Sourced from github.com/open-policy-agent/opa's releases.

v1.8.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

• Support for EdDSA signatures in io.jwt built-ins, including a new io.jwt.verify_eddsa built-in.

EdDSA Support in built-ins (#7824)

Support for the EdDSA signing algorithm has been added to built-in functions in the io.jwt namespace.

This introduces the new io.jwt.verify_eddsa built-in function, and adds EdDSA support for the following built-ins:

• io.jwt.decode_verify
• io.jwt.encode_sign
• io.jwt.encode_sign_raw

This feature benefited greatly from the groundwork laid by @​lestrrat in (#7638). 👏 🎉 🥳

Authored by @​johanfylling reported by @​aromeyer

Runtime

• cmd: Add back default cmd.RootCommand definition. (#7811) authored by @​philipaconrad
  Fixing a breaking change to the go API introduced in OPA v1.7.0.
• cmd: Fix opa exec parameters (#7850, #7840) authored by @​srenatus
  Fixing regressions introduced in OPA v1.7.0, where the --fail-non-empty and --stdin-input flags were dropped.
• config: accept env vars set to "", discern from unset (#7831) authored by @​srenatus reported by @​ManuelNowackConfinale
• handlers: Add thread-safe initialization for gzipPool (#7828) authored by @​charlieegan3
• plugins: Address race in config access (#7825) authored by @​charlieegan3
• plugin/bundle: Correct bundle delay behavior (#7812) authored by @​charlieegan3
• runtime: Update server init check (#7818) authored by @​charlieegan3

Topdown

• perf: Performance greatly improved for Object.Insert on existing key (#7820) authored by @​anderseknert
• topdown,bundle,plugins: Upgrade interned jwx (0.9.x) with github.com/lestrrat-go/jwx/v3 (#7638) authored by @​lestrrat

Docs, Website

• Update website to build from tip of main (#7848) authored by @​tsandall
• ast/builtins: Remove space from count description (#7836) authored by @​charlieegan3
• docs: Add link to logic-or/and on docs index (#7826) authored by @​charlieegan3
• docs: Add note on using LLM in PR discussions (#7859) authored by @​anderseknert
• docs: Fix broken anchor links in annotations (#7827) authored by @​charlieegan3
• docs: Use set in the Python code example for consistence (#7860) authored by @​durnik-ivo
• docs: Update frontpage (#7847) authored by @​tsandall
• docs/rest-api: Add notes about policy IDs (#7837) authored by @​charlieegan3
• website: Use latest release rather than edge (#7781) authored by @​charlieegan3

Miscellaneous

... (truncated)

Sourced from github.com/open-policy-agent/opa's changelog.

1.8.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

• Support for EdDSA signatures in io.jwt built-ins, including a new io.jwt.verify_eddsa built-in.

EdDSA Support in built-ins (#7824)

Support for the EdDSA signing algorithm has been added to built-in functions in the io.jwt namespace.

This introduces the new io.jwt.verify_eddsa built-in function, and adds EdDSA support for the following built-ins:

• io.jwt.decode_verify
• io.jwt.encode_sign
• io.jwt.encode_sign_raw

This feature benefited greatly from the groundwork laid by @​lestrrat in (#7638). 👏 🎉 🥳

Authored by @​johanfylling reported by @​aromeyer

Runtime

• cmd: Add back default cmd.RootCommand definition. (#7811) authored by @​philipaconrad
  Fixing a breaking change to the go API introduced in OPA v1.7.0.
• cmd: Fix opa exec parameters (#7850, #7840) authored by @​srenatus
  Fixing regressions introduced in OPA v1.7.0, where the --fail-non-empty and --stdin-input flags were dropped.
• config: accept env vars set to "", discern from unset (#7831) authored by @​srenatus reported by @​ManuelNowackConfinale
• handlers: Add thread-safe initialization for gzipPool (#7828) authored by @​charlieegan3
• plugins: Address race in config access (#7825) authored by @​charlieegan3
• plugin/bundle: Correct bundle delay behavior (#7812) authored by @​charlieegan3
• runtime: Update server init check (#7818) authored by @​charlieegan3

Topdown

• perf: Performance greatly improved for Object.Insert on existing key (#7820) authored by @​anderseknert
• topdown,bundle,plugins: Upgrade interned jwx (0.9.x) with github.com/lestrrat-go/jwx/v3 (#7638) authored by @​lestrrat

Docs, Website

• Update website to build from tip of main (#7848) authored by @​tsandall
• ast/builtins: Remove space from count description (#7836) authored by @​charlieegan3
• docs: Add link to logic-or/and on docs index (#7826) authored by @​charlieegan3
• docs: Add note on using LLM in PR discussions (#7859) authored by @​anderseknert
• docs: Fix broken anchor links in annotations (#7827) authored by @​charlieegan3
• docs: Use set in the Python code example for consistence (#7860) authored by @​durnik-ivo
• docs: Update frontpage (#7847) authored by @​tsandall
• docs/rest-api: Add notes about policy IDs (#7837) authored by @​charlieegan3
• website: Use latest release rather than edge (#7781) authored by @​charlieegan3

Miscellaneous

... (truncated)

• 7832826 Prepare v1.8.0 release (#7866)
• cf305db internal/report: allow overriding GitHub repo
• 63e40a5 perf: fix issue in Object.Insert on existing key (#7820)
• 00feaff handlers: add thread-safe initialization for gzipPool (#7828)
• 46c9c3b cmd/exec: Update tests to run sync when ready (#7835)
• a3e4851 release: Adding Dockerfile for image used in *-patch build targets (#7864)
• 9a76642 Avoid port exhaustion in concurrent tests (#7862)
• 9de5585 cli: fix 'opa exec' parameters
• 4f6d2d6 docs: Use set in the Python code example for consistence (#7860)
• 57543bb docs: Add note on using LLM in PR discussions (#7859)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)