chore(deps): bump github.com/openfga/openfga from 1.8.4 to 1.8.6 in the dependencies group

[dependabot]

Bumps the dependencies group with 1 update: github.com/openfga/openfga.

Updates github.com/openfga/openfga from 1.8.4 to 1.8.6

Release notes

Sourced from github.com/openfga/openfga's releases.

v1.8.6

Added

Added cachecontroller_cache_invalidation_count metric to track invalidation operations. openfga/openfga#2282

Full changelog

Changelog

• bf1744a3ffa42e2791d988014e2fd496df17a553 chore(deps): bump the dependencies group across 1 directory with 8 updates (#2288)
• 728a148b36219e7ae1541d79a776ee961246dc26 chore(deps): bump the dependencies group across 1 directory with 8 updates (#2289)
• 93568f7b58dc40aff3c6a6bca2893e0277e06e6a chore: dry run goreleaser on PRs to main (#2286)
• 15a9cb838ca21370665c595c79960f7e488c207a chore: update changelog in prep for v1.8.6 (#2291)
• 70e70e6648be8a4a019ea451577be585eb19d8aa feat: add cachecontroller_cache_invalidation_count metric (#2282)

v1.8.5

Added

• Improve Check performance for sub-problems when caching is enabled #2193.
• Improve Check performance for relations involving public wildcard. Enable via experimental flag enable-check-optimizations. #2180.
• Improve Check API performance when experimental flag enable-check-optimizations is turned on and contextual tuples are involved. #2150
• Added metrics to track invalid cache hits: check_cache_invalid_hit_count and tuples_iterator_cache_invalid_hit_count #2222.
• Move Check performance optimizations out of experimental mode: shortcutting based on path, recursive userset fast path, and recursive TTU fast path. #2236
• Improve Check API performance when experimental flag enable-check-optimizations is turned on and the model contains union of a TTU and algebraic operations. #2200
• Implement dynamic TLS certificate reloading for HTTP and gRPC servers. #2182
• Publicize check.RunMatrixTests method to allow testing against any ClientInterface. #2267.

Changed

• Performance optimizations for string operations and memory allocations across the codebase #2238 and #2241
• Update to Go 1.23 as the min supported version and bump the container image to go1.23.6 We follow Go's version support policy and will only support the latest two major versions of Go. Now that Go 1.24 is out, we have dropped support for Go < 1.23.

Fixed

• Optimized database dialect handling by setting it during initialization instead of per-call, fixing SQL syntax errors in MySQL #2252
• Fixed incorrect invalidation by cache controller on cache iterator. #2190, #2216
• Fixed incorrect types in configuration JSON schema #2217, #2228.
• Fixed BatchCheck API to validate presence of the tuple_key property of a BatchCheckItem #2242
• Fixed incorrect check and list objects evaluation when model has a relation directly assignable to both public access AND userset with the same type and type bound public access tuple is assigned to the object. CVE-2025-25196

Changelog

Sourced from github.com/openfga/openfga's changelog.

[1.8.6] - 2025-02-20

Full changelog

Added

• Added cachecontroller_cache_invalidation_count metric to track invalidation operations. #2282

[1.8.5] - 2025-02-19

Full changelog

Added

• Improve Check performance for sub-problems when caching is enabled #2193.
• Improve Check performance for relations involving public wildcard. Enable via experimental flag enable-check-optimizations. #2180.
• Improve Check API performance when experimental flag enable-check-optimizations is turned on and contextual tuples are involved. #2150
• Added metrics to track invalid cache hits: check_cache_invalid_hit_count and tuples_iterator_cache_invalid_hit_count #2222.
• Move Check performance optimizations out of experimental mode: shortcutting based on path, recursive userset fast path, and recursive TTU fast path. #2236
• Improve Check API performance when experimental flag enable-check-optimizations is turned on and the model contains union of a TTU and algebraic operations. #2200
• Implement dynamic TLS certificate reloading for HTTP and gRPC servers. #2182
• Publicize check.RunMatrixTests method to allow testing against any ClientInterface. #2267.

Changed

• Performance optimizations for string operations and memory allocations across the codebase #2238 and #2241
• Update to Go 1.23 as the min supported version and bump the container image to go1.23.6 We follow Go's version support policy and will only support the latest two major versions of Go. Now that Go 1.24 is out, we have dropped support for Go < 1.23.

Fixed

• Optimized database dialect handling by setting it during initialization instead of per-call, fixing SQL syntax errors in MySQL #2252
• Fixed incorrect invalidation by cache controller on cache iterator. #2190, #2216
• Fixed incorrect types in configuration JSON schema #2217, #2228.
• Fixed BatchCheck API to validate presence of the tuple_key property of a BatchCheckItem #2242
• Fixed incorrect check and list objects evaluation when model has a relation directly assignable to both public access AND userset with the same type and type bound public access tuple is assigned to the object.

Commits

• 15a9cb8 chore: update changelog in prep for v1.8.6 (#2291)
• bf1744a chore(deps): bump the dependencies group across 1 directory with 8 updates (#...
• 93568f7 chore: dry run goreleaser on PRs to main (#2286)
• 70e70e6 feat: add cachecontroller_cache_invalidation_count metric (#2282)
• 728a148 chore(deps): bump the dependencies group across 1 directory with 8 updates (#...
• a77b339 fix: goreleaser dockerfile (#2284)
• a6c3d19 docs(v1.8.5): add v1.8.5 release notes to CHANGELOG (#2283)
• 0aee4f4 Merge commit from fork
• e51273a chore: bump min supported go version to 1.23 (#2274)
• 7d66345 test: ignore mysql connection dangling goroutine (#2273)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[stacklok-cloud]

Minder Vulnerability Report ✅

Minder analyzed this PR and found it does not add any new vulnerable dependencies.

Vulnerability scan of 4be9eb38:

• 🐞 vulnerable packages: 0
• 🛠 fixes available for: 0

[dependabot]

Looks like github.com/openfga/openfga is updatable in another way, so this is no longer needed.