Skip to content

chore(deps): bump the go-minor-patch group with 2 updates#21

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-minor-patch-890ba66bdf
Open

chore(deps): bump the go-minor-patch group with 2 updates#21
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-minor-patch-890ba66bdf

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-minor-patch group with 2 updates: github.com/open-policy-agent/opa and github.com/pressly/goose/v3.

Updates github.com/open-policy-agent/opa from 1.18.0 to 1.18.2

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.18.2

This release includes a bug fix for a opa fmt regression introduced in v1.18.0.

The original fix for #8557 had the formatter enforce newlines in single-item collections (arrays, objects, sets) rather than merely honoring existing ones. As a result, running opa fmt on already-formatted policies could introduce a large number of unwanted changes. This patch release restores the intended behavior: only newlines already present in the source determine whether a single-item collection is formatted on one line or across multiple lines.

Fixes

v1.18.1

This release fixes a memory leak introduced in OPA v1.17.0. It is advised to update if you notice excess memory usage when running OPA server.

Fixes

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.18.2

This release includes a bug fix for a opa fmt regression introduced in v1.18.0.

The original fix for #8557 had the formatter enforce newlines in single-item collections (arrays, objects, sets) rather than merely honoring existing ones. As a result, running opa fmt on already-formatted policies could introduce a large number of unwanted changes. This patch release restores the intended behavior: only newlines already present in the source determine whether a single-item collection is formatted on one line or across multiple lines.

Fixes

1.18.1

This release fixes a memory leak introduced in OPA v1.17.0. It is advised to update if you notice excess memory usage when running OPA server.

Fixes

Commits

Updates github.com/pressly/goose/v3 from 3.27.1 to 3.27.2

Release notes

Sourced from github.com/pressly/goose/v3's releases.

v3.27.2

Changed

  • Upgrade golang.org/x/crypto and golang.org/x/net to address security advisories (CVE fixes)
  • Various dependency upgrades
Changelog

Sourced from github.com/pressly/goose/v3's changelog.

[v3.27.2] - 2026-06-30

Changed

  • Upgrade golang.org/x/crypto and golang.org/x/net to address security advisories (CVE fixes)
  • Various dependency upgrades
Commits
  • b0f7076 release: v3.27.2
  • 6669df2 build(deps): bump github.com/opencontainers/runc from 1.3.3 to 1.3.6 in /inte...
  • f61f5b9 build(deps): bump the gomod group across 1 directory with 4 updates (#1086)
  • 90d5b3a build(deps): bump actions/checkout from 6 to 7 (#1081)
  • cef6bb7 build(deps): bump golang crypto and net to FIX CVEs (#1083)
  • f2c327a build(deps): bump the gomod group across 1 directory with 7 updates (#1079)
  • d0bee40 Docs: mention MariaDB support (#1071)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-minor-patch group with 2 updates: [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) and [github.com/pressly/goose/v3](https://github.com/pressly/goose).


Updates `github.com/open-policy-agent/opa` from 1.18.0 to 1.18.2
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](open-policy-agent/opa@v1.18.0...v1.18.2)

Updates `github.com/pressly/goose/v3` from 3.27.1 to 3.27.2
- [Release notes](https://github.com/pressly/goose/releases)
- [Changelog](https://github.com/pressly/goose/blob/main/CHANGELOG.md)
- [Commits](pressly/goose@v3.27.1...v3.27.2)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.18.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: github.com/pressly/goose/v3
  dependency-version: 3.27.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from a team as a code owner July 6, 2026 06:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants