Sourced from github.com/charmbracelet/lipgloss's releases.

v0.5.0

Laziness

Happy Valentines Day! Have you ever noticed that programming is the one field where laziness is totally awesome?

The big news in this release is that Lip Gloss will now wait until absolutely necessary to query for the terminal's background color. This was formerly a fairly heavy hit on the system, however it's been optimized to the point where we can now run it on demand. This, and some other major performance benefits, come from some acute improvements upstream in Termenv. For the low level details check out the release notes for the mighty Termenv v0.10.0 and v0.11.0 releases.

New

• Styles now have a Value() method for getting the underlying string value set with SetString() (thanks @​76creates) charmbracelet/lipgloss#66

Improved

• Lazily detect the background color charmbracelet/lipgloss#61
• Use termenv's EnvColorProfile, which respects NO_COLOR and CLICOLOR_FORCE env vars charmbracelet/lipgloss#64

Fixed

• Fix JoinVertical behavior for non-edge non-center alignments (thanks @​ryantriangles) charmbracelet/lipgloss#49

New Contributors

• @​maaslalani made their first contribution in charmbracelet/lipgloss#48
• @​stefanvanburen made their first contribution in charmbracelet/lipgloss#51
• @​ryantriangles made their first contribution in charmbracelet/lipgloss#49
• @​76creates made their first contribution in charmbracelet/lipgloss#66

Full Changelog: https://github.com/charmbracelet/lipgloss/compare/v0.4.0...v0.5.0

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or Slack.

• 514fa05 Fix and generally improve various doc comments
• 0a77f63 Add Value method (#66)
• f05ca49 Fix JoinVertical behavior for non-edge non-center alignments
• 526700f Use termenv to enable Windows virtual terminal processing
• 0ba6420 Use termenv's EnvColorProfile, which respects NO_COLOR and CLICOLOR_FORCE env...
• 8a90d5a Fix typo in AdaptiveColor's godoc comment
• bf2912e Bump termenv dependency
• b3934f5 Lazily detect background color setting
• 024177a Bump termenv to v0.11.0
• 7ec01f7 Bump termenv to v0.10.0
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/open-policy-agent/opa's releases.

v0.47.0

This release contains a mix of bugfixes, optimizations, and new features.

New Built-in Function: object.keys

It is now possible to conveniently retrieve an object's keys via a built-in function.

Before, you had to resort to constructs like

import future.keywords.in
keys[k] {
_ = input[k]
}
allow if "my_key" in keys

Now, you can simply do

import future.keywords.in
allow if "my_key" in object.keys(input)

See the documentation for all details.

Implemented by @​kevinswiber.

New Built-in Function: AWS Signature v4 Request Signing

It is now possible to use a built-in function to prepare a request with a signature, so that it can be used with AWS endpoints that use request signing for authentication.

See this example:

req := {"method": "get", "url": "https://examplebucket.s3.amazonaws.com/data"}
aws_config := {
    "aws_access_key": "MYAWSACCESSKEYGOESHERE",
    "aws_secret_access_key": "MYAWSSECRETACCESSKEYGOESHERE",
    "aws_service": "s3",
    "aws_region": "us-east-1",
}
example_verify_resource {
    resp := http.send(providers.aws.sign_req(req, aws_config, time.now_ns()))
    # process response from AWS ...
}

... (truncated)

Sourced from github.com/open-policy-agent/opa's changelog.

0.47.0

This release contains a mix of bugfixes, optimizations, and new features.

New Built-in Function: object.keys

It is now possible to conveniently retrieve an object's keys via a built-in function.

Before, you had to resort to constructs like

import future.keywords.in
keys[k] {
_ = input[k]
}
allow if "my_key" in keys

Now, you can simply do

import future.keywords.in
allow if "my_key" in object.keys(input)

See the documentation for all details.

Implemented by @​kevinswiber.

New Built-in Function: AWS Signature v4 Request Signing

It is now possible to use a built-in function to prepare a request with a signature, so that it can be used with AWS endpoints that use request signing for authentication.

See this example:

req := {"method": "get", "url": "https://examplebucket.s3.amazonaws.com/data"}
aws_config := {
    "aws_access_key": "MYAWSACCESSKEYGOESHERE",
    "aws_secret_access_key": "MYAWSSECRETACCESSKEYGOESHERE",
    "aws_service": "s3",
    "aws_region": "us-east-1",
}
example_verify_resource {
    resp := http.send(providers.aws.sign_req(req, aws_config, time.now_ns()))
</tr></table> 

... (truncated)

• 09019be Prepare v0.47.0 release (#5431)
• 009a954 docs: update integration page (#5434)
• 6798ec7 build(deps): bump wasmtime-go to v3 (#5422)
• 9354f89 ast/parser: fresh wildcards for chained function heads (#5426)
• 50b9a9d json.patch: update docs to include behavior with sets (#5427)
• 7540f11 ast/parser: fix else handling with ref heads (#5425)
• 00f91dd website/edge: fix badge function schemaVersion (#5424)
• e681a16 website: experiment with badge endpoint (#5423)
• 518507b server: differentiate between missing and undefined doc in default decision (...
• d0026f4 add easegress to ecosystem (#5421)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/AlecAivazis/survey/v2's releases.

v2.3.5

No release notes provided.

v2.3.4

What's Changed

• Fix Survey output on Windows by @​mislav in AlecAivazis/survey#413
• Add terminal.Cursor error handling on Windows by @​mislav in AlecAivazis/survey#414

Full Changelog: https://github.com/AlecAivazis/survey/compare/v2.3.3...v2.3.4

v2.3.3

No release notes provided.

• e47352f Fix README formatting for select descriptions (#426)
• c2be27f Added an option to add a comment to every select's option (#418)
• 93657ef Enable compilation under Go 1.18 (#417)
• 459523e Add terminal.Cursor error handling on Windows (#414)
• 6cbb195 Fix Survey output on Windows (#413)
• c07023a Skip vi-dependent tests when there is no vi in PATH (#397)
• 099a968 Fix multiple validator inconsistency (#401)
• 1b28f27 fix: ensure terminal has required read settings in non-canonical mode (#409)
• bcabe24 Stricter error handling in tests (#404)
• 3cabaff Drop proprietary runner dependency in favor of go tooling (#403)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from tailscale.com's releases.

1.20.1

Fix a potential deadlock in handling the DERPmap.

1.20.0

All Platforms

• New: When using an exit node, DNS queries will be forwarded to the exit node for resolution
• New: tailscaled now allows running the outgoing SOCKS5 and HTTP proxies on the same port.
• New: SOCKS5/HTTP proxies now allow connecting via subnet routers & exit nodes when run in userspace-networking mode
• New: More debug metrics available
• New: tailscale ip -1 flag
• New: CLI now lets you select exit node by name
• New: CLI now shows you which nodes are offering exit nodes
• New: CLI now refuses to let you pick an invalid exit node (when connected)
• New: Packet filter now supports matching any IP protocol number when enabled in ACLs (previously only TCP, UDP, ICMP and SCTP)
• New: Added Online boolean to tailscale status --json, made tailscale status show offline nodes
• New: Added tailscale up --json
• Fixed: MagicDNS now works over IPv6 when CGNAT IPv4 is disabled using DisableIPv4: true in ACL
• Fixed: choose a new DERP if the current DERP is removed from the DERPmap
• Fixed: bug fixes, cleanups, log spam reduction

Linux

• Changed: tailscale file cp sends via the local tailscaled now, so it now supports tailscaled running in tun-free, userspace-networking mode (such as on Synology DSM7 unless you enable TUN mode)

Windows

• New: GUI support for running an exit node

macOS

• New: GUI support for running an exit node

iOS

• Changed: Send heartbeats less often, to conserve battery

Android

• New: Talkback support
• New: Menu selection to generate a bug report
• New: "Allow LAN Access" checkbox in Exit Node menu
• Changed: Send heartbeats less often, to conserve battery
• Changed: implement DNS config reporting, no longer require fallback DNS to be configured in admin panel
• Fixed: Report in the UI when connectivity is lost; this functionality was present but broken in prior releases

FreeBSD

• Fixed: Now supports running in a jail (if devd isn't available, it falls back to network status polling mode)

• 88c4bde VERSION.txt: this is v1.20.1
• 7052c6f wgengine/magicsock: fix lock ordering deadlock with derphttp
• e510abc net/dnscache: don't cancel the TLS context before writing to the result channel.
• 958917d VERSION.txt: this is v1.20.0
• 7c1a1aa tailcfg: no-op bump of MapRequest.Version
• 90423bf wgengine/netstack: make userspace ping work when tailscaled has CAP_NET_RAW
• 0028a8d cmd/tailscale/cli/web: fix typo where the html template data was being
• 8519cab net/dns/resolver: handle tabs as whitespace when ExitDNS parses resolv.conf
• 4cd0620 net/netns: remove a useless probe of the "ip" command
• 04a7f50 cmd/tailscale: let 'tailscale up --reset' do a pref edit
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/open-policy-agent/opa's releases.

v0.36.0

This release contains a number of fixes and enhancements.

OpenTelemetry and opa exec

This release adds OpenTelemetry support to OPA. This makes it possible to emit spans to an OpenTelemetry collector via gRPC on both incoming and outgoing (i.e. http.send) calls in the server. See the updated docs on monitoring for more information and configuration options (#1469 authored by @​rvalkenaers)

This release also adds a new opa exec command for doing one-off evaluations of policy against input similar to opa eval, but using the full capabilities of the server (config file, plugins, etc). This is particularly useful in contexts such as CI/CD or when enforcing policy for infrastructure as code, where one might want to run OPA with remote bundles and decision logs but without having a running server. See the updated docs on Terraform for an example use case. (#3525)

Built-in Functions

• Four new functions for working with HMAC (crypto.hmac.md5, crypto.hmac.sha1, crypto.hmac.sha256, and crypto.hmac.sha512) was added (#1740 reported by @​jshaw86)
• array.reverse(array) and strings.reverse(string) was added for reversing arrays and strings (#3736 authored by @​kristiansvalland and @​olamiko)
• The http.send built-in function now uses a metric for counting inter-query cache hits (#4023 authored by @​mirayadav)
• An overflow issue with dates very far in the future has been fixed in the time.* built-in functions (#4098 reported by @​morgante)

Tooling

• A problem with future keyword import of in was fixed for opa fmt (#4111, reported by @​keshavprasadms)
• An issue with opa fmt when refs contained operators was fixed (authored by @​jaspervdj-luminal)
• Fix file renaming check in optimization using opa build (authored by @​davidmarne-wf)
• The allow_net capability was added, allowing setting limits on what hosts can be reached in built-ins like http.send and net.lookup_ip_addr (#3665)

Server

• A new credential provider for AWS credential files was added (#2786 reported by @​rgueldem)
• The new --tls-cert-refresh-period flag can now be provided to opa run. If used with a positive duration, such as "5m" (5 minutes), "24h", etc, the server will track the certificate and key files' contents. When their content changes, the certificates will be reloaded (#2500 reported by @​patoarvizu)
• A new v1/status endpoint was added, providing the same data as the status plugin would send to a remote endpoint (#4089)
• The HTTP router of OPA is now exposed to the plugin manager (#2777 authored by @​bhoriuchi reported by @​mneil)
• Calling print now works in decision masking policies
• An unintended switch between long/regular polling on 304 HTTP status was fixed (#3923 authored by @​floriangasc)
• The error message about prohibited config in the discovery plugin has been improved
• The discovery plugin no longer panics in Trigger() if downloader is nil
• The bundle plugin now ignores service errors for file:// resources
• The bundle plugin file loader was updated to support directories
• A timer to HTTP request was added to the downloader
• The requested_by field in the logging plugin is now optional

Rego

• The error message raised when using - with a number and a set is now more specific (as opposed to the correct usage with two sets, or two numbers) (#1643)

• Fixed an edge case when using print and arrays in unification (#4078)

• Improved performance of some array operations by caching an array's groundness bit (#3679)

• ⚠️ Stricter check of arity in undefined function stage (#4054). This change will fail evaluation in some unusual cases where it previously would succeed, but these policies should be very uncommon.

  An example policy that previously would succeed but no longer will (wrong arity):

... (truncated)

Sourced from github.com/open-policy-agent/opa's changelog.

0.36.0

This release contains a number of fixes and enhancements.

OpenTelemetry and opa exec

This release adds OpenTelemetry support to OPA. This makes it possible to emit spans to an OpenTelemetry collector via gRPC on both incoming and outgoing (i.e. http.send) calls in the server. See the updated docs on monitoring for more information and configuration options (#1469) authored by @rvalkenaers

This release also adds a new opa exec command for doing one-off evaluations of policy against input similar to opa eval, but using the full capabilities of the server (config file, plugins, etc). This is particularly useful in contexts such as CI/CD or when enforcing policy for infrastructure as code, where one might want to run OPA with remote bundles and decision logs but without having a running server. See the updated docs on Terraform for an example use case. (#3525)

Built-in Functions

• Four new functions for working with HMAC (crypto.hmac.md5, crypto.hmac.sha1, crypto.hmac.sha256, and crypto.hmac.sha512) was added (#1740) reported by @jshaw86
• array.reverse(array) and strings.reverse(string) was added for reversing arrays and strings (#3736) authored by @kristiansvalland and @olamiko
• The http.send built-in function now uses a metric for counting inter-query cache hits (#4023) authored by @mirayadav
• An overflow issue with dates very far in the future has been fixed in the time.* built-in functions (#4098) reported by @morgante

Tooling

• A problem with future keyword import of in was fixed for opa fmt (#4111) reported by @keshavprasadms
• An issue with opa fmt when refs contained operators was fixed (authored by @jaspervdj-luminal)
• Fix file renaming check in optimization using opa build (authored by @davidmarne-wf)
• The allow_net capability was added, allowing setting limits on what hosts can be reached in built-ins like http.send and net.lookup_ip_addr (#3665)

Server

• A new credential provider for AWS credential files was added (#2786) reported by @rgueldem
• The new --tls-cert-refresh-period flag can now be provided to opa run. If used with a positive duration, such as "5m" (5 minutes), "24h", etc, the server will track the certificate and key files' contents. When their content changes, the certificates will be reloaded (#2500) reported by @patoarvizu
• A new v1/status endpoint was added, providing the same data as the status plugin would send to a remote endpoint (#4089)
• The HTTP router of OPA is now exposed to the plugin manager (#2777) authored by @bhoriuchi reported by @mneil
• Calling print now works in decision masking policies
• An unintended switch between long/regular polling on 304 HTTP status was fixed (#3923) authored by @floriangasc
• The error message about prohibited config in the discovery plugin has been improved
• The discovery plugin no longer panics in Trigger() if downloader is nil
• The bundle plugin now ignores service errors for file:// resources
• The bundle plugin file loader was updated to support directories
• A timer to HTTP request was added to the downloader
• The requested_by field in the logging plugin is now optional

Rego

... (truncated)

• c2b2c62 Prepare v0.36.0 release (#4178)
• 0ddf1db Add Open Service Mesh to ecosystem (#4171)
• 06664d0 ci: Update golangci-lint to v1.43.0 (#4173)
• 31422b4 wasm: Update generated binaries
• 6f81c4a Add array.reverse(array) and strings.reverse(string) built-in functions. ...
• 328ffcd docs/website add blog links for apisix blog (#4168)
• 48b8be3 Check PR for mistakes in ecosystem page change (#4164)
• 83eaed4 docs: Update terraform tutorial to use opa exec
• 55b053b cmd/exec: Add new exec subcommand
• a1aba34 plugins/bundle: update file loader to support directories
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from tailscale.com's releases.

1.18.2

Bugfixes

All Platforms

• make exit node selection take effect (almost) immediately
• permit protocols other than TCP+UDP if ACL allows *

Linux

• in DNS DirectManager, allow comments at the end of a line
• don't get stuck waiting for systemd-resolved if we mis-estimated the DNS manager

Synology

• fix receiving taildrop files

v1.18.1

• Linux-only release to fix some regressions on some kernel configs related to our direct use of netlink rather than using the ip command to program routes and policy routing.

1.18.0

Platform independent

• Improve UPnP discovery; eero devices now work, allowing a port to be opened for direct connections (also in 1.16.2)
• If unable to upload telemetry, limit amount buffered to 50MB
• Retry more transient DNS errors, instead of passing the failure back to the client
• fix state machine transition regarding expired key extension
• the tailscaled debug server now exports Prometheus metrics at /debug/metrics

Linux

• Support storing Tailscale state using AWS SSM (ex: tailscaled -state arn:aws:ssm:eu-west-1:123456789:parameter/foo) (thank you Maxime VISONNEAU)
• use AF_NETLINK messages to configure IP, not the ip command. Set TS_DEBUG_USE_IP_COMMAND environment variable to revert to use of /sbin/ip if this breaks your device.
• if resolvconf wrote /etc/resolv.conf but pointed it to systemd-resolved, use systemd-resolved for DNS not resolvconf
• if NetworkManager wrote /etc/resolv.conf but pointed it to systemd-resolved, use systemd-resolved for DNS not NetworkManager
• handle /etc/resolv.conf being a bind mount into a container, such that we cannot rename() it.
• work around Ubuntu 18.04 setLinkDomain length limit by omitting reverse lookup information
• make /etc/resolv.conf parse to the end of the comment section, not use the first match it finds

iOS

• on iOS 15+, where Network Extensions have more memory available, allow the same number of DNS-over-HTTPS requests in flight as other platforms

Synology

• only use AmbientCaps on DSM7+
• add an exit node enable checkbox in the web login form

1.16.2

• Fix UPnP discovery for certain Wi-Fi routers, notably eero tailscale/tailscale#3197
• Limit log buffer size on disk, for example if uploads are blocked

1.16.1

General improvements

• Resolve connectivity issue where a DISCO key was assumed to map to one node when in reality it could be any of several nodes.

Platform specific

... (truncated)

• b04815c VERSION.txt: this is v1.18.2
• e67182d cmd/tailscaled: fix windows logtail integration
• d4fd80c net/tshttpproxy: use correct size for Windows BOOL argument
• 71be839 net/portmapper: improve handling of UPnP parse errors
• 3221078 net/dns: fix checking for wrapped error when attempting to read wsl.conf for ...
• 3d99375 cmd/tailscale: clarify which prefless flags don't need revert protection
• 972bccc wgengine/filter: let unknown IPProto match if IP okay & match allows all ports
• 6c44133 ipn/{ipnserver,ipnlocal}: support incoming Taildrop on Synology
• 2d64046 net/dns: bound how long we block looking for, restarting systemd-resolved
• 7d6407a wgengine/router{windows}: return the output from the firewallTweaker
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/authzed/spicedb's releases.

v1.4.0

Changelog

NOTE: This change includes a security fix for a vulnerability introduced in v1.3.0. All users of v1.3.0 should update to this version. See the security advisory for more information.

Full Changelog: https://github.com/authzed/spicedb/compare/v1.3.0...v1.4.0

• Fixes for security advisory: https://github.com/authzed/spicedb/commit/15bba2e2d2a4bda336a37a7fe8ef8a35028cd970
• Fix formatting by @​josephschorr in authzed/spicedb#374
• Fix linter for many packages by @​jzelinskie in authzed/spicedb#352
• Report CLI configurations errors to RunE by @​bryanhuhta in authzed/spicedb#351
• Update to the latest branched version of ristretto by @​josephschorr in authzed/spicedb#354

What's Changed

• balancer: protect rand source with a mutex by @​ecordell in authzed/spicedb#353
• bump authzed-go to 0.4.1 by @​ecordell in authzed/spicedb#371
• bump dependencies by @​ecordell in authzed/spicedb#364
• bump dependencies by @​ecordell in authzed/spicedb#368
• crdb: touch overlap key on namespace write by @​ecordell in authzed/spicedb#357
• e2e: fill schema with many namespaces to span ranges by @​ecordell in authzed/spicedb#349
• fix head command: flag named inconsistently by @​ecordell in authzed/spicedb#369
• pkg/testutil: ensure types in RequireEqualEmptyNil by @​jzelinskie in authzed/spicedb#355

Docker Images

This release is available at quay.io/authzed/spicedb:v1.4.0 and ghcr.io/authzed/spicedb:v1.4.0

v1.3.0

WARNING: This release contains a security issue as described in the security advisory. All users are requested to update to at least version v1.4.0 to remediate.

Feature Highlights

• Namespaces are now versioned internally, guaranteeing consistency during schema upgrades
• A wildcard can be specified to allow any object to have a relationship

What's Changed

• goreleaser: fix tag in docker release notes by @​jzelinskie in authzed/spicedb#316
• Pin version of watchmaker in e2e tests by @​ecordell in authzed/spicedb#322
• internal/dispatch: extract combined dispatcher by @​jzelinskie in authzed/spicedb#321
• Memdb datastore MVCC improvements by @​jakedt in authzed/spicedb#319
• Simplify datastore construction by @​ecordell in authzed/spicedb#317
• Export CLI commands as a library by @​jzelinskie in authzed/spicedb#325
• Remove e2e timeout by @​ecordell in authzed/spicedb#328
• pkg/cmd: root programName and share ExampleServe by @​jzelinskie in authzed/spicedb#327
• Log revision skew values by @​samkim in authzed/spicedb#324
• internal/dispatch: return cachingRedispatch by @​jzelinskie in authzed/spicedb#333
• fix: copy max lifetime when passing options to the datastore by @​ecordell in authzed/spicedb#334
• Versioned namespaces by @​jakedt in authzed/spicedb#332
• fix: skip comments when loading test relationships by @​bryanhuhta in authzed/spicedb#335
• Add rebase squash to contributing guidelines by @​josephschorr in authzed/spicedb#337
• Disable e2e github step by @​samkim in authzed/spicedb#341
• optimize reading of namespaces by @​jakedt in authzed/spicedb#342
• test v0 preconditions in parallel by @​jakedt in authzed/spicedb#343

... (truncated)

• d1b6877 Merge pull request #374 from josephschorr/fix-formatting
• 883fc2c Fixes for lint issues
• 15bba2e Merge pull request from GHSA-7p8f-8hjm-wm92
• 635b575 Update tooling and testing to properly handle wildcards
• ae5d23b Update membershipset to handle wildcards
• d1c7514 SECURITY FIX: Ensure wildcard is properly handled in Lookup
• 62e88f2 Update UserSet to a SubjectSet that can handle wildcards
• d002401 Merge pull request #371 from ecordell/3char
• 0b0c9ce remove unused validation package
• 2f1948c bump authzed-go to 0.4.1
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 9a63e29 Merge pull request #64952 from rafiss/release-20.1
• c4aec65 Merge pull request #64126 from koorosh/backport20.1-56591
• 885f9f4 ui: fix Overview screen in OSS builds
• 006a72f roachtest: disable pgx test
• 3ae6b59 Merge pull request #64604 from erikgrinaker/backport20.1-64471
• 733ad65 kvserver: synchronize replica removal with read-write requests
• 1a0b6fa Merge pull request #64568 from nvanbenschoten/backport20.1-56860
• ae2ef96 Merge pull request #64498 from jbowens/jackson/release-20.1-sync
• 145b011 kv: prioritize NodeLiveness Range in Raft scheduler
• e1c93b1 kv: cap COCKROACH_SCHEDULER_CONCURRENCY at 96
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/open-policy-agent/opa's releases.

v0.47.4

This is a bug fix release addressing a panic in opa test.

• tester/runner: Fix panic'ing case in utility function. (#5496)

v0.47.3

This is a bug fix release addressing an issue that prevented OPA from fetching bundles stored in S3 buckets.

• providers/aws: Refactor + fix 2x Authorization header append issue. (#5472)

v0.47.2

This is a second security fix to address CVE-2022-41717/GO-2022-1144.

We previously believed that upgrading the Golang version and its stdlib would be sufficient to address the problem. It turns out we also need to bump the x/net dependency to v0.4.0., a version that hadn't existed when v0.46.2 was released.

This release bumps the golang.org/x/net dependency to v0.4.0, and contains no other changes over v0.46.2.

Note that the affected code is OPA's HTTP server. So if you're using OPA as a Golang library, or if your confident that your OPA's HTTP interface is protected by other means (as it should be -- not exposed to the public internet), you're OK.

v0.47.1

This is a bug fix release addressing two issues: one security issue, and one bug related to formatting backwards-compatibility.

Golang security fix CVE-2022-41717

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests.

Since we advise against running an OPA service exposed to the general public of the internet, potential attackers would be limited to people that are already capable of sending direct requests to the OPA service.

opa fmt and backwards compatibility (#5449)

In v0.46.1, it was possible that opa fmt would format a rule in such a way that:

1. Before formatting, it was working fine with older OPA versions, and
2. after formatting, it would only work with OPA version >= 0.46.1.

This backwards incompatibility wasn't intended, and has now been fixed.

v0.47.0

This release contains a mix of bugfixes, optimizations, and new features.

New Built-in Function: object.keys

... (truncated)

Sourced from github.com/open-policy-agent/opa's changelog.

0.47.4

This is a bug fix release addressing a panic in opa test.

• tester/runner: Fix panic'ing case in utility function. (#5496) authored by @​philipaconrad

0.47.3

This is a bug fix release addressing an issue that prevented OPA from fetching bundles stored in S3 buckets.

• providers/aws: Refactor + fix 2x Authorization header append issue. (#5472) authored by @​philipaconrad, reported by @​Hiieu

0.47.2 and 0.46.3

This is a second security fix to address CVE-2022-41717/GO-2022-1144.

We previously believed that upgrading the Golang version and its stdlib would be sufficient to address the problem. It turns out we also need to bump the x/net dependency to v0.4.0., a version that hadn't existed when v0.46.2 was released.

This release bumps the golang.org/x/net dependency to v0.4.0, and contains no other changes over v0.46.2.

Note that the affected code is OPA's HTTP server. So if you're using OPA as a Golang library, or if your confident that your OPA's HTTP interface is protected by other means (as it should be -- not exposed to the public internet), you're OK.

0.47.1 and 0.46.2

This is a bug fix release addressing two issues: one security issue, and one bug related to formatting backwards-compatibility.

Golang security fix CVE-2022-41717

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests.

Since we advise against running an OPA service exposed to the general public of the internet, potential attackers would be limited to people that are already capable of sending direct requests to the OPA service.

opa fmt and backwards compatibility (#5449)

In v0.46.1, it was possible that opa fmt would format a rule in such a way that:

1. Before formatting, it was working fine with older OPA versions, and
2. after formatting, it would only work with OPA version >= 0.46.1.

This backwards incompatibility wasn't intended, and has now been fixed.

0.47.0

... (truncated)

• 9b7c1c3 Prepare v0.47.4 release
• aba5e3a tester/runner: Fix panic'ing case in utility function. (#5497)
• 764b042 Prepare v0.47.3 release
• 1559c39 providers/aws: Refactor + Fix 2x Authorization header append issue. (#5475)
• 165bfe5 Prepare v0.47.2 release
• 20a68f7 build(deps): bump golang.org/x/net to v0.4.0 (#5464)
• 20f2b04 Prepare Release v0.47.1
• bd461d9 format: only use ref heads for all rule heads if necessary (#5450)
• 828872a build: bump golang 1.19.3 -> 1.19.4 (#5448)
• 09019be Prepare v0.47.0 release (#5431)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/99designs/keyring's releases.

v1.2.2

Fixed

• Fix nil pointer access #116
• Return ErrKeyNotFound when removing missing keychain items #113

• 929f178 More linting fixes
• 952a23c Bump go version
• d4b3808 Fix linting issues
• 1022759 Merge pull request #113 from georgijd-form3/patch-1
• e63f6a1 Merge pull request #116 from Scapal/patch-1
• cd7fe6c Update file.go
• 590d15a Fix nil pointer access
• f78ca73 Update keychain.go
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 97ca0e3 go.mod: update golang.org/x dependencies
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)