v0.15.0
This release brings 2 new linter rules, and a few improvements and fixes.
New rule: deprecated-builtin
Category: bugs
Calling deprecated built-in functions should always be avoided, and replacing them is usually trivial. Refer to the OPA docs on strict mode for more details on which built-in functions counts as deprecated.
For more information, see the docs on deprecated-builtin.
New rule: default-over-not
Category: style
Avoid
package policy
import future.keywords.if
username := input.user.name
username := "anonymous" if not input.user.namePrefer
package policy
default username := "anonymous"
username := input.user.nameWhile both forms are valid, using the default keyword to assign a constant value in the fallback case better
communicates intent, avoids negation where it isn't needed, and requires less instructions to evaluate. Note that this
rule only covers simple cases where one rule assigns the "happy" path, and another rule assigns on the same condition
negated. This is by design, as using not and negation may very well be the right choice for more complex cases!
For more information, see the docs on default-over-not.
Other improvements
- Ignore directives can now be placed anywhere in a comment, and not just at the start of one. Thanks @nevumx for requesting this!
Bugs fixed
- SARIF output format: omit region for violations with whole file as location. Thanks @travbale for reporting this!
- SARIF output format: fix incorrect level of
noticeand usenoneinstead. Thanks @travbale for reporting this!
Community
- The Minder project was added as an adopter. Thanks @JAORMX for this!
Changelog
- 8ab2d0b: bundle: update all_refs to get more refs (#512) (@charlieegan3)
- 9dab794: [ast]: Improve all_refs performance (#518) (@charlieegan3)
- d8d91ff: SARIF: Omit region if no row/column provided (#515) (@anderseknert)
- f2b39f6: Bump actions/setup-go from 4 to 5 (#519) (@dependabot[bot])
- fe2ae49: docs: Add new community rules section (#520) (@charlieegan3)
- 4f7d745: Bump github/codeql-action from 2 to 3 (#522) (@dependabot[bot])
- 1db0b08: Add Minder to list of open source projects that have adopted regal (#523) (@JAORMX)
- d7783b0: Add Stacklok to the list of companies that have adopted Regal (#524) (@JAORMX)
- dad9809: Rule:
default-over-not(#521) (@anderseknert) - ef3386a: Rule:
deprecated-builtin(#525) (@anderseknert) - 47f6cc2: OPA v0.60.0 (#526) (@anderseknert)
- 7d3fdd3: Allow ignore directive anywhere in comment (#529) (@anderseknert)
- f80597e: Fix OPA badge: v0.60.0 (@anderseknert)
