open-policy-agent · srenatus · Dec 7, 2022 · Dec 7, 2022 · Dec 7, 2022 · Dec 7, 2022
diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml
@@ -155,33 +155,36 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v3
 
-      - id: changed-files
-        uses: tj-actions/changed-files@v32.1.0
+      - name: Check PR for changes to Wasm
+        uses: dorny/paths-filter@v2
+        id: changes
         with:
-          files: |
-            Makefile
-            wasm/
-            ast/
-            internal/compiler/
-            internal/planner/
-            internal/wasm/
-            test/wasm/
-            test/cases/
+          filters: |
+            wasm:
+              - Makefile
+              - 'wasm/**'
+              - 'ast/**'
+              - 'internal/compiler/**'
+              - 'internal/planner/**'
+              - 'internal/wasm/**'
+              - 'test/wasm/**'
+              - 'test/cases/**'
 
       - name: Download generated artifacts
         uses: actions/download-artifact@v3
         with:
           name: generated
+        if: steps.changes.outputs.wasm == 'true'
 
       - name: Build and Test Wasm
         run: make ci-wasm
         timeout-minutes: 15
-        if: steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changes.outputs.wasm == 'true'
 
       - name: Build and Test Wasm SDK
         run: make ci-go-wasm-sdk-e2e-test
         timeout-minutes: 30
-        if: steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changes.outputs.wasm == 'true'
         env:
           DOCKER_RUNNING: 0
 

diff --git a/.go-version b/.go-version
@@ -1 +1 @@
-1.19.3
+1.19.4
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,33 @@
 All notable changes to this project will be documented in this file. This
 project adheres to [Semantic Versioning](http://semver.org/).
 
+## 0.46.2
+
+This is a bug fix release addressing two issues: one security issue, and one bug
+related to formatting backwards-compatibility.
+
+### Golang security fix CVE-2022-41717
+
+> An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests.
+
+Since we advise against running an OPA service exposed to the general public of the
+internet, potential attackers would be limited to people that are already capable of
+sending direct requests to the OPA service.
+
+### `opa fmt` and backwards compatibility ([#5449](https://github.com/open-policy-agent/opa/issues/5449))
+
+In v0.46.1, it was possible that `opa fmt` would format a rule in such a way that:
+
+1. Before formatting, it was working fine with older OPA versions, and
+2. after formatting, it would only work with OPA version >= 0.46.1.
+
+This backwards incompatibility wasn't intended, and has now been fixed.
+
+### Misc
+
+Two other commits had to be pulled in to fix the build. They are CI-related and contain no code
+changes.
+
 ## 0.46.1
 
 This is  bugfix release to resolve an issue in the release pipeline. Everything else is

diff --git a/build/policy/helpers.rego b/build/policy/helpers.rego
@@ -6,9 +6,7 @@ last_indexof(string, search) = i {
 	all := [i | chars := split(string, ""); chars[i] == search]
 	count(all) > 0
 	i := all[count(all) - 1]
-} else = -1 {
-	true
-}
+} else = -1
 
 basename(filename) = substring(filename, last_indexof(filename, "/") + 1, count(filename) - 1)