Skip to content

chore: update dependencies#41

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/dependencies
Open

chore: update dependencies#41
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/dependencies

Conversation

@renovate

@renovate renovate Bot commented Sep 1, 2025

Copy link
Copy Markdown

ℹ️ Note

This PR body was truncated due to platform limits.

Update Request | Renovate Bot

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/jsimonetti/rtnetlink v1.4.2v2.2.0 age adoption passing confidence
github.com/siderolabs/omni/client v1.8.0-beta.1.0.20260616181556-d77ee0495299v1.9.0 age adoption passing confidence
github.com/siderolabs/talos/pkg/machinery v1.14.0-alpha.1v1.14.0-alpha.2 age adoption passing confidence
github.com/unix4ever/yaml v0.0.0-20220527175918-f17b0f05cf2cv2.4.0 age adoption passing confidence
go.etcd.io/bbolt v1.4.3v1.5.0 age adoption passing confidence
k8s.io/api v0.36.1v0.36.2 age adoption passing confidence
k8s.io/apiextensions-apiserver v0.36.1v0.36.2 age adoption passing confidence
k8s.io/apimachinery v0.36.1v0.36.2 age adoption passing confidence
k8s.io/cli-runtime v0.36.1v0.36.2 age adoption passing confidence
k8s.io/client-go v0.36.1v0.36.2 age adoption passing confidence
k8s.io/cloud-provider v0.36.1v0.36.2 age adoption passing confidence
k8s.io/cluster-bootstrap v0.36.1v0.36.2 age adoption passing confidence
k8s.io/component-helpers v0.36.1v0.36.2 age adoption passing confidence
k8s.io/controller-manager v0.36.1v0.36.2 age adoption passing confidence
k8s.io/cri-api v0.36.1v0.36.2 age adoption passing confidence
k8s.io/cri-client v0.36.1v0.36.2 age adoption passing confidence
k8s.io/cri-streaming v0.36.1v0.36.2 age adoption passing confidence
k8s.io/csi-translation-lib v0.36.1v0.36.2 age adoption passing confidence
k8s.io/dynamic-resource-allocation v0.36.1v0.36.2 age adoption passing confidence
k8s.io/endpointslice v0.36.1v0.36.2 age adoption passing confidence
k8s.io/externaljwt v0.36.1v0.36.2 age adoption passing confidence
k8s.io/kube-aggregator v0.36.1v0.36.2 age adoption passing confidence
k8s.io/kube-controller-manager v0.36.1v0.36.2 age adoption passing confidence
k8s.io/kube-proxy v0.36.1v0.36.2 age adoption passing confidence
k8s.io/kube-scheduler v0.36.1v0.36.2 age adoption passing confidence
k8s.io/kubectl v0.36.1v0.36.2 age adoption passing confidence
k8s.io/kubelet v0.36.1v0.36.2 age adoption passing confidence
k8s.io/metrics v0.36.1v0.36.2 age adoption passing confidence
k8s.io/mount-utils v0.36.1v0.36.2 age adoption passing confidence
k8s.io/pod-security-admission v0.36.1v0.36.2 age adoption passing confidence
k8s.io/sample-apiserver v0.36.1v0.36.2 age adoption passing confidence

Release Notes

jsimonetti/rtnetlink (github.com/jsimonetti/rtnetlink)

v2.2.0

Compare Source

Please be aware that a (longstanding) bug was fixed in the Receive method of an rtnetlink Conn.
This might require additional changes on your end if you inadvertently used this bugs behavior.

What's Changed

New Contributors

Full Changelog: jsimonetti/rtnetlink@v2.1.1...v2.2.0

v2.1.1

Compare Source

What's Changed

New Contributors

Full Changelog: jsimonetti/rtnetlink@v2.1.0...v2.1.1

v2.1.0

Compare Source

What's Changed

Full Changelog: jsimonetti/rtnetlink@v2.0.5...v2.1.0

v2.0.5

Compare Source

What's Changed

Full Changelog: jsimonetti/rtnetlink@v2.0.3...v2.0.5

v2.0.3

Compare Source

What's Changed

New Contributors

Full Changelog: jsimonetti/rtnetlink@v2.0.2...v2.0.3

v2.0.2

Compare Source

The rtnetlink.NetNS implementation had some quirks. This was changed to be more compatible with existing namespace libraries.
Unfortunately this is backwards incompatible, but really belongs to this version.

What's Changed

  • Refactor netns handling, fix flakes, namespace some tests by @​ti-mo in #​227

Full Changelog: jsimonetti/rtnetlink@v2.0.1...v2.0.2

v2.0.1

Compare Source

v2.0.0 had wrong module path

What's Changed

Full Changelog: jsimonetti/rtnetlink@v2.0.0...v2.0.1

v2.0.0

Compare Source

This release introduces the concept of drivers for use in rtnetlink.LinkInfo which is a backwards incompatible change.
These drivers allow for setting driver specific link attributes. This means the LinkInfo.Data and LinkInfo.SlaveData fields are no longer of type []byte, but are of type LinkDriver.
At this time, initial drivers are available for Bond, Veth and NetKit.

If you use the byte slices of LinkInfo.Data and LinkInfo.SlaveData you can now use the default LinkData driver or the appropriate driver (if available in this package). Please consider contributing your driver should you use other types.

This release also renames the Prefered field of the rtnetlink.CacheInfo struct to Preferred to fix a long outstanding typo. This is also backwards incompatible.

What's Changed

New Contributors

Full Changelog: jsimonetti/rtnetlink@v1.4.2...v2.0.0

siderolabs/omni (github.com/siderolabs/omni/client)

v1.9.0

Compare Source

21 commits

  • f472356d release(v1.9.0-beta.1): prepare release
  • 8bea9d98 feat(frontend): add expandable code editor for extra overlay options
  • 4121e730 feat(frontend): add expandable code editor for embedded machine config
  • 22318022 feat(frontend): add more default editor options and remove default class
  • 00e99c4d refactor(frontend): refactor code editor to use v-model
  • 454daba7 chore: bump default talos version to 1.13.5
  • cb74aa70 feat: support embedded machine config in installation media CLI
  • 86af10d4 fix: get rid of the race in the UUID conflict resolution flow
  • 55bda497 refactor: only log schematic id when ensuring
  • c2b067a1 feat(frontend): allow specifying embedded machine config for installation media
  • 574daf6d feat: add embedded_machine_config to create schematic request
  • 1a8c85b8 feat: add embedded_machine_config to installation media config spec
  • 687e56ae feat: add supports_embedded_config quirk to virtual resources
  • 2fa8855c feat: validate Talos extensions against the catalog
  • 807fe47a feat: register destroy controllers for user-managed resource types
  • c3c511ac chore: bump containerd to 1.7.33
  • af44779a chore(frontend): bump dependencies
  • 17b2b30e fix: prevent API requests from hanging after idle periods
  • 240c4832 feat(frontend): remove cluster machine patch option from machine patches
  • 498e8c0b feat(frontend): show error if machine not part of cluster
  • a66f1ae3 feat(frontend): use machine status link snapshot for recent machines phase

v1.8.2

Compare Source

Omni 1.8.2 (2026-06-05)

Welcome to the v1.8.2 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Urgent Upgrade Notes (No, really, you MUST read this before you upgrade)

As Omni is now using --join-tokens-mode=legacyAllowed by default it won't start if there are any nodes running Talos below 1.6 connected to the instance.
If you want to keep using Omni with the outdated Talos you will need to set the flag to legacy. But of course we strongly recommend you to update Talos ASAP.

omnictl cluster template has breaking changes: it now restricts including files outside of the current directory.
If using files in the parent dirs, old behavior can be enabled by using --allowed-dir.

Contributors
  • Orzelius
  • Utku Ozdemir
  • Edward Sammut Alessi
  • Oguz Kilcan
Changes
5 commits

  • 13792557 release(v1.8.2): prepare release
  • 8609a36f test: mock clock in saml test
  • ab83b633 fix: prevent deadlock between machine upgrade and config update
  • bcaa305a chore: bump go-kubernetes library
  • a46d0065 fix: lower minimum discovered Kubernetes version

Changes from siderolabs/go-kubernetes
1 commit

  • 131a2bd fix: handle cluster-scoped resources with a ns correctly

Dependency Changes
  • github.com/siderolabs/go-kubernetes v0.2.37 -> v0.2.38

Previous release can be found at v1.8.1

v1.8.1

Compare Source

Omni 1.8.1 (2026-05-29)

Welcome to the v1.8.1 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Urgent Upgrade Notes (No, really, you MUST read this before you upgrade)

As Omni is now using --join-tokens-mode=legacyAllowed by default it won't start if there are any nodes running Talos below 1.6 connected to the instance.
If you want to keep using Omni with the outdated Talos you will need to set the flag to legacy. But of course we strongly recommend you to update Talos ASAP.

omnictl cluster template has breaking changes: it now restricts including files outside of the current directory.
If using files in the parent dirs, old behavior can be enabled by using --allowed-dir.

Contributors
  • Edward Sammut Alessi
  • Utku Ozdemir
  • Maja Bojarska
  • Noel Georgi
Changes
10 commits

  • 76af8b22 release(v1.8.1): prepare release
  • 2d6a357d fix(frontend): bump @​tanstack/vue-virtual for log viewer
  • 4a19fddc fix: do not downgrade nodes header to single node
  • 4f26d7bf fix(frontend): remove lingering test code
  • 8ca3b41d feat(frontend): add tooltips to power state
  • 18cdf4ad feat: refactor logviewer to tanstack virtual
  • 3cf06b5a fix: fetch versions from registry with auth
  • 620ff48c chore: bump deps to patch GO-2026-5027
  • b1e970c5 feat(frontend): add some feedback when omni is loading
  • 1bf2890d fix: dont clean clients with active watches

Dependency Changes
  • golang.org/x/net v0.54.0 -> v0.55.0

Previous release can be found at v1.8.0

siderolabs/talos (github.com/siderolabs/talos/pkg/machinery)

v1.14.0-alpha.2

Compare Source

Talos 1.14.0-alpha.2 (2026-06-26)

Welcome to the v1.14.0-alpha.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

DNS over TLS (DoT) and DNS over HTTPS (DoH) Support

Talos now supports DNS over TLS (DoT) and DNS over HTTPS (DoH) for secure DNS resolution.
These features allow Talos to encrypt DNS queries and responses, enhancing privacy and security for DNS traffic.
The DNS protocol can be configured on a per-name server basis in the ResolverConfig document, allowing for flexible configuration of DNS resolution.

noexec on EPHEMERAL (/var)

The EPHEMERAL volume (/var) is now mounted with noexec in addition to the existing nosuid and nodev,
blocking binary execution from /var.

Workloads that exec binaries placed under /var will break.
For example, Longhorn v1's instance-manager exec's engine binaries the engine-image DaemonSet drops under /var/lib/longhorn/engine-binaries/,
which now fails with permission denied. Affected users can opt out via a VolumeConfig document:

apiVersion: v1alpha1
kind: VolumeConfig
name: EPHEMERAL
mount:
  secure: false

NOTE: Setting secure: false will also disable nosuid and nodev, which may have security implications. Use with caution.

Upgrade note: apply this VolumeConfig patch before upgrading, otherwise affected workloads will fail after the next reboot. Longhorn v2 (SPDK data engine) runs the data plane inside the instance manager process and is not affected.

Apply Configuration Modes

The '--mode=reboot' option has been removed from the talosctl apply-config command; by default, configuration is applied without a reboot.
Most configuration changes don't require a reboot; the documentation lists the changes that do.

Btrfs Support

Talos now supports mounting and provisioning btrfs filesystem for user volumes and existing volumes.

Support for btrfs is enabled by installing btrfs system extension.

Containerd NRI

Talos no longer disables NRI (Node Resource Interface) for the CRI containerd instance by default, so NRI is available
to use without any machine config patches.

To bring back the old behavior of NRI disabled by default, use the following machine config patch:

machine:
  files:
    - content: |
        [plugins]
          [plugins."io.containerd.nri.v1.nri"]
             disable = true
      path: /etc/cri/conf.d/20-customization.part
      op: create
Default Installer Image

The default installer image has been updated to use the Image Factory.
The ghcr.io/siderolabs/installer image is no longer published with releases; use the Image Factory installer image instead.

DHCP Search Domains

DHCPv4 search domains are now applied to the resolver configuration.

Encryption Discards

Volume encryption now supports an allowDiscards option (disabled by default) which passes TRIM/discard requests
through to the underlying device when the encrypted volume is opened.

This only enables passing discards through to the underlying device; Talos does not perform any fstrim/discard operation by itself.

etcd

Talos is now compatible with etcd v3.6.x only (the default etcd version was 3.6.x since Talos v1.11).
The default version is 3.7.0+ now.

etcd now serves its HTTP-only endpoints (/metrics, /health, the gRPC-gateway JSON API) on a dedicated
listener on port 2383, while the client port 2379 serves gRPC only. This keeps gRPC off Go's net/http
HTTP/2 server, avoiding watch-stream starvation under TLS (see etcd-io/etcd#15402, golang/go#58804,
etcd-io/etcd#21605).

Upgrade note: etcd metrics and the HTTP health endpoint are no longer reachable on 2379; scrape them on
port 2383 instead (same client mTLS as before). etcd gRPC clients and the Talos health check are unaffected.

Firewall might need to be adjusted to block the port 2383 if previously 2379 was blocked.

If --listen-metrics-urls was customized, the metrics should not move.

Filesystem Trim

Talos can now periodically trim (the equivalent of the fstrim command) mounted filesystems which support trimming,
discarding unused blocks. This is useful for SSDs and thin-provisioned storage.

Trimming is opt-in via a new FilesystemTrimConfig document which sets the global trim interval:

apiVersion: v1alpha1
kind: FilesystemTrimConfig
interval: 168h0m0s # one week

The default machine configuration for Talos 1.14+ includes a FilesystemTrimConfig document with a default trim interval of one week,
so trimming is enabled by default for eligible filesystems. For cluster which were upgraded from older versions, the FilesystemTrimConfig document will be missing,
so trimming will be disabled by default until the document is added.

When the document is present, Talos builds a stable schedule (hashed by node ID and volume ID, so trims are spread out
across volumes and across nodes in a cluster) and trims eligible volumes (ready disk/partition volumes with a
trim-capable filesystem; for encrypted volumes only when allowDiscards is set).

The trim interval can be overridden or disabled per-volume via a trim block on the volume documents
(VolumeConfig, UserVolumeConfig, ExistingVolumeConfig, ExternalVolumeConfig):

trim:
  enabled: true
  interval: 24h0m0s
Flannel CNI

Talos now configures Flannel with the EnableNFTables option enabled, which uses nftables native backend instead of iptables-nft compatibility layer.

Host DNS Configuration

HostDNS configuration was moved from the v1alpha1 config .machine.features.hostDNS field to the new hostDNS in the ResolverConfig document.

HTTP Probe Support

Talos now supports HTTP network probes, allowing for monitoring of HTTP endpoints.
HTTP responses with status 200-399 are considered successful, while connection and transport errors are treated as failures.

Image Cache Configuration

Talos now supports a new ImageCacheConfig document for configuring the Image Cache feature, replacing the old machine.features.imageCache field in the v1alpha1 config.
Old configuration is still supported for backwards compatibility.

Kernel Multi-document Configuration

Talos introduces new multi-document configuration for kernel parameters (sysctl and sysfs settings), replacing the old v1alpha1 config fields.
The old configuration is still supported for backwards compatibility, but new deployments should use the new documents.

If both old and new configuration sources are used, the new multi-document configuration takes precedence over the old v1alpha1 config on conflicting fields.

List of changes:

  • Deprecated .machine.sysctls in the v1alpha1 config; use the SysctlConfig document for kernel sysctl configuration.
  • Deprecated .machine.sysfs in the v1alpha1 config; use the SysfsConfig document for sysfs configuration.
Kernel Module Status

Talos now reports the status of both dynamically loaded, and built-in kernel modules.

The LoadedKernelModule resource has been deprecated and superseded by the new KernelModuleStatus resource.

Kubernetes Multi-document Configuration

Talos introduces new multi-document Kubernetes configuration, which allows for more flexible and modular configuration of Kubernetes components.
Talos still supports the old v1alpha1 config for backwards compatibility, but new features and fields will only be available in the new multi-document format.
Talos introduces support for configuring multiple discovery service endpoints.
The kube-proxy is now using configuration to manage its settings instead of command line arguments (with new KubeProxyConfig document).

List of changes:

  • Deprecated .cluster.secretboxEncryptionSecret in the v1alpha1 config; use the KubeEtcdEncryptionConfig document for full etcd encryption configuration.
  • Deprecated .cluster.apiServer in the v1alpha1 config; use the KubeAPIServerConfig, KubeAdmissionControlConfig, KubeAuditPolicyConfig, KubeAuthenticationConfig and KubeAuthorizerConfig documents for kube-apiserver configuration.
  • Deprecated .cluster.controllerManager in the v1alpha1 config; use the KubeControllerManagerConfig document for kube-controller-manager configuration.
  • Deprecated .cluster.scheduler in the v1alpha1 config; use the KubeSchedulerConfig document for kube-scheduler configuration.
  • Deprecated .cluster.proxy in the v1alpha1 config; use the KubeProxyConfig document for kube-proxy configuration.
  • Deprecated .cluster.network in the v1alpha1 config; use the KubeNetworkConfig document for Kubernetes network configuration; Flannel can be configured using the KubeFlannelCNIConfig document.
  • Deprecated .cluster.discovery in the v1alpha1 config; use the DiscoveryServiceConfig document for discovery service configuration. The v1alpha1 config and DiscoveryServiceConfig are mutually exclusive.
LVM Logical Volume Creation

Logical volumes can now be declared with a new LVMLogicalVolumeConfig multi-doc config kind. Each document
names a logical volume, its parent volumeGroup, a type (linear, raid0, raid1 or raid10) and a
maxSize (absolute, e.g. 50GiB, or a percentage of the volume group, e.g. 80%). RAID layouts accept
optional mirrors (raid1/raid10, default 1) and stripes (raid0/raid10, default: all available physical
volumes) fields. Once the volume group is assembled the logical volume is created via lvcreate.

Raising maxSize grows an existing logical volume via lvextend; percentage-sized volumes also grow when
their volume group is extended. Shrinking is never performed (it risks data loss) - a request to reduce the
size surfaces an LVMValidationError instead. Removal stays an explicit operation via the LVMService LV
remove RPC (talosctl wipe lv).

LVM Status

Talos now provides detailed LVM status information, allowing for better monitoring and management of LVM volumes.
New resources LVMPhysicalVolumeStatus, LVMVolumeGroupStatus, and LVMLogicalVolumeStatus expose PV, VG, and LV details.
DiscoveredVolume resources for logical volumes are listed by their kernel name (e.g. dm-0). To resolve the <vg>/<lv> for a given device, use the Disks or BlockSymlinks resources, which carry the udev-managed symlinks (e.g. /dev/disk/by-id/dm-name-<vg>-<lv>).

LVM Volume Group Creation

Talos can now create and grow LVM Volume Groups declaratively through a new LVMVolumeGroupConfig multi-doc
config kind. Each document names a Volume Group and a CEL volumeSelector over the disk inventory; matched
disks are initialised as Physical Volumes (pvcreate) and aggregated into the requested VG (vgcreate).
Newly matched disks added to an existing VG are attached via vgextend.

Reconciliation is strictly additive and safe-by-default.

LVM Wipe

Talos now provides the ability to

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate

renovate Bot commented Sep 1, 2025

Copy link
Copy Markdown
Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: go get -t ./...
go: gopkg.in/yaml.v3@v3.0.3 (replaced by github.com/unix4ever/yaml/v2@v2.4.0): parsing go.mod:
	module declares its path as: gopkg.in/yaml.v2
	        but was required as: gopkg.in/yaml.v3

@talos-bot talos-bot moved this to In Review in Planning Sep 1, 2025
@smira smira removed this from Planning Sep 1, 2025
@renovate renovate Bot force-pushed the renovate/dependencies branch 5 times, most recently from af62f3c to c544f8b Compare September 8, 2025 20:03
@renovate renovate Bot force-pushed the renovate/dependencies branch 2 times, most recently from 9ae3a2c to 68b5eba Compare September 12, 2025 18:23
@renovate renovate Bot force-pushed the renovate/dependencies branch 3 times, most recently from 4748695 to 7a9613d Compare September 25, 2025 00:10
@renovate renovate Bot force-pushed the renovate/dependencies branch 5 times, most recently from eb466c8 to 95488dc Compare October 4, 2025 06:40
@renovate renovate Bot force-pushed the renovate/dependencies branch 2 times, most recently from 2a14ada to 58afe8c Compare October 9, 2025 03:42
@renovate renovate Bot force-pushed the renovate/dependencies branch 3 times, most recently from 9853a05 to 1df2f4e Compare October 21, 2025 07:13
@renovate renovate Bot force-pushed the renovate/dependencies branch 2 times, most recently from c1679d6 to e6d78f4 Compare November 1, 2025 11:51
@renovate renovate Bot force-pushed the renovate/dependencies branch 2 times, most recently from ce8db57 to 914a291 Compare November 9, 2025 08:06
@renovate renovate Bot force-pushed the renovate/dependencies branch 2 times, most recently from 390b108 to 20c4d70 Compare November 19, 2025 19:56
@renovate renovate Bot force-pushed the renovate/dependencies branch 3 times, most recently from f4ed013 to f7c34bf Compare December 27, 2025 08:12
@renovate renovate Bot force-pushed the renovate/dependencies branch 5 times, most recently from f09a32b to 3001fd9 Compare January 9, 2026 16:33
@renovate renovate Bot force-pushed the renovate/dependencies branch 3 times, most recently from f07dd37 to 03d9520 Compare January 23, 2026 07:37
@renovate renovate Bot force-pushed the renovate/dependencies branch 4 times, most recently from 341ae9f to 91426bd Compare February 6, 2026 03:11
@renovate renovate Bot force-pushed the renovate/dependencies branch 6 times, most recently from 2f6c480 to 0655593 Compare February 13, 2026 23:48
@renovate renovate Bot force-pushed the renovate/dependencies branch 2 times, most recently from 0bbd693 to 4574e27 Compare February 21, 2026 03:34
@renovate renovate Bot force-pushed the renovate/dependencies branch 3 times, most recently from 8206692 to e366988 Compare March 3, 2026 15:03
@renovate renovate Bot force-pushed the renovate/dependencies branch 3 times, most recently from 88bd84f to 31c2140 Compare March 14, 2026 11:22
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants