chore(deps): bump the common group across 1 directory with 7 updates

[dependabot]

Bumps the common group with 6 updates in the / directory:

Package	From	To
github.com/CycloneDX/cyclonedx-go	0.9.2	0.9.3
github.com/go-git/go-git/v5	5.16.2	5.16.3
github.com/open-policy-agent/opa	1.8.0	1.9.0
github.com/quasilyte/go-ruleguard/dsl	0.3.22	0.3.23
google.golang.org/protobuf	1.36.9	1.36.10
k8s.io/api	0.34.0	0.34.1

Updates github.com/CycloneDX/cyclonedx-go from 0.9.2 to 0.9.3

Release notes

Sourced from github.com/CycloneDX/cyclonedx-go's releases.

v0.9.3

Changelog

Fixes

• 6636ce32f8b15a5104fda6636937e91d62d647e7: fix: .component.data was not a slice as per CycloneDX schema #242 (@​madpah)
• 3e0f245f7b936eb38e16d0518a2a0020c0d69223: fix: add missing properties (@​rdghe)

Building and Packaging

• 24c8c33dd36390754b63f9ab056b2bf62b1eb70f: build(deps): bump actions/setup-go from 5.2.0 to 5.4.0 (@​dependabot[bot])
• 5fcf097fbdcedb6832989d0a74195f0698b48de8: build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 (@​dependabot[bot])
• edea8aedbc8467a478ac4b11d587c9bdff68f0dd: build(deps): bump apache/skywalking-eyes from 0.6.0 to 0.7.0 (@​dependabot[bot])
• f32eebc413c71327df4fd6f264aa9f22e6e8cce1: build(deps): bump gitpod/workspace-go from 4702df2 to 8985eb7 (@​dependabot[bot])
• 7fdaa7fc2b0fe25ff5eb17d57bede84131415674: build(deps): bump gitpod/workspace-go from 6932342 to 4702df2 (@​dependabot[bot])
• d62ea3cd450cbd3aebcbf9a50c8d12b2e4187b13: build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 (@​dependabot[bot])
• 4709461dea7961fbd824e433b3c68217ff856122: build(deps): bump goreleaser/goreleaser-action from 6.1.0 to 6.3.0 (@​dependabot[bot])

Commits

• 72e4629 Merge pull request #243 from madpah/fix/component-data-schema
• 6636ce3 fix: .component.data was not a slice as per CycloneDX schema #242
• a39bf6b Merge pull request #232 from CycloneDX/dependabot/github_actions/actions/setu...
• cff8cd5 Merge pull request #233 from CycloneDX/dependabot/docker/gitpod/workspace-go-...
• 6a93b76 Merge pull request #234 from rdghe/fix/add-missing-properties
• 3e0f245 fix: add missing properties
• f32eebc build(deps): bump gitpod/workspace-go from 4702df2 to 8985eb7
• 5fcf097 build(deps): bump actions/setup-go from 5.4.0 to 5.5.0
• 75427c8 Merge pull request #222 from CycloneDX/dependabot/docker/gitpod/workspace-go-...
• 551624d Merge pull request #217 from CycloneDX/dependabot/github_actions/apache/skywa...
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.16.2 to 5.16.3

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.3

What's Changed

• internal: Expand regex to fix build [5.x] by @​baloo in go-git/go-git#1644
• build: raise timeouts for windows CI tests and disable CIFuzz [5.x] by @​baloo in go-git/go-git#1646
• plumbing: support commits extra headers, support jujutsu signed commit [5.x] by @​baloo in go-git/go-git#1633

Full Changelog: go-git/go-git@v5.16.2...v5.16.3

Commits

• ad9a3a5 Merge pull request #1633 from baloo/baloo/release-5.x/jj-signed-commits
• f2c3467 plumbing: support extra headers, support jujutsu signed commit [5.x]
• c12263d Merge pull request #1646 from baloo/baloo/release-5.x/fixup-windows-ci
• 111f374 build: disable fuzzing on maintenance branch
• 15d46ce build: raise timeouts for windows CI tests
• ce83ba1 Merge pull request #1644 from baloo/baloo/release-5.x/fixup-build
• b486201 internal: Expand regex to fix build
• See full diff in compare view

Updates github.com/open-policy-agent/opa from 1.8.0 to 1.9.0

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.9.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

• Compile API extensions ported from EOPA
• Improved rule indexing

Compile Rego Queries Into SQL Filters (#7887)

Compile API extensions with support for SQL filter generation previously exclusive to EOPA has been ported into OPA.

