Skip to content

chore: bump the all-go-mod group with 3 updates#159

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/all-go-mod-ffe678d213
Open

chore: bump the all-go-mod group with 3 updates#159
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/all-go-mod-ffe678d213

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026

Bumps the all-go-mod group with 3 updates: github.com/mark3labs/mcp-go, github.com/open-policy-agent/opa and github.com/spiffe/go-spiffe/v2.

Updates github.com/mark3labs/mcp-go from 0.43.2 to 0.54.1

Release notes

Sourced from github.com/mark3labs/mcp-go's releases.

Release v0.54.1

No release notes provided.

Release v0.54.0

What's Changed

New Contributors

Full Changelog: mark3labs/mcp-go@v0.53.0...v0.54.0

Release v0.53.0

What's Changed

New Contributors

Full Changelog: mark3labs/mcp-go@v0.52.0...v0.53.0

Release v0.52.0

What's Changed

Full Changelog: mark3labs/mcp-go@v0.51.0...v0.52.0

Release v0.51.0

... (truncated)

Commits
  • 481f056 fix(tools): print errors to stderr for invalid jsonschema tags (#894)
  • 6e7859c perf(mcp): reduce content unmarshal allocations (#890)
  • 018f190 Add Title and Size to ResourceLink (match Resource / spec) (#887)
  • ca26738 cleanup
  • 76ea91b refactor(server): collapse client-info and writeJSONRPCError duplication (#886)
  • fac90b6 fmt
  • b817eff feat(mcp): add BaseMetadata.title, Icon.theme, Resource.size (#870) (#885)
  • 602478c fix: add panic recovery to session hook goroutines (#883)
  • 14ddeb3 feat: add OpenTelemetry tracing hooks to server and client (#856)
  • 3f8fc8e fix: add panic recovery to task goroutines, fix cleanup goroutine leak (#880)
  • Additional commits viewable in compare view

Updates github.com/open-policy-agent/opa from 1.13.1 to 1.17.0

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.17.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

  • A new future.keywords.not import that adds improved semantics to the not keyword.
  • Rule Labels in Decision Logs
  • Published json schema for IR and bundle manifest
  • Dropped automaxprocs and x/net dependencies

Improved Negation Semantics (#8387)

This OPA release introduces a new future.keywords.not import that fixes a long-standing semantic issue with negation in Rego.

Without the import, the compiler expands a negated composite expression like not f(g(input.x)) into a series of sub-expressions evaluated before the not:

__local0__ = input.x
g(__local0__, __local1__)
not f(__local1__)

If any sub-expression fails — for example, input.x is undefined or g produces an undefined result — the entire rule fails rather than the not succeeding. This is unintuitive: the user's intent is "the condition does not hold," but an undefined intermediate value causes a silent failure instead of the expected not result.

With import future.keywords.not, composite-expression negation wraps the full compiler expansion in an implicit body:

not { __local0__ = input.x; g(__local0__, __local1__); f(__local1__) }

Now, if any sub-expression is undefined or fails, the body is unsatisfiable and the not expression succeeds; matching the intuition that "the condition does not hold."

NOTE:

Users are recommended to import future.keywords.not whenever the not keyword is used in a policy.

Authored by @​johanfylling

Rule Labels in Decision Logs (#2089)

Rule annotations now support a labels field. Labels from all successfully evaluated rules are collected and included in each decision log entry as a top-level rule_labels array. Each element is the merged label map for one successfully evaluated rule, with

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.17.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

  • A new future.keywords.not import that adds improved semantics to the not keyword.
  • Rule Labels in Decision Logs
  • Published json schema for IR and bundle manifest
  • Dropped automaxprocs and x/net dependencies

Improved Negation Semantics (#8387)

This OPA release introduces a new future.keywords.not import that fixes a long-standing semantic issue with negation in Rego.

Without the import, the compiler expands a negated composite expression like not f(g(input.x)) into a series of sub-expressions evaluated before the not:

__local0__ = input.x
g(__local0__, __local1__)
not f(__local1__)

If any sub-expression fails — for example, input.x is undefined or g produces an undefined result — the entire rule fails rather than the not succeeding. This is unintuitive: the user's intent is "the condition does not hold," but an undefined intermediate value causes a silent failure instead of the expected not result.

With import future.keywords.not, composite-expression negation wraps the full compiler expansion in an implicit body:

not { __local0__ = input.x; g(__local0__, __local1__); f(__local1__) }

Now, if any sub-expression is undefined or fails, the body is unsatisfiable and the not expression succeeds; matching the intuition that "the condition does not hold."

NOTE:

Users are recommended to import future.keywords.not whenever the not keyword is used in a policy.

Authored by @​johanfylling

Rule Labels in Decision Logs (#2089)

Rule annotations now support a labels field. Labels from all successfully evaluated rules are collected and included in each decision log entry as a top-level rule_labels

... (truncated)

Commits
  • 64a3625 Release v1.17.0 (#8710)
  • 68c9de5 benchmarks: tweak per-PR benchmark regression check based on pr-check
  • 7fe3066 server: remove dead code (s.partials) (#8708)
  • 37830be ast,storage/inmem: Add inmem.NewFromASTObject and add missing string case t...
  • 1661f22 ast: add some schema $ref tests
  • 3e22f56 benchmarks: only run for go changes
  • 13aaeab benchmarks: move env vars, remove zizmor-ignore comment
  • 93e1708 benchmarks: fix PR message, skip tests
  • 4ce3991 benchmarks: use go tool machinery, add benchstat
  • 41df8df benchmarks: use benchlab for per-PR feedback
  • Additional commits viewable in compare view

Updates github.com/spiffe/go-spiffe/v2 from 2.6.0 to 2.7.0

Release notes

Sourced from github.com/spiffe/go-spiffe/v2's releases.

v2.7.0

Added

  • Experimental support for WIT-SVIDs, including the new exp/svid/witsvid and exp/bundle/witbundle packages and Workload API client support for fetching and watching WIT-SVIDs and WIT bundles (#385, #391)

Changed

  • X509-SVID verification now rejects leaf certificates with a SPIFFE ID that has a root path (#375)
  • Other dependency updates.
Changelog

Sourced from github.com/spiffe/go-spiffe/v2's changelog.

[2.7.0] - 2026-06-03

Added

  • Experimental support for WIT-SVIDs, including the new exp/svid/witsvid and exp/bundle/witbundle packages and Workload API client support for fetching and watching WIT-SVIDs and WIT bundles (#385, #391)

Changed

  • X509-SVID verification now rejects leaf certificates with a SPIFFE ID that has a root path (#375)
  • Other dependency updates.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore: bump the all-go-mod group with 3 updates
bd2f98a 
Bumps the all-go-mod group with 3 updates: [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go), [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) and [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe).


Updates `github.com/mark3labs/mcp-go` from 0.43.2 to 0.54.1
- [Release notes](https://github.com/mark3labs/mcp-go/releases)
- [Commits](mark3labs/mcp-go@v0.43.2...v0.54.1)

Updates `github.com/open-policy-agent/opa` from 1.13.1 to 1.17.0
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](open-policy-agent/opa@v1.13.1...v1.17.0)

Updates `github.com/spiffe/go-spiffe/v2` from 2.6.0 to 2.7.0
- [Release notes](https://github.com/spiffe/go-spiffe/releases)
- [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md)
- [Commits](spiffe/go-spiffe@v2.6.0...v2.7.0)

---
updated-dependencies:
- dependency-name: github.com/mark3labs/mcp-go
  dependency-version: 0.54.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-go-mod
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-go-mod
- dependency-name: github.com/spiffe/go-spiffe/v2
  dependency-version: 2.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-go-mod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants