Bump github.com/open-policy-agent/opa from 0.35.0 to 0.41.0

[dependabot]

Bumps github.com/open-policy-agent/opa from 0.35.0 to 0.41.0.

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v0.41.0

This release contains a number of fixes and enhancements.

GraphQL Built-in Functions

A new set of built-in functions are now available to validate, parse and verify GraphQL query and schema! Following are the new built-ins:

graphql.is_valid: Checks that a GraphQL query is valid against a given schema
graphql.parse: Returns AST objects for a given GraphQL query and schema
graphql.parse_and_verify: Returns a boolean indicating success or failure alongside the parsed ASTs for a given GraphQL query and schema
graphql.parse_query: Returns an AST object for a GraphQL query
graphql.parse_schema: Returns an AST object for a GraphQL schema

Built-in Function Metadata

Built-in function declarations now support additional metadata to specify name and description for function arguments and return values. The metadata can be programmatically consumed by external tools such as IDE plugins. The built-in function documentation is created using the new built-in function metadata. Check out the new look of the Built-In Reference page!

Under the hood, a new file called builtins_metadata.json is generated via make generate which can be consumed by external tools.

Tooling, SDK, and Runtime

• OCI Downloader: Add logic to skip bundle reloading based on the digest of the OCI artifact (#4637) authored by @​carabasdaniel
• Bundles: Exclude empty manifest from bundle signature (#4712) authored by @​friedrichsenm reported by @​friedrichsenm

Rego and Topdown

• units.parse: New built-in for parsing standard metric decimal and binary SI units (e.g., K, Ki, M, Mi, G, Gi)
• format: Fix opa fmt location for non-key rules (#4695) (authored by @​jaspervdj)
• token: Ignore keys of unknown alg when verifying JWTs with JWKS (#4699) reported by @​lenalebt

Documentation

• Adding Built-in Functions: Add note about capabilities.json while creating a new built-in function
• Policy Reference: Add example for rego.metadata.rule() built-in function
• Policy Reference: Fix grammar for import keyword (#4689) authored by @​mmzeeman reported by @​mmzeeman
• Security: Fix command line flag name for file containing the TLS certificate (#4678) authored by @​pramodak reported by @​pramodak

Website + Ecosystem

• Update Kubernetes policy examples on the website to use latest kubernetes schema (apiVersion: admission.k8s.io/v1) (authored by @​vicmarbev)
• Ecosystem:
  • Add Sansshell (authored by @​sfc-gh-jchacon)
  • Add Nginx

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

0.41.0

This release contains a number of fixes and enhancements.

GraphQL Built-in Functions

A new set of built-in functions are now available to validate, parse and verify GraphQL query and schema! Following are the new built-ins:

graphql.is_valid: Checks that a GraphQL query is valid against a given schema
graphql.parse: Returns AST objects for a given GraphQL query and schema
graphql.parse_and_verify: Returns a boolean indicating success or failure alongside the parsed ASTs for a given GraphQL query and schema
graphql.parse_query: Returns an AST object for a GraphQL query
graphql.parse_schema: Returns an AST object for a GraphQL schema

Built-in Function Metadata

Built-in function declarations now support additional metadata to specify name and description for function arguments and return values. The metadata can be programmatically consumed by external tools such as IDE plugins. The built-in function documentation is created using the new built-in function metadata. Check out the new look of the Built-In Reference page!

Under the hood, a new file called builtins_metadata.json is generated via make generate which can be consumed by external tools.

Tooling, SDK, and Runtime

• OCI Downloader: Add logic to skip bundle reloading based on the digest of the OCI artifact (#4637) authored by @​carabasdaniel
• Bundles: Exclude empty manifest from bundle signature (#4712) authored by @​friedrichsenm reported by @​friedrichsenm

Rego and Topdown

• units.parse: New built-in for parsing standard metric decimal and binary SI units (e.g., K, Ki, M, Mi, G, Gi)
• format: Fix opa fmt location for non-key rules (#4695) (authored by @​jaspervdj)
• token: Ignore keys of unknown alg when verifying JWTs with JWKS (#4699) reported by @​lenalebt

Documentation

• Adding Built-in Functions: Add note about capabilities.json while creating a new built-in function
• Policy Reference: Add example for rego.metadata.rule() built-in function
• Policy Reference: Fix grammar for import keyword (#4689) authored by @​mmzeeman reported by @​mmzeeman
• Security: Fix command line flag name for file containing the TLS certificate (#4678) authored by @​pramodak reported by @​pramodak

Website + Ecosystem

• Update Kubernetes policy examples on the website to use latest kubernetes schema (apiVersion: admission.k8s.io/v1) (authored by @​vicmarbev)
• Ecosystem:
  • Add Sansshell (authored by @​sfc-gh-jchacon)
  • Add Nginx

... (truncated)

Commits

• 0d6a109 Prepare v0.41.0 release
• 7bfc76c build(deps): bump github.com/vektah/gqlparser/v2 from 2.4.3 to 2.4.4 (#4729)
• e971a8f bundle: dont sign manifest when empty
• cb6a4c0 Ignore keys of unknown alg when verifying JWTs with JWKS (#4725)
• 1889f24 Update docs on ordering expressions
• e1b4bee build(deps): bump github.com/go-ini/ini from 1.66.4 to 1.66.6
• b05eba0 build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0
• 0502529 test: Fix too many files open error on MacOS (#4727)
• 35f4523 Add Infracost to ADOPTERS.md (#4716)
• 1fde1ad built-ins: Add new GraphQL builtins.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

Merging #1959 (f992e50) into main (424f7db) will decrease coverage by 0.02%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #1959      +/-   ##
==========================================
- Coverage   34.71%   34.68%   -0.03%     
==========================================
  Files         153      153              
  Lines       10037    10037              
==========================================
- Hits         3484     3481       -3     
- Misses       6166     6168       +2     
- Partials      387      388       +1     

Impacted Files	Coverage Δ
pkg/cosign/tuf/client.go	61.98% <0.00%> (-0.83%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 424f7db...f992e50. Read the comment docs.

[cpanato]

@dependabot rebase

[cpanato]

blocked on #1448 (comment)

will close

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.