Skip to content

build(deps): bump the dependencies group with 4 updates#1808

Merged
charlieegan3 merged 3 commits intomainfrom
dependabot/go_modules/dependencies-039a3d7e24
Jan 6, 2026
Merged

build(deps): bump the dependencies group with 4 updates#1808
charlieegan3 merged 3 commits intomainfrom
dependabot/go_modules/dependencies-039a3d7e24

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 1, 2026

Bumps the dependencies group with 4 updates: github.com/arl/statsviz, github.com/go-git/go-git/v5, github.com/open-policy-agent/opa and github.com/spf13/cobra.

Updates github.com/arl/statsviz from 0.7.2 to 0.8.0

Changelog

Sourced from github.com/arl/statsviz's changelog.

v0.8.0 / 2025-11-21

  • UI/UX improvments:
    • performance/fluidity improvements
    • Alt+Click to show only the clicked category
    • add plot search/filter bar
    • fix visual glitches when resizing browser

v0.7.3 / 2025-11-18

  • internal/plot: add goroutines plot for !go1.26 (#145)
  • Frontend rendering optimizations (#144)
  • Add go1.26 plots cleanup+finalizer queues (#143)
  • Add a bunch of other go1.26 plots (#142)
  • Add plots for Go 1.26 scheduler pause metrics (#140)
Commits

Updates github.com/go-git/go-git/v5 from 5.16.3 to 5.16.4

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.4

What's Changed

Full Changelog: go-git/go-git@v5.16.3...v5.16.4

Commits
  • de8ecc3 Merge pull request #1743 from go-git/renovate/releases/v5.x-go-github.com-go-...
  • 3e752f0 build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY]
  • 3a31754 Merge pull request #1741 from go-git/renovate/releases/v5.x-go-github.com-clo...
  • acc28f1 build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY]
  • 95f3880 Merge pull request #1742 from go-git/renovate/releases/v5.x-go-golang.org-x-n...
  • 329f926 build: Update module golang.org/x/net to v0.38.0 [SECURITY]
  • 399e04b Merge pull request #1734 from pjbgf/fix-ci
  • 2025eae build: test, Fix build on Windows.
  • fb6806f Merge pull request #1732 from swills/find-hash-panic-fix-backport
  • 382530f plumbing: format/idxfile, prevent panic
  • See full diff in compare view

Updates github.com/open-policy-agent/opa from 1.10.1 to 1.12.1

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.12.1

This bug fix release reverts a change to regex.replace that unintentionally changed its behaviour for anchored regular expressions.

  • Revert "topdown: make regex.replace respect cancellation" (authored by @​srenatus)

v1.12.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

  • Support for String Interpolation in the Rego language
  • Faster compilation and runtime
  • Fixes published in the v1.11.1 release

String Interpolation (#4733)

The Rego language has been extended to support String Interpolation, which provides a readable means to compose strings containing dynamic values determined at evaluation time.

An interpolated string is composed of a template-string containing zero or more template-expressions that evaluates to a value at evaluation time. The $ character prefix identifies a template-string, and template-expressions are declared by being enclosed in curly-braces ({, }).

Additionally, undefined template-expression values don't halt evaluation; instead, <undefined> will be injected into the generated string.

package interpolation
allowed_roles := ["admin", "employee"]
default role := "guest"
role := input.role
deny contains $"User {input.username}'s role was '{role}', but must be one of {allowed_roles}" if {
not role in allowed_roles
}

{
  "deny": [
    "User <undefined>'s role was 'guest', but must be one of [\"admin\", \"employee\"]"
  ],
}

String interpolation is a more readable and less error-prone substitute for the sprintf built-in function.

Authored by @​johanfylling reported by @​anderseknert

[!TIP] Help us out!

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.12.1

This bug fix release reverts a change to regex.replace that unintentionally changed its behaviour for anchored regular expressions.

  • Revert "topdown: make regex.replace respect cancellation" (authored by @​srenatus)

1.12.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

  • Support for string interpolation in the Rego language
  • Faster compilation and runtime
  • Fixes published in the v1.11.1 release

String Interpolation (#4733)

The Rego language has been extended to support String Interpolation, which provides a readable means to compose strings containing dynamic values determined at evaluation time.

An interpolated string is composed of a template-string containing zero or more template-expressions that evaluates to a value at evaluation time. The $ character prefix identifies a template-string, and template-expressions are declared by being enclosed in curly-braces ({, }).

Additionally, undefined template-expression values don't halt evaluation; instead, <undefined> will be injected into the generated string.

package interpolation
allowed_roles := ["admin", "employee"]
default role := "guest"
role := input.role
deny contains $"User {input.username}'s role was '{role}', but must be one of {allowed_roles}" if {
not role in allowed_roles
}

{
  "deny": [
    "User <undefined>'s role was 'guest', but must be one of [\"admin\", \"employee\"]"
  ],
}

String interpolation is a more readable and less error-prone substitute for the sprintf built-in function.

Authored by @​johanfylling reported by @​anderseknert

Help us out!

... (truncated)

Commits
  • 92dd54d Release v1.12.1
  • fb09d24 Revert "topdown: make regex.replace respect cancellation"
  • d61ac38 Prepare v1.12.0 release (#8144)
  • 5a0dc47 Template string performance improvements and more (#8143)
  • f5c3743 perf: reduce allocations handling terms (#8116)
  • d80ffc4 website: Show playground errors
  • 7e1c361 oracle: Use typed targets for specific matchers (#8138)
  • 629cbd8 String interpolation docs (#8129)
  • 9c52121 ast/parser: avoid allocating slices for variadic options
  • c0df469 ast/parser: check if we need to unescape at all
  • Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.10.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

  • chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

🔥✍🏼 Docs

🍂 Refactors

🤗 New Contributors

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jan 1, 2026
@dependabot @charlieegan3
build(deps): bump the dependencies group with 4 updates
ac44906 
Bumps the dependencies group with 4 updates: [github.com/arl/statsviz](https://github.com/arl/statsviz), [github.com/go-git/go-git/v5](https://github.com/go-git/go-git), [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) and [github.com/spf13/cobra](https://github.com/spf13/cobra).


Updates `github.com/arl/statsviz` from 0.7.2 to 0.8.0
- [Changelog](https://github.com/arl/statsviz/blob/main/CHANGELOG.md)
- [Commits](arl/statsviz@v0.7.2...v0.8.0)

Updates `github.com/go-git/go-git/v5` from 5.16.3 to 5.16.4
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.16.3...v5.16.4)

Updates `github.com/open-policy-agent/opa` from 1.10.1 to 1.12.1
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](open-policy-agent/opa@v1.10.1...v1.12.1)

Updates `github.com/spf13/cobra` from 1.10.1 to 1.10.2
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](spf13/cobra@v1.10.1...v1.10.2)

---
updated-dependencies:
- dependency-name: github.com/arl/statsviz
  dependency-version: 0.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.16.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.12.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github.com/spf13/cobra
  dependency-version: 1.10.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@charlieegan3 charlieegan3 force-pushed the dependabot/go_modules/dependencies-039a3d7e24 branch from f7cb4b3 to ac44906 Compare January 5, 2026 16:59
@charlieegan3
Update expected number of bytes from module
2a68995 
Signed-off-by: Charlie Egan <charlie_egan@apple.com>
@charlieegan3
Correct violation range, other 1.12 updates
d7116cf 
- Bump OPA version badge from v1.10.1
- Fix column offset in use-strings-count

Signed-off-by: Charlie Egan <charlie_egan@apple.com>
@charlieegan3 charlieegan3 force-pushed the dependabot/go_modules/dependencies-039a3d7e24 branch from 1f4b36c to d7116cf Compare January 6, 2026 12:02
@charlieegan3 charlieegan3 enabled auto-merge (squash) January 6, 2026 12:16
srenatus
srenatus approved these changes Jan 6, 2026
View reviewed changes
Copy link
Contributor

@srenatus srenatus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thank you

internal/roast/encoding/module_test.go
@@ -223,8 +223,8 @@ func TestSerializedModuleSize(t *testing.T) {
// This test will fail whenever the size of the serialized module changes,
// which not often and when it happens it's good to know about it, update
// and move on.
Copy link
Contributor

@srenatus srenatus Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤔 Is the comment still valid? That is, was it good to know about this?

Copy link
Contributor

@charlieegan3 charlieegan3 Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I wondered the same thing tbh... it was a single char difference, but I guess there might be some other times when this is not expected...

@charlieegan3 charlieegan3 merged commit 9f09e6e into main Jan 6, 2026
8 checks passed
@charlieegan3 charlieegan3 deleted the dependabot/go_modules/dependencies-039a3d7e24 branch January 6, 2026 12:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@charlieegan3 charlieegan3 charlieegan3 left review comments

@srenatus srenatus srenatus approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@srenatus @charlieegan3