Update auth and security libraries

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/cedar-policy/cedar-go	v1.6.1 → v1.8.0
github.com/coreos/go-oidc/v3	v3.18.0 → v3.19.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

cedar-policy/cedar-go (github.com/cedar-policy/cedar-go)

v1.8.0

Compare Source

What's Changed

• Reject IPv6 zone identifiers in Cedar IP parsing. by @​TheFellow in #​156
• Reject IPv4-mapped IPv6 addresses in IPAddr's IsLoopback and IsMulticast by @​kjamieson-sdm in #​157

Note: Both of the above changes represent a potential change in authorization behavior from previous versions of cedar-go in order to bring it in conformance with the Rust implementation. In the first case, policies that once evaluated successfully against a scopted IPv6 address (IPv6 address + zone) will now error. In the second case, the IPv4 loopback and multicast addresses encoded as IPv4-in-IPv6 addresses will no longer return for IsLoopback() and IsMulticast(), respectively.

Users should exercise caution when upgrading to this release and audit their policies to determine whether these behavior changes are impactful for them.

Full Changelog: cedar-policy/cedar-go@v1.7.0...v1.8.0

v1.7.0

Compare Source

What's Changed

• Fix coverage flake in x/exp/schema/validate by @​patjakdev in #​150
• parser: accept annotations without a value by @​iainmcgin in #​154

Full Changelog: cedar-policy/cedar-go@v1.6.2...v1.7.0

v1.6.2

Compare Source

What's Changed

• update security contact in CONTRIBUTING.md by @​victornicolet in #​148
• x/exp/schema/validate: handle cyclic entity-type parent declarations by @​iainmcgin in #​149

New Contributors

• @​victornicolet made their first contribution in #​148
• @​iainmcgin made their first contribution in #​149

Full Changelog: cedar-policy/cedar-go@v1.6.1...v1.6.2

coreos/go-oidc (github.com/coreos/go-oidc/v3)

v3.19.0

Compare Source

What's Changed

• fix: Key refresh should set no-cache to get most up to date keys by @​Yanni8 in #​485
• oidc: add support for validating back-channel logout tokens by @​ericchiang in #​486

New Contributors

• @​Yanni8 made their first contribution in #​485

Full Changelog: coreos/go-oidc@v3.18.0...v3.19.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "every weekend"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.36%. Comparing base (729ebd1) to head (595c2a0).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5670      +/-   ##
==========================================
- Coverage   70.42%   70.36%   -0.06%     
==========================================
  Files         651      651              
  Lines       66285    66285              
==========================================
- Hits        46678    46643      -35     
- Misses      16232    16284      +52     
+ Partials     3375     3358      -17     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.