Skip to content

fix(deps): upgrade testcontainers-go to resolve vulns#3299

Merged
elizabethhealy merged 4 commits into
mainfrom
upgrade-test-containers
Apr 14, 2026
Merged

fix(deps): upgrade testcontainers-go to resolve vulns#3299
elizabethhealy merged 4 commits into
mainfrom
upgrade-test-containers

Conversation

@elizabethhealy

@elizabethhealy elizabethhealy commented Apr 13, 2026

Copy link
Copy Markdown
Member

Proposed Changes

Checklist

  • I have added or updated unit tests
  • I have added or updated integration tests (if appropriate)
  • I have added or updated documentation

Testing Instructions

Summary by CodeRabbit

  • Chores

    • Updated multiple dependencies including testcontainers-go (v0.42.0), compress, gopsutil, and others for improved compatibility and performance.
  • Refactor

    • Simplified internal port mapping implementation by removing unnecessary dependencies and streamlining port conversion logic.

@coderabbitai

coderabbitai Bot commented Apr 13, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

This pull request removes the dependency on github.com/docker/go-connections/nat and migrates container integration code to use the updated testcontainers-go API. The MappedPort type now uses .Num() instead of .Int() for port conversion. Go module files are updated to reflect testcontainers-go version bumps across three modules.

Changes

Cohort / File(s) Summary
Container Integration Port Migration
service/entityresolution/integration/container_helpers.go, service/entityresolution/integration/keycloak_test.go, service/entityresolution/integration/multistrategy_comprehensive_test.go
Removed nat import and updated port conversions from mappedPort.Int() to int(mappedPort.Num()) across container setup and test functions.
SQL Wait Configuration Update
service/integration/main_test.go
Removed nat dependency and refactored wait.ForSQL() to accept port as a string in "port/protocol" format, parsing it with strings.Cut() before building PostgreSQL connection URI.
Service Module Dependency Updates
service/go.mod
Bumped testcontainers-go from v0.40.0 to v0.42.0; updated 9 other transitive dependencies; removed direct docker/go-connections requirement and converted to indirect dependency.
Test Integration Module Dependency Updates
test/integration/go.mod
Bumped testcontainers-go from v0.41.0 to v0.42.0 and klauspost/compress to v1.18.5; added moby/moby/{api,client} as indirect dependencies; removed 10 indirect dependencies including cenkalti/backoff, docker/docker, and OpenTelemetry OTLP components.
BDD Test Module Dependency Updates
tests-bdd/go.mod
Bumped testcontainers-go and modules/compose to v0.42.0; updated OpenTelemetry OTLP exporters from v1.38.0 to v1.42.0; added moby/moby/{api,client} and new indirect dependencies; removed pelletier/go-toml.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

Suggested reviewers

  • pflynn-virtru
  • strantalis
  • jakedoublev

Poem

A rabbit hops where nat once stood,
The Docker threads now understood!
With .Num() bright and .Int() gone,
Containers spin from dusk to dawn,
Our dependencies grow clean and strong! 🐰✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 40.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: upgrading testcontainers-go to resolve vulnerabilities, which is clearly the primary objective across all modified files.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch upgrade-test-containers

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@elizabethhealy elizabethhealy changed the title fix(service): upgrade testcontainers-go to resolve vulns fix(deps): upgrade testcontainers-go to resolve vulns Apr 13, 2026
@gemini-code-assist

Copy link
Copy Markdown
Contributor

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on a critical dependency upgrade to enhance the security posture of the service and related test infrastructure. By updating testcontainers-go and its associated transitive dependencies, we are proactively addressing potential vulnerabilities and ensuring the stability and reliability of our container-based testing environments. This change primarily involves updating module definitions and their corresponding checksums.

Highlights

  • Dependency Upgrade: testcontainers-go: The primary change involves upgrading the testcontainers-go dependency across the service, test/integration, and tests-bdd modules to version v0.42.0.
  • Vulnerability Resolution: This upgrade specifically addresses and resolves identified vulnerabilities within the testcontainers-go library and its transitive dependencies.
  • Transitive Dependency Updates: Numerous other indirect dependencies, such as github.com/moby/moby/api, github.com/moby/moby/client, github.com/klauspost/compress, and various OpenTelemetry packages, were updated or added as a result of the testcontainers-go upgrade.
  • Module-Specific Adjustments: Each affected Go module (service, test/integration, tests-bdd) had its go.mod and go.sum files updated to reflect the new dependency versions and resolve any conflicts or introduce new indirect requirements.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.


Dependencies, a tangled web, Upgraded now, no longer dread. Containers spin, tests run free, Security, for all to see.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request performs a comprehensive update of dependencies across the project's go.mod files, including upgrading testcontainers-go to v0.42.0 and transitioning from docker/docker to moby/moby clients. Other notable updates include klauspost/compress, sirupsen/logrus, and various OpenTelemetry components. Feedback was provided regarding the continued use of the +incompatible docker/cli dependency in the tests-bdd module, suggesting its potential removal to avoid dependency resolution issues.

Comment thread tests-bdd/go.mod
@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 193.993872ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 96.041563ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 397.198407ms
Throughput 251.76 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 39.534475178s
Average Latency 393.399679ms
Throughput 126.47 requests/second

@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 159.527626ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 80.651508ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 391.521728ms
Throughput 255.41 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 40.468139741s
Average Latency 402.217276ms
Throughput 123.55 requests/second

@github-actions

Copy link
Copy Markdown
Contributor

@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 172.615068ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 78.180935ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 390.983462ms
Throughput 255.77 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 39.371223372s
Average Latency 391.774602ms
Throughput 127.00 requests/second

@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 195.392458ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 103.016587ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 406.647666ms
Throughput 245.91 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 41.816176066s
Average Latency 416.477167ms
Throughput 119.57 requests/second

@github-actions

Copy link
Copy Markdown
Contributor

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

  • examples
  • sdk
  • service
  • lib/fixtures
  • tests-bdd

See the workflow run for details.

@elizabethhealy
elizabethhealy marked this pull request as ready for review April 13, 2026 15:38
@elizabethhealy
elizabethhealy requested review from a team as code owners April 13, 2026 15:38

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)
service/entityresolution/integration/multistrategy_comprehensive_test.go (1)

149-149: 🧹 Nitpick | 🔵 Trivial

Minor: Port string format without protocol suffix.

Similar to keycloak_test.go, the MappedPort calls use port numbers without the /tcp suffix (e.g., "5432" instead of "5432/tcp"), while ExposedPorts declarations include the protocol. While testcontainers-go may handle this gracefully, using consistent format would improve clarity.

Also applies to: 310-310, 1009-1009

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@service/entityresolution/integration/multistrategy_comprehensive_test.go` at
line 149, The MappedPort calls use plain port strings (e.g., in
postgresContainer.MappedPort) while ExposedPorts include the protocol; update
the MappedPort invocations to use the same "/tcp" suffix (e.g., "5432/tcp") for
consistency and clarity—locate uses of postgresContainer.MappedPort (and
identical calls around the other occurrences referenced) and change the port
argument to include "/tcp".
service/entityresolution/integration/keycloak_test.go (1)

221-221: ⚠️ Potential issue | 🟡 Minor

Port string format inconsistency.

Line 221 uses "8080" without the protocol suffix, while ExposedPorts at line 178 declares "8080/tcp". The testcontainers-go MappedPort method typically expects the full port/protocol format (e.g., "8080/tcp") to match the exposed port declaration.

Consider updating for consistency:

🔧 Suggested fix
-	mappedPort, err := container.MappedPort(ctx, "8080")
+	mappedPort, err := container.MappedPort(ctx, "8080/tcp")

The int(mappedPort.Num()) conversion itself is correct for the testcontainers-go v0.42.0 API.

Also applies to: 227-227

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@service/entityresolution/integration/keycloak_test.go` at line 221, The test
uses container.MappedPort with an inconsistent port string ("8080") while
ExposedPorts declared "8080/tcp"; update the MappedPort calls to use the full
port/protocol string ("8080/tcp") wherever container.MappedPort(ctx, "8080") is
called (e.g., the mappedPort retrievals referenced in keycloak_test.go) so they
match the ExposedPorts declaration and ensure correct port mapping; keep the
int(mappedPort.Num()) conversion as-is.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@service/entityresolution/integration/keycloak_test.go`:
- Line 221: The test uses container.MappedPort with an inconsistent port string
("8080") while ExposedPorts declared "8080/tcp"; update the MappedPort calls to
use the full port/protocol string ("8080/tcp") wherever
container.MappedPort(ctx, "8080") is called (e.g., the mappedPort retrievals
referenced in keycloak_test.go) so they match the ExposedPorts declaration and
ensure correct port mapping; keep the int(mappedPort.Num()) conversion as-is.

In `@service/entityresolution/integration/multistrategy_comprehensive_test.go`:
- Line 149: The MappedPort calls use plain port strings (e.g., in
postgresContainer.MappedPort) while ExposedPorts include the protocol; update
the MappedPort invocations to use the same "/tcp" suffix (e.g., "5432/tcp") for
consistency and clarity—locate uses of postgresContainer.MappedPort (and
identical calls around the other occurrences referenced) and change the port
argument to include "/tcp".

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: a5d369e7-cecf-429c-826a-3295deba1597

📥 Commits

Reviewing files that changed from the base of the PR and between 888a4f0 and 5af9195.

⛔ Files ignored due to path filters (3)
  • service/go.sum is excluded by !**/*.sum
  • test/integration/go.sum is excluded by !**/*.sum
  • tests-bdd/go.sum is excluded by !**/*.sum
📒 Files selected for processing (7)
  • service/entityresolution/integration/internal/container_helpers.go
  • service/entityresolution/integration/keycloak_test.go
  • service/entityresolution/integration/multistrategy_comprehensive_test.go
  • service/go.mod
  • service/integration/main_test.go
  • test/integration/go.mod
  • tests-bdd/go.mod

@elizabethhealy
elizabethhealy added this pull request to the merge queue Apr 14, 2026
Merged via the queue into main with commit 72c6f9b Apr 14, 2026
39 checks passed
@elizabethhealy
elizabethhealy deleted the upgrade-test-containers branch April 14, 2026 02:40
JBCongdon pushed a commit to JBCongdon/platform that referenced this pull request May 24, 2026
🤖 I have created a release *beep* *boop*
---


##
[0.14.0](opentdf/platform@service/v0.13.0...service/v0.14.0)
(2026-04-21)


### ⚠ BREAKING CHANGES

* **sdk:** reclassify KAS 400 errors — distinguish tamper from
misconfiguration
([opentdf#3166](opentdf#3166))
* **policy:** optional namespace for RRs
([opentdf#3165](opentdf#3165))
* **policy:** Namespace subject mappings and subject condition sets.
([opentdf#3143](opentdf#3143))
* **policy:** Optional namespace on actions protos, NamespacedPolicy
feature flag ([opentdf#3155](opentdf#3155))
* **policy:** add namespaced actions schema and namespace-aware action
queries ([opentdf#3154](opentdf#3154))
* **policy:** only require namespace on GetAction if no id provided
([opentdf#3144](opentdf#3144))
* **policy:** add namespace field to Actions proto
([opentdf#3130](opentdf#3130))
* **policy:** namespace Registered Resources
([opentdf#3111](opentdf#3111))
* **policy:** add namespace field to RegisteredResource proto
([opentdf#3110](opentdf#3110))

### Features

* **authz:** Namespaced policy in decisioning
([opentdf#3226](opentdf#3226))
([0355934](opentdf@0355934))
* **cli:** migrate otdfctl into platform monorepo
([opentdf#3205](opentdf#3205))
([5177bec](opentdf@5177bec))
* fix tracing ([opentdf#3242](opentdf#3242))
([57e5680](opentdf@57e5680))
* **policy:** add GetObligationTrigger RPC
([opentdf#3318](opentdf#3318))
([d68e39d](opentdf@d68e39d))
* **policy:** add namespace field to Actions proto
([opentdf#3130](opentdf#3130))
([bedc9b3](opentdf@bedc9b3))
* **policy:** add namespace field to RegisteredResource proto
([opentdf#3110](opentdf#3110))
([04fd85d](opentdf@04fd85d))
* **policy:** add namespaced actions schema and namespace-aware action
queries ([opentdf#3154](opentdf#3154))
([c0443f1](opentdf@c0443f1))
* **policy:** add sort ListSubjectMappings API
([opentdf#3255](opentdf#3255))
([9d5d757](opentdf@9d5d757))
* **policy:** Add sort support listregisteredresources api
([opentdf#3312](opentdf#3312))
([91a3ff3](opentdf@91a3ff3))
* **policy:** add sort support to ListAttributes API
([opentdf#3223](opentdf#3223))
([ec3312f](opentdf@ec3312f))
* **policy:** add sort support to ListKeyAccessServer
([opentdf#3287](opentdf#3287))
([7fae2d7](opentdf@7fae2d7))
* **policy:** Add sort support to ListNamespaces API
([opentdf#3192](opentdf#3192))
([aac86cd](opentdf@aac86cd))
* **policy:** add sort support to listobligations api
([opentdf#3300](opentdf#3300))
([9221cac](opentdf@9221cac))
* **policy:** add sort support to ListSubjectConditionSets API
([opentdf#3272](opentdf#3272))
([9010f12](opentdf@9010f12))
* **policy:** add SortField proto and update PageRequest for sort
support ([opentdf#3187](opentdf#3187))
([6cf1862](opentdf@6cf1862))
* **policy:** Enforce same namespace when actions referenced downstream
([opentdf#3206](opentdf#3206))
([4b5463a](opentdf@4b5463a))
* **policy:** namespace Registered Resources
([opentdf#3111](opentdf#3111))
([6db1883](opentdf@6db1883))
* **policy:** Namespace subject mappings and condition sets
([opentdf#3172](opentdf#3172))
([6deed50](opentdf@6deed50))
* **policy:** Namespace subject mappings and subject condition sets.
([opentdf#3143](opentdf#3143))
([3006780](opentdf@3006780))
* **policy:** optional namespace for RRs
([opentdf#3165](opentdf#3165))
([8948018](opentdf@8948018))
* **policy:** rollback migration strategy for namespaced actions
([opentdf#3235](opentdf#3235))
([f7e5e01](opentdf@f7e5e01))
* **policy:** Seed existing namespaces with standard actions
([opentdf#3228](opentdf#3228))
([12136b0](opentdf@12136b0))
* **policy:** Seed namespaces with standard actions on creation +
namespaced actions for obligation triggers
([opentdf#3161](opentdf#3161))
([984d76b](opentdf@984d76b))


### Bug Fixes

* **ci:** Upgrade toolchain version to 1.25.8
([opentdf#3116](opentdf#3116))
([e1b7882](opentdf@e1b7882))
* **core:** do not concat slashes directly in url/file paths
([opentdf#3290](opentdf#3290))
([114c2a7](opentdf@114c2a7))
* **deps:** bump github.com/jackc/pgx/v5 from 5.7.5 to 5.9.0 in /service
([opentdf#3316](opentdf#3316))
([017362e](opentdf@017362e))
* **deps:** bump github.com/opentdf/platform/lib/identifier from 0.2.0
to 0.3.0 in /service
([opentdf#3162](opentdf#3162))
([8bc5dcd](opentdf@8bc5dcd))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.16.0 to
0.17.0 in /service
([opentdf#3125](opentdf#3125))
([29fec61](opentdf@29fec61))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.17.0 to
0.21.0 in /service
([opentdf#3220](opentdf#3220))
([e63add2](opentdf@e63add2))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.21.0 to
0.22.0 in /service
([opentdf#3248](opentdf#3248))
([1ebce73](opentdf@1ebce73))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.22.0 to
0.23.0 in /service
([opentdf#3271](opentdf#3271))
([3338b8e](opentdf@3338b8e))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.23.0 to
0.24.0 in /service
([opentdf#3321](opentdf#3321))
([78e6022](opentdf@78e6022))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.24.0 to
0.25.0 in /service
([opentdf#3333](opentdf#3333))
([3940bf8](opentdf@3940bf8))
* **deps:** bump github.com/opentdf/platform/sdk from 0.13.0 to 0.16.0
in /service ([opentdf#3356](opentdf#3356))
([5617077](opentdf@5617077))
* **deps:** bump
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from
1.42.0 to 1.43.0 in /service
([opentdf#3282](opentdf#3282))
([046374a](opentdf@046374a))
* **deps:** bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in
/service ([opentdf#3281](opentdf#3281))
([56b33f2](opentdf@56b33f2))
* **deps:** bump google.golang.org/grpc from 1.77.0 to 1.79.3 in
/service ([opentdf#3176](opentdf#3176))
([3289502](opentdf@3289502))
* **deps:** remove direct github.com/docker/docker dependency
([opentdf#3229](opentdf#3229))
([2becb27](opentdf@2becb27))
* **deps:** upgrade testcontainers-go to resolve vulns
([opentdf#3299](opentdf#3299))
([72c6f9b](opentdf@72c6f9b))
* **ers:** include standard JWT claims in claims mode entity resolution
([opentdf#3196](opentdf#3196))
([6d50da1](opentdf@6d50da1))
* **ers:** ldap multi-strategy ers
([opentdf#3117](opentdf#3117))
([d3aaf1a](opentdf@d3aaf1a))
* **policy:** deprecate ListAttributeValues in favor of existing
GetAttribute ([opentdf#3108](opentdf#3108))
([7e17c2d](opentdf@7e17c2d))
* **policy:** make obligation trigger uniqueness client-aware
([opentdf#3114](opentdf#3114))
([9265bc3](opentdf@9265bc3))
* **policy:** omit empty attribute values from create responses
([opentdf#3193](opentdf#3193))
([d298378](opentdf@d298378))
* **policy:** only require namespace on GetAction if no id provided
([opentdf#3144](opentdf#3144))
([10d0c0f](opentdf@10d0c0f))
* **policy:** Optional namespace on actions protos, NamespacedPolicy
feature flag ([opentdf#3155](opentdf#3155))
([c20f039](opentdf@c20f039))
* **policy:** order List* results by created_at
([opentdf#3088](opentdf#3088))
([ea90ac2](opentdf@ea90ac2))
* **sdk:** normalize issuer URL before OIDC discovery
([opentdf#3261](opentdf#3261))
([61f98c9](opentdf@61f98c9))
* **sdk:** reclassify KAS 400 errors — distinguish tamper from
misconfiguration
([opentdf#3166](opentdf#3166))
([f04a385](opentdf@f04a385))
* **sdk:** remove testcontainers from consumer dependency graph
([opentdf#3129](opentdf#3129))
([f17dcdd](opentdf@f17dcdd))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants