chore: update dependencies

[renovate]

Update Request | Renovate Bot

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
github.com/planetscale/vtprotobuf	require	digest	79df5c4 -> ba97887
github.com/siderolabs/omni/client	require	patch	v1.3.0-beta.1.0.20251117095803-519b46d66b1b -> v1.3.4
github.com/siderolabs/talos/pkg/machinery	require	patch	v1.12.0-alpha.2.0.20251104112157-92eeaa4826cf -> v1.12.0-beta.0
go.uber.org/zap	require	patch	v1.27.0 -> v1.27.1
go.yaml.in/yaml/v4	require	patch	v4.0.0-rc.2 -> v4.0.0-rc.3

---

Release Notes

siderolabs/omni (github.com/siderolabs/omni/client)

v1.3.4

Compare Source

Omni 1.3.4 (2025-11-20)

Welcome to the v1.3.4 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Contributors

• Artem Chernyshev

Changes

2 commits

• f8694b22 release(v1.3.4): prepare release
• 807b218b chore: remove nonce from the index.html

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.3.3

v1.3.3

Compare Source

Omni 1.3.3 (2025-11-20)

Welcome to the v1.3.3 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Contributors

• Edward Sammut Alessi
• Oguz Kilcan
• Utku Ozdemir
• Artem Chernyshev

Changes

9 commits

• 0558c18b release(v1.3.3): prepare release
• ef68e7db test: pick UKI and non-UKI machines correctly
• 1e6843f7 test: remove nonce CSP header test
• 85bf6a6d fix: do not allow downloading deprecated Talos versions in the UI
• 8fa28e76 refactor: use template instead of bytes replace for nonce
• f648ba20 fix: add nonce for userpilot scripts
• 145a3ae5 fix(frontend): keep use_embedded_discovery_service state when scaling
• 1b92fd1e fix: fix typos across the project
• ef9c9861 fix: do not clear schematic meta values for non-UKI machines

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.3.2

v1.3.2

Compare Source

Omni 1.3.2 (2025-11-14)

Welcome to the v1.3.2 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Contributors

• Utku Ozdemir
• Artem Chernyshev
• Edward Sammut Alessi

Changes

9 commits

• 0b9a38a1 release(v1.3.2): prepare release
• 42848316 fix(frontend): fix exposed services sidebar not appearing
• 5dfe4d55 fix: reduce usage of cached state to avoid stale reads
• becf6bd6 test: fix flaky etcd backup tests
• 11f3b039 test: fix flaky MachineUpgradeStatusController test
• d7dc7788 fix: use deterministic order for machine extensions
• 8df8997a fix: keep existing cluster level system extensions config in the UI
• 394efd91 fix: ignore MachineSets which reference non-existing clusters
• 04f2f465 fix(frontend): remove double scrollbar on machines list

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.3.1

v1.3.1

Compare Source

Omni 1.3.1 (2025-11-07)

Welcome to the v1.3.1 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Contributors

• Utku Ozdemir
• Edward Sammut Alessi

Changes

4 commits

• 58332e84 release(v1.3.1): prepare release
• 35d75747 fix: prevent MachineSetStatus from going into create/destroy loop
• cf3c84e1 fix: do not skip creating schematic config in agent mode
• 50f6c048 fix(frontend): only show label outline if selected

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.3.0

v1.3.0

Compare Source

Omni 1.3.0 (2025-11-07)

Welcome to the v1.3.0 release of Omni!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/omni/issues.

Shortened Auth0 Token Lifetime

Auth0 authentication tokens now expire after 2 minutes. Users without valid PGP keys will need to reauthenticate once tokens expire.

Cluster Import (Experimental)

Omni introduces an experimental feature that allows users to import existing Talos clusters to be managed by Omni.

Documentation on how to use this feature can be found here: https://docs.siderolabs.com/omni/cluster-management/importing-talos-clusters

Multi-Select for Pending Machines

You can now accept or reject multiple pending machines at once, simplifying large-scale approvals.

Stripe Link in Settings Sidebar

A Stripe link is now shown in the Omni settings sidebar when Stripe integration is enabled.

Display Unsupported Kubernetes Versions

Unsupported Kubernetes versions are now shown in the update modal as disabled entries with explanatory messages.

Improved Kubernetes Update Modal

The Kubernetes update modal now displays only upgradeable minor versions and explains why certain versions are not upgradeable.

Enhanced CPU Information in Machine Status

Machines now report processor details when either core count or frequency is available, improving visibility into hardware specs.

Support for Modifying Kernel Arguments

Omni now supports modifying kernel arguments for the existing machines.

Documentation on how to use this feature can be found here: https://docs.siderolabs.com/omni/infrastructure-and-extensions/modify-kernel-arguments

Contributors

• Edward Sammut Alessi
• Utku Ozdemir
• Artem Chernyshev
• Oguz Kilcan
• Andrey Smirnov
• Justin Garrison
• Noel Georgi
• niklasfrick
• niklasfrick

Changes

88 commits

• 3a47a7ee release(v1.3.0): prepare release
• 4b81c5e5 fix: remove KernelArgs resource when a machine is removed
• e51ef57a test: fix install extra kernel args in infra test
• 8a24c83d fix: update MachineRequestStatus resource when we populate UUID
• a3d47dae chore: expose enable-talos-pre-release-versions flag in the FeaturesConfig
• a1ab057b release(v1.3.0-beta.2): prepare release
• 13af8506 fix: prevent stale reads of kernel args in schematic id calculation
• a243fa88 fix(frontend): never add install disk for default disk
• af202c46 refactor(frontend): create a docs link generator
• 084e813a refactor(frontend): refactor tselectlist with reka-ui
• 0aba0fc7 fix(frontend): ignore invalid signature error on logout
• 516d2deb feat: permit MetaWrite/MetaDelete Talos APIs
• bacf80b5 refactor(frontend): introduce tw-animate-css
• 74a20773 release(v1.3.0-beta.1): prepare release
• 3f2021b0 fix(frontend): remove network error toasts
• 31d42130 fix: remove non-machinery Talos import, fix changelog
• bb582359 release(v1.3.0-beta.0): prepare release
• c2cbf34b fix: get rid of an extra call of the final provision step
• ff79e024 feat(installation-media): replace modal with link
• 8dde49d4 refactor(frontend): replace .prettierrc with prettier.config.ts
• 9d3ae445 chore(frontend): update node to latest lts
• a6da9dbf feat(installation-media): add placeholder steps
• afbc02f6 feat(installation-media): integrate stepper into create page
• 15deddde feat: implement extra kernel args support
• 832beba9 fix: change the order of operations in the common infra provider lib
• f70d78ee fix: make sidebar menus which do not open routes expand the submenus
• 52234c15 fix(frontend): add missing gap in some modals
• 0fa7d0a5 fix(frontend): only clamp min/max tinput values on blur
• 9794f6f0 fix(frontend): correct the icon colors on tstatus
• 02425267 test: improve integration tests
• a91eabdf fix: make sure that machine state is never nil in deprovision calls
• 4e120167 fix: properly check tracking state to show user consent form
• 25d58187 feat(installation-media): add initial page for creating installation media
• d9c41f11 feat(installation-media): add a stepper component
• 6d941f8a fix: remove https from URL in values frile for auth0
• df301c98 fix: make workload proxy cookies HTTP only
• 32f72f76 refactor(frontend): merge all sidebars into one sidebar
• 4490490d fix(frontend): hide sidebar during oidc auth
• c0e07b76 fix(frontend): fix sidebar children toggle behavior
• f997e541 feat(frontend): add a radio group component
• 3c139b23 chore(deps): update frontend deps
• ba821e93 chore(readme): clarify readme and add a comment in vite.config about allowedHosts
• 6e3019e2 feat: add new label style to tinput
• 20f6be0e fix: correctly fetch user ID for service accounts on the role edit page
• b5765d8d test: use bridge IP for WireGuard in CI
• 43ac1227 chore: add stories for tinput and cleanup
• d87574a4 feat(auth): make auth0 tokens only be valid for 2 minutes
• e60c8211 test: add more tests for the frontend API
• d0c8b166 chore: bump Talos to 1.11.3, reorder CI workflow jobs
• f28de89a fix: allow aborting kubernetes upgrades
• a4a91a96 fix: hide cancel button on minor kubernetes upgrades
• a7df08aa fix: honor lock status for machines during kubernetes upgrade
• eaa97c61 chore: move image package to client
• 2e77f37e fix(frontend): correctly set the size of the lock icon for clusters
• 90bd23a1 feat(frontend): create a generic table component
• 049ab877 chore: revert 'feat: add support for updating kernel args'
• 3139557b refactor: drop extra input finalizers
• 0d58ade7 feat: implement cluster import
• 6ffdae00 fix: remove debug code
• b2fbf900 feat(installation-media): add route for installation media page
• 4eee58fb feat(storybook): add ticon stories
• c57c89e8 refactor(tbutton): separate type and size styles in tbutton
• aaf45de0 refactor(routes): normalise /machine and /machines into /machines
• c88503dc chore: bump default Talos version, deps, rekres, re-generate
• a9986eab feat(frontend): clarify information inside update kubernetes modal
• 32a69827 feat(frontend): allow multi-select for pending machines
• ef6584f9 chore(frontend): update dependencies
• 6838947d feat(frontend): show unsupported k8s version in modal
• d27624ab chore: rekres and bump go to 1.25.2
• b8b3f356 feat: show cpus if they have cores or frequency
• ae9d7cca feat: add support for updating kernel args
• e380ea45 fix: typo in Helm chart readme service name for API Ingress example
• af3eeaf4 feat(frontend): add stripe link to settings sidebar
• ef84a4ca refactor: use TalosVersion compatibility in Kubernetes upgrades
• 3675826e fix(frontend): resize cluster machines correctly during deletion
• 3cff7a60 fix: update WireGuard wording to SideroLink
• a6562dc2 fix(frontend): fix alignment of provisioning machines
• 543f831f chore(storybook): write a story for clusters page
• 18a8f0b0 feat(frontend): add a skip parameter to skip watch dynamically
• 3d0d0cf6 fix(frontend): fix locked icon not showing when cluster is locked
• 626e6e26 refactor(msw): simplify msw handlers in storybook
• ffd695fb fix: remove dangling cluster taints
• 66c7d43a refactor(checkbox): change t-checkbox to use v-model
• cf9c93f7 feat: introduce storybook for omni frontend
• f1a0ce72 chore: bump min Talos version
• c91bd784 refactor(frontend): use auth flow constants
• 2965a614 chore(ci): sops update keys
• 12a0a6e4 chore(frontend): update dependencies

Changes since v1.3.0-beta.2

5 commits

• 3a47a7ee release(v1.3.0): prepare release
• 4b81c5e5 fix: remove KernelArgs resource when a machine is removed
• e51ef57a test: fix install extra kernel args in infra test
• 8a24c83d fix: update MachineRequestStatus resource when we populate UUID
• a3d47dae chore: expose enable-talos-pre-release-versions flag in the FeaturesConfig

Changes from siderolabs/crypto

2 commits

• 4154a77 feat: implement dynamic certificate reloader
• dae07fa chore: update to Go 1.25

Changes from siderolabs/go-api-signature

2 commits

• 876da9a feat: add method for revoking public key
• 184f94d chore: rekres and bump go to 1.25.2

Changes from siderolabs/go-debug

1 commit

• d51e25a chore: rekres, bump deps and go

Dependency Changes

• github.com/aws/aws-sdk-go-v2 v1.39.0 -> v1.39.3
• github.com/aws/aws-sdk-go-v2/config v1.31.8 -> v1.31.12
• github.com/aws/aws-sdk-go-v2/credentials v1.18.12 -> v1.18.16
• github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.6 -> v1.19.12
• github.com/aws/aws-sdk-go-v2/service/s3 v1.88.1 -> v1.88.4
• github.com/aws/smithy-go v1.23.0 -> v1.23.1
• github.com/coreos/go-oidc/v3 v3.15.0 -> v3.16.0
• github.com/emicklei/dot v1.9.1 -> v1.9.2
• github.com/go-jose/go-jose/v4 v4.1.2 -> v4.1.3
• github.com/go-playground/validator/v10 v10.27.0 -> v10.28.0
• github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 -> v2.27.3
• github.com/hashicorp/vault/api v1.21.0 -> v1.22.0
• github.com/johannesboyne/gofakes3 6555d31 -> ebf3e50
• github.com/prometheus/common v0.66.1 -> v0.67.1
• github.com/siderolabs/crypto v0.6.3 -> v0.6.4
• github.com/siderolabs/go-api-signature v0.3.8 -> v0.3.10
• github.com/siderolabs/go-debug v0.6.0 -> v0.6.1
• github.com/siderolabs/omni/client v1.1.2 -> v1.2.1
• github.com/siderolabs/talos/pkg/machinery v1.11.1 -> v1.12.0-alpha.2
• github.com/zitadel/oidc/v3 v3.44.0 -> v3.45.0
• go.etcd.io/etcd/client/pkg/v3 v3.6.4 -> v3.6.5
• go.etcd.io/etcd/client/v3 v3.6.4 -> v3.6.5
• go.etcd.io/etcd/server/v3 v3.6.4 -> v3.6.5
• golang.org/x/crypto v0.42.0 -> v0.43.0
• golang.org/x/net v0.44.0 -> v0.46.0
• golang.org/x/oauth2 v0.31.0 -> v0.32.0
• golang.org/x/text v0.29.0 -> v0.30.0
• golang.org/x/time v0.13.0 -> v0.14.0
• golang.org/x/tools v0.37.0 -> v0.38.0
• google.golang.org/grpc v1.75.1 -> v1.76.0
• google.golang.org/protobuf v1.36.9 -> v1.36.10
• k8s.io/api v0.35.0-alpha.0 -> v0.35.0-alpha.1
• k8s.io/apimachinery v0.35.0-alpha.0 -> v0.35.0-alpha.1
• k8s.io/client-go v0.35.0-alpha.0 -> v0.35.0-alpha.1
• sigs.k8s.io/controller-runtime v0.22.1 -> v0.22.3

Previous release can be found at v1.2.0

siderolabs/talos (github.com/siderolabs/talos/pkg/machinery)

v1.12.0-beta.0

Compare Source

Talos 1.12.0-beta.0 (2025-11-14)

Welcome to the v1.12.0-beta.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

New User Volume type - bind

New field in UserVolumeConfig - volumeType that defaults to partition, but can be set to directory.
When set to directory, provisioning and filesystem operations are skipped and a directory is created under /var/mnt/<name>.

The directory type enables lightweight storage volumes backed by a host directory, instead of requiring a full block device partition.

When volumeType = "directory":

• A directory is created at /var/mnt/<metadata.name>;
• provisioning, filesystem and encryption are prohibited.

Note: this mode does not provide filesystem-level isolation and inherits the EPHEMERAL partition capacity limits.
It should not be used for workloads requiring predictable storage quotas.

Disk Encryption

Talos versions prior to v1.12 used the state of PCR 7 and signed policies locked to PCR 11 for TPM based disk encryption.

Talos now supports configuring which PCRs states are to be used for TPM based disk encryption via the options.pcrs
field in the tpm section of the disk encryption configuration.

If user doesn't specify any options Talos defaults to using PCR 7 for backwards compatibility with existing installations.

This change was made to improve compatibility with systems that may have varying states in PCR 7 due to UEFI Secure Boot configurations
and users may wish to disable locking to PCR 7 state entirely.

Signed PCR policies will still be bound to PCR 11.

The currently used PCR's can be seen with talosctl get volumestatus <volume> -o yaml command.

New User Volume type - disk

volumeType in UserVolumeConfig can be set to disk.
When set to disk, a full block device is used for the volume.

When volumeType = "disk":

• Size specific settings are not allowed in the provisioning block (minSize, maxSize, grow).

Embedded Config

Talos Linux now supports embedding the machine configuration directly into the boot image.

etcd

etcd container image is now pulled from registry.k8s.io/etcd instead of gcr.io/etcd-development/etcd.

Ethernet Configuration

The Ethernet configuration now includes a wakeOnLAN field to enable Wake-on-LAN (WOL) support.
This field can be set to enable WOL and specify the desired WOL modes.

Extra Binaries

Talos Linux now ships with nft binary in the rootfs to support CNIs which shell out to nft command.

Feature Lock

Talos now ignores the following machine configuration fields:

• machine.features.rbac (locked to true)
• machine.features.apidCheckExtKeyUsage (locked to true)
• cluster.apiServer.disablePodSecurityPolicy (locked to false)

These fields were removed from the default machine configuration schema in v1.12 and are now always set to the locked values above.

Talos force reboot

Talos now supports a "force" reboot mode, which allows skipping the graceful userland termination.
It can be used in situations where a userland service (e.g. the kubelet) gets stuck during graceful shutdown, causing the regular reboot flow to fail.

In addition, talosctl was updated to support this feature via talosctl reboot --mode force.

GRUB

Talos Linux introduces new machine configuration option .machine.install.grubUseUKICmdline to control whether GRUB should use the kernel command line
provided by the boot assets (UKI) or to use the command line constructed by Talos itself (legacy behavior).

This option defaults to true for new installations, which means that GRUB will use the command line from the UKI, making it easier to customize kernel parameters via boot asset generation.
For existing installations upgrading to v1.12, this option will default to false to preserve the legacy behavior.

Kernel Module

Talos now supports optionally disabling kernel module signature verification by setting module.sig_enforce=0 kernel parameter.
By default module signature verification is enabled (module.sig_enforce=1).
When using Factory or Imager supply as -module.sig_enfore module.sig_enforce=0 kernel parameters to disable module signature enforcement.

Kernel Security Posture Profile (KSPP)

Talos now enables a stricter set of KSPP sysctl settings by default.
The list of overridden settings is available with talosctl get kernelparamstatus command.

Encrypted Volumes

Talos Linux now consistently provides mapped names for encrypted volumes in the format /dev/mapper/luks2-<volume-id>.
This change should not affect system or user volumes, but might allow easier identification of encrypted volumes,
and specifically for raw encrypted volumes.

Network Configuration

The network configuration under .machine.network (with the exception of KubeSpan) has been deprecated, but it is still supported for backwards compatibility.
New configuration documents were created to replace it, they will be documented in the future.

CRI Registry Configuration

The CRI registry configuration in v1apha1 legacy machine configuration under .machine.registries is now deprecated, but still supported for backwards compatibility.
New configuration documents RegistryMirrorConfig, RegistryAuthConfig and RegistryTLSConfig should be used instead.

talosctl image cache-serve

talosctl includes new subcommand image cache-serve.
It allows serving the created OCI image registry over HTTP/HTTPS.
It is a read-only registry, meaning images cannot be pushed to it, but the backing storage can be updated by re-running the cache-create command;

Additionally talosctl image cache-create has some changes:

• new flag --layout: oci (default), flat:
  • oci preserves current behavior;
  • flat does not repack artifact layer, but moves it to a destination directory, allowing it to be served by talosctl image cache-serve;
• changed flag --platform: now can accept multiple os/arch combinations:
  • comma separated (--platform=linux/amd64,linux/arm64);
  • multiple instances (--platform=linux/amd64 --platform=linux/arm64);

UEFI Boot

When using UEFI boot with systemd-boot as bootloader (on new installs of Talos from 1.10+ onwards), Talos will now not touch the UEFI boot order.
Talos 1.11 made a fix to create UEFI boot entry and set the boot order as first entry, but this behavior caused issues on some systems.
To avoid further issues, Talos will now only create the UEFI boot entry if it does not exist, but will not modify the boot order.

Component Updates

Linux: 6.17.7
Kubernetes: 1.35.0-alpha.3
CNI Plugins: 1.8.0
cryptsetup: 2.8.1
LVM2: 2_03_34
systemd-udevd: 257.8
runc: 1.3.2
CoreDNS: 1.13.1
etcd: 3.6.5
Flannel: 0.27.4
Flannel CNI plugin: v1.8.0-flannel2
runc: 1.3.3
containerd: 2.1.5

Talos is built with Go 1.25.4.

Contributors

• Andrey Smirnov
• Noel Georgi
• Mateusz Urbanek
• Dmitrii Sharshakov
• Amarachi Iheanacho
• Orzelius
• Oguz Kilcan
• Laura Brehm
• Justin Garrison
• Artem Chernyshev
• Utku Ozdemir
• George Gaál
• Jorik Jonker
• Michael Smith
• Nicole Hubbard
• 459below
• Adrian L Lange
• Alp Celik
• Andrew Longwill
• Chris Sanders
• Dmitry
• Febrian
• Florian Grignon
• Fred Heinecke
• Giau. Tran Minh
• Grzegorz Rozniecki
• Guillaume LEGRAIN
• Hector Monsalve
• Markus Freitag
• Max Makarov
• Mike Beaumont
• Misha Aksenov
• MrMrRubic
• Olivier Doucet
• Pranav
• Sammy ETUR
• Serge Logvinov
• Skyler Mäntysaari
• SuitDeer
• Tom
• aurh1l
• frozenprocess
• frozensprocess
• kassad
• leppeK
• samoreno
• theschles
• winnie

Changes

291 commits

• @​3d997d7 release(v1.12.0-beta.0): prepare release
• @​e62384b fix: re-creating STATE after partition drop
• @​6919d23 docs: update kernel args size
• @​887b296 test: randomize MAC addresses used in the unit-tests
• @​6063fbf feat: update dependencies
• @​542a67a feat: add riscv64 build of talosctl
• @​68560b5 fix: split volume/disk locators
• @​2c3d30e docs: fix image-cache-path flag description
• @​93f2e87 feat: shorthand for generating secrets to stdout
• @​5e1de00 feat: implement time and resolvers multi-doc configuration
• @​399240b feat: drop partitions on reset with system partitions wipe
• @​5cca966 feat: add new rockchip sbcs
• @​00fe50d fix: uefi bootorder setting
• @​3a88118 chore: improve error handling for system disk reset
• @​859194e chore: extract system+user volume config transformers, test
• @​308c6bc feat: add full disk volumes
• @​82ac111 feat: implement new registry configuration
• @​106f457 feat: update Linux kernel with userfaultfd/VDPA
• @​721a1e0 chore: rename+improve client.ErrEventNotSupported
• @​43f4e31 fix: race between VolumeConfigController and UserVolumeConfigController
• @​66c01a7 chore: deprecate interactive installer mode
• @​957770f feat(machined): add panic/force mode reboot
• @​60be0da feat: implement multi-doc Wireguard config
• @​cf014cb fix: only set default bootloader if none is set
• @​e9b016f fix: use strict platform match when pulling images
• @​fafab39 feat: update Kubernetes to 1.35.0-alpha.3
• @​7bf3aac feat: allow glibc aarch64 so files in extensions
• @​c8561ee feat: implement bridge multi-document config
• @​f4ad307 feat: implement bond multi-doc configuration
• @​75fe475 fix: stop attaching to tearing down mount parents
• @​c93a9c6 fix: improve OOM controller stability and make test strict on false positives
• @​021bbfe feat: update Go 1.25.4, containerd 2.1.5
• @​e25db48 test: disable parallelism in Longhorn tests
• @​54b93af feat: update Linux 6.17.7, runc 1.3.3
• @​2af69ff fix: provide minimal platform metadata always
• @​92eeaa4 fix: update YAML library
• @​aa24da9 fix: bump kubelet credendial provider config to v1
• @​335f917 feat: add short -c flag for --cluster
• @​4c09528 fix: set a timeout for SideroLink provision API call
• @​75e4c4a fix: log duplication on log senders
• @​e3cbc92 fix: add video kernel module to arm
• @​d69305a fix: userspace wireguard handling
• @​ee5fee7 fix: image-signer commands
• @​be028b6 feat: add support for multi-doc VLAN config
• @​f3df0f8 feat: add directory backed UserVolumes
• @​0327e77 feat: add support for dashboard custom console parameter
• @​fed948b release(v1.12.0-alpha.2): prepare release
• @​fb4bfe8 chore: fix LVM test
• @​f4ee0d1 chore: disable VIP operator test
• @​288f638 feat: bump deps
• @​b66482c feat: allow disabling injection of extra cmdline in cluster create
• @​704b5f9 feat: update Kubernetes to 1.35.0-alpha.2
• @​1dffa5d feat: implement virtual IP operator config
• @​43b1d75 fix: validate provisioner when destroying local clusters
• @​b494c54 fix: talos import on non-linux
• @​61e95cb feat: support bootloader option for ISO
• @​d110727 fix: provide offset for partitions in discovered volumes
• @​39eeae9 feat: update dependencies
• @​9890a9a test: fix OOM test
• @​c0772b8 feat: add airgapped mode to QEMU backed talos
• @​ac60a9e fix: update test for PCI driver rebind/IOMMU
• @​6c98f4c feat: implement new DHCP network configuration
• @​da92a75 fix: drop 'ro' falg from defaults
• @​28fd239 fix: imager build on arm64
• @​4e12df8 test: integration test for OOM controller
• @​7e498fa feat: use image signer
• @​eccb21d feat: add presets to the 'cluster create qemu' command
• @​ec0a813 feat: unify cmdline handling GRUB/systemd-boot
• @​37e4c40 fix: skip module signature tests on docker provisioner only
• @​8124efb fix: cache e2e
• @​4adcda0 fix: reserve the apid and trustd ports from the ephemeral port range
• @​ced57b0 feat: support optionally disabling module sig verification
• @​1e5c4ed fix: build talosctl image cache-serve non-linux
• @​dbdd2b2 feat: add static registry to talosctl
• @​77d8cc7 chore: push latest tag only on main
• @​59d9b1c feat: update dependencies
• @​bf6ad51 feat: add back install script
• @​da451c5 chore: drop documentation except for fresh reference
• @​2f23fed fix: file leak in reading cgroups
• @​b412ffd docs: update README.md for docs link
• @​8dc51ba feat: add drm_gpuvm and drm_gpusvm_helper modules
• @​4ca58ae fix: make Akamai platform usable
• @​061f8e7 feat: bump pkgs
• @​a9fa852 feat: update uefi image to talos linux logo
• @​04753ba feat: update go to 1.25.2
• @​9a42b05 feat: implement link aliasing
• @​d732bd0 chore(ci): run only nvidia tests for NVIDIA workflows
• @​8d14682 fix: stop populating apiserver cert SANs
• @​0247324 fix: wait for mount status to be proper mode
• @​825622d fix: resource proto definitions
• @​2c6003e docs: add Project Calico installation in two mode
• @​4fb4c86 feat: add disk.EnableUUID to generated ova
• @​33fb48f fix: add dashboard spinner
• @​053fd0b feat: update Linux to 6.17
• @​34e107e docs: fix broken link
• @​dfbece5 docs: update the kubespan docs
• @​8b041a7 docs: update scaleway.md
• @​435dcbf fix: provide nocloud metadata with missing network config
• @​ec3bd87 refactor: remove the go-blockdevice v1 completely
• @​33544bd fix: minor improvements to fs
• @​fd2eebf feat: create merge patch from diff of two machine configs
• @​eadbdda fix: uefi boot order setting
• @​cd9fb27 fix: support secure HTTP proxy with gRPC dial
• @​adf87b4 feat: update Flannel to v0.27.4
• @​5dfb7e1 feat: serve etcd image from registry.k8s.io
• @​5ca8418 fix: nftables flaky test
• @​a940e45 feat: generate list of images required to build talos
• @​3472d6e fix: revert "chore: use new mount/v3 package in efivarfs"
• @​42c0bdb feat: add provisioner flag to images default command
• @​6bc0b1b feat: drop and lock deprecated features
• @​362a8e6 fix: change the compression format
• @​6e58f58 fix: mkdir artifacts path
• @​3165a2b release(v1.12.0-alpha.1): prepare release
• @​e455c7e chore: use testing/synctest in tests
• @​7f048e9 feat: update dependencies
• @​fe36b3d fix: stop returning EINVAL on remount of detached mounts
• @​c6279e0 chore: use new mount/v3 package in efivarfs
• @​d5197ef feat: update etcd 3.6.5, CoreDNS 1.12.4
• @​33714b7 feat: release cloud image using factory
• @​d10a274 docs: deprecate JSON6902 patches and interactive installer
• @​1e604cb fix: don't set broadcast for /31 and /32 addresses
• @​65a6609 refactor: split cluster create logic into smaller parts
• @​ab84731 fix: provide refreshing CA pool (resolvers)
• @​d63c3ed docs: update secureboot docs
• @​493f7ed feat: support embedded config
• @​251df70 feat: add a userspace OOM controller
• @​7bae5b4 feat: implement link configuration
• @​724857d fix(ci): skip netbird extension for tests
• @​e06a086 fix: default gateway as string
• @​7ed0741 fix: uefi boot entry handling logic
• @​ea4ed16 refactor: efivarfs mock and tests
• @​1fca111 feat: support setting wake-on-lan for Ethernet
• @​94f78db docs: add a documentation for running Talos in KVM
• @​46902f8 docs: add TrueFullstaq to adopters
• @​a28e5cb chore: update pkgs and tools
• [@​7cf403d](https://redirect.github.com/siderolabs/talos/comm

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -t ./...
go: gopkg.in/[email protected]: reading gopkg.in/yaml.v3/go.mod at revision v3.0.3: unknown revision v3.0.3