v0.13.0

Compare Source

• bigquery: UseLegacySQL options for CreateTable and QueryConfig. Use these
  options to continue using Legacy SQL after the client switches its default
  to Standard SQL.

• bigquery: Support for updating dataset labels.

• bigquery: Set DatasetIterator.ProjectID to list datasets in a project other
  than the client's. DatasetsInProject is no longer needed and is deprecated.

• bigtable: Fail ListInstances when any zones fail.

• spanner: support decoding of slices of basic types (e.g. []string, []int64,
  etc.)

• logging/logadmin: UpdateSink no longer creates a sink if it is missing
  (actually a change to the underlying service, not the client)

• profiler: Service and ServiceVersion replace Target in Config.

v0.12.0

Compare Source

• pubsub: Subscription.Receive now uses streaming pull.

• pubsub: add Client.TopicInProject to access topics in a different project
  than the client.

• errors: renamed errorreporting. The errors package will be removed shortly.

• datastore: improved retry behavior.

• bigquery: support updates to dataset metadata, with etags.

• bigquery: add etag support to Table.Update (BREAKING: etag argument added).

• bigquery: generate all job IDs on the client.

• storage: support bucket lifecycle configurations.

v0.17.0

Compare Source

What's Changed

• Change the CommandStep and Plugins processing to allow control characters by @​CerealBoy in #​72

Full Changelog: buildkite/go-pipeline@v0.16.0...v0.17.0

v0.9.7

Compare Source

What's Changed

• update to go1.26.3
• ci: update zizmore action to v1.7.1

Full Changelog: docker/docker-credential-helpers@v0.9.6...v0.9.7

v1.10.1

Compare Source

Changes and fixes

• inotify: don't remove sibling watches sharing a path prefix (#​754)

• inotify, windows: don't rename sibling watches sharing a path prefix
  (#​755)

v1.10.0

Compare Source

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#​731)

• inotify: send Rename event if recursive watch is renamed (#​696)

• inotify: avoid copying event buffers when reading names (#​741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#​748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#​740)

• windows: fix nil pointer dereference in remWatch (#​736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#​709, #​749)

v0.29.5

Compare Source

0.29.5 - 2026-05-04

Full Changelog: go-openapi/runtime@v0.29.4...v0.29.5

10 commits in this release.

Implemented enhancements

• feat(client): prefer multipart and support url-encoded file uploads by @​fredbi in #​428 ...

Fixed bugs

• fix(statuses): align http status text with current standard by @​fredbi in #​427 ...
• fix(validation): match content-type with MIME parameters by @​fredbi in #​426 ...
• fix(auth): detect nil interface vs nil interface by @​fredbi in #​425 ...
• fix: handle literal colons in URL paths for denco router by @​KuaaMU in #​422 ...

Documentation

• doc: aligned docs with org-level docs by @​fredbi in #​424 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #​423 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #​420 ...

Miscellaneous tasks

• chore: prepare release v0.29.5 by @​bot-go-openapi[bot] in #​429 ...

Updates

• build(deps): bump the go-openapi-dependencies group across 2 directories with 3 updates by @​dependabot[bot] in #​421 ...

People who contributed to this release

• @​KuaaMU
• @​fredbi

New Contributors

• @​KuaaMU made their first contribution
  in #​422

runtime license terms

Per-module changes

client-middleware/opentracing (0.29.5)

Fixed bugs

• fix(auth): detect nil interface vs nil interface by @​fredbi in #​425 ...

Miscellaneous tasks

• chore: prepare release v0.29.5 by @​bot-go-openapi[bot] in #​429 ...

Updates

• build(deps): bump the go-openapi-dependencies group across 2 directories with 3 updates by @​dependabot[bot] in #​421 ...

v0.26.2

Compare Source

0.26.2 - 2026-04-29

Full Changelog: go-openapi/strfmt@v0.26.1...v0.26.2

13 commits in this release.

Documentation

• doc: aligned docs with org-wide documentation. by @​fredbi in #​247 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #​239 ...
• doc: add portable agentic instructions by @​fredbi in #​236 ...
• doc: added portable agentic instructions by @​fredbi in #​235 ...

Performance

• perf(duration): faster and stricter ParseDuration. by @​fredbi in #​246 ...

Miscellaneous tasks

• chore: prepare release v0.26.2 by @​bot-go-openapi[bot] in #​248 ...
• chore: bump go directive to 1.25.0 by @​fredbi in #​237 ...

Updates

• build(deps): bump the other-dependencies group across 2 directories with 2 updates by @​dependabot[bot] in #​245 ...
• build(deps): bump the development-dependencies group with 8 updates by @​dependabot[bot] in #​242 ...
• build(deps): bump golang.org/x/net from 0.52.0 to 0.53.0 in the golang-org-dependencies group across 1 directory by @​dependabot[bot] in #​241 ...
• build(deps): bump github.com/jackc/pgx/v5 from 5.8.0 to 5.9.1 in /internal/testintegration in the other-dependencies group across 1 directory by @​dependabot[bot] in #​240 ...
• build(deps): bump the go-openapi-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #​238 ...
• build(deps): bump golang.org/x/net from 0.50.0 to 0.52.0 in the golang-org-dependencies group across 1 directory by @​dependabot[bot] in #​228 ...

People who contributed to this release

• @​fredbi

strfmt license terms

Per-module changes

enable/mongodb (0.26.2)

Miscellaneous tasks

• chore: prepare release v0.26.2 by @​bot-go-openapi[bot] in #​248 ...
• chore: bump go directive to 1.25.0 by @​fredbi in #​237 ...

Updates

• build(deps): bump the other-dependencies group across 2 directories with 2 updates by @​dependabot[bot] in #​245 ...

internal/testintegration (0.26.2)

Miscellaneous tasks

• chore: prepare release v0.26.2 by @​bot-go-openapi[bot] in #​248 ...
• chore: bump go directive to 1.25.0 by @​fredbi in #​237 ...

Updates

• build(deps): bump the other-dependencies group across 2 directories with 2 updates by @​dependabot[bot] in #​245 ...
• build(deps): bump golang.org/x/net from 0.52.0 to 0.53.0 in the golang-org-dependencies group across 1 directory by @​dependabot[bot] in #​241 ...
• build(deps): bump github.com/jackc/pgx/v5 from 5.8.0 to 5.9.1 in /internal/testintegration in the other-dependencies group across 1 directory by @​dependabot[bot] in #​240 ...
• build(deps): bump the go-openapi-dependencies group across 2 directories with 1 update by @​dependabot[bot] in #​238 ...
• build(deps): bump golang.org/x/net from 0.50.0 to 0.52.0 in the golang-org-dependencies group across 1 directory by @​dependabot[bot] in #​228 ...

v0.11.0

Compare Source

What's Changed

• chore(deps): bump the all group with 2 updates by @​dependabot[bot] in #​453
• chore(deps): bump the all group across 1 directory with 2 updates by @​dependabot[bot] in #​452
• chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 by @​dependabot[bot] in #​457
• chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by @​dependabot[bot] in #​459
• match: Replace ^ with ! for negation in character classes by @​adityasaky in #​462

Full Changelog: in-toto/in-toto-golang@v0.10.0...v0.11.0

v1.18.6

Compare Source

What's Changed

• s2: Fix amd64 stack frame corruption by @​klauspost in #​1145
• gzhttp: Canonicalize ETag header by @​justinmayhew in #​1139
• perf: pool hash tables in Go encode paths to reduce allocations by @​huynhanx03 in #​1143

New Contributors

• @​justinmayhew made their first contribution in #​1139
• @​huynhanx03 made their first contribution in #​1143
• @​thaJeztah made their first contribution in #​1144

Full Changelog: klauspost/compress@v1.18.5...v1.18.6

v0.20260504.0

Compare Source

What's Changed

• Replace docker/login-action with inline docker login by @​inahga in #​8694
• Update draft-ietf-acme-dns-persist-00 support to 01 by @​beautifulentropy in #​8725
• cert-checker: remove use of SelectNullInt by @​jsha in #​8734
• Remove dead code from integration/ari_test.go by @​aarongable in #​8729
• Remove deprecated Active bool config by @​mcpherrinm in #​8741
• build(deps): bump actions/github-script from 8 to 9 by @​dependabot[bot] in #​8742
• Immediately replace a failed CT submission by @​mcpherrinm in #​8737
• Replace CA-enforcement for MaxNames with Custom Lint by @​ezekiel in #​8739
• build(deps): bump go.opentelemetry.io/otel from 1.40.0 to 1.41.0 by @​dependabot[bot] in #​8735
• when GOMEMLIMIT is set, write profiles by @​jsha in #​8743

Full Changelog: letsencrypt/boulder@v0.20260428.0...v0.20260504.0

v0.20260428.0

Compare Source

What's Changed

• Supply authz ID in CAA rechecks by @​aarongable in #​8730
• Update go.mod to go1.26 by @​aarongable in #​8727
• db: remove IsNoRows by @​jsha in #​8733
• db: remove MockSQLExecutor by @​jsha in #​8731
• Add gauges for CRL size in bytes and num entries by @​aarongable in #​8720
• ca: rand.Read is infallible by @​jsha in #​8736
• sa: deprecate parallelismPerRPC by @​jsha in #​8728
• sa: check for sql.ErrNoRows on Get() by @​jsha in #​8732

Full Changelog: letsencrypt/boulder@v0.20260420.0...v0.20260428.0

v1.16.1

Compare Source

This is a patch release addressing a regression in the plugin manager that may cause the service to hang on shutdown (#​8590).

v1.16.0

Compare Source

[!WARNING]

A regression has been found in the plugin manager, which may cause the service to hang on shutdown.
Users are advised to go directly to v1.16.1.

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

• New uri.parse and uri.is_valid built-in functions
• Data API Request/Response Metadata
• Prometheus metrics exported via OTLP
• Formatter improvements

NOTE:

In v1.15.x, OPA was dropping logs for bundle downloads, print() calls and other plugin-originated logs.
Users are advised to update, v1.16.0 fixes this bug in (#​8544).

New uri.parse and uri.is_valid built-in functions (#​8263)

Two new built-in functions have been added: uri.parse for parsing a given URI, and uri.is_valid for verifying the structure of a given URI.

uri.parse

Parses a URI and returns an object containing its components according to RFC 3986. Empty components are omitted.

package example

test_uri if {
	uri.parse("https://example.com:8080/api?q=1#top") == {
		"scheme": "https",
		"hostname": "example.com",
		"port": "8080",
		"path": "/api",
		"raw_path": "/api",
		"raw_query": "q=1",
		"fragment": "top",
	}
}

uri.is_valid

Returns true if the input can be parsed as a URI, false otherwise.

package example

deny contains "invalid URI" if {
    not uri.is_valid("http://[invalid")
}

Authored by @​charlieegan3 reported by @​anivar

Data API Request/Response Metadata (#​8570)

Wrapping projects can now attach custom metadata to Data API requests and have evaluation produce response metadata.

Two distinct metadata paths are introduced:

• Request metadata: parsed from extra top-level keys in the request body, made available to builtins via BuiltinContext.RequestMetadata. Logged in the decision log under Custom["request_metadata"].

• Response metadata: a separate map (BuiltinContext.ResponseMetadata) that builtins can populate during evaluation. Only included in the API response and decision log if non-empty.

In vanilla OPA, no builtins write response metadata, so responses are unchanged. The request metadata map is only allocated when the request carries extra fields; the response map is one empty map per request.

To avoid conflicts with future OPA top-level keys, callers should use a namespaced key: {"input": {...}, "com.example.opa/md": {...}}.

Request with metadata:

curl -H 'Content-Type: application/json' \
  -d '{"input": {"user": "alice"}, "com.example.opa/metadata": {"corp-id": "acme-42"}}' \
  http://localhost:8181/v1/data/example/allow

Response (response metadata included if, for example, set by a custom builtin):

{
  "decision_id": "04789f85-de5a-477b-8aa5-6d59d7742135",
  "result": true,
  "com.example.opa/response": {
    "snapshot_version": "v3"
  }
}

Decision log entry:

{
  "custom": {
    "request_metadata": {
      "com.example.opa/metadata": {
        "corp-id": "acme-42"
      }
    },
    "response_metadata": {
      "com.example.opa/response": {
        "snapshot_version": "v3"
      }
    }
  },
  "decision_id": "04789f85-de5a-477b-8aa5-6d59d7742135",
  "input": { "user": "alice" },
  "msg": "Decision Log",
  "path": "example/allow",
  "result": true
}

Authored by @​srenatus

Runtime, SDK, Tooling

• distributedtracing: Export Prometheus metrics via OTLP (#​7591) reported and authored by @​Munken
• cmd,tester: Update opa test to stream test case results (#​3676) authored by @​sspaink reported by @​tsandall
• cmd,tester: Show full errors when test fails and using --coverage (#​8438) authored by @​grosser
• format: Add new line between METADATA blocks (#​8483) authored by @​sspaink
• format: Allow indenting all withs in expression (#​8508) authored by @​anderseknert
• format: Fix dropping comments after handling unexpectedCommentError (#​8553) authored by @​sspaink
• format: Preserve location of trailing comments inside every body (#​8558) authored by @​johanfylling
• format: Prevent opa fmt from formatting single attribute objects with comments (#​7565) authored by @​sspaink reported by @​anderseknert
• logging: Keep forwarding from BufferedLogger after Flush() (#​8544) authored by @​srenatus reported by @​annieyhuang
• plugins/logs: Fix logBuffer eviction loop only dropping one element (#​8543) authored by @​sspaink
• plugins/logs: Fix out-of-order plugin status notifications (#​8009) authored by @​sspaink reported by @​Pushpalanka
• plugins/rest: Carry over all of *tls.Config (#​8473) authored by @​srenatus reported by @​ashu2496
• server: Drop HTML index page query form (#​8477) authored by @​johanfylling reported by @​srenatus and @​r0binak
• server: Skip chmod for abstract Unix domain sockets (#​8536) authored by @​bakayolo
• storage/inmem: Avoid allocations from Read() in MakeDir() (#​8561) authored by @​srenatus
• tester: Add method to match tests by ref prefixes (#​6696) authored by @​anderseknert
  Note: Experimental.

Compiler, Topdown and Rego

• ast: Allow Back-to-back metadata blocks (#​8482) authored by @​sspaink reported by @​johanfylling
• ast: Catch functions in dynamic extent of ref head rule (#​8461) authored by @​srenatus reported by @​johanfylling
• ast: Fix parenthesis in String() of {obj,arr,set} comprehensions (#​8511) authored by @​srenatus
• ast: Fix parsing of unary - in front of a ref (#​5014) authored by @​mmzzuu reported by @​philipaconrad
• ast: Fix type checker match error for objects with set keys (#​6260) authored by @​sspaink reported by @​tsandall
• ast: Fix type checker to recognize numeric index in generated map (#​6736) authored by @​sspaink reported by @​anderseknert
• ast: Handle underdetermined function args (#​5234) authored by @​sspaink reported by @​obataku
• ast: Identify compatible type from reference in type checker (#​7273) authored by @​sspaink reported by @​anderseknert
• ast: Support recursive JSON Schemas (#​6099) authored by @​sspaink reported by @​anderseknert
• builtins: Add support for days, weeks and years in time.parse_duration_ns built-in function (#​2719) authored by @​sspaink reported by @​freeseacher
• builtins: Fix graph.reachable_paths to return all reachable paths (#​5871) authored by @​davidmarne-wf reported by @​ericjkao
• builtins: Limit exponent size in units.parse_bytes built-in function to prevent timeout bypass (#​8326) authored by @​isaiahvita reported by @​anderseknert
• perf: Add CopyNonGround() methods for Array, Set, and Object (#​8323) authored by @​alex60217101990
• resolver/wasm: Add NewWithContext to allow passing context (#​8499) authored by @​dominikschulz

Docs, Website, Ecosystem

• docs: Add aggregates examples for count and sum built-in functions (#​8566) authored by @​alliasgher reported by @​srenatus
• docs: Add generated output.jsons for docs examples (#​8535) authored by @​charlieegan3
• docs: Add spec for OCP bundle status tracking API (#​8502) authored by @​ashutosh-narkar
• docs: Add the latest videos to the README presentations section (#​8523) authored by @​sspaink
• docs: Add Windows development notes to dev reference guide (#​8422) authored by @​raajheshkannaa
• docs: Fix input value type in not undefined example (#​8580) authored by @​menma1234
• docs: Update Regal docs to v0.40.0 (#​8538) authored by @​charlieegan3
• docs: Updated roadmap link (#​8501) authored by @​johanfylling
• docs: Various typo fixes (#​8529) authored by @​sspaink
• ecosystem: Add vulnetix ecosystem entry (#​8532) authored by @​0x73746F66
• ecosystem: Add KubeStellar Console (#​8560) authored by @​clubanderson
• website: Add banner to show when event has passed (#​8493) authored by @​charlieegan3
• website: Add copy-as-markdown button to doc pages (#​8540) authored by @​charlieegan3
• website: Copy button improvements (#​8577) authored by @​charlieegan3
• website: Remove old redirects, add new management redirect (#​8424) authored by @​charlieegan3 reported by @​narainar
• website: Update intro video on homepage (#​8547) authored by @​charlieegan3

Miscellaneous

• build: Exclude domains that cause false positives (#​8533) (#​8495) authored by @​charlieegan3
• e2e/cli: Add test for debug print() logging (#​8567) authored by @​srenatus
• e2e/cli: Start CLI E2E tests (#​8545) authored by @​srenatus
• github: declare formatted rego as rego (#​8564) authored by @​srenatus
• Security policy update (#​8479) authored by @​anderseknert
• Dependency updates; notably:
  • build: bump go 1.26.2 (#​8497) authored by @​sspaink
  • build(deps): bump wasmtime-go from v39.0.1 to v43.0.2
  • build(deps): bump go.opentelemetry.io deps from 1.40.0/0.65.0 to 1.43.0/0.68.0
  • build(deps): bump github.com/containerd/containerd/v2 from 2.2.1 to 2.2.3
  • build(deps): bump ithub.com/huandu/go-sqlbuilder from 1.39.1 to 1.40.2
  • build(deps): bump golang.org/x/net from 0.51.0 to 0.53.0
  • build(deps): bump golang.org/x/text from 0.34.0 to 0.36.0

v0.11.0

Compare Source

v0.12.3

Compare Source

What's Changed

• github/workflows: update golang versions for the build and lint runners by @​vbathttps://github.com/vbatts/tar-split/pull/87ull/87
• tar/asm: add NewInputTarStreamWithDone + tests by @​jankaluhttps://github.com/vbatts/tar-split/pull/86ull/86
• Port fix for CVE-2026-32288 by @​mtrmhttps://github.com/vbatts/tar-split/pull/88ull/88

New Contributors

• @​jankaluza made their first contributihttps://github.com/vbatts/tar-split/pull/86ull/86

Full Changelog: vbatts/tar-split@v0.12.2...v0.12.3

v0.78.0

Compare Source

What's Changed

• Add support for additional CAPI certificate context properties by @​joshdrake in #​873

Full Changelog: smallstep/crypto@v0.77.9...v0.78.0

v0.77.9

Compare Source

What's Changed

• Retract v0.77.3 - v0.77.7 by @​hslatman in #​1011

Full Changelog: smallstep/crypto@v0.77.8...v0.77.9

v0.77.8

Compare Source

What's Changed

Dependencies

• chore(deps): Bump modernc.org/sqlite from 1.47.0 to 1.48.0 by @​dependabot[bot] in #​988
• chore(deps): Bump google.golang.org/api from 0.272.0 to 0.273.0 by @​dependabot[bot] in #​990
• chore(deps): Bump github.com/aws/aws-sdk-go-v2/service/kms from 1.50.3 to 1.50.4 by @​dependabot[bot] in #​989
• chore(deps): Bump github.com/aws/aws-sdk-go-v2/config from 1.32.12 to 1.32.13 by @​dependabot[bot] in #​987
• chore(deps): Bump github.com/googleapis/gax-go/v2 from 2.19.0 to 2.21.0 by @​dependabot[bot] in #​995
• chore(deps): Bump google.golang.org/api from 0.273.0 to 0.274.0 by @​dependabot[bot] in #​993
• chore(deps): Bump cloud.google.com/go/kms from 1.26.0 to 1.27.0 by @​dependabot[bot] in #​994
• chore(deps): Bump github.com/go-jose/go-jose/v3 from 3.0.4 to 3.0.5 by @​dependabot[bot] in #​991
• chore(deps): Bump google.golang.org/grpc from 1.79.3 to 1.80.0 by @​dependabot[bot] in #​992
• chore(deps): Bump modernc.org/sqlite from 1.48.0 to 1.48.2 by @​dependabot[bot] in #​1000
• chore(deps): Bump golang.org/x/term from 0.41.0 to 0.42.0 by @​dependabot[bot] in #​999
• chore(deps): Bump cloud.google.com/go/kms from 1.27.0 to 1.28.0 by @​dependabot[bot] in #​998
• chore(deps): Bump github.com/aws/aws-sdk-go-v2/config from 1.32.13 to 1.32.14 by @​dependabot[bot] in #​997
• chore(deps): Bump golang.org/x/crypto from 0.49.0 to 0.50.0 by @​dependabot[bot] in #​996
• chore(deps): Bump golang.org/x/net from 0.52.0 to 0.53.0 by @​dependabot[bot] in #​1002
• chore(deps): Bump github.com/googleapis/gax-go/v2 from 2.21.0 to 2.22.0 by @​dependabot[bot] in #​1005
• chore(deps): Bump modernc.org/sqlite from 1.48.2 to 1.49.1 by @​dependabot[bot] in #​1003
• chore(deps): Bump github.com/aws/aws-sdk-go-v2/service/kms from 1.50.4 to 1.50.5 by @​dependabot[bot] in #​1001
• chore(deps): Bump github.com/aws/aws-sdk-go-v2/service/kms from 1.50.5 to 1.51.0 by @​dependabot[bot] in #​1010
• chore(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.21.0 to 1.21.1 by @​dependabot[bot] in #​1009
• chore(deps): Bump google.golang.org/api from 0.274.0 to 0.276.0 by @​dependabot[bot] in #​1008
• chore(deps): Bump github.com/aws/aws-sdk-go-v2/config from 1.32.14 to 1.32.16 by @​dependabot[bot] in #​1007
• chore(deps): Bump github.com/go-piv/piv-go/v2 from 2.5.0 to 2.6.0 by @​dependabot[bot] in #​1004

Full Changelog: smallstep/crypto@v0.77.2...v0.77.8

v0.77.7

Compare Source

v0.77.6

Compare Source

v0.77.5

Compare Source

v0.77.4

Compare Source

v0.77.3

Compare Source

v0.278.0

Compare Source

Features

• all: Auto-regenerate discovery clients (#​3582)