Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package opa for openSUSE:Factory checked in at 2026-05-29 18:10:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/opa (Old) and /work/SRC/openSUSE:Factory/.opa.new.1937 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "opa" Fri May 29 18:10:51 2026 rev:21 rq:1355827 version:1.17.0 Changes: -------- --- /work/SRC/openSUSE:Factory/opa/opa.changes 2026-05-12 19:32:00.584367505 +0200 +++ /work/SRC/openSUSE:Factory/.opa.new.1937/opa.changes 2026-05-29 18:12:10.675064387 +0200 @@ -1,0 +2,142 @@ +Fri May 29 06:49:29 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 1.17.0: + * This release contains a mix of new features, performance + improvements, and bugfixes. Notably: + - A new future.keywords.not import that adds improved semantics + to the not keyword. + - Rule Labels in Decision Logs + - Published json schema for IR and bundle manifest + - Dropped automaxprocs and x/net dependencies + * Improved Negation Semantics (#8387) + This OPA release introduces a new future.keywords.not import + that fixes a long-standing semantic issue with negation in + Rego. + + Without the import, the compiler expands a negated composite + expression like not f(g(input.x)) into a series of + sub-expressions evaluated before the not: + + __local0__ = input.x + g(__local0__, __local1__) + not f(__local1__) + + If any sub-expression fails — for example, input.x is undefined + or g produces an undefined result — the entire rule fails + rather than the not succeeding. This is unintuitive: the + user's intent is "the condition does not hold," but an + undefined intermediate value causes a silent failure instead of + the expected not result. + With import future.keywords.not, composite-expression negation + wraps the full compiler expansion in an implicit body: + + not { __local0__ = input.x; g(__local0__, __local1__); f(__local1__) } + + Now, if any sub-expression is undefined or fails, the body is + unsatisfiable and the not expression succeeds; matching the + intuition that "the condition does not hold." + NOTE: + Users are recommended to import future.keywords.not whenever + the not keyword is used in a policy. + * Rule Labels in Decision Logs (#2089) + Rule annotations now support a labels field. Labels from all + successfully evaluated rules are collected and included in each + decision log entry as a top-level rule_labels array. Each + element is the merged label map for one successfully evaluated + rule, with inner-scope-wins precedence across the rule's + annotation chain (subpackages < package < document < rule). + Merged maps are deduplicated across rules so that identical + label sets collapse to a single entry. + + # METADATA + # scope: package + # labels: + # service: authz + # severity: info + package myapp + + # METADATA + # labels: + # severity: low + # team: platform + allow if input.role == "admin" + + The resulting decision log entry will contain: + + {"rule_labels": [{"service": "authz", "severity": "low", "team": "platform"}]} + + Note how severity: info from the package scope is overridden by + severity: low from the rule scope. Queries against rule_labels + can now rely on each entry carrying the full label context for + a single rule, rather than one entry per contributing scope. + Both the runtime and the Go SDK now process metadata + annotations by default. + * Runtime, SDK, Tooling + - ast: Allow $ref in allOf in JSON schemas (#6523) authored by + @deeglaze reported by @mosiac1 + - bundle: Update bundle roots conflict detection algorithm. + (#8664) authored by @philipaconrad + - download: Use oras, not containerd (#8639) authored by + @srenatus + - server: Remove dead code (s.partials) (#8708) authored by + @srenatus + - server: Wire in response/request metadata for compile handler + (#8650) authored by @srenatus + - server/types: generalize request/response metadata (#8650) + authored by @srenatus + * Compiler, Topdown and Rego + - builtins: Enable pattern validation in json.verify_schema and + json.match_schema built-in functions (#6089) authored by + @sspaink reported by @ewout8 + - ir: Don't capitalize index field in MakeNumberRefStmt IR + statement (#6266) authored by @sspaink reported by + @johanfylling + - perf: Avoid allocating in binary and/or operators when + possible (#8689) authored by @anderseknert + - rego: Allow per-eval GenerateJSON function (#8690) authored + by @anderseknert + * Docs, Website, Ecosystem + - ecosystem: add OPA MCP (#8618) authored by @OrygnsCode + - docs: Add explicit address binding to examples (#8688) + authored by @charlieegan3 + - docs: Add titles to code blocks in policy-testing (#8649) + authored by @charlieegan3 + - docs: Correct OCP SSH key docs (#8675) authored by @taurelius + - docs: Update diagram to match index examples (#8667) authored + by @charlieegan3 + * Miscellaneous + - ast,storage/inmem: Add inmem.NewFromASTObject and add missing + string case to ast.InternedValue (#8707) authored by + @anderseknert + - build: go install -> go install tool to control checksums + (#8646) authored by @srenatus + - build: Push edge binaries to bucket (#8668) authored by + @charlieegan3 + - workflows: Fix benchmarks workflow (replace action, avoid + stackoverflow) (#8655) authored by @srenatus + - workflows: Note improvements in benchmark comments (#8673) + authored by @srenatus + - Generate a JSON Schema for the IR plan (#8662) authored by + @sspaink reported by @kroekle + - Generate a JSON Schema for the bundle manifest (#8661) + authored by @sspaink reported by @kroekle + - Dependency updates; notably: + - build(deps): Remove automaxprocs dependency (#8696) + authored by @anderseknert + - build(deps): Remove direct x/net dependency (#8697) + authored by @anderseknert + - build(deps): Bump github.com/bytecodealliance/wasmtime-go + from 43.0.2 to 44.0.0 (8652) authored by @srenatus + - build(deps): Bump github.com/fsnotify/fsnotify from 1.9.0 + to 1.10.1 + - build(deps): Bump github.com/huandu/go-sqlbuilder from + 1.40.2 to 1.41.0 + - build(deps): Bump github.com/lestrrat-go/jwx/v3 from 3.1.0 + to 3.1.1 + - build(deps): Bump github.com/vektah/gqlparser/v2 from + 2.5.32 to 2.5.33 + - build(deps): Bump google.golang.org/grpc from 1.80.0 to + 1.81.0 + - build(deps): Bump gopkg.in/ini.v1 from 1.67.1 to 1.67.2 + +------------------------------------------------------------------- Old: ---- opa-1.16.2.obscpio New: ---- opa-1.17.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ opa.spec ++++++ --- /var/tmp/diff_new_pack.i8SPHP/_old 2026-05-29 18:12:14.191210812 +0200 +++ /var/tmp/diff_new_pack.i8SPHP/_new 2026-05-29 18:12:14.195210978 +0200 @@ -17,7 +17,7 @@ Name: opa -Version: 1.16.2 +Version: 1.17.0 Release: 0 Summary: Open source, general-purpose policy engine License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.i8SPHP/_old 2026-05-29 18:12:14.247213144 +0200 +++ /var/tmp/diff_new_pack.i8SPHP/_new 2026-05-29 18:12:14.251213310 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/open-policy-agent/opa</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v1.16.2</param> + <param name="revision">v1.17.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.i8SPHP/_old 2026-05-29 18:12:14.283214643 +0200 +++ /var/tmp/diff_new_pack.i8SPHP/_new 2026-05-29 18:12:14.287214810 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/open-policy-agent/opa</param> - <param name="changesrevision">85f6d990d19094da38e829561813e7da7fbae272</param></service></servicedata> + <param name="changesrevision">64a3625d33bc6ad8e7c40df03b76ce2fb3ab4d21</param></service></servicedata> (No newline at EOF) ++++++ opa-1.16.2.obscpio -> opa-1.17.0.obscpio ++++++ ++++ 31996 lines of diff (skipped) ++++++ opa.obsinfo ++++++ --- /var/tmp/diff_new_pack.i8SPHP/_old 2026-05-29 18:12:23.635604107 +0200 +++ /var/tmp/diff_new_pack.i8SPHP/_new 2026-05-29 18:12:23.639604274 +0200 @@ -1,5 +1,5 @@ name: opa -version: 1.16.2 -mtime: 1778580227 -commit: 85f6d990d19094da38e829561813e7da7fbae272 +version: 1.17.0 +mtime: 1779979715 +commit: 64a3625d33bc6ad8e7c40df03b76ce2fb3ab4d21 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/opa/vendor.tar.gz /work/SRC/openSUSE:Factory/.opa.new.1937/vendor.tar.gz differ: char 16, line 1
