Bump github.com/open-policy-agent/opa

helsaawy · helsaawy · commit 09c942e0fdea · 2025-06-04T15:54:55.000-04:00
Resolve CVE-2025-46569: GHSA-6m8w-jc87-6cr7 Note: change requires updating go.mod version, which brings in significant additional changes. Signed-off-by: Hamza El-Saawy <hamzaelsaawy@microsoft.com>
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/Microsoft/hcsshim
 
-go 1.23.0
+go 1.23.8
 
 require (
 	github.com/Microsoft/cosesign1go v1.4.0
@@ -24,7 +24,7 @@ require (
 	github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3
 	github.com/mattn/go-shellwords v1.0.12
 	github.com/moby/sys/user v0.3.0
-	github.com/open-policy-agent/opa v0.70.0
+	github.com/open-policy-agent/opa v1.4.0
 	github.com/opencontainers/runc v1.2.3
 	github.com/opencontainers/runtime-spec v1.2.0
 	github.com/pelletier/go-toml v1.9.5
diff --git a/test/go.mod b/test/go.mod
@@ -1,6 +1,6 @@
 module github.com/Microsoft/hcsshim/test
 
-go 1.23.0
+go 1.23.8
 
 require (
 	github.com/Microsoft/go-winio v0.6.2
@@ -89,7 +89,7 @@ require (
 	github.com/moby/sys/user v0.3.0 // indirect
 	github.com/moby/sys/userns v0.1.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/open-policy-agent/opa v0.70.0 // indirect
+	github.com/open-policy-agent/opa v1.4.0 // indirect
 	github.com/opencontainers/runc v1.2.3 // indirect
 	github.com/opencontainers/selinux v1.11.0 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
