Bump github.com/openfga/openfga from 1.5.4 to 1.8.4

[dependabot]

Bumps github.com/openfga/openfga from 1.5.4 to 1.8.4.

Release notes

Sourced from github.com/openfga/openfga's releases.

v1.8.4

Fixed

• Fixed missing binding between flags and environment variables for the cache controller feature #2184
• Fixed Read API to validate user field and assert presence of both type and value. #2195

Security

• Address CVE-2024-56323 - an issue affecting Check and ListObjects results for users using Conditions in Contextual Tuples. Please see the CVE report for more details.

Full changelog: [1.8.3...1.8.4]

Changelog

• 67dcf3dce3db0899c1363ac641c096249a9071b0 avoid mutating reference input (#2203)
• ab3ed12779eee39f462a8283b439fdac5a2da03c chore(deps): bump go.opentelemetry.io/proto/otlp from 1.4.0 to 1.5.0 in the dependencies group (#2192)
• 9ec0ab1d01dec37dd540638f9429b7e851099520 chore: bump api to bring fix for read api validation (#2195)
• a19aecaf512769bf2b5d88750c757e6012f5cb29 chore: introduce new ordered combined iterator (#2197)
• f05b67ad2ee4f5020e96836263632c6d57a29305 chore: remove dead cache key code (#2206)
• 67206f14395fb6b4361b8037562adba5f35dd651 chore: replace sprintf in cache code (#2207)
• 4bf4c88fd9153c1d7adc748d5d0fa8fea9312727 fix: cache-controller flags not respecting the environment variables (#2184)
• a4491e49f446d5aa121b384675ced9010a35f761 fix: iterator need to be flushed after invalidation (#2198)
• e1d332fac5b0ced9c481dc39799abf43c3ae2726 rework cache key hash generation (#2194)

v1.8.3

Added

• Improve Check performance for Userset relationships that include set operations. Enable via experimental flag enable-check-optimizations. #2140
• Add name as a filter to ListStores. The name parameter instructs the API to only include results that match that name. #2103
• Additional guard against nil context at the time of server initialization #2187

Fixed

• Ensure Check Cache Key considers contextual_tuple conditions and their contexts #2160.

New Contributors

• @​kalleep made their first contribution in openfga/openfga#2103

Full Changelog: openfga/openfga@v1.8.2...v1.8.3

v1.8.2

Added

• Add metrics cachecontroller_find_changes_and_invalidate_histogram on latency for cache controller in finding changes and invalidating. #2135
• Improve Check performance when cache controller is enabled by invalidating iterator and sub-problem cache asynchronously when read changes API indicates there are recent writes/deletes for the store. #2124
• Improve check cache key generation performance via strings.Builder #2161.

Fixed

• Labels of metrics that went past the max histogram bucket are now labelled "+Inf" instead of ">max". #2146
• Prevent possible data races by waiting for in-flight cached iterator goroutines during server shutdown #2145
• Correct incorrect check result returned when using experimental flag enable-check-optimizations and model has intersection or exclusion within a TTU or Userset. #2157

Full changelog

... (truncated)

Changelog

Sourced from github.com/openfga/openfga's changelog.

[1.8.4] - 2025-01-13

Full changelog

Fixed

• Fixed missing binding between flags and environment variables for the cache controller feature #2184
• Fixed Read API to validate user field and assert presence of both type and value. #2195

Security

• Address CVE-2024-56323 - an issue affecting Check and ListObjects results for users using Conditions in Contextual Tuples. Please see the CVE report for more details.

[1.8.3] - 2024-12-31

Full changelog

Added

• Improve Check performance for Userset relationships that include set operations. Enable via experimental flag enable-check-optimizations. #2140
• Add name as a filter to ListStores. The name parameter instructs the API to only include results that match that name. #2103
• Additional guard against nil context at the time of server initialization #2187

Fixed

• Ensure Check Cache Key considers contextual_tuple conditions and their contexts #2160.

[1.8.2] - 2024-12-13

Full changelog

Added

• Add metrics cachecontroller_find_changes_and_invalidate_histogram on latency for cache controller in finding changes and invalidating. #2135
• Improve Check performance when cache controller is enabled by invalidating iterator and sub-problem cache asynchronously when read changes API indicates there are recent writes/deletes for the store. #2124
• Improve check cache key generation performance via strings.Builder #2161.

Fixed

• Labels of metrics that went past the max histogram bucket are now labelled "+Inf" instead of ">max". #2146
• Prevent possible data races by waiting for in-flight cached iterator goroutines during server shutdown #2145
• Correct incorrect check result returned when using experimental flag enable-check-optimizations and model has intersection or exclusion within a TTU or Userset. #2157

[1.8.1] - 2024-12-05

Full changelog

Added

• New flag OPENFGA_CHECK_ITERATOR_TTL. Please see the flag description (./openfga run --help) for more details. #2082
• New flag OPENFGA_CHECK_CACHE_LIMIT. Please see the flag description (./openfga run --help) for more details. #2082
• Improve Check performance for TTU relationships that include set operations. Enable via experimental flag enable-check-optimizations. #2075
• Add a field in log entries when authz calls were made. #2130
• Add Duration to ResolveCheckResponseMetadata for use in metrics. #2139
• Add check_duration_ms metric to server package to enable measurement of check across different API methods. #2139
• Added deduplication logic to BatchCheck API. #2102

Changed

• OIDC token validation will now exclusively throw error code 1004 for invalid tokens. #1999

Removed

... (truncated)

Commits

• dc1a480 docs: update changelog to prep for v1.8.4 (#2209)
• a4491e4 fix: iterator need to be flushed after invalidation (#2198)
• 67206f1 chore: replace sprintf in cache code (#2207)
• f05b67a chore: remove dead cache key code (#2206)
• 67dcf3d avoid mutating reference input (#2203)
• 3f5b60e test: add error test cases to the hasher Write* functions in the keys package...
• a19aeca chore: introduce new ordered combined iterator (#2197)
• e1d332f rework cache key hash generation (#2194)
• 9ec0ab1 chore: bump api to bring fix for read api validation (#2195)
• ab3ed12 chore(deps): bump go.opentelemetry.io/proto/otlp from 1.4.0 to 1.5.0 in the d...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #287.