Now
MAIN commitmail json YAML
pkgsrc/devel/opa/Makefile@1.10
/
diff
pkgsrc/devel/opa/distinfo@1.5 / diff
pkgsrc/devel/opa/go-modules.mk@1.5 / diff
pkgsrc/devel/opa/distinfo@1.5 / diff
pkgsrc/devel/opa/go-modules.mk@1.5 / diff
opa: Update to 0.44.0
Changes:
## 0.44.0
This release contains a number of fixes, two new builtins, a few new features,
and several performance improvements.
### Security Fixes
This release includes the security fixes present in the recent v0.43.1 release,
which mitigate CVE-2022-36085.
See the Release Notes for v0.43.1 for more details.
### Set Element Addition Optimization
Rego Set element addition operations did not scale linearly in the
past, and like the Object type before v0.43.0, experienced noticeable
reallocation/memory movement overheads once the Set grew past 120k-150k
elements in size.
This release introduces different handling of Set internals during element
addition operations to avoid pathological reallocation behavior, and allows
linear performance scaling up into the 500k key range and beyond.
### Set `union` Built-in Optimization
The Set `union` builtin allows applying the union operation to a set of sets.
However, as discovered in
<https://github.com/open-policy-agent/opa/issues/4979>, its
implementation generated unnecessary intermediate copies, which
resulted in poor performance; in many cases, worse than writing the
equivalent operation in pure Rego.
This release improves the `union` builtin's implementation, such that
only the final result set is ever modified, reducing memory allocations
and GC pressure. The `union` builtin is now about 15-30% faster than
the equivalent operation in pure Rego.
### New Built-in Functions: `strings.any_prefix_match` and `strings.any_suffix_match`
This release introduces two new builtins, optimized for bulk matching of string
prefixes and suffixes: `strings.any_prefix_match`, and
`strings.any_suffix_match`.
It works with sets and arrays of strings, allowing efficient matching of
collections of prefixes or suffixes against a target string.
See the built-in functions docs for all the details:
<https://www.openpolicyagent.org/docs/v0.42.0/policy-reference/#builtin-strings-stringsany_prefix_match>
## 0.43.1
This is a security release fixing the following vulnerabilities:
- CVE-2022-36085: Respect unsafeBuiltinMap for 'with' replacements in the compiler
See <https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr>
for all details.
Changes:
## 0.44.0
This release contains a number of fixes, two new builtins, a few new features,
and several performance improvements.
### Security Fixes
This release includes the security fixes present in the recent v0.43.1 release,
which mitigate CVE-2022-36085.
See the Release Notes for v0.43.1 for more details.
### Set Element Addition Optimization
Rego Set element addition operations did not scale linearly in the
past, and like the Object type before v0.43.0, experienced noticeable
reallocation/memory movement overheads once the Set grew past 120k-150k
elements in size.
This release introduces different handling of Set internals during element
addition operations to avoid pathological reallocation behavior, and allows
linear performance scaling up into the 500k key range and beyond.
### Set `union` Built-in Optimization
The Set `union` builtin allows applying the union operation to a set of sets.
However, as discovered in
<https://github.com/open-policy-agent/opa/issues/4979>, its
implementation generated unnecessary intermediate copies, which
resulted in poor performance; in many cases, worse than writing the
equivalent operation in pure Rego.
This release improves the `union` builtin's implementation, such that
only the final result set is ever modified, reducing memory allocations
and GC pressure. The `union` builtin is now about 15-30% faster than
the equivalent operation in pure Rego.
### New Built-in Functions: `strings.any_prefix_match` and `strings.any_suffix_match`
This release introduces two new builtins, optimized for bulk matching of string
prefixes and suffixes: `strings.any_prefix_match`, and
`strings.any_suffix_match`.
It works with sets and arrays of strings, allowing efficient matching of
collections of prefixes or suffixes against a target string.
See the built-in functions docs for all the details:
<https://www.openpolicyagent.org/docs/v0.42.0/policy-reference/#builtin-strings-stringsany_prefix_match>
## 0.43.1
This is a security release fixing the following vulnerabilities:
- CVE-2022-36085: Respect unsafeBuiltinMap for 'with' replacements in the compiler
See <https://github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr>
for all details.