build(deps): bump github.com/open-policy-agent/opa from 0.28.0 to 0.42.2 in /services/gateway

[dependabot]

Bumps github.com/open-policy-agent/opa from 0.28.0 to 0.42.2.

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v0.42.2

This is a bug fix release that addresses the following:

• storage/disk: make symlinks work with relative paths (#4869)
• bundle: Normalize paths before bundle root check

v0.42.1

This is a bug fix release that addresses the following:

1. An issue while writing data to the in-memory store at a non-root nonexistent path (#4855), reported by @​wermerb and others.
2. Policies owned by a bundle could be replaced via the REST API because of a missing bundle scope check (#4846).
3. Adds missing future.keywords import for the examples in the policy testing section of the docs (#4849), reported by @​robert-elles.

v0.42.0

This release contains a number of fixes and enhancements.

New built-in function: object.subset

This function checks if a collection is a subset of another collection. It works on objects, sets, and arrays.

If both arguments are objects, then the operation is recursive, e.g. {"c": {"x": {10, 15, 20}} is considered a subset of {"a": "b", "c": {"x": {10, 15, 20, 25}, "y": "z"}.

See the built-in functions docs for all details

This implementation fixes #4358 and was authored by @​charlesdaniels.

New keywords: "contains" and "if"

These new keywords let you increase the expressiveness of your policy code:

Before

package authz
allow { not denied } # `denied` left out for presentation purposes
deny[msg] {
count(violations) > 0
msg := sprintf("there are %d violations", [count(violations)])
}

After

package authz
import future.keywords
allow if not denied # one expression only => no { ... } needed!
</tr></table>

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

0.42.2

This is a bug fix release that addresses the following:

• storage/disk: make symlinks work with relative paths (#4869)
• bundle: Normalize paths before bundle root check

0.42.1

This is a bug fix release that addresses the following:

1. An issue while writing data to the in-memory store at a non-root nonexistent path (#4855), reported by @​wermerb and others.
2. Policies owned by a bundle could be replaced via the REST API because of a missing bundle scope check (#4846).
3. Adds missing future.keywords import for the examples in the policy testing section of the docs (#4849), reported by @​robert-elles.

0.42.0

This release contains a number of fixes and enhancements.

New built-in function: object.subset

This function checks if a collection is a subset of another collection. It works on objects, sets, and arrays.

If both arguments are objects, then the operation is recursive, e.g. {"c": {"x": {10, 15, 20}} is considered a subset of {"a": "b", "c": {"x": {10, 15, 20, 25}, "y": "z"}.

See the built-in functions docs for all the details

This implementation fixes #4358 and was authored by @​charlesdaniels.

New keywords: "contains" and "if"

These new keywords let you increase the expressiveness of your policy code:

Before

package authz
allow { not denied } # `denied` left out for presentation purposes
deny[msg] {
count(violations) > 0
msg := sprintf("there are %d violations", [count(violations)])
}

After

</tr></table> 

... (truncated)

Commits

• efcf506 Prepare Release 0.42.2
• 16bae6c CI: remove trivy from PRs, add CVE-2022-1996 to ignores (#4867)
• e6626cd bundle: Normalize paths before bundle root check
• db3a4e7 storage/disk: make symlinks work with relative paths (#4870)
• 60b7193 Prepare v0.42.1 release
• 2819143 server: check old policy path for bundle ownership (#4847)
• 22641e5 docs/policy-testing: add missing future.keywords imports (#4852)
• fa6ccbc storage/inmem: Create path if does not exist during truncate (#4853)
• 9b5fb9b Prepare release v0.42.0 (#4834)
• 7305b16 server: pass IQBC to authorizer (#4838)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #2086.