chore(deps): update terraform hashicorp/terraform to v1.13.1 (main)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
hashicorp/terraform	required_version	minor	1.10.3 -> 1.13.1

---

Release Notes

hashicorp/terraform (hashicorp/terraform)

v1.13.1

Compare Source

1.13.1 (August 27, 2025)

BUG FIXES:

• Fix regression that caused terraform test with zero tests to return a non-zero exit code. (#​37477)

• terraform test: prevent panic when resolving incomplete references (#​37484)

v1.13.0

Compare Source

1.13.0 (August 20, 2025)

NEW FEATURES:

• The new command terraform stacks exposes some stack operations through the cli. The available subcommands depend on the stacks plugin implementation. Use terraform stacks -help to see available commands. (#​36931)

ENHANCEMENTS:

• Filesystem functions are now checked for consistent results to catch invalid data during apply (#​37001)

• Allow successful init when provider constraint matches at least one valid version (#​37137)

• Performance fix for evaluating high cardinality resources (#​37154)

• TF Test: Allow parallel execution of teardown operations (#​37169)

• terraform test: Test authors can now specify definitions for external variables that are referenced within test files directly within the test file itself. (#​37195)

• terraform test: File-level variable blocks can now reference run outputs and other variables." (#​37205)

• skip redundant comparisons when comparing planned set changes (#​37280)

• type checking: improve error message on type mismatches. (#​37298)

BUG FIXES:

• Added a missing warning diagnostic that alerts users when child module contains an ignored cloud block. (#​37180)

• Nested module outputs could lose sensitivity, even when marked as such in the configuration (#​37212)

• workspace: Updated validation to reject workspaces named "" (#​37267)

• workspace: Updated the workspace delete command to reject "" as an invalid workspace name (#​37275)

• plan: truncate invalid or dynamic references in the relevant attributes (#​37290)

• Test run Parallelism of 1 should not result in deadlock (#​37292)

• static validation: detect invalid static references via indexes on objects. (#​37298)

• Fixes resource identity being dropped from state in certain cases (#​37396)

NOTES:

• The command terraform rpcapi is now generally available. It is not intended for public consumption, but exposes certain Terraform operations through an RPC interface compatible with go-plugin. (#​37067)

UPGRADE NOTES:

• terraform test: External variables referenced within test files should now be accompanied by a variable definition block within the test file. This is optional, but users with complex external variables may see error diagnostics without the additional variable definition. (#​37195)

Previous Releases

For information on prior major and minor releases, refer to their changelogs:

• v1.12
• v1.11
• v1.10
• v1.9
• v1.8
• v1.7
• v1.6
• v1.5
• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

v1.12.2

Compare Source

1.12.2 (June 11, 2025)

BUG FIXES:

• partial ephemeral values were rejected in ephemeral outputs (#​37210)

v1.12.1

Compare Source

1.12.1 (May 21, 2025)

BUG FIXES:

• Include resource identity in import apply UI output (#​37044)

• Fix regression during provider installation by reverting back to not sending HEAD requests. (#​36998)

• Avoid crash on test failure in comparison in function call (#​37071)

v1.12.0

Compare Source

1.12.0 (May 14, 2025)

NEW FEATURES:

• Added Terraform backend implementation for OCI Object Storage (#​34465)

ENHANCEMENTS:

• Terraform Test command now accepts a -parallelism=n option, which sets the number of parallel operations in a test run's plan/apply operation. (#​34237)

• Logical binary operators can now short-circuit (#​36224)

• Terraform Test: Runs can now be annotated for possible parallel execution. (#​34180)

• Allow terraform init when tests are present but no configuration files are directly inside the current directory (#​35040)

• Terraform Test: Continue subsequent test execution when an expected failure is not encountered. (#​34969)

• Produce detailed diagnostic objects when test run assertions fail (#​34428)

• backend/oss: Supports more standard environment variables to keep same with provider setting (#​36581)

• Improved elapsed time display in UI Hook to show minutes and seconds in mm:ss format. (#​36368)

• Update legacy term used in error messages. (Terraform Cloud agent => HCP Terraform Agent) (#​36706)

• import blocks: Now support importing a resource via a new identity attribute. This is mutually exclusive with the id attribute (#​36703)

BUG FIXES:

• Refreshed state was not used in the plan for orphaned resource instances (#​36394)

• Fixes malformed Terraform version error when the remote backend reads a remote workspace that specifies a Terraform version constraint. (#​36356)

• Changes to the order of sensitive attributes in the state format would erroneously indicate a plan contained changes when there were none. (#​36465)

• Avoid reporting duplicate attribute-associated diagnostics, such as "Available Write-only Attribute Alternative" (#​36579)

• for_each expressions in import blocks should not be able to reference the import target (#​36801)

UPGRADE NOTES:

• On Linux, Terraform now requires Linux kernel version 3.2 or later; support for previous versions has been discontinued. (#​36478)

Previous Releases

For information on prior major and minor releases, refer to their changelogs:

• v1.11
• v1.10
• v1.9
• v1.8
• v1.7
• v1.6
• v1.5
• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

v1.11.4

Compare Source

1.11.4 (April 9, 2025)

BUG FIXES:

• disable X25519Kyber768Draft00 in TLS to prevent timouts with some AWS network firewalls (#​36791)

• write-only attributes: internal providers should set write-only attributes to null (#​36824)

v1.11.3

Compare Source

1.11.3 (March 26, 2025)

BUG FIXES:

• Fixes unintended exit of CLI when using the remote backend and applying with post-plan tasks configured in HCP Terraform (#​36686)

• Modules with zero instances that contain ephemeral resources could produce an error during apply (#​36719)

v1.11.2

Compare Source

1.11.2 (March 12, 2025)

ENHANCEMENTS:

• Azure Backend supports ADO Pipelines OIDC token refresh by using the oidc_request_url, oidc_request_token and (the new) ado_pipeline_service_connection_id. (#​36458)

BUG FIXES:

• Return error when the templatestring function contains only a single interpolation that evaluates to a null value (#​36652)

• Backend/azure: subscription_id be optional & skip unnecessary management plane API call in some setup (#​36595)

NOTES:

• Updated dependency github.com/hashicorp/aws-sdk-go-base/v2 to v2.0.0-beta.62 to support newly added AWS regions (#​36625)

v1.11.1

Compare Source

1.11.1 (March 5, 2025)

BUG FIXES:

• Temporarily revert updated Windows symlink handling until we can account for known existing configurations using non-symlink junctions. (#​36575)

• terraform test: Fix crash when a run block attempts to cleanup after a non-applyable plan. (#​36582)

• Updated dependency golang.org/x/oauth2 from v0.23.0 => v0.27.0 to integrate latest changes (fix for CVE-2025-22868) (#​36584)

• lang/funcs/transpose: Avoid crash due to map with null values (#​36611)

• Combining ephemeral and sensitive marks could fail when serializing planned changes (#​36619)

v1.11.0

Compare Source

1.11.0 (February 27, 2025)

NEW FEATURES:

• Add write-only attributes to resources. Providers can specify that certain attributes are write-only. They are not persisted in state. You can use ephemeral values in write-only attributes. (#​36031)

• terraform test: The -junit-xml option for the terraform test command is now generally available. This option allows the command to create a test report in JUnit XML format. Feedback during the experimental phase helped map terraform test concepts to the JUnit XML format, and new additons may happen in future releases. (#​36324)

• S3 native state locking is now generally available. The use_lockfile argument enables users to adopt the S3-native mechanism for state locking. As part of this change, we've deprecated the DynamoDB-related arguments in favor of this new locking mechanism. While you can still use DynamoDB alongside S3-native state locking for migration purposes, we encourage migrating to the new state locking mechanism. (#​36338)

ENHANCEMENTS:

• init: Provider installation will utilise credentials configured in a .netrc file for the download and shasum URLs returned by provider registries. (#​35843)

• terraform test: Test runs now support using mocked or overridden values during unit test runs (e.g., with command = "plan"). Set override_during = plan in the test configuration to use the overridden values during the plan phase. The default value is override_during = apply. (#​36227)

• terraform test: Add new state_key attribute for run blocks, allowing test authors control over which internal state file should be used for the current test run. (#​36185)

• Updates the azure backend authentication to match the terraform-provider-azurermprovider authentication, in several ways:

  • github.com/hashicorp/go-azure-helpers: v0.43.0 -> v0.71.0
  • github.com/hashicorp/go-azure-sdk/[resource-manager/sdk]: v0.20241212.1154051. This replaces the deprecated Azure SDK used before
  • github.com/jackofallops/giovanni: v0.15.1 -> v0.27.0. Meanwhile, updating the azure storage API version from 2018-11-09 to 2023-11-03
  • Following new properties are added for the azure backend configuration:
    • use_cli
    • use_aks_workload_identity
    • client_id_file_path
    • client_certificate
    • client_id_file_path
    • client_secret_file_path
      (#​36258)

• Include ca-certificates package in our official Docker image to help with certificate handling by downstream (#​36486)

BUG FIXES:

• ephemeral values: correct error message when ephemeral values are included in provisioner output (#​36427)

• Attempting to override a variable during apply via TF_VAR_ environment variable will now yield warning instead of misleading error. (#​36435)

• backends: Fix crash when interrupting during interactive prompt for values (#​36448)

• Fixes hanging behavior seen when applying a saved plan with -auto-approve using the cloud backend (#​36453)

Previous Releases

For information on prior major and minor releases, refer to their changelogs:

• v1.10
• v1.9
• v1.8
• v1.7
• v1.6
• v1.5
• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

v1.10.5

Compare Source

1.10.5 (January 22, 2025)

BUG FIXES:

• element(...): no longer crashes when asked for a negative index into a tuple. (#​36376)

• Updated dependency github.com/hashicorp/go-slug v0.16.0 => v0.16.3 to integrate latest changes (fix for CVE-2025-0377) (#​36273)

• jsondecode(...): improved error message when objects contain duplicate keys (#​36376)

v1.10.4

Compare Source

1.10.4 (January 8, 2025)

BUG FIXES:

• type conversion: Empty map conversions now return correct type information (#​36262)

• terraform console: Fix crash when printing ephemeral values (#​36267)

---

Configuration

📅 Schedule: Branch creation - "before 5am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.