Example

With OPA running with this policy, we'll compile the query data.filters.include into SQL filters:

package filters
METADATA
scope: document
compile:
unknowns: [input.fruits]
include if input.fruits.name == input.favorite

Example Request

POST /v1/compile/filters/include HTTP/1.1
Content-Type: application/json
Accept: application/vnd.opa.sql.postgresql+json

{
  "input": {
    "favorite": "pineapple"
  }
}

Example Response

HTTP/1.1 200 OK
Content-Type: application/vnd.opa.sql.postgresql+json

{
  "result": {
    "query": "WHERE fruits.name = E'pineapple'"
  }
</tr></table> 

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.9.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

• Compile API extensions ported from EOPA
• Improved rule indexing

Compile Rego Queries Into SQL Filters (#7887)

Compile API extensions with support for SQL filter generation previously exclusive to EOPA has been ported into OPA.

Example

With OPA running with this policy, we'll compile the query data.filters.include into SQL filters:

package filters
METADATA
scope: document
compile:
unknowns: [input.fruits]
include if input.fruits.name == input.favorite

Example Request

POST /v1/compile/filters/include HTTP/1.1
Content-Type: application/json
Accept: application/vnd.opa.sql.postgresql+json

{
  "input": {
    "favorite": "pineapple"
  }
}

Example Response

HTTP/1.1 200 OK
Content-Type: application/vnd.opa.sql.postgresql+json

{
  "result": {
    "query": "WHERE fruits.name = E'pineapple'"
</tr></table> 

... (truncated)

Commits

• c49e670 Prepare v1.9.0 release (#7940)
• 3738431 rego: Add comprehensive WASM performance benchmarks (#7841)
• e35e9a8 build(deps): bump the gha-dependencies group with 5 updates
• 85a0e2a Compile API: switch to compile annotation key (#7936)
• 9c1cf16 build(deps): bump the go-opentelemetry-io group across 1 directory with 7 upd...
• c24ad37 plugin/decision: encoder return event same size as limit immediately (#7928)
• 162edff docs: Add Style Guide to policy authoring docs (#7932)
• 008c9da docs: Update references to cheat sheet and awesome-opa (#7930)
• 1e999ec plugin/decision: correctly reconfigure limit based on buffer type (#7926)
• d3d014d build(deps): bump the dependencies group across 2 directories with 12 updates
• Additional commits viewable in compare view

Updates github.com/quasilyte/go-ruleguard/dsl from 0.3.22 to 0.3.23

Commits

• 53ee6ef make Import() function more module-aware with v%d support
• 7513f50 add ImportAs method
• 5757289 fix: update min Go version (#481)
• fbdfc93 Bump x/tools v0.30.0 (#484)
• 0fe6f58 chore: fix CI ang go1.22 support (#479)
• 5a36c24 support alias types in typeIdentical() (#478)
• 173c282 build(deps): bump toolmantim/release-drafter from 5.25.0 to 6.0.0 (#470)
• 51cece5 Fix for Go 1.22 (#473)
• 9a00b21 build(deps): bump golang.org/x/tools from 0.14.0 to 0.17.0 (#469)
• d18bf0f build(deps): bump toolmantim/release-drafter from 5.12.1 to 5.25.0 (#463)
• Additional commits viewable in compare view

Updates github.com/sirupsen/logrus from 1.9.3 to 1.9.4-0.20230606125235-dd1b4c2e81af

Commits

• See full diff in compare view

Updates google.golang.org/protobuf from 1.36.9 to 1.36.10

Updates k8s.io/api from 0.34.0 to 0.34.1

Commits

• 77c9e29 Update dependencies to v0.34.1 tag
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions