Releases: open-policy-agent/conftest
Releases · open-policy-agent/conftest
v0.60.0
Announcements
⚠️ Breaking Changes ⚠️
We have set the default version of Rego syntax to v1. This is a breaking change if your Rego policies are not compatible with the v1 syntax.
- Individual policies can be updated gradually, by adding
import rego.v1to the policy. - The
rego-versionflag will remain available indefinitely, and users who do not wish to update their Rego policies can continue to use v0 syntax by setting this flag tov0.
For more information about upgrading to Rego v1 syntax, see the upstream docs at https://www.openpolicyagent.org/docs/latest/v0-upgrade/.
Changelog
New Features
- 06658d4: feat(output): redirect trace output to stderr (#1084) (@thevilledev)
- 18a0f14: feat(runner): add support for symlinks (#1098) (@siliconsheep)
OPA Changes
- 2797c99: build(deps): bump github.com/open-policy-agent/opa from 1.3.0 to 1.4.1 (#1113) (@dependabot[bot])
Other Changes
- 67a3c3e: build(deps): bump actions/setup-go from 4 to 5 (#1102) (@dependabot[bot])
- 609490f: build(deps): bump bats-core/bats-action from 1.5.4 to 3.0.1 (#1104) (@dependabot[bot])
- 9e56924: build(deps): bump github.com/google/go-jsonnet from 0.20.0 to 0.21.0 (#1120) (@dependabot[bot])
- 5ea0446: build(deps): bump github.com/moby/buildkit from 0.20.2 to 0.21.0 (#1101) (@dependabot[bot])
- 21a73eb: build(deps): bump github.com/moby/buildkit from 0.21.0 to 0.21.1 (#1111) (@dependabot[bot])
- b3d0491: build(deps): bump golangci/golangci-lint-action from 6 to 7 (#1103) (@dependabot[bot])
- e894c43: build(deps): bump golangci/golangci-lint-action from 7 to 8 (#1119) (@dependabot[bot])
- 3ae2e78: chore: Update Github Actions via Dependabot (#1100) (@mrueg)
- 4c5e5f5: ci: Move docker build to separate job in the PR workflow (#1105) (@jalseth)
- 3907482: cli: Make Rego v1 syntax the default (#1114) (@jalseth)
Contributors
mrueg, thevilledev, and 3 other contributors
Assets 19
- 1.56 KB
2025-05-09T16:47:08Z - 17.2 MB
2025-05-09T16:47:03Z - 18.2 MB
2025-05-09T16:47:03Z - 17.7 MB
2025-05-09T16:47:07Z - 18.4 MB
2025-05-09T16:47:06Z - 16.3 MB
2025-05-09T16:47:06Z - 16.9 MB
2025-05-09T16:47:06Z - 16.2 MB
2025-05-09T16:47:03Z - 16 MB
2025-05-09T16:47:06Z - 16.6 MB
2025-05-09T16:47:07Z -
2025-05-09T15:51:28Z -
2025-05-09T15:51:28Z - Loading
v0.59.0
Announcements
Breaking Changes ⚠️
- Bump hcl2json - This makes the behavior of the conversion more consistent by always using arrays for blocks that can be repeated. See #1074 and #1006 for more info.
Breaking Changes Reminder
In the v0.60 release of conftest (in May 2025), we will change the default version of Rego syntax from v0 to v1. This will be a breaking change if your Rego policies are not compatible with the v1 syntax.
- Individual policies can be updated gradually, by adding
import rego.v1to the policy. - The
rego-versionflag will remain available indefinitely, and users who do not wish to update their Rego policies can continue to use v0 syntax by setting this flag tov0.
For more information about upgrading to Rego v1 syntax, see the upstream docs at https://www.openpolicyagent.org/docs/latest/v0-upgrade/.
Changelog
New Features
- 21e1163: feat: add pre-commit hook support (#1077) (@thevilledev)
OPA Changes
- eac6f5e: build(deps): bump github.com/open-policy-agent/opa from 1.2.0 to 1.3.0 (#1092) (@dependabot[bot])
Other Changes
- 813f329: build(deps): bump cuelang.org/go from 0.12.0 to 0.12.1 (#1094) (@dependabot[bot])
- 45bf533: build(deps): bump github.com/BurntSushi/toml from 1.4.0 to 1.5.0 (#1089) (@dependabot[bot])
- 19f1eaf: build(deps): bump github.com/magiconair/properties from 1.8.9 to 1.8.10 (#1097) (@dependabot[bot])
- a20159b: build(deps): bump github.com/moby/buildkit from 0.20.0 to 0.20.1 (#1083) (@dependabot[bot])
- 32aac49: build(deps): bump github.com/moby/buildkit from 0.20.1 to 0.20.2 (#1091) (@dependabot[bot])
- 1b1ce3a: build(deps): bump golang from 1.24.0-alpine to 1.24.1-alpine (#1086) (@dependabot[bot])
- cb88a17: build(deps): bump golang from 1.24.1-alpine to 1.24.2-alpine (#1096) (@dependabot[bot])
- 8c8b13f: ci: Remove PR workflow access to all permissions from GITHUB_TOKEN (#1088) (@jalseth)
- 688c88f: deps: Bump hcl2json to v0.6.7 (#1074) (@jalseth)
- e9612c3: refactor(ci): replace Makefile-based Docker builds with GitHub Action (#1082) (@Amamgbu)
Contributors
thevilledev, Amamgbu, and 2 other contributors
Assets 19
v0.58.0
Announcements
⚠️ Upcoming Breaking Changes ⚠️
In the v0.59 release of conftest (in April 2025), we will bump the hcl2json library which is used by the HCL2 parser. This makes the behavior of the conversion more consistent by always using arrays for blocks that can be repeated. See #1074 and #1006 for more info.
ℹ️ Breaking Changes Reminder ℹ️
In the v0.60 release of conftest (in May 2025), we will change the default version of Rego syntax from v0 to v1. This will be a breaking change if your Rego policies are not compatible with the v1 syntax.
- Individual policies can be updated gradually, by adding
import rego.v1to the policy. - The
rego-versionflag will remain available indefinitely, and users who do not wish to update their Rego policies can continue to use v0 syntax by setting this flag tov0.
For more information about upgrading to Rego v1 syntax, see the upstream docs at https://www.openpolicyagent.org/docs/latest/v0-upgrade/.
Changelog
New Features
- 4154949: feat(test): Enable inter-query cache (#1073) (@jalseth)
- d62aa8d: feat: add --absolute-paths flag to pull command (#1078) (@thevilledev)
Bug Fixes
- 4435c65: fix: Conftest can now successfully load files using a file URL (e.g.,
file:///C:/path/to/data.yaml) on windows (#999) (@pckvcode)
OPA Changes
- 6424545: build(deps): bump github.com/open-policy-agent/opa from 1.1.0 to 1.2.0 (#1080) (@dependabot[bot])
Other Changes
- 8e0fdf2: build(deps): bump alpine from 3.21.2 to 3.21.3 (#1072) (@dependabot[bot])
- 6cb9d19: build(deps): bump github.com/moby/buildkit from 0.19.0 to 0.20.0 (#1076) (@dependabot[bot])
- 43264f4: build(deps): bump golang from 1.23.6-alpine to 1.24.0-alpine (#1071) (@dependabot[bot])
- 155cd3c: chore: Change empty interface{} to any throughout the codebase (#1057) (@jalseth)
- 278f735: chore: Update all examples to OPA V1 syntax (#1058) (@jalseth)
- 39bd5fc: ci: Revert "replace Makefile-based Docker builds with GitHub Action… (#1075)" (#1081) (@jalseth)
- 854183b: refactor(ci): replace Makefile-based Docker builds with GitHub Action… (#1075) (@Amamgbu)
- cdd65ba: refactor(output): Add CheckResults type and helpers (#1063) (@jalseth)
Contributors
thevilledev, Amamgbu, and 3 other contributors
Assets 19
v0.57.0
Announcements
⚠️ Upcoming Breaking Changes ⚠️
In the May 2025 release of conftest, we will change the default version of Rego syntax from v0 to v1. This will be a breaking change if your Rego policies are not compatible with the v1 syntax.
- With this release of conftest, users may opt-in to this behavior early by setting the
--rego-versionflag tov1. - Individual policies can be updated gradually, by adding
import rego.v1to the policy. - The
rego-versionflag will remain available indefinitely, and users who do not wish to update their Rego policies can continue to use v0 syntax by setting this flag tov0.
For more information about upgrading to Rego v1 syntax, see the upstream docs at https://www.openpolicyagent.org/docs/latest/v0-upgrade/.
Changelog
New Features
- eacba23: feat(engine): add query metadata to evaluation results (#1061) (@thevilledev)
- 5decd18: feat(parser): handle UTF-8 BOM in JSON input (#1065) (@thevilledev)
- abad255: feat: Implement SARIF output (#1042) (@thevilledev)
- aa9e3c8: feat: enable relative jsonnet imports by setting a path-aware importer (@thevilledev)
- 3f67b78: feature: Documentation command (#1009) (@xNok)
Bug Fixes
- 151643b: fix: add output and tests for GitHub and Azure DevOps (@thevilledev)
- a770d29: fix: correct linters-settings in .golangci.yaml to enable misspell (@thevilledev)
- 8e541da: fix: improve handling for YAML version directives (@thevilledev)
- 4f6bc40: fix: make sure lookup_ip_addr throwing builtin-err in test (#1017) (@boranx)
- 0bbb473: fix: max stack size already set by jsonnet.MakeVM() (@thevilledev)
- 163bdd8: fix: prevent policy file overwrite on downloads (#1039) (@thevilledev)
- 8b34fcb: fix: remove redundant error check in push command (@thevilledev)
- 7428841: fix: set jsonnet VM stack limits and add test coverage (@thevilledev)
OPA Changes
- a8d6544: build(deps): bump github.com/open-policy-agent/opa from 0.69.0 to 0.70.0 (#1016) (@dependabot[bot])
- 19c82bc: build(deps): bump github.com/open-policy-agent/opa from 0.70.0 to 1.1.0 (#1050) (@dependabot[bot])
Other Changes
- 356ede4: Merge pull request #1035 from open-policy-agent/dependabot/docker/alpine-3.21.2 (@anderseknert)
- d5e8a77: Merge pull request #1036 from open-policy-agent/dependabot/go_modules/github.com/hashicorp/go-getter-1.7.8 (@anderseknert)
- a603656: Merge pull request #1037 from thevilledev/fix/recursive-jsonnet (@anderseknert)
- 3096ca7: Merge pull request #1038 from thevilledev/fix/yaml-preamble-multidoc (@anderseknert)
- 6b31946: Merge pull request #1040 from thevilledev/fix/missing-outputs (@anderseknert)
- 5063084: Merge pull request #1041 from thevilledev/fix/impossible-nil (@anderseknert)
- 1a25844: Merge pull request #1043 from open-policy-agent/dependabot/docker/golang-1.23.5-alpine (@anderseknert)
- 326a1a4: Merge pull request #1044 from thevilledev/fix/jsonnet-library-imports (@anderseknert)
- 744f867: Merge pull request #1046 from open-policy-agent/dependabot/go_modules/github.com/moby/buildkit-0.19.0 (@anderseknert)
- ea55b61: Merge pull request #1051 from open-policy-agent/dependabot/go_modules/cuelang.org/go-0.12.0 (@anderseknert)
- 6c867fc: Merge pull request #1052 from thevilledev/fix/linters-settings (@anderseknert)
- f110dde: Merge pull request #1053 from thevilledev/style/enable-nilness-lint (@anderseknert)
- 26b6c24: Merge pull request #1054 from thevilledev/test/registry-store-init (@anderseknert)
- 4299ce7: build(deps): bump alpine from 3.20.3 to 3.21.0 (#1026) (@dependabot[bot])
- 154c1aa: build(deps): bump alpine from 3.21.0 to 3.21.2 (@dependabot[bot])
- 33d468d: build(deps): bump cuelang.org/go from 0.10.0 to 0.10.1 (#1013) (@dependabot[bot])
- 103315d: build(deps): bump cuelang.org/go from 0.10.1 to 0.11.0 (#1020) (@dependabot[bot])
- 4df824c: build(deps): bump cuelang.org/go from 0.11.0 to 0.12.0 (@dependabot[bot])
- 5b3e926: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.1 to 0.9.2 (#1028) (@dependabot[bot])
- 1d47ac3: build(deps): bump github.com/hashicorp/go-getter from 1.7.6 to 1.7.8 (@dependabot[bot])
- 642e7cd: build(deps): bump github.com/magiconair/properties from 1.8.7 to 1.8.9 (#1027) (@dependabot[bot])
- 77f985f: build(deps): bump github.com/moby/buildkit from 0.16.0 to 0.17.1 (#1018) (@dependabot[bot])
- 0709be2: build(deps): bump github.com/moby/buildkit from 0.17.1 to 0.17.2 (#1021) (@dependabot[bot])
- 621bcbf: build(deps): bump github.com/moby/buildkit from 0.17.2 to 0.18.0 (#1023) (@dependabot[bot])
- 8da347b: build(deps): bump github.com/moby/buildkit from 0.18.0 to 0.18.1 (#1024) (@dependabot[bot])
- 1a4a428: build(deps): bump github.com/moby/buildkit from 0.18.1 to 0.19.0 (@dependabot[bot])
- 66b0970: build(deps): bump golang from 1.23.2-alpine to 1.23.3-alpine (#1019) (@dependabot[bot])
- 1e7d052: build(deps): bump golang from 1.23.3-alpine to 1.23.4-alpine (#1025) (@dependabot[bot])
- c4e656f: build(deps): bump golang from 1.23.4-alpine to 1.23.5-alpine (@dependabot[bot])
- 6da5673: build(deps): bump golang from 1.23.5-alpine to 1.23.6-alpine (#1062) (@dependabot[bot])
- 874f0bc: chore: add nilness check to govet linter (@thevilledev)
- 24e9ca8: chore: optimize yaml document separator handling (@thevilledev)
- 8a44613: engine: Refactor to allow for Rego version to be specified (#1059) (@jalseth)
Contributors
anderseknert, thevilledev, and 4 other contributors
Assets 19
v0.56.0
Changelog
Bug Fixes
- 56d742d: fix: missing space causing printing error on azuredevops (#988) (@naoufalzerai)
OPA Changes
- 8d1c1ae: build(deps): bump github.com/open-policy-agent/opa from 0.67.0 to 0.67.1 (#980) (@dependabot[bot])
- 19dd533: build(deps): bump github.com/open-policy-agent/opa from 0.67.1 to 0.68.0 (#996) (@dependabot[bot])
- 36fb367: build(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 0.69.0 (#1010) (@dependabot[bot])
Other Changes
- efb3af2: build(deps): bump alpine from 3.20.1 to 3.20.2 (#978) (@dependabot[bot])
- 2df37b6: build(deps): bump alpine from 3.20.2 to 3.20.3 (#1002) (@dependabot[bot])
- 9db6df6: build(deps): bump cuelang.org/go from 0.9.2 to 0.10.0 (#994) (@dependabot[bot])
- 117bbfa: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.0 to 0.9.1 (#1005) (@dependabot[bot])
- 26bbbd0: build(deps): bump github.com/hashicorp/go-getter from 1.7.5 to 1.7.6 (#992) (@dependabot[bot])
- a223c83: build(deps): bump github.com/moby/buildkit from 0.15.1 to 0.15.2 (#993) (@dependabot[bot])
- 3922e48: build(deps): bump github.com/moby/buildkit from 0.15.2 to 0.16.0 (#1003) (@dependabot[bot])
- c572160: build(deps): bump golang from 1.22.5-alpine to 1.22.6-alpine (#990) (@dependabot[bot])
- 6dff941: build(deps): bump golang from 1.22.6-alpine to 1.23.0-alpine (#995) (@dependabot[bot])
- 83253b1: build(deps): bump golang from 1.23.0-alpine to 1.23.1-alpine (#1001) (@dependabot[bot])
- 0c742d1: build(deps): bump golang from 1.23.1-alpine to 1.23.2-alpine (#1012) (@dependabot[bot])
- a3bfb98: bump: update go to 1.22 to get on par with toolchain (#1000) (@boranx)
- b286637: chore: Bump Go to 1.23 (#1004) (@jalseth)
Contributors
naoufalzerai, boranx, and 2 other contributors
Assets 19
v0.55.0
Changelog
Bug Fixes
- 2f13857: fix: update regex to excape the dot in it (#975) (@wangshu3000)
OPA Changes
- 2444462: build(deps): bump github.com/open-policy-agent/opa from 0.66.0 to 0.67.0 (#977) (@dependabot[bot])
Other Changes
- 99d588f: build(deps): bump github.com/moby/buildkit from 0.14.1 to 0.15.1 (#976) (@dependabot[bot])
- 2275d3f: build(deps): bump golang from 1.22.4-alpine to 1.22.5-alpine (#970) (@dependabot[bot])
- 3ca1e3a: ci: Bump Docker login to v3 (#968) (@jalseth)
- daab0c9: ci: Bump golang-ci action to v6 (#974) (@jalseth)
- 066d0f4: ci: Pin goreleaser to v1 (#969) (@jalseth)
Contributors
wangshu3000, dependabot, and jalseth
Assets 19
v0.54.0
Changelog
OPA Changes
- c5fda2e: build(deps): bump github.com/open-policy-agent/opa from 0.65.0 to 0.66.0 (#966) (@dependabot[bot])
Other Changes
- 96cffe5: build(deps): bump alpine from 3.20.0 to 3.20.1 (#963) (@dependabot[bot])
- acfa9f0: build(deps): bump cuelang.org/go from 0.9.0 to 0.9.1 (#960) (@dependabot[bot])
- 6aeaa86: build(deps): bump cuelang.org/go from 0.9.1 to 0.9.2 (#964) (@dependabot[bot])
- 9e77dfa: build(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 (#962) (@dependabot[bot])
- 3d5ed3f: build(deps): bump github.com/moby/buildkit from 0.13.2 to 0.14.0 (#959) (@dependabot[bot])
- 707d282: build(deps): bump github.com/moby/buildkit from 0.14.0 to 0.14.1 (#961) (@dependabot[bot])
- c4f0506: build(deps): bump github.com/spdx/tools-golang from 0.5.4 to 0.5.5 (#965) (@dependabot[bot])
- fdc162d: build(deps): bump golang from 1.22.3-alpine to 1.22.4-alpine (#958) (@dependabot[bot])
Contributors
dependabot
Assets 19
v0.53.0
Changelog
OPA Changes
- 96470c2: build(deps): bump github.com/open-policy-agent/opa from 0.64.1 to 0.65.0 (#953) (@dependabot[bot])
Other Changes
- c33a50c: build(deps): bump alpine from 3.19.1 to 3.20.0 (#951) (@dependabot[bot])
- 31700e1: build(deps): bump cuelang.org/go from 0.8.1 to 0.9.0 (#956) (@dependabot[bot])
- 525f071: build(deps): bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0 (#950) (@dependabot[bot])
- eeef9e2: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.8.0 to 0.9.0 (#954) (@dependabot[bot])
- 30b3734: build(deps): bump golang from 1.22.2-alpine to 1.22.3-alpine (#949) (@dependabot[bot])
- 493cfd5: tests: extend hcl cases: tag verification (#955) (@boranx)
Contributors
boranx and dependabot
Assets 19
v0.52.0
Changelog
OPA Changes
- c8ca358: build(deps): bump github.com/open-policy-agent/opa from 0.63.0 to 0.64.0 (#943) (@dependabot[bot])
- 9b082a1: build(deps): bump github.com/open-policy-agent/opa from 0.64.0 to 0.64.1 (#947) (@dependabot[bot])
Other Changes
- 8f13bf6: build(deps): bump cuelang.org/go from 0.8.0 to 0.8.1 (#937) (@dependabot[bot])
- 37b04d6: build(deps): bump github.com/docker/docker from v25.0.3+incompatible to v25.0.5+incompatible (#932) (@robmonct)
- 1b3cc13: build(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#948) (@dependabot[bot])
- 28d92a4: build(deps): bump github.com/moby/buildkit from 0.13.1 to 0.13.2 (#944) (@dependabot[bot])
- 4ab6fea: build(deps): bump github.com/spdx/tools-golang from 0.5.3 to 0.5.4 (#941) (@dependabot[bot])
- c6bd5a5: build(deps): bump golang from 1.22.1-alpine to 1.22.2-alpine (#938) (@dependabot[bot])
- 298d74a: ci: Allow Dependabot to update github.com/hashicorp/go-getter (#946) (@jalseth)
Contributors
dependabot, jalseth, and robmonct
Assets 19
v0.51.0
Changelog
Bug Fixes
OPA Changes
- 6609893: build(deps): bump github.com/open-policy-agent/opa from 0.62.1 to 0.63.0 (#933) (@dependabot[bot])
Other Changes
- 06e3f8d: build(deps): bump cuelang.org/go from 0.7.1 to 0.8.0 (#930) (@dependabot[bot])
- bece944: build(deps): bump github.com/moby/buildkit from 0.13.0 to 0.13.1 (#931) (@dependabot[bot])
- 515feda: build(deps): bump golang from 1.22.0-alpine to 1.22.1-alpine (#929) (@dependabot[bot])
- 86afe2f: ci: Pin bats version to work around broken CI (#936) (@jalseth)
Contributors
dependabot and jalseth