flipt-io/flipt v2.9.0

on GitHub

Changelog

Features

• 2917a74: feat(license): support configurable machine fingerprint for containers (#5427) (@markphelps)
• 7507f24: feat(secrets): add AWS Secrets Manager provider (#5411) (@markphelps)
• 0d039fd: feat(secrets): add Azure Key Vault provider (#5428) (@markphelps)
• 0b24646: feat(secrets): add GCP Secret Manager provider (#5404) (@markphelps)
• 78d53c3: feat: add devcontainer setup for Flipt v2 development (#5542) (@markphelps)
• 0f8b6d0: feat: implement SSE for real-time UI and ofrep evaluation updates (#5617) (@erka)
• dd02c14: feat: normalize rollout distribution buckets (#5581) (@erka)
• eddfb54: feat: publish v2 protobufs to buf.io/v2 (#5589) (@markphelps)

Bug Fixes

• 3462b64: fix(authn): add HttpOnly and Secure attrs when clearing auth cookies (#5655) (@erka)
• 787fb07: fix(authn): forward state and token cookies to distinct metadata keys (#5479) (@erka)
• a146a1c: fix(authn): oauth pcke challenge for github and a correct oidc nonce (#5647) (@erka)
• 5f76d22: fix(authn): use UserInfo claims as fallback for missing OIDC fields (#5692) (@erka)
• 2b10714: fix(ci): bump Go version to 1.26 in nightly release workflow (#5407) (@markphelps)
• 2048b01: fix(config): relax schema to allow installation_id from environment vars (#5425) (@erka)
• 4403ac4: fix(sdk): add Content-Type header and improve error messages in generated HTTP client (#5560) (@erka)
• ac78eea: fix(ui): Toggle remove bg-brand class for unchecked state (#5430) (@naftali100)
• 660efb9: fix(ui): sanitize generated keys and show key validation errors on first edit (#5434) (@erka)
• 1dbb161: fix(ui): skip API environments calls and SSE stream when user is not authenticated (#5670) (@erka)
• 2a8dc05: fix(ui): use 0 as default threshold percentage in quick edit form (#5408) (@erka)
• 047693e: fix: address CodeQL warning about insecure TLS configuration (#5614) (@erka)
• fc7fec7: fix: bump node version from 18 to 20 in CI workflows (#5501) (@markphelps)
• c970ef1: fix: preserve trailing separators in key generation (#5594) (@markphelps)
• 04a99ca: fix: set EnvironmentKey on evaluation requests in environment integration tests (#5499) (@markphelps)
• c185679: fix: snapshot publisher subs and correct constraint short-circuiting (#5565) (@erka)

Other

• c4dd764: Revise pricing for licenses in README (@markphelps)
• aecd740: build: update goreleaser to v2.14 and fix quill/dockerfile paths (#5588) (@erka)
• ee21988: chore(deps): bump @codemirror/lint from 6.9.4 to 6.9.5 in /ui (#5607) (@dependabot[bot])
• 09fa42b: chore(deps): bump @codemirror/view from 6.39.11 to 6.39.15 in /ui (#5417) (@dependabot[bot])
• a0f07da: chore(deps): bump @codemirror/view from 6.39.15 to 6.39.16 in /ui (#5532) (@dependabot[bot])
• d57ef45: chore(deps): bump @codemirror/view from 6.39.16 to 6.40.0 in /ui (#5574) (@dependabot[bot])
• dcac005: chore(deps): bump @codemirror/view from 6.40.0 to 6.41.0 in /ui (#5680) (@dependabot[bot])
• 2aa34b3: chore(deps): bump @codemirror/view from 6.41.0 to 6.41.1 in /ui (#5757) (@dependabot[bot])
• e8b746f: chore(deps): bump @mui/material from 7.3.8 to 7.3.9 in /ui (#5525) (@dependabot[bot])
• b22c35f: chore(deps): bump @mui/x-charts from 8.27.0 to 8.27.4 in /ui (#5526) (@dependabot[bot])
• 650f89e: chore(deps): bump @mui/x-charts from 8.27.4 to 8.27.5 in /ui (#5572) (@dependabot[bot])
• 4a5dcaf: chore(deps): bump @mui/x-charts from 8.27.5 to 8.28.0 in /ui (#5606) (@dependabot[bot])
• c2c288b: chore(deps): bump @mui/x-charts from 8.28.0 to 8.28.2 in /ui (#5681) (@dependabot[bot])
• 99d6101: chore(deps): bump @tootallnate/once and jest-environment-jsdom in /ui (#5478) (@dependabot[bot])
• 6fec5f3: chore(deps): bump @uiw/codemirror-theme-tokyo-night in /ui (#5470) (@dependabot[bot])
• 792e85a: chore(deps): bump @uiw/codemirror-theme-tokyo-night in /ui (#5571) (@dependabot[bot])
• 2e0e3ed: chore(deps): bump @uiw/codemirror-theme-tokyo-night in /ui (#5636) (@dependabot[bot])
• 538d8a7: chore(deps): bump @uiw/react-codemirror from 4.25.4 to 4.25.5 in /ui (#5469) (@dependabot[bot])
• d3cdea1: chore(deps): bump @uiw/react-codemirror from 4.25.5 to 4.25.8 in /ui (#5573) (@dependabot[bot])
• 0aea5d5: chore(deps): bump @uiw/react-codemirror from 4.25.8 to 4.25.9 in /ui (#5634) (@dependabot[bot])
• 29442dc: chore(deps): bump actions/create-github-app-token from 2 to 3 (#5566) (@dependabot[bot])
• 35dbdb6: chore(deps): bump actions/download-artifact from 7 to 8 (#5463) (@dependabot[bot])
• 6211058: chore(deps): bump actions/github-script from 8 to 9 (#5720) (@dependabot[bot])
• e592577: chore(deps): bump actions/upload-artifact from 6 to 7 (#5462) (@dependabot[bot])
• c7e04e6: chore(deps): bump alpine from 3.23.3 to 3.23.4 in /build (#5751) (@dependabot[bot])
• eb0cb71: chore(deps): bump cloud.google.com/go/secretmanager (#5677) (@dependabot[bot])
• f77c7d0: chore(deps): bump code.gitea.io/sdk/gitea from 0.23.2 to 0.24.1 (#5630) (@dependabot[bot])
• 45d98a5: chore(deps): bump codecov/codecov-action from 5 to 6 (#5628) (@dependabot[bot])
• 4c55040: chore(deps): bump cuelang.org/go from 0.15.4 to 0.16.0 (#5530) (@dependabot[bot])
• db200c7: chore(deps): bump cuelang.org/go from 0.16.0 to 0.16.1 (#5726) (@dependabot[bot])
• 2ebdf22: chore(deps): bump docker/login-action from 3 to 4 (#5522) (@dependabot[bot])
• a07b735: chore(deps): bump docker/setup-buildx-action from 3 to 4 (#5521) (@dependabot[bot])
• 847e33d: chore(deps): bump docker/setup-qemu-action from 3 to 4 (#5523) (@dependabot[bot])
• f4b8694: chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#5467) (@dependabot[bot])
• 831b5ac: chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#5758) (@dependabot[bot])
