chore(deps): bump github.com/openfga/openfga from 1.16.1 to 1.17.1 in the dependencies group

[dependabot]

Bumps the dependencies group with 1 update: github.com/openfga/openfga.

Updates github.com/openfga/openfga from 1.16.1 to 1.17.1

Release notes

Sourced from github.com/openfga/openfga's releases.

v1.17.1

What's Changed

• ci: make pr benchmark comparisons less fragile by @​justincoh in openfga/openfga#3153
• fix: prevent v2Check from falling back for throttling and validation by @​Vic-Dev in openfga/openfga#3150
• chore: Bump go toolchain to 1.26.4 by @​saad-h1 in openfga/openfga#3159
• chore(deps): bump grpc-ecosystem/grpc-health-probe from v0.4.50 to v0.4.51 in the dependencies group by @​dependabot[bot] in openfga/openfga#3157
• fix: use query start time as iterator cache entry LastModified to prevent stale-read survival by @​saad-h1 in openfga/openfga#3155
• chore(deps): bump the dependencies group across 1 directory with 10 updates by @​dependabot[bot] in openfga/openfga#3156
• chore(deps): bump the dependencies group across 1 directory with 13 updates by @​dependabot[bot] in openfga/openfga#3162
• fix: continuation token deserializer - handle | in type names by @​saad-h1 in openfga/openfga#3152
• docs: update caching docs by @​saad-h1 in openfga/openfga#3163
• chore: bump grpc-health-probe to v0.4.52 by @​Keralin in openfga/openfga#3164
• release: update changelog for release v1.17.1 by @​saad-h1 in openfga/openfga#3165

New Contributors

• @​Keralin made their first contribution in openfga/openfga#3164

Full Changelog: openfga/openfga@v1.17.0...v1.17.1

v1.17.0

Added

• Added a configurable trace sampler via trace.sampler (OPENFGA_TRACE_SAMPLER / OTEL_TRACES_SAMPLER), supporting the standard OpenTelemetry strategies always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, and parentbased_traceidratio. This lets OpenFGA honor upstream parent sampling decisions when running as a downstream service. Defaults to traceidratio to preserve existing behavior. #3072 Thanks @​armujahid!

Changed

• Redesigned cache key generation to use TLV (type-length-value) binary encoding, eliminating collision risk from string concatenation and adding per-process hash seeding to prevent hash-flooding attacks. #3148

New Contributors

• @​armujahid made their first contribution in openfga/openfga#3072

Full Changelog: openfga/openfga@v1.16.1...v1.17.0

Changelog

Sourced from github.com/openfga/openfga's changelog.

[1.17.1] - 2026-06-05

Changed

• Update PR workflow benchmark comparison to be less flakey. #3153

Fixed

• Fixed experimental weighted_graph_check falling back to the standard algorithm on errors that v1 would reject identically or that should not be retried. ErrTransactionThrottled, check.ErrValidation, check.ErrInvalidUser, and *tuple.InvalidTupleError (from contextual-tuple validation) are now returned directly instead of triggering a v1 retry. #3150
• Fixed a race where an iterator cache entry flushed concurrently with a write could survive cache controller invalidation checks, causing stale tuples to be returned to subsequent requests. #3155 Thanks to @​0xmrma for reporting this bug.
• Fixed ReadChanges pagination erroring past the first page when an object type name contains |, and tightened Deserialize to reject tokens with an empty ULID segment rather than silently restarting pagination from the beginning. #3152

Security

• Update toolchain Go version to 1.26.4 to address the Go standard library vulnerabilities documented in the Go 1.26.4 release notes. #3159
• Update grpc-health-probe to v0.4.52, rebuilt with Go 1.26.4, so released images no longer ship the Go standard library vulnerabilities fixed in the Go 1.26.4 release notes. #3164 Thanks @​Keralin!

[1.17.0] - 2026-06-02

Added

• Added a configurable trace sampler via trace.sampler (OPENFGA_TRACE_SAMPLER / OTEL_TRACES_SAMPLER), supporting the standard OpenTelemetry strategies always_on, always_off, traceidratio, parentbased_always_on, parentbased_always_off, and parentbased_traceidratio. This lets OpenFGA honor upstream parent sampling decisions when running as a downstream service. Defaults to traceidratio to preserve existing behavior. #3072 Thanks @​armujahid!

Changed

• Redesigned cache key generation to use TLV (type-length-value) binary encoding, eliminating collision risk from string concatenation and adding per-process hash seeding to prevent hash-flooding attacks. #3148

Commits

• 393db3f release: update changelog for release v1.17.1 (#3165)
• ec685d0 chore: bump grpc-health-probe to v0.4.52 (#3164)
• c452374 docs: update caching docs (#3163)
• 4f00251 fix: continuation token deserializer - handle | in type names (#3152)
• 709b9bd chore(deps): bump the dependencies group across 1 directory with 13 updates (...
• a4214ad chore(deps): bump the dependencies group across 1 directory with 10 updates (...
• b49f8b0 fix: use query start time as iterator cache entry LastModified to prevent sta...
• 2f0a355 chore(deps): bump grpc-ecosystem/grpc-health-probe from v0.4.50 to v0.4.51 in...
• 1968c52 chore: Bump go toolchain to 1.26.4 (#3159)
• cfd6ec3 fix: prevent v2Check from falling back for throttling and validation (#3150)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	github.com/​openfga/​openfga@​v1.16.1 ⏵ v1.17.1	+1

View full report