fix(deps): bump github.com/opentdf/platform/service from 0.7.2 to 0.15.0 in /tests-bdd

[dependabot]

Bumps github.com/opentdf/platform/service from 0.7.2 to 0.15.0.

Release notes

Sourced from github.com/opentdf/platform/service's releases.

protocol/go: v0.15.0

0.15.0 (2026-01-26)

⚠ BREAKING CHANGES

• remove nanotdf support (#3013)

Features

• core: add direct entitlement support (#2630) (cc8337a)
• policy: add allow_traversal to attribute definitions (#3014) (bbbe21b)

Bug Fixes

• Connect RPC v1.19.1 (#3009) (c354fd3)
• remove nanotdf support (#3013) (90ff7ce)

sdk: v0.15.0

0.15.0 (2026-03-23)

Bug Fixes

• deps: bump github.com/opentdf/platform/protocol/go from 0.16.0 to 0.20.0 in /sdk (#3179) (30bb0a8)
• sdk: AttributeValueExists returns false instead of error for non-existent values (#3195) (4e46091)

service: v0.15.0

0.15.0 (2026-05-06)

Features

• core: pass access token verifier down to registered services (#3428) (b8abf17)
• policy: add sort support to listkaskeys (#3344) (de1fe92)
• policy: support inline obligation triggers on attribute value create (#3432) (876f512)

Bug Fixes

• core: infer JWT algorithms for JWKS keys without alg (#3434) (83285e7)
• deps: bump github.com/Azure/go-ntlmssp from 0.0.0-20221128193559-754e69321358 to 0.1.1 in /service (#3388) (ef79989)
• deps: bump github.com/jackc/pgx/v5 from 5.9.0 to 5.9.2 in /service (#3371) (ab0974b)
• deps: bump github.com/opentdf/platform/lib/identifier from 0.3.0 to 0.4.0 in /service (#3366) (4650e9b)
• deps: bump github.com/opentdf/platform/protocol/go from 0.25.0 to 0.26.0 in /service (#3381) (ebc65f6)
• deps: bump github.com/opentdf/platform/protocol/go from 0.26.0 to 0.27.0 in /service (#3392) (0c36cfa)
• deps: bump github.com/opentdf/platform/protocol/go from 0.27.0 to 0.28.0 in /service (#3416) (bc137f6)
• deps: bump github.com/opentdf/platform/sdk from 0.16.0 to 0.17.0 in /service (#3395) (0382742)
• deps: bump github.com/opentdf/platform/sdk from 0.17.0 to 0.19.0 in /service (#3423) (969ac33)

... (truncated)

Commits

• 1a2e44a chore(main): release sdk 0.15.0 (#3183)
• 4e46091 fix(sdk): AttributeValueExists returns false instead of error for non-existen...
• 0057ff1 chore(ci): SEC-5126 bump setup-trivy to 0.2.6 and trivy to v0.69.3 (#3186)
• 30bb0a8 fix(deps): bump github.com/opentdf/platform/protocol/go from 0.16.0 to 0.20.0...
• d06dbdc chore(main): release protocol/go 0.20.0 (#3163)
• f4486dd chore(docs): add commit signature verification guidance to CONTRIBUTING.md (#...
• 3006780 feat(policy)!: Namespace subject mappings and subject condition sets. (#3143)
• 8bc5dcd fix(deps): bump github.com/opentdf/platform/lib/identifier from 0.2.0 to 0.3....
• c20f039 fix(policy)!: Optional namespace on actions protos, NamespacedPolicy feature ...
• 488f2e5 chore(main): release lib/identifier 0.3.0 (#3056)
• Additional commits viewable in compare view

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	164.016662ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	82.040273ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	396.432651ms
Throughput	252.25 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	43.044590571s
Average Latency	428.774939ms
Throughput	116.16 requests/second

[github-actions]

X-Test Results

✅ go-pull-3384
bats-test-results
✅ java-pull-3384
✅ go-v0.9.0
✅ js-pull-3384
✅ java-v0.9.0
cukes-report
✅ js-v0.9.0
govulncheck-failure-3
opentdfplatformKB9WVY.dockerbuild
govulncheck-failure-8
govulncheck-failure-0
govulncheck-failure-5
govulncheck-failure-1
govulncheck-failure-2

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:

• ❌ 1 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 5 package(s) with unknown licenses.

See the Details below.

Vulnerabilities

tests-bdd/go.mod

Name	Version	Vulnerability	Severity
github.com/Azure/go-ntlmssp	0.0.0-20221128193559-754e69321358	go-ntlmssp NTLM challenges can panic on malformed payloads	moderate

License Issues

tests-bdd/go.mod

Package	Version	License	Issue Type
github.com/Azure/go-ntlmssp	0.0.0-20221128193559-754e69321358	Null	Unknown License
github.com/dgraph-io/ristretto/v2	2.4.0	Null	Unknown License
github.com/go-ldap/ldap/v3	3.4.12	Null	Unknown License
github.com/google/cel-go	0.26.1	Null	Unknown License
github.com/opentdf/platform/lib/fixtures	0.5.0	Null	Unknown License

Denied Licenses:

GPL-2.0, AGPL-1.0, AGPL-1.0-or-later, AGPL-1.0-only, AGPL-3.0, AGPL-3.0-only, AGPL-3.0-or-later, GPL-1.0, GPL-1.0+, GPL-1.0-only, GPL-1.0-or-later, CNRI-Python-GPL-Compatible, GPL-2.0+, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0-with-GCC-exception, GPL-2.0-with-autoconf-exception, GPL-2.0-with-bison-exception, GPL-2.0-with-classpath-exception, GPL-2.0-with-font-exception, GPL-3.0, GPL-3.0+, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0-with-GCC-exception, GPL-3.0-with-autoconf-exception, LGPL-2.0, LGPL-2.0+, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1, LGPL-2.1+, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-3.0, LGPL-3.0+, LGPL-3.0-only, LGPL-3.0-or-later, LGPLLR, NGPL

Excluded from license check:

pkg:githubactions/SonarSource/sonarqube-scan-action

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
gomod/github.com/Azure/go-ntlmssp	0.0.0-20221128193559-754e69321358	Unknown	Unknown
gomod/buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go	1.36.9-20250912141014-52f32327d4b0.1	Unknown	Unknown
gomod/buf.build/go/protovalidate	1.0.0	🟢 5	Details Check Score Reason Code-Review 🟢 7 Found 17/24 approved changesets -- score normalized to 7 Maintained 🟢 10 11 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/connectrpc.com/otelconnect	0.9.0	🟢 4.6	Details Check Score Reason Maintained ⚠️ 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 9 security policy file detected Code-Review 🟢 5 Found 16/28 approved changesets -- score normalized to 5 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/connectrpc.com/validate	0.6.0	Unknown	Unknown
gomod/github.com/dgraph-io/ristretto/v2	2.4.0	Unknown	Unknown
gomod/github.com/eko/gocache/store/ristretto/v4	4.3.2	🟢 3.3	Details Check Score Reason Code-Review 🟢 5 Found 6/12 approved changesets -- score normalized to 5 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/go-asn1-ber/asn1-ber	1.5.8-0.20250403174932-29230038a667	🟢 4.4	Details Check Score Reason Code-Review 🟢 5 Found 17/29 approved changesets -- score normalized to 5 Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/go-ldap/ldap/v3	3.4.12	Unknown	Unknown
gomod/github.com/google/cel-go	0.26.1	Unknown	Unknown
gomod/github.com/opentdf/platform/lib/fixtures	0.5.0	Unknown	Unknown
gomod/github.com/opentdf/platform/lib/identifier	0.3.0	Unknown	Unknown
gomod/github.com/opentdf/platform/service	0.14.0	Unknown	Unknown
gomod/github.com/stoewer/go-strcase	1.3.1	🟢 4.5	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Code-Review ⚠️ 2 Found 3/11 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/go.opentelemetry.io/otel/exporters/stdout/stdouttrace	1.42.0	🟢 9.3	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. License 🟢 10 license file detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 43 contributing companies or organizations

Scanned Files

• tests-bdd/go.mod

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	199.920176ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	102.348899ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	395.97495ms
Throughput	252.54 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	43.283814437s
Average Latency	431.217104ms
Throughput	115.52 requests/second

[github-actions]

X-Test Results

✅ go-pull-3384
bats-test-results
✅ java-pull-3384
✅ go-v0.9.0
✅ js-pull-3384
✅ java-v0.9.0
✅ js-v0.9.0
cukes-report
opentdfplatformM4RJLZ.dockerbuild
govulncheck-failure-8
govulncheck-failure-1
govulncheck-failure-3
govulncheck-failure-2
govulncheck-failure-0
govulncheck-failure-5

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	145.129695ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	76.673189ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	399.755512ms
Throughput	250.15 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	41.115115786s
Average Latency	409.425514ms
Throughput	121.61 requests/second

[github-actions]

X-Test Results

✅ go-pull-3384
bats-test-results
✅ go-v0.9.0
✅ java-pull-3384
✅ js-pull-3384
✅ java-v0.9.0
✅ js-v0.9.0
cukes-report
opentdfplatformQK9875.dockerbuild
govulncheck-failure-8

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	200.159929ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	101.25724ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	411.592612ms
Throughput	242.96 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	45.598344272s
Average Latency	454.231037ms
Throughput	109.65 requests/second

[github-actions]

X-Test Results

✅ go-pull-3384
✅ go-v0.9.0
✅ java-pull-3384
bats-test-results
✅ java-v0.9.0
✅ js-pull-3384
✅ js-v0.9.0
cukes-report
opentdfplatformU58EHA.dockerbuild
govulncheck-failure-8

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	201.128781ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	104.596113ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	417.87857ms
Throughput	239.30 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	42.730790996s
Average Latency	425.763306ms
Throughput	117.01 requests/second

[github-actions]

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

• examples
• otdfctl
• sdk
• service
• lib/fixtures
• tests-bdd

See the workflow run for details.

[github-actions]

X-Test Results

✅ go-pull-3384
bats-test-results
✅ java-pull-3384
✅ go-v0.9.0
✅ js-pull-3384
✅ java-v0.9.0
✅ js-v0.9.0
cukes-report
opentdfplatformSIUOJR.dockerbuild
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-0
govulncheck-failure-1
govulncheck-failure-2
govulncheck-failure-5