chore(deps): update bundled openfga to v1.18.0

[SoulPancake]

Description

What problem is being solved?

How is it being solved?

What changes are made to solve it?

References

Review Checklist

• I have clicked on "allow edits by maintainers".
• I have added documentation for new/changed functionality in this PR or in a PR to openfga.dev [Provide a link to any relevant PRs in the references section above]
• The correct base branch is being used, if not main
• I have added tests to validate that the change in functionality is working as expected

Summary by CodeRabbit

• Chores
  • Updated project dependencies to the latest compatible versions for improved stability and security.

[coderabbitai]

Walkthrough

go.mod bumps the direct dependency github.com/openfga/openfga from v1.17.1 to v1.18.0 and the indirect dependency golang.org/x/sync from v0.20.0 to v0.21.0. No other modules, Go version, or toolchain directives are changed.

Changes

Dependency Version Updates

Layer / File(s)	Summary
go.mod dependency bumps go.mod	github.com/openfga/openfga bumped from v1.17.1 to v1.18.0; indirect golang.org/x/sync bumped from v0.20.0 to v0.21.0.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• openfga/cli#600: Also bumps github.com/openfga/openfga in go.mod to a newer version.
• openfga/cli#696: Also bumps github.com/openfga/openfga and related indirect golang.org/x/* dependencies in go.mod.

Suggested reviewers

• ttrzeng

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: updating the OpenFGA dependency to v1.18.0, which is the primary modification in this go.mod update.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/update-bundled-openfga

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	github.com/​openfga/​openfga@​v1.17.1 ⏵ v1.18.0	+1

View full report

[Copilot]

Pull request overview

This PR updates the CLI’s bundled OpenFGA dependency to v1.18.0, along with corresponding indirect dependency checksum updates, keeping the module graph consistent.

Changes:

• Bump github.com/openfga/openfga from v1.17.1 to v1.18.0.
• Update indirect dependency golang.org/x/sync from v0.20.0 to v0.21.0.
• Refresh go.sum entries accordingly (including modernc.org/sqlite to v1.52.0).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
go.mod	Updates required module versions for OpenFGA and x/sync.
go.sum	Updates module checksums to match the new resolved dependency versions.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 17: The openfga dependency is pinned to v1.18.0 which is a non-existent
version that cannot be resolved. Update the github.com/openfga/openfga
dependency in go.mod from v1.18.0 to v1.17.1, which is the latest stable release
as of June 2026. The indirect update to golang.org/x/sync v0.21.0 is already
safe and requires no changes. Additionally, add a pull request description
documenting the rationale for this dependency update and any testing performed
to validate the changes.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c9b9f7bf-fecd-4b31-8760-bf130eb17705

📥 Commits

Reviewing files that changed from the base of the PR and between 2e9afa2 and 2820c8a.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod