open-policy-agent/conftest v0.57.0

on GitHub

Announcements

⚠️ Upcoming Breaking Changes ⚠️

In the May 2025 release of conftest, we will change the default version of Rego syntax from v0 to v1. This will be a breaking change if your Rego policies are not compatible with the v1 syntax.

• With this release of conftest, users may opt-in to this behavior early by setting the --rego-version flag to v1.
• Individual policies can be updated gradually, by adding import rego.v1 to the policy.
• The rego-version flag will remain available indefinitely, and users who do not wish to update their Rego policies can continue to use v0 syntax by setting this flag to v0.

For more information about upgrading to Rego v1 syntax, see the upstream docs at https://www.openpolicyagent.org/docs/latest/v0-upgrade/.

Changelog

New Features

• eacba23: feat(engine): add query metadata to evaluation results (#1061) (@thevilledev)
• 5decd18: feat(parser): handle UTF-8 BOM in JSON input (#1065) (@thevilledev)
• abad255: feat: Implement SARIF output (#1042) (@thevilledev)
• aa9e3c8: feat: enable relative jsonnet imports by setting a path-aware importer (@thevilledev)
• 3f67b78: feature: Documentation command (#1009) (@xNok)

Bug Fixes

• 151643b: fix: add output and tests for GitHub and Azure DevOps (@thevilledev)
• a770d29: fix: correct linters-settings in .golangci.yaml to enable misspell (@thevilledev)
• 8e541da: fix: improve handling for YAML version directives (@thevilledev)
• 4f6bc40: fix: make sure lookup_ip_addr throwing builtin-err in test (#1017) (@boranx)
• 0bbb473: fix: max stack size already set by jsonnet.MakeVM() (@thevilledev)
• 163bdd8: fix: prevent policy file overwrite on downloads (#1039) (@thevilledev)
• 8b34fcb: fix: remove redundant error check in push command (@thevilledev)
• 7428841: fix: set jsonnet VM stack limits and add test coverage (@thevilledev)

OPA Changes

• a8d6544: build(deps): bump github.com/open-policy-agent/opa from 0.69.0 to 0.70.0 (#1016) (@dependabot[bot])
• 19c82bc: build(deps): bump github.com/open-policy-agent/opa from 0.70.0 to 1.1.0 (#1050) (@dependabot[bot])

Other Changes

• 356ede4: Merge pull request #1035 from open-policy-agent/dependabot/docker/alpine-3.21.2 (@anderseknert)
• d5e8a77: Merge pull request #1036 from open-policy-agent/dependabot/go_modules/github.com/hashicorp/go-getter-1.7.8 (@anderseknert)
• a603656: Merge pull request #1037 from thevilledev/fix/recursive-jsonnet (@anderseknert)
• 3096ca7: Merge pull request #1038 from thevilledev/fix/yaml-preamble-multidoc (@anderseknert)
• 6b31946: Merge pull request #1040 from thevilledev/fix/missing-outputs (@anderseknert)
• 5063084: Merge pull request #1041 from thevilledev/fix/impossible-nil (@anderseknert)
• 1a25844: Merge pull request #1043 from open-policy-agent/dependabot/docker/golang-1.23.5-alpine (@anderseknert)
• 326a1a4: Merge pull request #1044 from thevilledev/fix/jsonnet-library-imports (@anderseknert)
• 744f867: Merge pull request #1046 from open-policy-agent/dependabot/go_modules/github.com/moby/buildkit-0.19.0 (@anderseknert)
• ea55b61: Merge pull request #1051 from open-policy-agent/dependabot/go_modules/cuelang.org/go-0.12.0 (@anderseknert)
• 6c867fc: Merge pull request #1052 from thevilledev/fix/linters-settings (@anderseknert)
• f110dde: Merge pull request #1053 from thevilledev/style/enable-nilness-lint (@anderseknert)
• 26b6c24: Merge pull request #1054 from thevilledev/test/registry-store-init (@anderseknert)
• 4299ce7: build(deps): bump alpine from 3.20.3 to 3.21.0 (#1026) (@dependabot[bot])
• 154c1aa: build(deps): bump alpine from 3.21.0 to 3.21.2 (@dependabot[bot])
• 33d468d: build(deps): bump cuelang.org/go from 0.10.0 to 0.10.1 (#1013) (@dependabot[bot])
• 103315d: build(deps): bump cuelang.org/go from 0.10.1 to 0.11.0 (#1020) (@dependabot[bot])
• 4df824c: build(deps): bump cuelang.org/go from 0.11.0 to 0.12.0 (@dependabot[bot])
• 5b3e926: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.1 to 0.9.2 (#1028) (@dependabot[bot])
• 1d47ac3: build(deps): bump github.com/hashicorp/go-getter from 1.7.6 to 1.7.8 (@dependabot[bot])
• 642e7cd: build(deps): bump github.com/magiconair/properties from 1.8.7 to 1.8.9 (#1027) (@dependabot[bot])
• 77f985f: build(deps): bump github.com/moby/buildkit from 0.16.0 to 0.17.1 (#1018) (@dependabot[bot])
• 0709be2: build(deps): bump github.com/moby/buildkit from 0.17.1 to 0.17.2 (#1021) (@dependabot[bot])
• 621bcbf: build(deps): bump github.com/moby/buildkit from 0.17.2 to 0.18.0 (#1023) (@dependabot[bot])
• 8da347b: build(deps): bump github.com/moby/buildkit from 0.18.0 to 0.18.1 (#1024) (@dependabot[bot])
• 1a4a428: build(deps): bump github.com/moby/buildkit from 0.18.1 to 0.19.0 (@dependabot[bot])
• 66b0970: build(deps): bump golang from 1.23.2-alpine to 1.23.3-alpine (#1019) (@dependabot[bot])
• 1e7d052: build(deps): bump golang from 1.23.3-alpine to 1.23.4-alpine (#1025) (@dependabot[bot])
• c4e656f: build(deps): bump golang from 1.23.4-alpine to 1.23.5-alpine (@dependabot[bot])
• 6da5673: build(deps): bump golang from 1.23.5-alpine to 1.23.6-alpine (#1062) (@dependabot[bot])
• 874f0bc: chore: add nilness check to govet linter (@thevilledev)
• 24e9ca8: chore: optimize yaml document separator handling (@thevilledev)
• 8a44613: engine: Refactor to allow for Rego version to be specified (#1059) (@jalseth)