• 69cf928: chore(deps): bump github.com/ProtonMail/go-crypto from 1.3.0 to 1.4.0 (#5465) (@dependabot[bot])
• 54c0736: chore(deps): bump github.com/ProtonMail/go-crypto from 1.4.0 to 1.4.1 (#5629) (@dependabot[bot])
• d940f16: chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.41.3 to 1.41.4 (#5575) (@dependabot[bot])
• 0d004b9: chore(deps): bump github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream (#5694) (@dependabot[bot])
• 9560dd3: chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#5466) (@dependabot[bot])
• 4c1a19c: chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#5610) (@dependabot[bot])
• b1280c9: chore(deps): bump github.com/aws/aws-sdk-go-v2/config (#5637) (@dependabot[bot])
• dcc8395: chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#5533) (@dependabot[bot])
• ffac1f9: chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#5701) (@dependabot[bot])
• b490116: chore(deps): bump github.com/aws/aws-sdk-go-v2/service/secretsmanager (#5464) (@dependabot[bot])
• b97da9d: chore(deps): bump github.com/coreos/go-oidc/v3 from 3.17.0 to 3.18.0 (#5752) (@dependabot[bot])
• 25005a8: chore(deps): bump github.com/docker/cli (#5481) (@dependabot[bot])
• a46c7eb: chore(deps): bump github.com/docker/go-connections from 0.6.0 to 0.7.0 (#5756) (@dependabot[bot])
• 1c199c1: chore(deps): bump github.com/fatih/color from 1.18.0 to 1.19.0 (#5611) (@dependabot[bot])
• 838efea: chore(deps): bump github.com/go-git/go-git/v6 from 6.0.0-20260216160506-e6a3f881772f to 6.0.0-alpha.1 (#5675) (@dependabot[bot])
• ee47d2f: chore(deps): bump github.com/go-git/go-git/v6 from 6.0.0-alpha.1 to 6.0.0-alpha.2 (#5746) (@dependabot[bot])
• ac4c478: chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.4 to 3.0.5 (#5657) (@dependabot[bot])
• f783b94: chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#5662) (@dependabot[bot])
• b03870e: chore(deps): bump github.com/go-openapi/jsonpointer (#5529) (@dependabot[bot])
• ca340bf: chore(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 (#5422) (@dependabot[bot])
• 11f2189: chore(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 (#5755) (@dependabot[bot])
• d28e1bc: chore(deps): bump github.com/hashicorp/vault/api from 1.22.0 to 1.23.0 (#5753) (@dependabot[bot])
• 22bf024: chore(deps): bump github.com/keygen-sh/machineid from 1.1.2 to 1.1.3 (#5678) (@dependabot[bot])
• 602d823: chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.91 to 0.9.93 (#5419) (@dependabot[bot])
• cafe15b: chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.93 to 0.9.94 (#5461) (@dependabot[bot])
• 5abf6d1: chore(deps): bump github.com/ktrysmt/go-bitbucket from 0.9.94 to 0.9.95 (#5679) (@dependabot[bot])
• 9041f9f: chore(deps): bump github.com/mattn/go-isatty from 0.0.20 to 0.0.21 (#5728) (@dependabot[bot])
• 4dde011: chore(deps): bump github.com/open-policy-agent/opa from 1.13.1 to 1.13.2 (#5415) (@dependabot[bot])
• 386ab0f: chore(deps): bump github.com/open-policy-agent/opa from 1.13.2 to 1.14.1 (#5568) (@dependabot[bot])
• 129add5: chore(deps): bump github.com/redis/go-redis/extra/redisotel/v9 (#5421) (@dependabot[bot])
• 4405de7: chore(deps): bump github.com/redis/go-redis/v9 from 9.17.3 to 9.18.0 (#5418) (@dependabot[bot])
• f956590: chore(deps): bump github.com/samber/lo from 1.52.0 to 1.53.0 (#5577) (@dependabot[bot])
• 1e20943: chore(deps): bump github.com/testcontainers/testcontainers-go (#5569) (@dependabot[bot])
• f2f5598: chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp (#5702) (@dependabot[bot])
• a7eed94: chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp (#5703) (@dependabot[bot])
• 19725ff: chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp (#5704) (@dependabot[bot])
• eac1bb0: chore(deps): bump go.opentelemetry.io/otel/sdk from 1.37.0 to 1.40.0 in /sdk/go/v2 (#5436) (@dependabot[bot])
• d52a9d0: chore(deps): bump gocloud.dev from 0.44.0 to 0.45.0 (#5602) (@dependabot[bot])
• d9bbb2b: chore(deps): bump golang.org/x/crypto from 0.48.0 to 0.49.0 (#5576) (@dependabot[bot])
• 10b978b: chore(deps): bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 (#5604) (@dependabot[bot])
• d0e223e: chore(deps): bump golang.org/x/sync from 0.19.0 to 0.20.0 (#5534) (@dependabot[bot])
• dfcdbac: chore(deps): bump golang.org/x/term from 0.41.0 to 0.42.0 (#5724) (@dependabot[bot])
• 3d45e87: chore(deps): bump google.golang.org/api from 0.267.0 to 0.272.0 (#5603) (@dependabot[bot])
• 9061181: chore(deps): bump google.golang.org/api from 0.272.0 to 0.273.0 (#5631) (@dependabot[bot])
• 3e3a3b6: chore(deps): bump google.golang.org/api from 0.273.1 to 0.275.0 (#5725) (@dependabot[bot])
• dde228e: chore(deps): bump google.golang.org/grpc from 1.73.0 to 1.79.3 in /rpc/flipt (#5585) (@dependabot[bot])
• 894551c: chore(deps): bump google.golang.org/grpc from 1.79.2 to 1.79.3 (#5587) (@dependabot[bot])
• 5d358d2: chore(deps): bump google.golang.org/grpc in /rpc/v2/environments (#5583) (@dependabot[bot])
• da00ee1: chore(deps): bump google.golang.org/grpc in /rpc/v2/evaluation (#5592) (@dependabot[bot])
• ffb4a67: chore(deps): bump google.golang.org/protobuf v1.36.9 to v1.36.11 (#5412) (@erka)
• 927e347: chore(deps): bump goreleaser/goreleaser-action from 6 to 7 (#5414) (@dependabot[bot])
• 1174755: chore(deps): bump jdx/mise-action from 2 to 3 (#5520) (@dependabot[bot])
• bcd86a3: chore(deps): bump jdx/mise-action from 3 to 4 (#5567) (@dependabot[bot])
• f67ee5f: chore(deps): bump lodash from 4.17.23 to 4.18.1 in /ui (#5654) (@dependabot[bot])
• 604bd4f: chore(deps): bump lodash-es from 4.17.23 to 4.18.1 in /ui (#5653) (@dependabot[bot])
• 0f1741a: chore(deps): bump lucide-react from 0.564.0 to 0.575.0 in /ui (#5416) (@dependabot[bot])
• 41b6f19: chore(deps): bump lucide-react from 0.575.0 to 0.577.0 in /ui (#5609) (@dependabot[bot])
• 80943ec: chore(deps): bump picomatch in /ui (#5620) (@dependabot[bot])
• 1afaaf2: chore(deps): bump react-dom from 19.2.4 to 19.2.5 in /ui (#5729) (@dependabot[bot])
• d6db2df: chore(deps): bump react-router from 7.13.0 to 7.13.1 in /ui (#5471) (@dependabot[bot])
• 7f43cf4: chore(deps): bump react-router from 7.13.1 to 7.13.2 in /ui (#5632) (@dependabot[bot])
• 783a9a0: chore(deps): bump react-router from 7.13.2 to 7.14.0 in /ui (#5723) (@dependabot[bot])
• e72f188: chore(deps): bump react-router from 7.14.0 to 7.14.1 in /ui (#5760) (@dependabot[bot])
• 4fc0b65: chore(deps): bump rollup from 4.41.1 to 4.59.0 in /ui (#5431) (@dependabot[bot])
• dd0f629: chore(deps): bump the opentelemetry group with 14 updates (#5527) (@dependabot[bot])
• e181d8a: chore(deps): bump the opentelemetry group with 6 updates (#5722) (@dependabot[bot])
• fcc0d41: chore(deps): bump the opentelemetry group with 8 updates (#5673) (@dependabot[bot])
• dca6d04: chore(deps): bump yaml in /ui (#5619) (@dependabot[bot])
• cbb5543: chore(deps): security updates in build/go and sdk/go modules (#5438) (@erka)
• dd4f59d: chore(deps-dev): bump @playwright/test from 1.58.2 to 1.59.1 in /ui (#5674) (@dependabot[bot])
• 30d966b: chore(deps-dev): bump @tailwindcss/vite from 4.1.18 to 4.2.0 in /ui (#5424) (@dependabot[bot])
• 8839e1a: chore(deps-dev): bump @tailwindcss/vite from 4.2.1 to 4.2.2 in /ui (#5633) (@dependabot[bot])
• 88e0463: chore(deps-dev): bump flatted from 3.3.2 to 3.4.2 in /ui (#5593) (@dependabot[bot])
• 556cdbe: chore(deps-dev): bump handlebars from 4.7.8 to 4.7.9 in /ui (#5623) (@dependabot[bot])
• e71cbb3: chore(deps-dev): bump jest-environment-jsdom in /ui (#5570) (@dependabot[bot])
• 687a358: chore(deps-dev): bump knip from 5.83.1 to 5.85.0 in /ui (#5423) (@dependabot[bot])
• 212fd41: chore(deps-dev): bump knip from 5.85.0 to 5.86.0 in /ui (#5524) (@dependabot[bot])
• f223f17: chore(deps-dev): bump knip from 5.86.0 to 5.88.1 in /ui (#5605) (@dependabot[bot])
• b6de905: chore(deps-dev): bump minimatch from 3.1.2 to 3.1.5 in /ui (#5437) (@dependabot[bot])
• ec02333: chore(deps-dev): bump playwright from 1.58.2 to 1.59.1 in /ui (#5676) (@dependabot[bot])
• 9b15e31: chore(deps-dev): bump postcss from 8.5.6 to 8.5.8 in /ui (#5528) (@dependabot[bot])
• 1eda8d9: chore(deps-dev): bump postcss from 8.5.8 to 8.5.9 in /ui (#5730) (@dependabot[bot])
• 0365d4a: chore(deps-dev): bump postcss from 8.5.9 to 8.5.10 in /ui (#5759) (@dependabot[bot])
• b6abdc8: chore(deps-dev): bump prettier from 3.8.1 to 3.8.2 in /ui (#5721) (@dependabot[bot])
• bd26066: chore(deps-dev): bump prettier from 3.8.2 to 3.8.3 in /ui (#5754) (@dependabot[bot])
• 83ff56c: chore(deps-dev): bump tailwindcss from 4.1.18 to 4.2.0 in /ui (#5420) (@dependabot[bot])
• f276cdc: chore(deps-dev): bump tailwindcss from 4.2.1 to 4.2.2 in /ui (#5608) (@dependabot[bot])
• e0df542: chore(deps-dev): bump ts-jest from 29.4.6 to 29.4.9 in /ui (#5672) (@dependabot[bot])
• 383277e: chore(deps-dev): bump vite from 6.4.1 to 6.4.2 in /ui (#5684) (@dependabot[bot])
• 641754c: chore(ui): migrate to React.ComponentRef and cleanup (#5435) (@erka)
• 65bd6da: chore: fix missing part with new mise action (#5537) (@erka)
• 2464e87: chore: gitignore beads (@markphelps)
• 20d0a0a: chore: migrate CI workflows from mage to mise (#5519) (@markphelps)
• 2152073: chore: migrate build tooling from mage to mise (#5504) (@markphelps)
• af4f40e: chore: migrate goreleaser configs to dockers_v2 and homebrew_casks (#5508) (@costajohnt)
• 581430e: chore: refresh tooling and regenerated mocks (#5535) (@erka)
• fd02462: chore: release v2.8.0 (#5497) (@markphelps)
• 126853e: chore: release v2.9.0 (@markphelps)
• bcccf15: chore: simplify devcontainer setup by removing Dockerfile (#5558) (@markphelps)
• 8b34486: ci: add minimal permissions to proto-push workflow (#5613) (@erka)
• e5c0a87: ci: add permissions to workflows (#5595) (@erka)
• 9b9757f: ci: use golangci-lint to format the code (#5693) (@erka)
• 0c936d1: docs: migrate agent commands to .agents (@markphelps)
• 44c80ce: refactor(ui): optimize bundle size and remove heavy dependencies (#5682) (@erka)
• bb25754: refactor: migrate grpc-middleware from v1 to v2 (#5668) (@erka)

Installation

Docker Images 🐳

  docker pull docker.flipt.io/flipt/flipt:v2.9.0

  docker pull ghcr.io/flipt-io/flipt:v2.9.0

Thank you!

We hope you ❤️ this release! Feel free to open issues/discussions or reach out to us on Discord if you have any questions or feedback.

• Discord
• Github Discussions
• Github Issues
• Website