number of unwanted changes. This patch release restores the intended behavior: only newlines already present in the source determine whether a single-item collection is formatted on one line or across multiple lines.

Fixes

1.18.1

This release fixes a memory leak introduced in OPA v1.17.0. It is advised to update if you notice excess memory usage when running OPA server.

Fixes

Commits

Updates github.com/sigstore/rekor from 1.5.2 to 1.5.3

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.5.3

Changelog

  • 7d9dcffcc27c4912e7d17fc768db01aa2d5cf26c Changelog for v1.5.3 (#2871)
  • f230638c11a77e26bcef2bd2d502623527c23397 Use bytes.Equal for inclusion proof root hash comparison (#2861)
  • 747226830b6888555f2ed195d65c592e85a5cfb1 return 499 if client disconnects instead of 500 (#2870)
  • 792221be80dedadc9f41ae5975ac2b5b5d9a6921 build(deps): Bump google.golang.org/grpc from 1.80.0 to 1.82.0 (#2859)
  • 912dda344477c9c2ce0782731553a8fc0b76c58d build(deps): Bump the all group across 1 directory with 7 updates (#2869)
  • 0f9921df54391f4936eae6753a13cacb6e0d659a Change max upperbound on latency metrics (#2868)
  • 322a3f2cd78f0ada4901f68c56e4a8bb86e0e609 build(deps): Bump golang from 87a41d2 to f96cc55 (#2855)
  • e997a8abe2f187b316bba229171b83d474136a90 build(deps): Bump actions/checkout from 6.0.3 to 7.0.0 (#2857)
  • 4444582076ed0bd3071ab5c1044426fdccf855c3 build(deps): Bump golang.org/x/net from 0.52.0 to 0.55.0 in /hack/tools (#2866)
  • f81061c497f66244d6f3f45b9f1c4b009defb6c4 Move fuzz into its own workflow (#2865)
  • 1a2f3f22a7e4e0033411b587f792b09e17bbd56c build(deps): Bump google.com/cloudsdktool/google-cloud-cli (#2862)
  • cf8f143d98a2476d4b0bc476a4ceeec6032a5807 build(deps): Bump the all group with 2 updates (#2863)
  • 4e6fd6005a6c006c3f0bc644df9bb9b1b0bd1128 build(deps): Bump the all group across 1 directory with 11 updates
  • 088835b8916af4554020909b34d692b67cf583e6 build(deps): Bump golang in the all group across 1 directory
  • 37eb42417790461684d34aa79f505f41dc9e95b7 build(deps): Bump the all group across 1 directory with 2 updates
  • bbc0f78d46da013db889a10947f57c47c9339952 build(deps): Bump google.com/cloudsdktool/google-cloud-cli
  • 32e68681ada478a959d7786cbe7966e06197bff0 build(deps): Bump codecov/codecov-action from 6.0.1 to 7.0.0
  • 400f8d54e79cf8438cdfaa4a21a23f72250d9152 build(deps): Bump github.com/go-openapi/loads from 0.23.3 to 0.24.0
  • a2d42d58996106e40ba7d163892a8cfe3797df6c build(deps): Bump github.com/redis/go-redis/v9 from 9.18.0 to 9.20.0
  • e1e207b3a3c7fd2d1391ac0e0e92d0d6b2c616f3 build(deps): Bump github.com/go-openapi/runtime from 0.29.4 to 0.32.2
  • 128ebabceab62c82a4cc7308fb18ef476100fcf7 build(deps): Bump golang from 313faae to 2d6c802
  • 6c9dd721e4500dc56b8bf3d70cf4af31ed058dbd build(deps): Bump golang.org/x/net from 0.53.0 to 0.55.0
  • 65c104c47b03ca8f487464c417782452bfef8add build(deps): Bump the all group across 1 directory with 4 updates
  • 6e4daae2da593cd88729e3de1d531c50cd8c5dee build(deps): Bump google.com/cloudsdktool/google-cloud-cli
  • adebc681c70eef419c71aa33f7ed8d85dddf878c update builder to use go1.26.3

Thanks for all contributors!

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.5.3

Features

  • return 499 when clients disconnect instead of 500 (#2870)

Improvements

  • Change max upperbound on latency metrics (#2868)
Commits
  • 7d9dcff Changelog for v1.5.3 (#2871)
  • f230638 Use bytes.Equal for inclusion proof root hash comparison (#2861)
  • 7472268 return 499 if client disconnects instead of 500 (#2870)
  • 792221b build(deps): Bump google.golang.org/grpc from 1.80.0 to 1.82.0 (#2859)
  • 912dda3 build(deps): Bump the all group across 1 directory with 7 updates (#2869)
  • 0f9921d Change max upperbound on latency metrics (#2868)
  • 322a3f2 build(deps): Bump golang from 87a41d2 to f96cc55 (#2855)
  • e997a8a build(deps): Bump actions/checkout from 6.0.3 to 7.0.0 (#2857)
  • 4444582 build(deps): Bump golang.org/x/net from 0.52.0 to 0.55.0 in /hack/tools (#2866)
  • f81061c Move fuzz into its own workflow (#2865)
  • Additional commits viewable in compare view

Updates golang.org/x/sync from 0.21.0 to 0.22.0

Commits

Updates golang.org/x/text from 0.38.0 to 0.39.0

Commits
  • b326f3d go.mod: update golang.org/x dependencies
  • 5ae8e57 unicode/norm: avoid infinite loop on invalid input
  • 0dc94a2 all: fix some comments
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the common group with 4 updates: [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa), [github.com/sigstore/rekor](https://github.com/sigstore/rekor), [golang.org/x/sync](https://github.com/golang/sync) and [golang.org/x/text](https://github.com/golang/text).


Updates `github.com/open-policy-agent/opa` from 1.18.0 to 1.18.2
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](open-policy-agent/opa@v1.18.0...v1.18.2)

Updates `github.com/sigstore/rekor` from 1.5.2 to 1.5.3
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](sigstore/rekor@v1.5.2...v1.5.3)

Updates `golang.org/x/sync` from 0.21.0 to 0.22.0
- [Commits](golang/sync@v0.21.0...v0.22.0)

Updates `golang.org/x/text` from 0.38.0 to 0.39.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.38.0...v0.39.0)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.18.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: common
- dependency-name: golang.org/x/sync
  dependency-version: 0.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
- dependency-name: golang.org/x/text
  dependency-version: 0.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: common
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 9, 2026
@dependabot dependabot Bot requested a review from knqyf263 as a code owner July 9, 2026 14:44
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 9, 2026
@dependabot dependabot Bot requested a review from DmitriyLewen as a code owner July 9, 2026 14:44
@dependabot dependabot Bot added the go Pull requests that update go code label Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants