fix: Automated cherry pick of #2272: perf: Upgrade Constraint Framework to v0.7.0

[ritazh]

Cherry pick of #2272 on release-3.9.

#2272: perf: Upgrade Constraint Framework to v0.7.0

fixes: #2295

[codecov-commenter]

Codecov Report

Base: 54.48% // Head: 54.43% // Decreases project coverage by -0.04% ⚠️

Coverage data is based on head (2775082) compared to base (dfd2dd8).
Patch has no changes to coverable lines.

Additional details and impacted files

@@               Coverage Diff               @@
##           release-3.9    #2299      +/-   ##
===============================================
- Coverage        54.48%   54.43%   -0.05%     
===============================================
  Files              111      111              
  Lines             9530     9530              
===============================================
- Hits              5192     5188       -4     
- Misses            3943     3946       +3     
- Partials           395      396       +1     

Flag	Coverage Δ
unittests	54.43% <ø> (-0.05%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...onstrainttemplate/constrainttemplate_controller.go	56.59% <0.00%> (-0.96%)	⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[maxsmythe]

LGTM

[sozercan]

Isn't this more than a patch update?

[ritazh]

Isn't this more than a patch update?

Luckily open-policy-agent/frameworks@v0.6.0...v0.7.0 just contains open-policy-agent/frameworks#245 which is a bug fix and dependency bumps. so I think a patch is ok here.

[sozercan]

It also contains open-policy-agent/frameworks#237

This will bump OPA from 0.41 to 0.44 open-policy-agent/opa@v0.41.0...v0.44.0

[ritazh]

@srenatus any chance we can cherry pick the GHSA-2m4x-4q9j-w97g CVE fix to opa 0.41 to minimize the changes we are introducing to Gatekeeper v3.9?