Update dependency StyraInc/regal to v0.29.2 - autoclosed

[renovate]

This PR contains the following updates:

Package	Update	Change
StyraInc/regal	minor	v0.28.0 -> v0.29.2

---

Release Notes

StyraInc/regal (StyraInc/regal)

v0.29.2

Compare Source

This patch release fixes an issue where the new defer-assignment rule would sometimes report a false positive when the variable was used inside of a with clause on the next line.

Thanks @​nevumx for reporting the issue!

Changelog

• 7e74d12: [create-pull-request] automated change (#​1261) (@​github-actions[bot])
• 20a5cfa: Fix false positive in defer-assignment and with (#​1262) (@​anderseknert)

v0.29.1

Compare Source

This patch release fixes an issue where custom (i.e. user-created) aggregate rules[^1]. wouldn't work as expected when the condition for a violation was the absence of aggregated data. This could for example be a rule that says "at least one rule must be named allow, and it must have a default assignment to false".

Upgrading from v0.29.0 is not required unless you're writing custom Regal rules.

Many thanks to @​shibataka000 for reporting the issue, and in such an exemplary way ⭐

[^1]: scroll below the table of rules for an explanation of what aggregate rules are

Changelog

• 0c6e8ed: build(deps): bump github/codeql-action from 3.27.2 to 3.27.3 (#​1258) (@​dependabot[bot])
• 743a65b: Fix custom rules that report on the absence of aggregates (#​1260) (@​anderseknert)

v0.29.0

Compare Source

This is a big release, spanning more than a month of development! Regal v0.29.0 brings new linter rules, performance improvements and new features to both the linter and the language server.

New rules

defer-assignment

Category: performance

The new defer-assignment rule helps detect when assignment can be moved to later in the rule body, possibly avoiding it at all if the conditions below don’t evaluate.

allow if {

### this assignment can be deferred to after the roles check
    resp := http.send({"method": "get", "url": "http:localhost"})
    
    "rego hacker" in input.user.roles
    
    resp.status_code == 200
}

This can improve performance by having less to evaluate, and it makes policies easier to read. Double win!

For more information, see the docs on defer-assignment.

walk-no-path

Category: performance

When using the walk built-in function on large data structures, traversing only the values without building a path to each node can save a considerable amout of time. The new walk-no-path rule will detect when the assigned path is unused and can be replaced by a wildcard variable, which tells OPA to skip the construction of the path. This dramatically improves the performance of the function.

found if {

### path assigned but never referenced in the rule
    walk(haystack, [path, value])

    value == "needle"
}

### should be replaced by

found if {
    walk(haystack, [_, value])

    value == "needle"
}

For more information, see the docs on walk-no-path.

rule-assigns-default

Category: bugs

Assigning a rule the same value as the default value set for the rule is always a bug, and while hopefully not too common, now reported by Regal.

default threshold := 1

threshold := 0 if {

### some conditions
}

### this is already the default condition!
### and having this removed will have no impact on how

### the rule evaluates.. don't do this!
threshold := 1 if {

### some conditions
}

For more information, see the docs on rule-assigns-default.

Language Server

Evaluation Code Lens for Neovim

We were exicted to learn the Code Lens for Evaluation (“click to evaluate”) feature we built now works not only in VS Code but also in Neovim. This thanks to work by regular contributor @​rinx. Thank you! The language server docs have now been updated to reflect this.

Improved Enterprise OPA integration

Setting the capabilities engine to eopa will now have the language sever recognize Enterprise OPA-specific built-in functions, and provide both auto-completions for those as well as informative tooltips on hover. Clicking links in the tooltip now correctly brings you to the Styra docs for the Enterprise OPA built-in functions.

Notable Improvements

• The leaked-internal-reference rule is now ignored in tests by default. See the docs for this rule if you wish to enable this.
• The prefer-snake-case rule now also reports violations in package names.
• The same prepared query is now used both for linting and to collect data for aggregate rules, saving about 150 milliseconds for any given regal lint run.
• Regal’s own capabilities and provided configuration is now available when running the evaluation code lens, simplifying development of custom rules.
• The pretty reporting format will now print the severity level of a violation when no color support is detected in the terminal (reported by @​geirs73)
• The --instrument flag from opa eval is now supported also by regal lint, providing detailed information about where most time is spent while linting.

Notable Fixes

• Using input.json for the evaluation code lens now works reliably on Windows. As does ourcing a capabilities.json file from the filesystem. Thanks to @​geirs73 for reporting these issues!
• Global ignore directives from .regal/config.yaml would sometimes be parsed differently depending on read by regal lint or the language server. This has now been fixed.
• Fix false positive in inconsistent-args rule when an arity mismatch should rather be handled by the compiler. Thanks @​tsandall for reporting that!
• Fix a false positive in use-contains rule when not importing rego.v1. This turned out to be an issue originating in OPA, so we fixed it there, and later included in Regal by upgrading the dependency to the latest OPA version v0.70.0. Thanks @​drewcorlin1 for reporting the issue!

Changelog

• 0af7c91: Scorecard updates (#​1182) (@​charlieegan3)
• 24f0fd7: Use defer to unlock mutex (#​1186) (@​anderseknert)
• da12bd0: build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.1 (#​1185) (@​dependabot[bot])
• a238a85: build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 (#​1184) (@​dependabot[bot])
• 03564f8: build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#​1183) (@​dependabot[bot])
• afce347: lsp: Update rego-by-examples index (#​1181) (@​github-actions[bot])
• e3fa956: linter: use a buffered error channel (#​1187) (@​charlieegan3)
• 1dbfc7e: lsp: enable levelled logging (#​1188) (@​charlieegan3)
• c5cee41: build(deps): bump actions/upload-artifact from 4.4.1 to 4.4.2 (#​1190) (@​dependabot[bot])
• 6663839: build(deps): bump actions/cache from 4.1.0 to 4.1.1 (#​1189) (@​dependabot[bot])
• 3b7530a: Add UNIwise company to adopters.md (#​1191) (@​Graloth)
• 95f4abf: lsp: Update rego-by-examples index (#​1193) (@​github-actions[bot])
• 0cf7506: build(deps): bump actions/upload-artifact from 4.4.2 to 4.4.3 (#​1194) (@​dependabot[bot])
• 78e2bba: workflow: use different branch (and also PR) for caps updates (@​srenatus)
• 649d5b9: [create-pull-request] automated change (@​srenatus)
• b58f999: lsp: Update rego-by-examples index (@​charlieegan3)
• 672bb15: docs: write about evaluation code lens support in neovim (#​1198) (@​rinx)
• e46ef92: build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 (#​1199) (@​dependabot[bot])
• df4d44e: docs: Fix typos in config examples (#​1201) (@​anderseknert)
• 8504347: io: Address path input.json separator issue (#​1203) (@​charlieegan3)
• d04be3d: Make prefer-snake-case check package name (#​1206) (@​anderseknert)
• 5bc9d1d: Handle file:// URLs in exclusion policy (#​1207) (@​anderseknert)
• d39da24: Improve error messages for incorrect capabilities version (#​1208) (@​anderseknert)
• 173a992: config: Generate C:-style capabilities paths (#​1209) (@​charlieegan3)
• 63b90e1: Use filepath.WalkDir instead of filepath.Walk (#​1210) (@​anderseknert)
• 234e36b: lint/rpt: Handle no-color ttys (#​1213) (@​charlieegan3)
• 877372b: Rule: defer-assignment (#​1215) (@​anderseknert)
• 0355ad7: build(deps): bump github.com/fatih/color from 1.17.0 to 1.18.0 (#​1216) (@​dependabot[bot])
• 6b7e00b: lsp/eval: Load capabilities and config into eval (#​1217) (@​charlieegan3)
• 0ce82ae: Rule: walk-no-path (#​1219) (@​anderseknert)
• b45c14b: lsp/eval: Remove missed print statement (#​1220) (@​charlieegan3)
• b9a2531: build(deps): bump actions/cache from 4.1.1 to 4.1.2 (#​1222) (@​dependabot[bot])
• 7ff216b: build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 (#​1221) (@​dependabot[bot])
• 9fcc5ee: build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#​1223) (@​dependabot[bot])
• 2337dc8: build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#​1224) (@​dependabot[bot])
• 6e9264d: [create-pull-request] automated change (#​1225) (@​github-actions[bot])
• 96e4804: rule: Disable leaked_internal_reference for test files (#​1228) (@​charlieegan3)
• 3c48af2: build(deps): bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 (#​1229) (@​dependabot[bot])
• aeec96b: lsp: Fix inconsistent processing of ignores (#​1227) (@​charlieegan3)
• e07a5d7: lsp: format root directory files (#​1232) (@​charlieegan3)
• 3b9d897: Remove leaked-internal-reference comments (#​1231) (@​charlieegan3)
• b13c9c5: [create-pull-request] automated change (@​srenatus)
• 1499393: Bump OPA to v0.70.0 (#​1235) (@​anderseknert)
• 0e950b7: Add VodafoneZiggo as adopters (#​1234) (@​Parsifal-M)
• 154faa2: workflow: read OPA version from go.mod (#​1236) (@​srenatus)
• 731c8d2: linter: Reuse lint prepared query between lint runs (#​1230) (@​charlieegan3)
• 5631795: actions: run race detector separately (#​1237) (@​anderseknert)
• 3a1c4dc: [create-pull-request] automated change (@​srenatus)
• b4b9d76: workflows/build: 'npm install' from subdir (#​1240) (@​srenatus)
• 73c27a0: workflows/build: use 'npm ci' (#​1241) (@​srenatus)
• aba5ef4: Rule: rule-assigns-default (#​1243) (@​anderseknert)
• bdc73a0: lsp/hover: Use link overrides if set (#​1244) (@​charlieegan3)
• 8c7cafd: Remove yaml.v2 dependency (#​1245) (@​anderseknert)
• 24f8553: ci: add depguard for gopkg.in/yaml.v2 (#​1246) (@​srenatus)
• 65ff668: lsp/test: Wait for aggregate state to be set (#​1247) (@​charlieegan3)
• d016a23: internal/lsp/*_test.go: replace for+success pattern (#​1248) (@​srenatus)
• 99a14b8: build(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 (#​1249) (@​dependabot[bot])
• 360dda6: build(deps): bump github/codeql-action from 3.27.0 to 3.27.1 (#​1251) (@​dependabot[bot])
• fe0a2b0: ci: Allow race detector to fail (#​1253) (@​charlieegan3)
• 22ec7cb: Fix false positive given arity mismatch in inconsistent-args (#​1252) (@​anderseknert)
• 21aa8d4: Add --instrument flag to regal lint (#​1254) (@​anderseknert)
• 82da7a9: build(deps): bump github/codeql-action from 3.27.1 to 3.27.2 (#​1257) (@​dependabot[bot])
• 5cb67ea: Use new setting to cache AST conversions from store (#​1256) (@​anderseknert)

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.