chore(deps): bump the common group with 6 updates

[dependabot]

Bumps the common group with 6 updates:

Package	From	To
github.com/antchfx/htmlquery	1.3.3	1.3.4
github.com/open-policy-agent/opa	0.70.0	1.0.0
google.golang.org/protobuf	1.36.0	1.36.1
k8s.io/utils	0.0.0-20240711033017-18e509b52bc8	0.0.0-20241104100929-3ea5e8cea738
modernc.org/sqlite	1.34.2	1.34.4

Updates github.com/antchfx/htmlquery from 1.3.3 to 1.3.4

Release notes

Sourced from github.com/antchfx/htmlquery's releases.

v1.3.4

Update packages:

• update golang.org/x/net from v0.7.0 to v0.33.0
• update github.com/antchfx/xpath from v1.3.2 to v1.3.3

Commits

• 8189c48 Bump golang.org/x/net from 0.7.0 to 0.33.0
• 23f943c update github.com/antchfx/xpath to v1.3.3
• See full diff in compare view

Updates github.com/open-policy-agent/opa from 0.70.0 to 1.0.0

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.0.0

NOTES:

• The minimum version of Go required to build the OPA module is 1.22

We are excited to announce OPA 1.0, a milestone release consolidating an improved developer experience for the future of Policy as Code. The release makes new functionality designed to simplify policy writing and improve the language's consistency the default.

Changes to Rego in OPA 1.0

Below we highlight some key changes to the defaults in OPA 1.0:

• Using if for all rule definitions and contains for multi-value rules is now mandatory, not just when using the rego.v1 import.
• Other new keywords (every, in) are available without any imports.
• Previously requirements that were only run in "strict mode" (like opa check --strict) are now the default. Duplicate imports and imports which shadow each other are no longer allowed.
• OPA 1.0 comes with a range of backwards compatibility features to aid your migrations, please see the v0 compatibility guide if you must continue to support v0 Rego.

Read more about the OPA 1.0 announcement here on our blog.

Following are other changes that are included in OPA 1.0.

Improvements to memory allocations

PRs #7172, #7190, #7193, #7165, #7168, #7191 & #7222 together improve the memory performance of OPA. Key strategies include reusing pointers and optimizing array and object operations, minimizing intermediate object creation, and using sync.Pool to manage memory-heavy operations. These changes cumulatively greatly reduced the number of allocations and improved evaluation speed by 10-20%. Additional benchmarks highlighted significant memory and speed improvements in custom function evaluation.

Authored by @​anderseknert.

Wrap http.RoundTripper for SDK users

PR #7180 adds an EvalHTTPRoundTrip EvalOption and query-level WithHTTPRoundTrip option. Both use a new function type which converts an http.Transport configured by topdown to an http.RoundTripper. This supports use cases requiring the customization of the http.send built in behavior.

Authored by @​evankanderson.

Improvements to scientific notation parsing in units.parse

PR #7147 extends the behaviour of extractNumAndUnit to support scientific notation values. This means values such as 1e3KB can now be handled by this function.

Authored by @​berdanA.

Support customized buckets bundle_loading_duration_ns metric

PR #7156 extends OPA’s Prometheus configuration to allow the setting of user defined buckets for metrics. This aids when debugging the loading of slow bundles.

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.0.0

NOTES:

• The minimum version of Go required to build the OPA module is 1.22

We are excited to announce OPA 1.0, a milestone release consolidating an improved developer experience for the future of Policy as Code. The release makes new functionality designed to simplify policy writing and improve the language's consistency the default.

Changes to Rego in OPA 1.0

Below we highlight some key changes to the defaults in OPA 1.0:

• Using if for all rule definitions and contains for multi-value rules is now mandatory, not just when using the rego.v1 import.
• Other new keywords (every, in) are available without any imports.
• Previously requirements that were only run in "strict mode" (like opa check --strict) are now the default. Duplicate imports and imports which shadow each other are no longer allowed.
• OPA 1.0 comes with a range of backwards compatibility features to aid your migrations, please see the v0 compatibility guide if you must continue to support v0 Rego.

Read more about the OPA 1.0 announcement on the OPA blog.

Following are other changes that are included in OPA 1.0.

Improvements to memory allocations

PRs #7172, #7190, #7193, #7165, #7168, #7191 & #7222 together improve the memory performance of OPA. Key strategies include reusing pointers and optimizing array and object operations, minimizing intermediate object creation, and using sync.Pool to manage memory-heavy operations. These changes cumulatively greatly reduced the number of allocations and improved evaluation speed by 10-20%. Additional benchmarks highlighted significant memory and speed improvements in custom function evaluation.

Authored by @​anderseknert.

Wrap http.RoundTripper for SDK users

PR #7180 adds an EvalHTTPRoundTrip EvalOption and query-level WithHTTPRoundTrip option. Both use a new function type which converts an http.Transport configured by topdown to an http.RoundTripper. This supports use cases requiring the customization of the http.send built in behavior.

Authored by @​evankanderson.

Improvements to scientific notation parsing in units.parse

PR #7147 extends the behaviour of extractNumAndUnit to support scientific notation values. This means values such as 1e3KB can now be handled by this function.

Authored by @​berdanA.

... (truncated)

Commits

• 00cc7ae Prepare v1.0.0 release
• 94118ac docs/website/scripts: Control eval behavior via the rego.v1 import rather tha...
• bb10c56 docs/website/scripts: Eval pre-1.0 policies in v0 compatibility mode
• c91c895 go.mod: require go 1.22.7
• b8a1376 build(deps): bump the go-opentelemetry-io group with 6 updates (#7217)
• a190ea3 Fixing optimized numbers.range builtin reversed range bug (#7230)
• 9a7d920 Update docs and server binding addr per OPA v1.0 specs (#7140)
• c5757a5 build(deps): bump google.golang.org/grpc from 1.69.0 to 1.69.2
• c97b640 build(deps): bump golang.org/x/net from 0.32.0 to 0.33.0
• 50b5ee5 Reduce allocations, chapter III (#7222)
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.0 to 1.36.1

Updates k8s.io/utils from 0.0.0-20240711033017-18e509b52bc8 to 0.0.0-20241104100929-3ea5e8cea738

Commits

• See full diff in compare view

Updates modernc.org/sqlite from 1.34.2 to 1.34.4

Commits

• d3e8a66 retract v1.34.3
• 1fcc86e fix accidentaly broken openbsd/amd64 build
• 7f15e6e linux/arm64: patch libc bug at runtime, updates #199
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[knqyf263]

@nikpivkin Thanks for your fix. Do you know how to let Dependabot downgrade it? I found that we also needed to update the PR description.

[nikpivkin]

@knqyf263 There doesn't seem to be a way to force dependabot to update the description.

[knqyf263]

OK, thanks. Can you update the description manually?

[nikpivkin]

@knqyf263 done