Update openpolicyagent/opa Docker tag to v0.62.1

This MR contains the following updates:

Package	Type	Update	Change
openpolicyagent/opa		minor	0.61.0 -> 0.62.1
openpolicyagent/opa	ironbank-docker	minor	0.61.0-static -> 0.62.1-static
openpolicyagent/opa	stage	minor	0.61.0-static -> 0.62.1-static

---

Release Notes

open-policy-agent/opa (openpolicyagent/opa)

v0.62.1

Compare Source

This is a security fix release for the fixes published in Golang 1.22.1.

OPA servers using --authentication=tls would be affected: crafted malicious client certificates could cause a panic in the server.

Also, crafted server certificates could panic OPA's HTTP clients, in bundle plugin, status and decision logs; and http.send calls that verify TLS.

This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.

This is CVE-2024-24783 (https://pkg.go.dev/vuln/GO-2024-2598).

Note that there are other security fixes in this Golang release, but whether or not OPA is affected is harder to tell. An update is advised.

Miscellaneous

• Add Trino to OPA ecosystem (authored by @​mosabua)
• update: ADOPTERS.md (#​6608) (authored by @​fredmaggiowski)

v0.62.0

Compare Source

NOTES:

• The minimum version of Go required to build the OPA module is 1.20

This release contains a mix of improvements and bugfixes.

Runtime, Tooling, SDK

• cmd: Add environment variable backups for command-line flags (#​6508) authored by @​colinjlacy
• download/oci: Add missing WithBundleParserOpts method to OCI downloader (#​6571) authored by @​slonka
• logging: avoid %!F(MISSING) in logs by skipping calls to the {Debug,Info,Warn,Error}f functions when there are no arguments (#​6555) authored by @​srenatus

Topdown and Rego

• ast+cmd: Allow bundle to contain calls to unknown Rego functions when inspected (#​6591) authored by @​johanfylling
• topdown/http: Respect raise_error flag during input validation (#​6553) authored by @​ashutosh-narkar

Docs + Website + Ecosystem

• Add OpaDotNet to ecosystem projects (#​6554) authored by @​me-viper
• Add updated logos for Permit.io and OPAL (#​6562) authored by @​danielbass37
• docs: Update description of the url path usage when accessing values inside object and array documents for v1/data GET and POST (#​6567) authored by @​ashutosh-narkar
• docs: Use application/yaml instead of application/x-yaml as the former is now a recognized content type (#​6565) authored by @​anderseknert

Miscellaneous

• Add Elastic to ADOPTERS.md (#​6568) authored by @​orouz
• Dependency updates; notably:
  • bump golang 1.21.5 -> 1.22 (#​6595) authored by @​srenatus
  • bump google.golang.org/grpc from 1.61.0 to 1.62.0
  • bump golang.org/x/net from 0.19.0 to 0.21.0
  • bump github.com/containerd/containerd from 1.7.12 to 1.7.13
  • bump aquasecurity/trivy-action from 0.16.1 to 0.17.0
  • bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0
  • bump github.com/opencontainers/image-spec from 1.1.0-rc5 to 1.1.0-rc6

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.