chore(deps): bump the common group with 8 updates

[dependabot]

Bumps the common group with 8 updates:

Package	From	To
github.com/alicebob/miniredis/v2	2.36.1	2.37.0
github.com/go-git/go-git/v5	5.16.5	5.17.0
github.com/google/go-containerregistry	0.21.0	0.21.1
github.com/open-policy-agent/opa	1.13.2	1.14.0
github.com/zclconf/go-cty	1.17.0	1.18.0
golang.org/x/net	0.50.0	0.51.0
k8s.io/api	0.35.1	0.35.2
github.com/nikolalohinski/gonja/v2	2.6.0	2.7.0

Updates github.com/alicebob/miniredis/v2 from 2.36.1 to 2.37.0

Release notes

Sourced from github.com/alicebob/miniredis/v2's releases.

HEXPIRE

• support HEXPIRE (thanks @​mojixcoder)

Changelog

Sourced from github.com/alicebob/miniredis/v2's changelog.

v2.37.0

• suport HEXPIRE (thanks @​mojixcoder)

Commits

• c1b59bf feat: implement HEXPIRE command (#424)
• See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.16.5 to 5.17.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.17.0

What's Changed

• build: Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1839
• git: worktree, optimize infiles function for very large repos by @​k-anshul in go-git/go-git#1853
• git: Add strict checks for supported extensions by @​pjbgf in go-git/go-git#1861
• backport, git: Improve Status() speed with new index.ModTime check by @​cedric-appdirect in go-git/go-git#1862
• storage: filesystem, Avoid overwriting loose obj files by @​pjbgf in go-git/go-git#1864

Full Changelog: go-git/go-git@v5.16.5...v5.17.0

Commits

• bdf0688 Merge pull request #1864 from pjbgf/v5-issue-55
• 5290e52 storage: filesystem, Avoid overwriting loose obj files. Fixes #55
• 5d20a62 storage: filesystem, Fix permissions for loose and packed objs
• 8ed442c backport, git: Improve Status() speed with new index.ModTime check (#1862)
• c7b5960 build: Align test workflow with main
• 8e71edf git: Add strict checks for supported extensions
• 438a37f git: worktree, optimize infiles function for very large repos (#1853)
• 67c7006 Merge pull request #1839 from go-git/renovate/releases/v5.x-go-github.com-go-...
• 4ca3f02 build: Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY]
• See full diff in compare view

Updates github.com/google/go-containerregistry from 0.21.0 to 0.21.1

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.1

This release fixes a regression in crane introduced in the previous release.

What's Changed

• Add WithFileBufferedOpener for file-backed daemon image buffering by @​twdamhore in google/go-containerregistry#2214
• crane: fix case in auth response json by @​aelindeman in google/go-containerregistry#2218

New Contributors

• @​twdamhore made their first contribution in google/go-containerregistry#2214
• @​aelindeman made their first contribution in google/go-containerregistry#2218

Full Changelog: google/go-containerregistry@v0.21.0...v0.21.1

Commits

• 85f2bf5 crane: fix case in auth response json (#2218)
• e971d63 Add WithFileBufferedOpener for file-backed daemon image buffering (#2214)
• See full diff in compare view

Updates github.com/open-policy-agent/opa from 1.13.2 to 1.14.0

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.14.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

• Improved rule indexing of variable assignments and x in {...} expressions
• Support for --h2c with unix domain socket for opa run
• A new glossary tooltip for technical terms in the docs
• Fixes published in the v1.13.1 and v1.13.2 releases

Improved rule indexing of variable assignments and x in {...} expressions (#1841)

With this change, the rule indexer will index expressions like:

allow if input.role in {"admin", "user"}

On lookup, the rule body will only be returned if input.role is either one of "admin" or "user".

The reverse case is also indexed:

allow if "admin" in input.roles

in which the searched collection is unknown.

Authored by @​srenatus reported by @​nischalsheth

Runtime, SDK, Tooling

• cmd,run: Support --h2c with unix domain socket (UDS) (#8282) authored by @​srenatus reported by @​theJC
• cmd,tester: Add line number next to test file in pretty format (#8328) authored by @​sspaink reported by @​anderseknert
• plugins: Fix race accessing registeredTriggers (#8363) reported and authored by @​szuecs
• rego: Add ResultValue[T]() helper method (#8320) authored by @​srenatus
• runtime: Add custom storage backend registration API (#8277) authored and reported by @​alex60217101990
• topdown: Add config option to disable named inter-query built-in cache (#7519) authored by @​sspaink reported by @​johanfylling

Compiler, Topdown and Rego

• ast: Add index else == nil test, fix it (#8348) authored by @​srenatus

• ast: Add scaffolding to introspect and skip compiler stages (#8304) (authored by @​srenatus)

• ast: Ensure term values implement ast.StringLengther (#8374) authored by @​charlieegan3

• ast: Fix double-fix for refs["with-a"].dash as package (#8286) authored by @​srenatus

• ast: Optimized template-expression handling of values known to be defined (#8310) authored by @​anderseknert

• ast: Put rule indices into rule tree, change Values to []*Rule (#8298) authored by @​srenatus

• ast: Replace true expr when appending to empty body (#8299) authored by @​anderseknert

• ast: Return correct location of unsafe var in object (#7935) authored by @​sspaink reported by @​anderseknert

• ast: Use StageID in WithStageAfterID, also for QueryCompiler (follow-up) (#8306) authored by @​srenatus

• compile: Add StringLength to lazy object (#8369) authored by @​charlieegan3 reported by @​robmyersrobmyers

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

1.14.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

• Improved rule indexing of variable assignments and x in {...} expressions
• Support for --h2c with unix domain socket for opa run
• A new glossary tooltip for technical terms in the docs
• Fixes published in the v1.13.1 and v1.13.2 releases

Improved rule indexing of variable assignments and x in {...} expressions (#1841)

With this change, the rule indexer will index expressions like:

allow if input.role in {"admin", "user"}

On lookup, the rule body will only be returned if input.role is either one of "admin" or "user".

The reverse case is also indexed:

allow if "admin" in input.roles

in which the searched collection is unknown.

Authored by @​srenatus reported by @​nischalsheth

Runtime, SDK, Tooling

• cmd,run: Support --h2c with unix domain socket (UDS) (#8282) authored by @​srenatus reported by @​theJC
• cmd,tester: Add line number next to test file in pretty format (#8328) authored by @​sspaink reported by @​anderseknert
• plugins: Fix race accessing registeredTriggers (#8363) reported and authored by @​szuecs
• rego: Add ResultValue[T]() helper method (#8320) authored by @​srenatus
• runtime: Add custom storage backend registration API (#8277) authored and reported by @​alex60217101990
• topdown: Add config option to disable named inter-query built-in cache (#7519) authored by @​sspaink reported by @​johanfylling

Compiler, Topdown and Rego

• ast: Add index else == nil test, fix it (#8348) authored by @​srenatus

• ast: Add scaffolding to introspect and skip compiler stages (#8304) (authored by @​srenatus)

• ast: Ensure term values implement ast.StringLengther (#8374) authored by @​charlieegan3

• ast: Fix double-fix for refs["with-a"].dash as package (#8286) authored by @​srenatus

• ast: Optimized template-expression handling of values known to be defined (#8310) authored by @​anderseknert

• ast: Put rule indices into rule tree, change Values to []*Rule (#8298) authored by @​srenatus

• ast: Replace true expr when appending to empty body (#8299) authored by @​anderseknert

• ast: Return correct location of unsafe var in object (#7935) authored by @​sspaink reported by @​anderseknert

• ast: Use StageID in WithStageAfterID, also for QueryCompiler (follow-up) (#8306) authored by @​srenatus

... (truncated)

Commits

• acf81e8 Release v1.14.0 (#8379)
• b4b04a6 ci: Fix check-changes job skipping over YAML changes. (#8377)
• 3c5b7c6 docs: Document metrics for http.send, regex, and glob builtins (#8103)
• 29918f9 rego: disable rule indexing for benchmark
• 9d124cb ast: Ensure term values implement string lengther (#8374)
• 32b97ae ast: make rule index track var assignments and x in {...} (#8341)
• 7cfd092 docs: update interface{} -> any in golang snippets (#8373)
• 98f7752 Return correct location of unsafe var in object (#8371)
• 299bbd4 compile: Add StringLength to lazy object (#8370)
• dc7995e workflows/benchmark: persist credentials, we need them for pushing
• Additional commits viewable in compare view

Updates github.com/zclconf/go-cty from 1.17.0 to 1.18.0

Changelog

Sourced from github.com/zclconf/go-cty's changelog.

1.18.0 (February 23, 2026)

cty now requires Go 1.25 or later.

• cty.Value.Equals now has a special case where if a null value is compared with a non-null value then only top-level marks from the non-null value will transfer to the boolean result.

  This is a limited introduction of the idea that only the parts of a nested data structure that were actually relevant to the comparison should transfer to the result. The more general form of that idea might follow in a later release, but that would require some more severe refactoring of this method's implementation that would be far riskier and so this is a pragmatic compromise to support just the relatively-common case of comparing with null in callers like HCL where an equality test is the canonical way to test a value for "null-ness".

• cty.IndexStep.Apply now works for traversing through a set.

  Although cty.Value.Index does not allow looking up a set element due to set elements not having indices, we often use cty.Path to describe a specific location in a nested structure and have a convention of handling traversal through a set as a cty.IndexStep whose "key" is the set element's value.

  To make that work a little better with code that uses cty.Path.Apply on such paths, cty.IndexStep now has a special case where if the given value is a set then it checks whether the index step's key is a member of the set and returns that value if so. If unknown values mean that it's not decidable whether there is a matching element then the result is an unknown value of the set's element type, so that traversal can continue and presumably eventually return an unknown value of the appropriate leaf type.

Commits

• e0c742b v1.18.0 release
• 21d455d Update LICENSE to reflect the current situation
• a6629d6 cty: IndexStep.Apply now works for traversing through a set
• d586d11 cty: Value.Equals only keeps shallow marks when comparing to null
• 2cc7315 go.mod: Require Go 1.25 or later
• See full diff in compare view

Updates golang.org/x/net from 0.50.0 to 0.51.0

Commits

• 60b3f6f internal/http3: prevent Server handler from writing longer body than declared
• b0ca456 internal/http3: fix Write in Server Handler returning the wrong value
• 1558ba7 publicsuffix: update to 2026-02-06
• 4e1c745 internal/http3: make Server response include headers that can be inferred
• 19f580f http2: fix nil panic in typeFrameParser for unassigned frame types
• 818aad7 internal/http3: add server to client trailer header support
• c1bbe1a internal/http3: add client to server trailer header support
• 29181b8 all: remove go1.25 and older build constraints
• 8109305 all: upgrade go directive to at least 1.25.0 [generated]
• 0b37bdf quic: don't run TestStreamsCreateConcurrency in synctest bubble
• Additional commits viewable in compare view

Updates k8s.io/api from 0.35.1 to 0.35.2

Commits

• 8a137cd Update dependencies to v0.35.2 tag
• See full diff in compare view

Updates github.com/nikolalohinski/gonja/v2 from 2.6.0 to 2.7.0

Commits

• 365da60 release(v2.7.0): update global gonja.version variable
• 21cbf04 fixing after merge
• f447373 fixing receiver names
• e632b8e big vet, linter, and diff cleanup while maintaining backwards compatibility
• 320f3a1 removing logrus for allocations
• 54be45b fix: add nil/error guard to Value.Negate() to prevent invalid reflect.Value
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions