Skip to content

chore(deps): update dependency regal to v0.40.0 (main)#4832

Merged
elastic-renovate-prod[bot] merged 1 commit intomainfrom
renovate/main-regal-0.x
Apr 22, 2026
Merged

chore(deps): update dependency regal to v0.40.0 (main)#4832
elastic-renovate-prod[bot] merged 1 commit intomainfrom
renovate/main-regal-0.x

Conversation

@elastic-renovate-prod
Copy link
Copy Markdown
Contributor

@elastic-renovate-prod elastic-renovate-prod Bot commented Apr 22, 2026

This PR contains the following updates:

Package Update Change
regal minor 0.38.1 -> 0.40.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

StyraInc/regal (regal)

v0.40.0

Today we celebrate Regal who turns v0.40.0 just in time for the GitHub download tracker to report 1 million total downloads. Quite the milestone! Thank you all for the encouragement, support and contributions during these past 3 years. Together we're redefining the policy development experience, and we have a lot more of that planned for the future. Stay tuned!

This release includes 2 new linter rules, and many new features and improvements to both the linter and language server.

Linter

New Rule: invalid-regexp

Category: bugs

The new invalid-regexp rule scans regular expressions found in policies and reports invalid patterns that would otherwise fail at runtime.

Avoid

package policy

invalid if regexp.match("[a-z", "test")

Prefer

package policy

valid if regexp.match("[a-z]", "test")
New Rule: superfluous-object-get

Category: idiomatic

The superfluous-object-get rule flags calls to object.get where using the built-in function provides no benefit compared to using a reference directly, and without the call.

Avoid

package policy

superfluous if {

### the default value (`""`) isn't used in the expression,
### so object.get provides no benefit here
    object.get(input, ["user", "department"], "") == "engineering"
}

Prefer

package policy

much_better if {
    input.user.department == "engineering"
}

More cases of superfluous object.get will be added to this rule as we encounter them.

Improvements
  • The naming-convention rule now accepts a list of allowed names in addition to regex patterns
  • The non-loop-expression rule now identifies more types of expressions that could be moved out of iteration
  • All rules now contain a related_resources item in their metadata pointing to the docs for the rule
  • The regal new rule command now generates a Related Resources section in the new rule's documentation template
    (thanks @​mvanhorn!)

Bugs Fixed

  • Fixed two false positives reported in the non-loop-expression rule
  • The server now exits with an error if the --profile flag is used without --format json (thanks @​mvanhorn!)

Language Server

Evaluate and Debug Actions

Any input.json or input.yaml file found in the workspace will be used for input during evaluation and debugging sessions, but this wasn't obvious without reading the docs. The Evaluate and Debug code lenses / commands will now present a dialog option asking to create an input.json file in the project workspace in case one isn't found. This file is populated with dummy JSON data based on references to input found in the policy, and should be edited by the user to provide more relevant data.

Many thanks to @​SeanLedford for this great work!

Hover Provider Improvements

The hover provider showing tooltips for built-in functions and keywords has been rewritten in Rego, and additionally saw a few improvements land as part of that process:

  • Links to examples for built-in functions now point to the correct location in the OPA docs
  • The print function now shows up in hover results as well
  • Hover provider now less resource intensive, and all information rendered just in time for display
Inlay Hints Improvements

The inlay hint provider (that provides names of function arguments to be displayed at call sites) has also been rewritten in Rego, and the server now implements also the inlayHint/resolve handler, which improves performance by only calculating inlay hint details when the client requests them for display.

Additionally, the inlay hint provider now properly takes the range of the active editor view into account, and will only spend resources calculating hints for code that the user can actually can see.

Semantic Tokens in Comprehensions and every Expressions

The language server's semantic token provider (providing context-based syntax highlighting) now provides semantic tokens inside of comprehensions and every expressions in addition to previously supported contexts. Additionally, most of the semantic token logic is now implemented entirely in Rego.

Improved Language Server Initialization

This release contains a number of fixes and improvements related to the language server's initialization routine, which should now be both more robust and faster.

Bugs Fixed
  • Two potential nil dereferences identified and fixed
  • Fix a potential out of bounds panic in slice access
  • The bundled web server now shows a link to Regal's editor integration documentation on its index page
Finally

Extra thanks goes out to @​charlieegan3 this release, who worked tirelessly to fix some really complex race conditions and concurrency issues in the language server. A thankless job, but extremely important, and he pulled it off like a true Viking!

Changelog

v0.39.0

We're happy to announce Regal v0.39.0, featuring 3 new linter rules, many language server improvements, and much faster linting!

New Rule: use-array-flatten

Category: idiomatic

The use-array-flatten rule recommends using array.flatten instead of nested array.concatenation (#​1873).

Avoid

package policy

flat1 := array.concat(arr1, array.concat(arr2, arr3))

flat2 := array.concat(arr1, array.concat(arr2, array.concat(arr3, arr4)))

Prefer

package policy

flat1 := array.flatten([arr1, arr2, arr3])

flat2 := array.flatten([arr1, arr2, arr3, arr4])

New Rule: use-object-union-n

Category: idiomatic

The use-object-union-n rule recommends using object.union_n over nested calls to object.union (#​1873).

Avoid

package policy

obj := object.union(obj1, object.union(obj2, obj3))

Prefer

package policy

obj := object.union_n([obj1, obj2, obj3])

New Rule: equals-over-count

Category: performance

The new optional equals-over-count rule suggests using direct equality comparisons rather than count when checking collection membership or emptiness (#​1878). This is a micro-optimization and not a general recommendation. Must be manually enabled.

Performance

This release brings an approximate 25% reduction in linting time through aggregate remodeling and Rego prepare stage optimizations (#​1838). Additional performance work includes Rego refactoring (#​1857, #​1884), AST transform improvements (#​1892), and various micro-optimizations (#​1866, #​1879).

Language Server Improvements

The language server now includes a semantic token framework for improved syntax highlighting (#​1845, #​1865, #​1870),
code actions for the constant-condition and redundant-existence-check fixers (#​1830).
and an opaTestProvider feature for test discovery (#​1888, #​1889, #​1898),

Completion performance is improved with a completionItem/resolve handler (#​1831),
and server capabilities are now properly exposed and consistent with the clients (#​1867, #​1880).

Note: Semantic token support is feature flagged and will be available in the next release.

Compiler Explorer

Regal now supports the VSCode-based OPA Explorer extension, providing a rich GUI to compare compiler stages directly in VS Code (#​1862) - thanks @​srenatus! A new "Format stages" option has also been added to the compiler explorer (#​1854) - thanks @​johanfylling!

Experimental: rq Engine Support

Initial support for the rq engine has been added (#​1872) - thanks @​charlesdaniels!

Various Improvements

  • Improved redundant-existence-check rule (#​1897, fixes #​1805)
  • Disabled zero-arity-function rule as opa-fmt now covers that (#​1885)

Bug Fixes

  • Fix nil dereference on compiler errors in explorer (#​1837)
  • Fix broken links to fixer page (#​1852)
  • Fix false positive in use-some-for-output-vars (#​1886)
  • Fix broken input.json completion provider (#​1891)

Dependency Updates

Regal has been upgraded to use OPA v1.14.0 and Go 1.26.

Documentation

  • Added mise as an alternative installation method (#​1849) - thanks @​jylenhof!
  • Updated installation documentation (#​1861)
  • Updated note about eval and debug roots (#​1894)
  • Show release badge when using pre-release versions (#​1899)

New Contributors

Configuration

📅 Schedule: Branch creation - "* 1 * * 1-5" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@elastic-renovate-prod elastic-renovate-prod Bot requested a review from a team as a code owner April 22, 2026 22:42
@elastic-renovate-prod elastic-renovate-prod Bot added the Team:Security-Cloud Services Security Data Experience - Cloud Services team. label Apr 22, 2026
@elastic-renovate-prod elastic-renovate-prod Bot added this pull request to the merge queue Apr 22, 2026
@mergify mergify Bot added the queued label Apr 22, 2026
@mergify
Copy link
Copy Markdown
Contributor

mergify Bot commented Apr 22, 2026
edited
Loading

Merge Queue Status

This pull request spent 37 minutes 16 seconds in the queue, with no time running CI.

Waiting for:
  • check-success=Lint
  • check-success=Manifest Tests
  • check-success=Package Cloudbeat (docker)
  • check-success=Package Cloudbeat (tar.gz)
  • check-success=Test Rego Policies
  • check-success=Unit Test
  • any of:
    • check-neutral = CLA
    • check-skipped = CLA
    • check-success = CLA
  • any of:
    • check-neutral = Package Cloudbeat (docker)
    • check-skipped = Package Cloudbeat (docker)
    • check-success = Package Cloudbeat (docker)
  • any of:
    • check-neutral = Package Cloudbeat (tar.gz)
    • check-skipped = Package Cloudbeat (tar.gz)
    • check-success = Package Cloudbeat (tar.gz)
  • any of:
    • check-neutral = Manifest Tests
    • check-skipped = Manifest Tests
    • check-success = Manifest Tests
  • any of:
    • check-neutral = Test Rego Policies
    • check-skipped = Test Rego Policies
    • check-success = Test Rego Policies
  • any of:
    • check-neutral = Lint
    • check-skipped = Lint
    • check-success = Lint
  • any of:
    • check-neutral = Unit Test
    • check-skipped = Unit Test
    • check-success = Unit Test
All conditions
  • check-success=Lint
  • check-success=Manifest Tests
  • check-success=Package Cloudbeat (docker)
  • check-success=Package Cloudbeat (tar.gz)
  • check-success=Test Rego Policies
  • check-success=Unit Test
  • any of [🛡 GitHub branch protection]:
    • check-neutral = CLA
    • check-skipped = CLA
    • check-success = CLA
  • any of [🛡 GitHub branch protection]:
    • check-neutral = Package Cloudbeat (docker)
    • check-skipped = Package Cloudbeat (docker)
    • check-success = Package Cloudbeat (docker)
  • any of [🛡 GitHub branch protection]:
    • check-neutral = Package Cloudbeat (tar.gz)
    • check-skipped = Package Cloudbeat (tar.gz)
    • check-success = Package Cloudbeat (tar.gz)
  • any of [🛡 GitHub branch protection]:
    • check-neutral = Manifest Tests
    • check-skipped = Manifest Tests
    • check-success = Manifest Tests
  • any of [🛡 GitHub branch protection]:
    • check-neutral = Test Rego Policies
    • check-skipped = Test Rego Policies
    • check-success = Test Rego Policies
  • any of [🛡 GitHub branch protection]:
    • check-neutral = Lint
    • check-skipped = Lint
    • check-success = Lint
  • any of [🛡 GitHub branch protection]:
    • check-neutral = Unit Test
    • check-skipped = Unit Test
    • check-success = Unit Test
  • #approved-reviews-by >= 1 [🛡 GitHub branch protection]
  • #approved-reviews-by >= 1 [🛡 GitHub repository ruleset rule [org] Require a PR for Renovate]
  • #approved-reviews-by >= 1 [🛡 GitHub repository ruleset rule [org] Require a PR]
  • #changes-requested-reviews-by = 0 [🛡 GitHub branch protection]
  • #changes-requested-reviews-by = 0 [🛡 GitHub repository ruleset rule [org] Require a PR for Renovate]
  • #changes-requested-reviews-by = 0 [🛡 GitHub repository ruleset rule [org] Require a PR]

Reason

Pull request #4832 has been merged manually at eae4dce

Hint

You were too fast!

mergify Bot added a commit that referenced this pull request Apr 22, 2026
@mergify
Merge of #4832
0232215
@mergify mergify Bot mentioned this pull request Apr 22, 2026
Closed
74 tasks
mergify Bot added a commit that referenced this pull request Apr 22, 2026
@mergify
Merge of #4832
37ce798
@mergify mergify Bot mentioned this pull request Apr 22, 2026
Closed
74 tasks
mergify Bot added a commit that referenced this pull request Apr 22, 2026
@mergify
Merge of #4832
516ff54
mergify Bot added a commit that referenced this pull request Apr 22, 2026
@mergify
Merge of #4832
af3c5f2
@mergify mergify Bot mentioned this pull request Apr 22, 2026
Closed
74 tasks
mergify Bot added a commit that referenced this pull request Apr 22, 2026
@mergify
Merge of #4832
6528ccd
mergify Bot added a commit that referenced this pull request Apr 22, 2026
@mergify
Merge of #4832
8c833fb
@mergify mergify Bot mentioned this pull request Apr 22, 2026
Closed
74 tasks
mergify Bot added a commit that referenced this pull request Apr 22, 2026
@mergify
Merge of #4832
1359c69
mergify Bot added a commit that referenced this pull request Apr 22, 2026
@mergify
Merge of #4832
7442df7
mergify Bot added a commit that referenced this pull request Apr 22, 2026
@mergify
Merge of #4832
2d876d2
@mergify mergify Bot mentioned this pull request Apr 22, 2026
Closed
74 tasks
mergify Bot added a commit that referenced this pull request Apr 22, 2026
@mergify
Merge of #4832
1080d69
mergify Bot added a commit that referenced this pull request Apr 22, 2026
@mergify
Merge of #4832
b0c6534
mergify Bot added a commit that referenced this pull request Apr 22, 2026
@mergify
Merge of #4832
de42ce1
Merged via the queue into main with commit eae4dce Apr 22, 2026
22 of 24 checks passed
@elastic-renovate-prod elastic-renovate-prod Bot deleted the renovate/main-regal-0.x branch April 22, 2026 23:38
mergify Bot added a commit that referenced this pull request Apr 22, 2026
@mergify
Merge of #4832
ba9d864
@mergify mergify Bot mentioned this pull request Apr 22, 2026
Closed
74 tasks
mergify Bot added a commit that referenced this pull request Apr 22, 2026
@mergify
Merge of #4832
7e7bd2e
mergify Bot added a commit that referenced this pull request Apr 22, 2026
@mergify
Merge of #4832
13a8e95
mergify Bot added a commit that referenced this pull request Apr 22, 2026
@mergify
Merge of #4832
76994dc
@mergify mergify Bot added dequeued and removed queued labels Apr 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

backport-skip dependencies Pull requests that update a dependency file dequeued renovate renovate-auto-approve Team:Security-Cloud Services Security Data Experience - Cloud Services team.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants