build(deps): bump github.com/openfga/openfga from 1.6.1 to 1.7.0

[dependabot]

Bumps github.com/openfga/openfga from 1.6.1 to 1.7.0.

Release notes

Sourced from github.com/openfga/openfga's releases.

v1.7.0

Added

• Add an experimental access control feature #1913 Learn more about this feature and how to enable it here If you do try it out, please provide feedback in the GitHub Discussion
• Document OpenFGA release process #1923

Changed

• Bump max number of contextual tuples in a single request to 100. #2040 Note: In assertions, they are still restricted to 20 per assertion

Performance

• Improve Check performance in the case that the query involves resolving nested tuple to userset relations. Enable via experimental flag enable-check-optimizations. #2025
• Improve the sub-problem caching in Check #2006, #2035

Fixed

• Fixed internal error for Check where model has nested userset with publicly assignable wildcard. #2049
• Fixed goroutine leak when ListObjects or StreamedListObjects call cannot be completed within REQUEST_TIMEOUT. #2030
• Fixed incorrect dispatch counts in ListObjects used for observability 2013
• Correct metrics label for ListUsers API calls #2000

Breaking changes

• The storage adapter ListStores's parameter ListStoresOptions allows filtering by IDs #1913 If you are using a custom storage adapter, ListStores now expects ListStoresOptions parameter that accepts passing in a list of IDs. See the following adapter change and the following change for a sample storage adapter implementation. If you are not using OpenFGA as a library with a custom storage adapter, this will not affect you. (for example, if you are using OpenFGA through our published docker images, you are not affected).

v1.6.2

Added

• Improve tracing in Check API by enhancing discoverability of model ID. #1964
• Improve tracing in all APIs by adding the store ID to the span. #1965

Changed

• ReadChanges now supports sorting. #1976.

  This is a breaking change related to the storage interface. If you are not implementing a storage adaptor, then these changes should not impact you.

Removed

• Removed deprecated opentelemetry-connector memory_ballast extension. #1942.
• Removed experimental logging of cache hits for each subproblem in Check API calls. #1960.

Fixed

• Handle all permutations of SQLite busy / locked errors #1936. Thanks @​DanCech!
• Goroutine leak in Check API introduced in v1.6.1 #1962.
• Broken migration from v.1.4.3 to v1.5.4 (openfga/openfga#1668) #1980 and #1986.
• Upgrade go from 1.22.6 to 1.22.7 to address CVE-2024-34156 #1987. Thanks @​golanglemonade!

Changelog

Sourced from github.com/openfga/openfga's changelog.

[1.7.0] - 2024-10-29

Added

• Add an experimental access control feature #1913 Learn more about this feature and how to enable it here If you do try it out, please provide feedback in the GitHub Discussion
• Document OpenFGA release process #1923

Changed

• Bump max number of contextual tuples in a single request to 100. #2040 Note: In assertions, they are still restricted to 20 per assertion

Performance

• Improve Check performance in the case that the query involves resolving nested tuple to userset relations. Enable via experimental flag enable-check-optimizations. #2025
• Improve the sub-problem caching in Check #2006, #2035

Fixed

• Fixed internal error for Check where model has nested userset with publicly assignable wildcard. #2049
• Fixed goroutine leak when ListObjects or StreamedListObjects call cannot be completed within REQUEST_TIMEOUT. #2030
• Fixed incorrect dispatch counts in ListObjects used for observability 2013
• Correct metrics label for ListUsers API calls #2000

Breaking changes

• The storage adapter ListStores's parameter ListStoresOptions allows filtering by IDs #1913 If you are using a custom storage adapter, ListStores now expects ListStoresOptions parameter that accepts passing in a list of IDs. See the following adapter change and the following change for a sample storage adapter implementation. If you are not using OpenFGA as a library with a custom storage adapter, this will not affect you. (for example, if you are using OpenFGA through our published docker images, you are not affected).

[1.6.2] - 2024-10-03

Full changelog

Added

• Improve tracing in Check API by enhancing discoverability of model ID. #1964

• Improve tracing in all APIs by adding the store ID to the span. #1965

• Add a cache for datastore iterators on Check API. #1924.

  Can be configured via OPENFGA_CHECK_ITERATOR_CACHE_ENABLED and OPENFGA_CHECK_ITERATOR_CACHE_MAX_RESULTS.

Changed

• ReadChanges now supports sorting. #1976.

  This is a breaking change related to the storage interface. If you are not implementing a storage adaptor, then these changes should not impact you.

Removed

• Removed deprecated opentelemetry-connector memory_ballast extension. #1942.
• Removed experimental logging of cache hits for each subproblem in Check API calls. #1960.

... (truncated)

Commits

• 7ddcb0f release: v1.7.0 (#2057)
• 5d5ff7f fix: dont allow writing >1 module unless w/ store write permissions (#2046)
• 25508f0 chore: bump grpc health probe (#2056)
• 5876f3d chore(deps): bump the dependencies group with 6 updates (#2050)
• a3091e3 fix: clone request to avoid data race (#2052)
• 7892e09 chore(deps): bump grpc-ecosystem/grpc-health-probe from v0.4.33 to v0.4.35 in...
• 558aea1 fix: disable fastpath optimization for nested userset with public wildcard (...
• 82059bf refactor: consolidate check_command error handling (#2044)
• f8eac9d test: only listen on localhost to avoid prompting for permission (#2042)
• 1e86401 fixed tests after including openfga/api#208 (#2041)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coveralls]

Pull Request Test Coverage Report for Build 11607232955

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage increased (+0.01%) to 55.218%

---

Totals
Change from base Build 11600690174:	0.01%
Covered Lines:	15440
Relevant Lines:	27962

---

💛 - Coveralls