Skip to content

Bump github.com/openfga/openfga from 1.5.4 to 1.8.6 #287

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Bump github.com/openfga/openfga from 1.5.4 to 1.8.6 #287

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Feb 24, 2025

Bumps github.com/openfga/openfga from 1.5.4 to 1.8.6.

Release notes

Sourced from github.com/openfga/openfga's releases.

v1.8.6

Added

Added cachecontroller_cache_invalidation_count metric to track invalidation operations. openfga/openfga#2282

Full changelog

Changelog

  • bf1744a3ffa42e2791d988014e2fd496df17a553 chore(deps): bump the dependencies group across 1 directory with 8 updates (#2288)
  • 728a148b36219e7ae1541d79a776ee961246dc26 chore(deps): bump the dependencies group across 1 directory with 8 updates (#2289)
  • 93568f7b58dc40aff3c6a6bca2893e0277e06e6a chore: dry run goreleaser on PRs to main (#2286)
  • 15a9cb838ca21370665c595c79960f7e488c207a chore: update changelog in prep for v1.8.6 (#2291)
  • 70e70e6648be8a4a019ea451577be585eb19d8aa feat: add cachecontroller_cache_invalidation_count metric (#2282)

v1.8.5

Added

  • Improve Check performance for sub-problems when caching is enabled #2193.
  • Improve Check performance for relations involving public wildcard. Enable via experimental flag enable-check-optimizations. #2180.
  • Improve Check API performance when experimental flag enable-check-optimizations is turned on and contextual tuples are involved. #2150
  • Added metrics to track invalid cache hits: check_cache_invalid_hit_count and tuples_iterator_cache_invalid_hit_count #2222.
  • Move Check performance optimizations out of experimental mode: shortcutting based on path, recursive userset fast path, and recursive TTU fast path. #2236
  • Improve Check API performance when experimental flag enable-check-optimizations is turned on and the model contains union of a TTU and algebraic operations. #2200
  • Implement dynamic TLS certificate reloading for HTTP and gRPC servers. #2182
  • Publicize check.RunMatrixTests method to allow testing against any ClientInterface. #2267.

Changed

  • Performance optimizations for string operations and memory allocations across the codebase #2238 and #2241
  • Update to Go 1.23 as the min supported version and bump the container image to go1.23.6 We follow Go's version support policy and will only support the latest two major versions of Go. Now that Go 1.24 is out, we have dropped support for Go < 1.23.

Fixed

  • Optimized database dialect handling by setting it during initialization instead of per-call, fixing SQL syntax errors in MySQL #2252
  • Fixed incorrect invalidation by cache controller on cache iterator. #2190, #2216
  • Fixed incorrect types in configuration JSON schema #2217, #2228.
  • Fixed BatchCheck API to validate presence of the tuple_key property of a BatchCheckItem #2242
  • Fixed incorrect check and list objects evaluation when model has a relation directly assignable to both public access AND userset with the same type and type bound public access tuple is assigned to the object. CVE-2025-25196

v1.8.4

Fixed

  • Fixed missing binding between flags and environment variables for the cache controller feature #2184
  • Fixed Read API to validate user field and assert presence of both type and value. #2195

Security

  • Address CVE-2024-56323 - an issue affecting Check and ListObjects results for users using Conditions in Contextual Tuples. Please see the CVE report for more details.

Full changelog: [1.8.3...1.8.4]

Changelog

  • 67dcf3dce3db0899c1363ac641c096249a9071b0 avoid mutating reference input (#2203)

... (truncated)

Changelog

Sourced from github.com/openfga/openfga's changelog.

[1.8.6] - 2025-02-20

Full changelog

Added

  • Added cachecontroller_cache_invalidation_count metric to track invalidation operations. #2282

[1.8.5] - 2025-02-19

Full changelog

Added

  • Improve Check performance for sub-problems when caching is enabled #2193.
  • Improve Check performance for relations involving public wildcard. Enable via experimental flag enable-check-optimizations. #2180.
  • Improve Check API performance when experimental flag enable-check-optimizations is turned on and contextual tuples are involved. #2150
  • Added metrics to track invalid cache hits: check_cache_invalid_hit_count and tuples_iterator_cache_invalid_hit_count #2222.
  • Move Check performance optimizations out of experimental mode: shortcutting based on path, recursive userset fast path, and recursive TTU fast path. #2236
  • Improve Check API performance when experimental flag enable-check-optimizations is turned on and the model contains union of a TTU and algebraic operations. #2200
  • Implement dynamic TLS certificate reloading for HTTP and gRPC servers. #2182
  • Publicize check.RunMatrixTests method to allow testing against any ClientInterface. #2267.

Changed

  • Performance optimizations for string operations and memory allocations across the codebase #2238 and #2241
  • Update to Go 1.23 as the min supported version and bump the container image to go1.23.6 We follow Go's version support policy and will only support the latest two major versions of Go. Now that Go 1.24 is out, we have dropped support for Go < 1.23.

Fixed

  • Optimized database dialect handling by setting it during initialization instead of per-call, fixing SQL syntax errors in MySQL #2252
  • Fixed incorrect invalidation by cache controller on cache iterator. #2190, #2216
  • Fixed incorrect types in configuration JSON schema #2217, #2228.
  • Fixed BatchCheck API to validate presence of the tuple_key property of a BatchCheckItem #2242
  • Fixed incorrect check and list objects evaluation when model has a relation directly assignable to both public access AND userset with the same type and type bound public access tuple is assigned to the object.

[1.8.4] - 2025-01-13

Full changelog

Fixed

  • Fixed missing binding between flags and environment variables for the cache controller feature #2184
  • Fixed Read API to validate user field and assert presence of both type and value. #2195

Security

  • Address CVE-2024-56323 - an issue affecting Check and ListObjects results for users using Conditions in Contextual Tuples. Please see the CVE report for more details.

[1.8.3] - 2024-12-31

Full changelog

Added

  • Improve Check performance for Userset relationships that include set operations. Enable via experimental flag enable-check-optimizations. #2140
  • Add name as a filter to ListStores. The name parameter instructs the API to only include results that match that name. #2103
  • Additional guard against nil context at the time of server initialization #2187

Fixed

... (truncated)

Commits
  • 15a9cb8 chore: update changelog in prep for v1.8.6 (#2291)
  • bf1744a chore(deps): bump the dependencies group across 1 directory with 8 updates (#...
  • 93568f7 chore: dry run goreleaser on PRs to main (#2286)
  • 70e70e6 feat: add cachecontroller_cache_invalidation_count metric (#2282)
  • 728a148 chore(deps): bump the dependencies group across 1 directory with 8 updates (#...
  • a77b339 fix: goreleaser dockerfile (#2284)
  • a6c3d19 docs(v1.8.5): add v1.8.5 release notes to CHANGELOG (#2283)
  • 0aee4f4 Merge commit from fork
  • e51273a chore: bump min supported go version to 1.23 (#2274)
  • 7d66345 test: ignore mysql connection dangling goroutine (#2273)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github.com/openfga/openfga from 1.5.4 to 1.8.6
30b18fe 
Bumps [github.com/openfga/openfga](https://github.com/openfga/openfga) from 1.5.4 to 1.8.6.
- [Release notes](https://github.com/openfga/openfga/releases)
- [Changelog](https://github.com/openfga/openfga/blob/main/CHANGELOG.md)
- [Commits](openfga/openfga@v1.5.4...v1.8.6)

---
updated-dependencies:
- dependency-name: github.com/openfga/openfga
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Feb 24, 2025
@dependabot dependabot bot mentioned this pull request Feb 24, 2025
Closed
@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Mar 17, 2025

Superseded by #292.

@dependabot dependabot bot closed this Mar 17, 2025
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/openfga/openfga-1.8.6 branch March 17, 2025 13:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants