chore: bump github.com/open-policy-agent/opa from 1.17.1 to 1.18.0 in /constraint

[dependabot]

Bumps github.com/open-policy-agent/opa from 1.17.1 to 1.18.0.

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.18.0

This release contains a mix of bugfixes and small features. Notably:

• A breaking fix to the outbound User-Agent header so it conforms to RFC 9110 (see below)
• Container-aware resource limits: automatic GOMAXPROCS is restored and automatic GOMEMLIMIT is now supported
• Several opa fmt correctness fixes
• Improvements to opa test --coverage (ranges in report, inline rule head tracking, conjunction-expression coverage)

Breaking: Fix User-Agent according to RFC9110 (#8792)

OPA's outbound HTTP requests (bundle, discovery, decision log, status, http.send, AWS KMS/ECR) previously sent User-Agent: Open Policy Agent/<version> (<os>, <arch>), which is not a valid RFC 9110 User-Agent value because the product token cannot contain spaces. The header is now Open-Policy-Agent/<version> (<os>, <arch>). Server-side log filters or WAF rules that exact-match the old string will need to be updated.

Authored by @​sspaink, reported by @​SpecLad

Runtime, SDK, Tooling

• bundle: fix per-module rego version lookup (#8797) authored by @​sspaink, reported by @​xubinzheng
• bundle: improve determinism of file_rego_versions patterns with overlap (#8733) authored by @​philipaconrad
• cover: Track inline rule head in post trace walk (#6531) authored by @​charlieegan3, reported by @​anderseknert
• cover: Update report to include ranges (#8748) reported and authored by @​charlieegan3
• cover: Add support for coverage of conjunction exprs (#8809) authored by @​charlieegan3
• download/oci: Set Accept headers (#8720) authored by @​charlieegan3
• fmt: preserve the multiline but single entry iterables (#8557) authored by @​unichronic, reported by @​anderseknert
• format: Fix dropped with-clause after comment in object value (#8765) authored by @​sspaink, reported by @​srabraham
• format: keep lone with on the closing-bracket line of multi-line expressions (#8804) authored by @​anneheartrecord, reported by @​burnster
• oracle: Fix find-definition on expressions inside ast.Not nodes (#8731) authored by @​johanfylling
• runtime: Restore goautomaxprocs, add automemlimit (#8784) authored by @​charlieegan3

Compiler, Topdown and Rego

• ast: Apply location to inner ast.Not expressions (#8717) authored by @​johanfylling, reported by @​anderseknert
• ast: Clean up code for value comparisons (#8737) authored by @​anderseknert
• ast: Fix PE regression for future.keywords.not negation inside every (#8781) authored by @​johanfylling
• internal/edittree: Add recursive tree node recycling (#8693) authored by @​philipaconrad
• internal: compile,planner: improve determinism of plan/wasm bundle builds (#8732) authored by @​philipaconrad
• perf: avoid allocations in object.get (#8729) authored by @​anderseknert
• topdown: Fix PE not namespacing vars in comprehensions nested inside every (#8816) authored by @​johanfylling
• topdown: remove dst.Compare(src) shortcut (#8739) authored by @​srenatus
• topdown: skip strconv.ParseInt in format_int base-10 fast path (#8801) authored by @​srenatus

Docs, Website, Ecosystem

• docs/chore: Remove broken links (#8714) authored by @​charlieegan3, reported by @​github-actions
• docs: PoC for kapa.ai (#8125) reported and authored by @​charlieegan3
• docs(ecosystem): update OPA MCP entry with video, blog, and distribution links (#8712) authored by @​OrygnsCode
• docs/contributing: add formatting (#8740) authored by @​mmzzuu

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.18.0

This release contains a mix of bugfixes and small features. Notably:

• A breaking fix to the outbound User-Agent header so it conforms to RFC 9110 (see below)
• Container-aware resource limits: automatic GOMAXPROCS is restored and automatic GOMEMLIMIT is now supported
• Several opa fmt correctness fixes
• Improvements to opa test --coverage (ranges in report, inline rule head tracking, conjunction-expression coverage)

Breaking: Fix User-Agent according to RFC9110 (#8792)

OPA's outbound HTTP requests (bundle, discovery, decision log, status, http.send, AWS KMS/ECR) previously sent User-Agent: Open Policy Agent/<version> (<os>, <arch>), which is not a valid RFC 9110 User-Agent value because the product token cannot contain spaces. The header is now Open-Policy-Agent/<version> (<os>, <arch>). Server-side log filters or WAF rules that exact-match the old string will need to be updated.

Authored by @​sspaink, reported by @​SpecLad

Runtime, SDK, Tooling

• bundle: fix per-module rego version lookup (#8797) authored by @​sspaink, reported by @​xubinzheng
• bundle: improve determinism of file_rego_versions patterns with overlap (#8733) authored by @​philipaconrad
• cover: Track inline rule head in post trace walk (#6531) authored by @​charlieegan3, reported by @​anderseknert
• cover: Update report to include ranges (#8748) reported and authored by @​charlieegan3
• cover: Add support for coverage of conjunction exprs (#8809) authored by @​charlieegan3
• download/oci: Set Accept headers (#8720) authored by @​charlieegan3
• fmt: preserve the multiline but single entry iterables (#8557) authored by @​unichronic, reported by @​anderseknert
• format: Fix dropped with-clause after comment in object value (#8765) authored by @​sspaink, reported by @​srabraham
• format: keep lone with on the closing-bracket line of multi-line expressions (#8804) authored by @​anneheartrecord, reported by @​burnster
• oracle: Fix find-definition on expressions inside ast.Not nodes (#8731) authored by @​johanfylling
• runtime: Restore goautomaxprocs, add automemlimit (#8784) authored by @​charlieegan3

Compiler, Topdown and Rego

• ast: Apply location to inner ast.Not expressions (#8717) authored by @​johanfylling, reported by @​anderseknert
• ast: Clean up code for value comparisons (#8737) authored by @​anderseknert
• ast: Fix PE regression for future.keywords.not negation inside every (#8781) authored by @​johanfylling
• internal/edittree: Add recursive tree node recycling (#8693) authored by @​philipaconrad
• internal: compile,planner: improve determinism of plan/wasm bundle builds (#8732) authored by @​philipaconrad
• perf: avoid allocations in object.get (#8729) authored by @​anderseknert
• topdown: Fix PE not namespacing vars in comprehensions nested inside every (#8816) authored by @​johanfylling
• topdown: remove dst.Compare(src) shortcut (#8739) authored by @​srenatus
• topdown: skip strconv.ParseInt in format_int base-10 fast path (#8801) authored by @​srenatus

Docs, Website, Ecosystem

• docs/chore: Remove broken links (#8714) authored by @​charlieegan3, reported by @​github-actions
• docs: PoC for kapa.ai (#8125) reported and authored by @​charlieegan3
• docs(ecosystem): update OPA MCP entry with video, blog, and distribution links (#8712) authored by @​OrygnsCode

... (truncated)

Commits

• cc2c5c6 Prepare v1.18 release (#8820)
• e72a98f format: keep lone with on the closing-bracket line of multi-line expression...
• 03646dd topdown: Fix PE not namespacing vars in comprehensions nested inside every ...
• bf2bb52 benchmarks: split off script, emit markdown table
• 02ce276 version: fix ill-formed User-Agent header (#8796)
• 1fdbb77 build(deps): bump the dependencies group across 2 directories with 6 updates
• 954196a cover: Add support for coverage of conjunction exprs (#8809)
• dec8333 deduplicate change-detection output in pr CI checks (#8808)
• 09679ab benchmarks: use details+summary comments for benchlab results (#8811)
• 57742e8 build(deps): bump webpack-dev-server from 5.2.4 to 5.2.5 in /docs (#8807)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[Copilot]

Copilot can't review bot-authored pull requests automatically. A user with Copilot access can request a review manually.