Open Source Google Zanzibar

What's Changed

• introduces depot runners by @vroldanbet in https://github.com/authzed/spicedb/pull/2297
• feat: make build notification links clickable by @Verolop in https://github.com/authzed/spicedb/pull/2303
• Bump golang from 1.24.0-alpine3.20 to 1.24.2-alpine3.20 in the docker group by @dependabot in https://github.com/authzed/spicedb/pull/2298
• Bump the go-mod group with 26 updates by @dependabot in https://github.com/authzed/spicedb/pull/2299
• fixes incorrect handling of definition deltas via Postgres Watch API by @vroldanbet in https://github.com/authzed/spicedb/pull/2305
• enable tparallel to keep tests fast by @vroldanbet in https://github.com/authzed/spicedb/pull/2306
• Add improved caveat filtering to the datastore relationship filter by @josephschorr in https://github.com/authzed/spicedb/pull/2309
• bug-fix(schema): prevent schema write failures when migrating to caveated relation by @kartikaysaxena in https://github.com/authzed/spicedb/pull/2308
• Remove panic from devcontext serve in favor of a warning by @josephschorr in https://github.com/authzed/spicedb/pull/2312
• fix(memdb): check if closed by @miparnisari in https://github.com/authzed/spicedb/pull/2307
• Fix handling of no columns in Spanner by @josephschorr in https://github.com/authzed/spicedb/pull/2319
• Update Go to 1.23.8 to fix a reported vuln in Go by @josephschorr in https://github.com/authzed/spicedb/pull/2318
• [typesystem] Remove typesystem package by @barakmich in https://github.com/authzed/spicedb/pull/2313
• put error checks before accessing return values by @miparnisari in https://github.com/authzed/spicedb/pull/2317
• Ensure the Postgres read-write tx uses the TX for the reader by @josephschorr in https://github.com/authzed/spicedb/pull/2321
• Improved indexing part 2 by @josephschorr in https://github.com/authzed/spicedb/pull/2310
• Add option to disable watch by @josephschorr in https://github.com/authzed/spicedb/pull/2323
• Force indexes on Postgres and change subject sort order to match index by @josephschorr in https://github.com/authzed/spicedb/pull/2327
• introduces a flag to relax postgres isolation level by @vroldanbet in https://github.com/authzed/spicedb/pull/2324
• internal/datastore/pg: server-side loop for repair by @jzelinskie in https://github.com/authzed/spicedb/pull/2322
• Force indexes on Spanner and change subject sort order to match index by @josephschorr in https://github.com/authzed/spicedb/pull/2326
• postgres: optimize CheckRevision query by @vroldanbet in https://github.com/authzed/spicedb/pull/2328
• document packages by @miparnisari in https://github.com/authzed/spicedb/pull/2316
• Further optimize the cases when transaction metadata is written in CRDB by @josephschorr in https://github.com/authzed/spicedb/pull/2330
• Add logical checks telemetry by @josephschorr in https://github.com/authzed/spicedb/pull/2325
• Switch to larger depot instances for datastore consistency tests by @josephschorr in https://github.com/authzed/spicedb/pull/2331
• Add a concept of a caveat TypeSet to allow overriding the types available to caveat processing by @josephschorr in https://github.com/authzed/spicedb/pull/2315
• Simplify the registration in the caveats typeset by @josephschorr in https://github.com/authzed/spicedb/pull/2335
• Add accessors for deserialization of a caveat using a custom typeset by @josephschorr in https://github.com/authzed/spicedb/pull/2336
• Bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules group by @dependabot in https://github.com/authzed/spicedb/pull/2332
• add mutex analyzer by @miparnisari in https://github.com/authzed/spicedb/pull/2334
• Bump the go_modules group across 2 directories with 1 update by @dependabot in https://github.com/authzed/spicedb/pull/2337
• Fix logger for certmanager by @tstirrat15 in https://github.com/authzed/spicedb/pull/2338
• amend mutex analyzer by @miparnisari in https://github.com/authzed/spicedb/pull/2339
• amend mutex analyzer by @miparnisari in https://github.com/authzed/spicedb/pull/2340
• Change PG and CRDB datastore drivers to use PGX cancelation by @josephschorr in https://github.com/authzed/spicedb/pull/2294
• Add retries to MySQL test DB constructor by @josephschorr in https://github.com/authzed/spicedb/pull/2343
• Minimal decoupling of validation file parsing and schema compilation by @tstirrat15 in https://github.com/authzed/spicedb/pull/2342
• Switch the loader to use the passed-in typeset by @josephschorr in https://github.com/authzed/spicedb/pull/2344
• Add missing type set pass, add test and rename all defaults by @josephschorr in https://github.com/authzed/spicedb/pull/2346
• remove dependency on github.com/hashicorp/go-multierror by @miparnisari in https://github.com/authzed/spicedb/pull/2345
• Fix labels on telemetry metric by @josephschorr in https://github.com/authzed/spicedb/pull/2348
• Switch experimental column optimizations to be enabled by default by @josephschorr in https://github.com/authzed/spicedb/pull/2349
• Disable test of readonly serve-test, as it is making the test server … by @josephschorr in https://github.com/authzed/spicedb/pull/2350
• Use golangci-lint v2 for linting by @tstirrat15 in https://github.com/authzed/spicedb/pull/2301
• add security policy by @miparnisari in https://github.com/authzed/spicedb/pull/2352
• tighten github workflow scopes by @miparnisari in https://github.com/authzed/spicedb/pull/2353
• fix regression in #2353 - add PR write permissions to labeler action by @miparnisari in https://github.com/authzed/spicedb/pull/2355
• pin github actions by @miparnisari in https://github.com/authzed/spicedb/pull/2356
• pin dockerfile images by @miparnisari in https://github.com/authzed/spicedb/pull/2357
• add GCI linter for better organization of imports by @miparnisari in https://github.com/authzed/spicedb/pull/2354
• add ssf badge by @miparnisari in https://github.com/authzed/spicedb/pull/2359
• fix custom analyzers skipping all files by @miparnisari in https://github.com/authzed/spicedb/pull/2360
• fix typo in goreleaser.windows.yml by @miparnisari in https://github.com/authzed/spicedb/pull/2361
• Logging and metrics improvements after recent datastore changes by @josephschorr in https://github.com/authzed/spicedb/pull/2362
• fix panic when running mage test
  by @miparnisari in https://github.com/authzed/spicedb/pull/2363
• wires query shape into the datastore QueryRels latency metric by @vroldanbet in https://github.com/authzed/spicedb/pull/2364
• Allow schema watch in CRDB driver when watch is otherwise disabled by @josephschorr in https://github.com/authzed/spicedb/pull/2365
• make consistency middleware return invalid revision error as gRPC InvalidArgument by @vroldanbet in https://github.com/authzed/spicedb/pull/2366
• add query shape and fix observe closer in ReverseQueryRelationships by @vroldanbet in https://github.com/authzed/spicedb/pull/2367
• postgres datastore: do not warn on context cancelation by @vroldanbet in https://github.com/authzed/spicedb/pull/2368
• Set pgx CancelRequestContextWatcherHandler.CancelRequestDelay to fixcancelation delay by @vroldanbet in https://github.com/authzed/spicedb/pull/2369
• Improve CRDB index forcing logic to be more fine-grain by @josephschorr in https://github.com/authzed/spicedb/pull/2376

Full Changelog: https://github.com/authzed/spicedb/compare/v1.42.1...v1.43.0

Docker Images

This release is available at authzed/spicedb:v1.43.0, quay.io/authzed/spicedb:v1.43.0, ghcr.io/authzed/spicedb:v1.43.0