v1.30.0

Highlights

✨ CheckBulkPermission has now graduated!
⚡ Significantly improved write and delete performance in CockroachDB resulting in a major reduction in serialization errors occurring
⚡ Significantly improve deletion performance on deletions with limits across all datastores
🔍 Filters used for read relationships and delete relationships now have resource_type as optional
✨ WatchRelationships and BulkExportRelationships now support filters
📉 Memory reduction on WriteSchema
🔍 Various improvements in observability
🐛 fixes minimum connection handling for Postgres datastore not working as intended

Note

The CockroachDB datastore has a 2-phase migration in this release, we recommend using the spicedb-operator to automate the process

Warning

BulkExportRelationships cursors have changed and won't be compatible across versions.

What's Changed

• Further fixes to flaky Postgres tests by @josephschorr in #1750
• README: htmlify, update links by @jzelinskie in #1745
• spanner: allow spicedb to run with head or head-1 migration by @ecordell in #1752
• cmd: deprecate root-level head and migrate by @jzelinskie in #1746
• re-enable gosec/G404 by @vroldanbet in #1757
• Fix small TODO in type system with a small code move by @josephschorr in #1753
• Hide a previously deprecated flag by @josephschorr in #1761
• Small improvement in tuple package to remove TODO by @josephschorr in #1754
• skip all steps for matrix jobs when the whole job should be skipped by @ecordell in #1760
• Remove duplicate testing code by @josephschorr in #1762
• VSCode launch config by @alecmerdler in #1756
• reduces chunking allocations for wide relations by @vroldanbet in #1751
• refactor Security related actions and add Snyk by @vroldanbet in #1758
• Use the same default port for the HTTP API across serve and serve-testing by @torbenw in #1749
• Close the parent context in serve_test when complete by @josephschorr in #1763
• disables Snyk checks by @vroldanbet in #1766
• Remove stale TODOs by @josephschorr in #1764
• Fix flake in singleflight test by increasing the run time slightly by @josephschorr in #1767
• enables prometheus exemplars support by @vroldanbet in #1768
• Fix flake on transaction retry test by specifying a longer timeout by @josephschorr in #1769
• Change CRDB driver to use new method for getting transaction timestamp by @josephschorr in #1770
• Delete performance improvements by @josephschorr in #1771
• Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 by @dependabot in #1777
• Bump golang.org/x/vuln from 1.0.1 to 1.0.4 by @dependabot in #1775
• Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.47.0 to 0.49.0 by @dependabot in #1774
• Bump github.com/planetscale/vtprotobuf from 0.5.1-0.20231212170721-e7d721933795 to 0.6.0 by @dependabot in #1778
• Bump cloud.google.com/go/spanner from 1.54.0 to 1.57.0 by @dependabot in #1776
• Ensure that invalid versions do not cause a nil panic by @josephschorr in #1781
• Ensure SpiceDB release versions are semver by @josephschorr in #1783
• Follow up changes for recent fixes: remove len downcasts and ensure all other downcasts are validated by @josephschorr in #1780
• fix: delete options not being passed by @ryaneorth in #1784
• Debug migrate command in VSCode by @alecmerdler in #1786
• Update gRPC health probe version for recent Go vulns by @josephschorr in #1787
• adds OpenTelemetry TraceID to logs by @vroldanbet in #1772
• Have caveat diffs properly check if an expression has changed by @josephschorr in #1788
• Extend support for relationship filtering and add relationship filtering to other APIs by @josephschorr in #1739
• Small increase in test coverage for subjects testutil by @josephschorr in #1793
• Add mage test:unitcover to generate coverage reports over all unit tests by @josephschorr in #1794
• CheckBulkPermissions by @alecmerdler in #1792
• Move health check logs to debug level by @vroldanbet in #1773
• dependency updates by @vroldanbet in #1797
• fix codeql by @vroldanbet in #1798
• use the most recent Go version with CodeQL by @vroldanbet in #1799
• fixes merge queue not supporting CodeQL by @vroldanbet in #1800
• Fix race on error member of TaskRunner by @ecordell in #1801
• Move debug traces for CheckPermission into the response by @josephschorr in #1795
• make registration of gRPC prom metrics not fail if already registered by @vroldanbet in #1803
• turns gRPC latency histogram into a toggleable option by @vroldanbet in #1805
• do not return backward incompatible --explain debug info in trailer by @vroldanbet in #1807

New Contributors

• @torbenw made their first contribution in #1749
• @ryaneorth made their first contribution in #1784

Full Changelog: v1.29.5...v1.30.0

Docker Images

This release is available at authzed/spicedb:v1.30.0, quay.io/authzed/spicedb:v1.30.0, ghcr.io/authzed/spicedb:v1.30.0