Skip to content

Bump the backend group with 3 updates #4595

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the backend group with 3 updates #4595

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 1, 2025

Bumps the backend group with 3 updates: github.com/open-policy-agent/opa, github.com/tektoncd/pipeline and google.golang.org/api.

Updates github.com/open-policy-agent/opa from 1.9.0 to 1.10.0

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.10.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

  • Non-static arm64 executables for linux and darwin, supporting Wasm evaluation
  • Performance improvements to the formatter, compiler, and runtime
  • A new --fail-on-empty flag for opa test
  • Support for IS NOT NULL query statements in the Compile API

Non-static OPA binaries for linux/arm64 and darwin/arm64

Starting with this release, OPA will ship non-static arm64 executables for linux and darwin. These binaries have support for Wasm evaluation. Furthermore, the openpolicyagent/opa:latest docker image is a multi-platform image with arm64 support.

Runtime, Tooling

Compiler, Topdown and Rego

Docs, Website, Ecosystem

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.10.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

  • Non-static arm64 executables for linux and darwin
  • Performance improvements to the formatter, compiler, and runtime
  • A new --fail-on-empty flag for opa test
  • Support for IS NOT NULL query statements in the Compile API

Non-static OPA binaries for linux/arm64 and darwin/arm64

Starting with this release, OPA will ship non-static arm64 executables for linux and darwin. Furthermore, the openpolicyagent/opa:latest docker image is a multi-platform image with arm64 support.

Runtime, Tooling

Compiler, Topdown and Rego

Docs, Website, Ecosystem

... (truncated)

Commits
  • e6865c4 Prepare v1.10.0 release (#8002)
  • 9b1e774 Makefile: include linux/arm64 in DOCKER_PLATFORMS
  • fb4b7d9 docs: Moving CLI Reference to Operations in TOC (#8001)
  • c7746a0 docs: Address some broken anchors (#8000)
  • 4aa4554 website: Fix build issues (#7999)
  • 9a864c6 compile: add support for "any value at all", as IS NOT NULL (#7998)
  • 882b287 website: Show latest release rather than edge (#7988)
  • 087f942 docs: Update based on slack feedback (#7990)
  • 39044ba server/failtracer: don't assume only being fed two-elem calls
  • f5eeb07 Refactor hash key equality function (#7969)
  • Additional commits viewable in compare view

Updates github.com/tektoncd/pipeline from 1.5.0 to 1.6.0

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v1.6.0 "Sphynx Sentinels"

🎉 Resolvers caching, Pipeline in Pipeline, and better ARM64 support & tested releases 🎉

-Docs @ v1.6.0 -Examples @ v1.6.0

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.6.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a288ca8343f66259e4a615801fa37703480d82893d1c6a45a2935a6632beb4164

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a288ca8343f66259e4a615801fa37703480d82893d1c6a45a2935a6632beb4164
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.6.0/release.yaml
REKOR_UUID=108e9186e8c5677a288ca8343f66259e4a615801fa37703480d82893d1c6a45a2935a6632beb4164
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.6.0@sha256:" + .digest.sha256')
Download the release file
curl "$RELEASE_FILE" > release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ feat: implement shared cache for bundle, git, and cluster resolvers (#9051)

Support caching for bundle, git, and cluster resolvers, reducing redundant fetches and improving pipeline performance.

... (truncated)

Commits
  • fcba522 Added signal handling in SidecarLog results
  • b56477c tests: fix pinp tests
  • bd9274d feature: implement PinP reconciliation and tests
  • 50999b6 refactor: use knative configmap pattern for cache Config
  • 82f57b3 refactor: remove unused cacheConfigStore field from Reconciler
  • 1938f28 test: remove duplicate E2E tests and refactor common patterns
  • 6ac993e test: fix TestCacheConcurrentWrites race detector flakiness
  • d4377b5 test: add accessor methods and improve config change tests
  • b624d93 test: remove unnecessary tests in cache package
  • 765c14b test: merge resolver_cache_integration_test.go into resolver_cache_test.go
  • Additional commits viewable in compare view

Updates google.golang.org/api from 0.252.0 to 0.254.0

Release notes

Sourced from google.golang.org/api's releases.

v0.254.0

0.254.0 (2025-10-28)

Features

v0.253.0

0.253.0 (2025-10-22)

Features

Changelog

Sourced from google.golang.org/api's changelog.

0.254.0 (2025-10-28)

Features

0.253.0 (2025-10-22)

Features

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the backend group with 3 updates
8f4f470 
Bumps the backend group with 3 updates: [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa), [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) and [google.golang.org/api](https://github.com/googleapis/google-api-go-client).


Updates `github.com/open-policy-agent/opa` from 1.9.0 to 1.10.0
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](open-policy-agent/opa@v1.9.0...v1.10.0)

Updates `github.com/tektoncd/pipeline` from 1.5.0 to 1.6.0
- [Release notes](https://github.com/tektoncd/pipeline/releases)
- [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md)
- [Commits](tektoncd/pipeline@v1.5.0...v1.6.0)

Updates `google.golang.org/api` from 0.252.0 to 0.254.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.252.0...v0.254.0)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: github.com/tektoncd/pipeline
  dependency-version: 1.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
- dependency-name: google.golang.org/api
  dependency-version: 0.254.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: backend
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Nov 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant