chore(deps): update dependency siderolabs/talos to v1.11.1

[renovate]

This PR contains the following updates:

Package	Update	Change	Pending
siderolabs/talos	minor	1.10.5 -> 1.11.1	v1.11.2

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

siderolabs/talos (siderolabs/talos)

v1.11.1

Compare Source

Talos 1.11.1 (2025-09-08)

Welcome to the v1.11.1 release of Talos!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Component Updates

Linux: 6.12.45
CoreDNS: 1.12.3

Talos is built with Go 1.24.6.

Contributors

• Andrey Smirnov
• Markus Freitag
• Olivier Doucet
• Sammy ETUR

Changes

7 commits

• @​8e85c83 release(v1.11.1): prepare release
• @​ff8644c fix: correctly handle status-code 204
• @​7d5fe2d feat: update Linux kernel (memcg_v1, ublk)
• @​9e310a9 fix: enable support for VMWare arm64
• @​f7620f0 feat: update CoreDNS to 1.12.3
• @​01bf2f6 feat: add SOCKS5 proxy support to dynamic proxy dialer
• @​8a578bc feat: update Linux to 6.12.45

Changes from siderolabs/pkgs

3 commits

• siderolabs/pkgs@1a25681 feat: enable ublk support
• siderolabs/pkgs@95f0be4 fix: enable memcg v1
• siderolabs/pkgs@e1c333c feat: update Linux to 6.12.45

Dependency Changes

• cloud.google.com/go/compute/metadata v0.7.0 -> v0.8.0
• github.com/aws/aws-sdk-go-v2/config v1.29.17 -> v1.31.2
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.32 -> v1.18.4
• github.com/aws/smithy-go v1.22.4 -> v1.22.5
• github.com/miekg/dns v1.1.67 -> v1.1.68
• github.com/siderolabs/pkgs v1.11.0-15-g2ac857a -> v1.11.0-18-g1a25681
• github.com/siderolabs/talos/pkg/machinery v1.11.0 -> v1.11.1
• golang.org/x/net v0.42.0 -> v0.43.0
• golang.org/x/sys v0.34.0 -> v0.35.0
• golang.org/x/term v0.33.0 -> v0.34.0
• golang.org/x/text v0.27.0 -> v0.28.0
• google.golang.org/grpc v1.73.0 -> v1.75.0
• google.golang.org/protobuf v1.36.6 -> v1.36.8

Previous release can be found at v1.11.0

Images

ghcr.io/siderolabs/flannel:v0.27.2
registry.k8s.io/coredns/coredns:v1.12.3
gcr.io/etcd-development/etcd:v3.6.4
registry.k8s.io/kube-apiserver:v1.34.0
registry.k8s.io/kube-controller-manager:v1.34.0
registry.k8s.io/kube-scheduler:v1.34.0
registry.k8s.io/kube-proxy:v1.34.0
ghcr.io/siderolabs/kubelet:v1.34.0
ghcr.io/siderolabs/installer:v1.11.1
registry.k8s.io/pause:3.10

v1.11.0

Compare Source

Welcome to the v1.12.0-alpha.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at
https://github.com/siderolabs/talos/issues.

Disk Encryption

Talos versions prior to v1.12 used the state of PCR 7 and signed policies locked to PCR 11 for TPM based disk encryption.

Talos now supports configuring which PCRs states are to be used for TPM based disk encryption via the options.pcrs
field in the tpm section of the disk encryption configuration.

If user doesn't specify any options Talos defaults to using PCR 7 for backwards compatibility with existing installations.

This change was made to improve compatibility with systems that may have varying states in PCR 7 due to UEFI Secure Boot configurations
and users may wish to disable locking to PCR 7 state entirely.

Signed PCR policies will still be bound to PCR 11.

The currently used PCR's can be seen with talosctl get volumestatus <volume> -o yaml command.

Embedded Config

Talos Linux now supports embedding the machine configuration directly into the boot image.

Ethernet Configuration

The Ethernet configuration now includes a wakeOnLAN field to enable Wake-on-LAN (WOL) support.
This field can be set to enable WOL and specify the desired WOL modes.

Extra Binaries

Talos Linux now ships with nft binary in the rootfs to support CNIs which shell out to nft command.

Kernel Security Posture Profile (KSPP)

Talos now enables a stricter set of KSPP sysctl settings by default.
The list of overridden settings is available with talosctl get kernelparamstatus command.

Encrypted Volumes

Talos Linux now consistently provides mapped names for encrypted volumes in the format /dev/mapper/luks2-<volume-id>.
This change should not affect system or user volumes, but might allow easier identification of encrypted volumes,
and specifically for raw encrypted volumes.

Component Updates

Linux: 6.16.9
Kubernetes: 1.34.1
CNI Plugins: 1.8.0
cryptsetup: 2.8.1
LVM2: 2_03_34
systemd-udevd: 257.8
runc: 1.3.1
CoreDNS: 1.12.4
etcd: 3.6.5

Talos is built with Go 1.25.1.

Contributors

• Andrey Smirnov
• Noel Georgi
• Amarachi Iheanacho
• Dmitrii Sharshakov
• Mateusz Urbanek
• Orzelius
• Oguz Kilcan
• George Gaál
• Utku Ozdemir
• 459below
• Alp Celik
• Andrew Longwill
• Chris Sanders
• Dmitry
• Febrian
• Fred Heinecke
• Giau. Tran Minh
• Guillaume LEGRAIN
• Jorik Jonker
• Justin Garrison
• Markus Freitag
• Max Makarov
• Mike Beaumont
• Misha Aksenov
• MrMrRubic
• Olivier Doucet
• Sammy ETUR
• Serge Logvinov
• Skyler Mäntysaari
• Tom
• aurh1l
• frozenprocess
• kassad
• leppeK
• winnie

Changes

178 commits

• e455c7ea9 chore: use testing/synctest in tests
• 7f048e962 feat: update dependencies
• fe36b3d32 fix: stop returning EINVAL on remount of detached mounts
• c6279e04c chore: use new mount/v3 package in efivarfs
• d5197effb feat: update etcd 3.6.5, CoreDNS 1.12.4
• 33714b715 feat: release cloud image using factory
• d10a2747e docs: deprecate JSON6902 patches and interactive installer
• 1e604cbf5 fix: don't set broadcast for /31 and /32 addresses
• 65a66097a refactor: split cluster create logic into smaller parts
• ab847310e fix: provide refreshing CA pool (resolvers)
• d63c3ed7d docs: update secureboot docs
• 493f7ed9d feat: support embedded config
• 251df70f6 feat: add a userspace OOM controller
• 7bae5b40b feat: implement link configuration
• 724857dec fix(ci): skip netbird extension for tests
• e06a08698 fix: default gateway as string
• 7ed07412e fix: uefi boot entry handling logic
• ea4ed165a refactor: efivarfs mock and tests
• 1fca111e2 feat: support setting wake-on-lan for Ethernet
• 94f78dbe7 docs: add a documentation for running Talos in KVM
• 46902f8fd docs: add TrueFullstaq to adopters
• a28e5cbd5 chore: update pkgs and tools
• 7cf403db8 docs: step-by-step scaleway documentation to get an image
• 687285fa2 docs: remove 'curl' in wget command
• 9db6dc06c feat: stop mounting state partition
• 53ce93aae test: try to clear connection refused more aggressively
• 51db5279c fix: bump trustd memory limit
• 25204dc8a fix(machined): change constants.MinimumGOAMD64Level using build tag
• 9cd2d794d feat: ship nft binary with Talos rootfs
• b1416c9fe feat: record last log the failed service
• 0b129f9ef feat: enforce more KSPP and hardening sysctls
• 11872643c chore: drop docs folder
• d30fdcd88 chore: pass in github token to imager
• b88f27d80 chore: make reset test code a bit better
• 1cde53d01 test: fix several issues with tests
• 16cd127a0 docs: add docs on updating image cache
• c3ae92b14 fix: build kernel checks only on linux
• 2120904ec feat: create detached tmpfs
• 6bbee6de5 docs: remove 'ceph-data' from volume examples/docs
• 07acb3bd2 fix: use correct order to determine SideroV1 keys directory path
• 2d57fa002 fix: trim zero bytes in the DHCP host & domain response
• 451cb5f78 docs: clarify disk partition confusion
• a2122ee5c feat: implement HostConfig multi-doc
• 69ab076b4 fix: re-create cgroups when restarting runners
• 297b5cc28 docs: add docs on node labels
• e168512dd fix: apply 'ro' flag to iso9660 filesystems
• 7f7acfbb9 docs: fix typo in doc
• d57882b18 feat: update Kubernetes to 1.34.1
• f85f82f32 test: fix flakiness in RawVolumes test
• 82569e319 feat: update Linux 6.16.6
• 2fd2ab4e4 fix: remove CoreDNS cpu limit
• ce9bc32a0 chore(ci): rekres to use new runner groups
• 8b64f68f6 test: improve test stability
• 272cb860d chore: drop the --input-dir flag from the cluster create command
• 1b6533675 docs: add note about ca-signed certs for secureboot
• d3f88f50c docs: document talos vip failover behavior
• 005fc8bd5 docs: add docs on syncing configs after a kube upgrade
• 4d876d9af feat: update Go to 1.25.1
• 2b556cd22 feat: implement multi-doc StaticHostConfig
• a7b776842 docs: replace Raspberry Pi 5 links with Talos builder
• a349b20ed docs: clarify that talos does not support intermediate ca
• 895133de9 feat: support configuring PCR states to bind disk encryption
• c1360103b docs: fix command for uploading image on Hetzner
• 43b5b9d89 fix: correctly handle status-code 204
• feeb0d312 feat: update runc to 1.3.1
• 421634a14 docs: add docs on multihoming
• 41af2d230 refactor: clean up internal cluster creation code
• 3000d9e43 fix: don't bootstrap talos cluster if there's no config present
• 79cb871d0 feat: use the id of the volume in the mapped luks2 name
• 6c322710d chore: refactor mount package
• ced7186e2 refactor: update COSI to 1.11.0
• de2e24fcd docs: clarify that install-cni image is deprecated
• bef8ef509 docs: add docs on cilium's compatibility with kubespan
• e5acb10fc feat: update pkgs
• c4c1daf0e docs: add info about br_netfilter
• 5c52ecac3 docs: clarify interactive dashboard resolution control
• 15ecb02a4 feat: update Linux kernel (memcg_v1, ublk)
• 53f18c2f6 fix: enable support for VMWare arm64
• 3bbe1c0da docs: add docs on grow flag
• b9fb09dcd release(v1.12.0-alpha.0): prepare release
• 6a389cad3 chore: update dependencies
• 9d98c2e89 feat: add a cgroup preset for PSI and --skip-cri-resolve
• 072f77b16 chore: prepare for future Talos 1.12-alpha.0 release
• 96f41ce88 docs: update qemu and docker docs
• a751cd6b7 docs: activate Talos v1.11 docs by default
• e8f1ec1c5 docs: fix broken create qemu command v1.11 docs
• 639f0dfdd feat: update Linux to 6.16.4
• 8aa7b3933 fix: bring back linux/armv7 build and update xz
• 9cae7ba6b feat: update CoreDNS to 1.12.3
• cfef3ad45 fix: drop linux/armv7 build
• 42ea2ac50 fix: update xz module (security)
• 4fcfd35b9 docs: fix module name example
• 50824599a chore: update some tools
• bcd297490 feat: allow Ed25119 in FIPS mode
• 5992138bb test: ignore one leaking goroutine
• d155326c1 docs: add sbc unofficial ports docs
• 285fa7d22 docs: add the deploy application docs
• 527791f09 feat: update Kubernetes to 1.34.0
• a1c0e237d feat: update Linux to 6.15.11, Go to 1.25
• 4d7fc25f8 docs: switch order of wipe disk command
• 7368a994d feat: add SOCKS5 proxy support to dynamic proxy dialer
• d63591069 chore: silence linter warnings
• 07eb4d7ec fix: set default ram unit to MiB instead of MB
• 6b732adc4 feat: update Linux to 6.12.43
• b6410914f feat: add human readable byte size cli flags
• ec70cef99 feat: update NVIDIA drivers and kernel
• 0879efa69 feat: update Kubernetes default to v1.34.0-rc.2
• f504639df feat: add a user-facing create qemu command
• 558e0b09a test: fix the Image Factory PXE boot test
• d73f0a2e5 docs: make readme badges consistent
• f1369af98 chore: use new filesystem api on STATE partition
• 366cedbe7 docs: link to kubernetes linux swap tuning
• 2f5a16f5e fix: make --with-uuid-hostnames functionality available to qemu provider
• 70612c1f9 refactor: split the PlatformConfigController
• 511748339 docs: add system extension tier documentation
• 009fb1540 test: don't run nvidia tests on integration/aws
• 99674ef20 docs: apply fixes for what is new
• 92db677b5 fix: image cache lockup on a missing volume
• 9c97ed886 fix: version contract parsing in encryption keys handling
• 1fc670a08 fix: dial with proxy
• 18447d0af feat: update Linux to 6.12.41
• f65f39b78 fix: provide mitigation CVE-1999-0524
• 8817cc60c fix: actually use SIDEROV1_KEYS_DIR env var if it's provided
• b08b20a10 feat: use key provider with fallback option for auth type SideroV1
• 7a52d7489 fix: kubernetes upgrade options for kubelet
• ea8289f55 feat: add a user facing docker command
• 54ad64765 chore: re-enable vulncheck
• 26bbddea9 fix: darwin build
• b5d5ef79e fix: set secs field in DHCPv4 packets
• c07911933 chore: refactor how tools are being installed
• 34f25815c docs: fork docs for v1.12
• b66b995d3 feat: update default Kubernetes to v1.34.0-rc.1
• b967c587d docs: fix clone URL to include .git
• b72c68398 docs: edit the insecure, etcd-metrics, inline and extramanifests
• e5b9c1fff docs: remov RAS Syndrome
• 701fe774b docs: fix cilium links and bump to 1.18.0
• d306713a1 feat: update Go to 1.24.6
• 721595a00 chore: add deadcode elimination linter
• dc4865915 refactor: stop using text/template in machined code paths
• 545be55ed feat: add a pause function to dashboard
• 06a6c0fe3 refactor: fix deadcode elimination with godbus
• 2dce8f8d4 refactor: replace containerd/containerd/v2 module for proper DCE
• 9b11d8608 chore: rekres to configure slack notify workflow for CI failures
• 5ce6a660f docs: augment the pod security docs
• ada51ff69 fix: unmarshal encryption STATE from META
• b9e9b2e07 docs: add what is new notes for 1.11
• 53055bdf4 docs: fix typo in kubevirt page
• 8d12db480 fix: one more attempt to fix volume mount race on restart
• 34d37a268 chore: rekres to use correct slack channel for slack-notify
• 326a00538 feat: implement talos.config.early command line arg
• a5f3000f2 feat: implement encryption locking to STATE
• c1e65a342 docs: remove talos API flags from mgmt commands
• 181d0bbf5 feat: bootedentry resource
• 7ad439ac3 fix: enforce minimum size on user volumes if not set explicitly
• 50e37aefd fix: live reload of TLS client config for discovery client
• 87efd75ef feat: update containerd to 2.1.4
• 724b9de6d feat: add F71808E watchdog driver
• 8af96f7af docs: add ETCD downgrade documentation
• 44edd205d docs: add remark about 'exclude-from-external-load-balancers' label
• 727101926 fix(ci): use a random suffix for ami names
• d621ce372 fix: grype scan
• d62e255c2 fix: issues with reading GPT
• 5d0883e14 feat: update PCI DB module to v0.3.2
• 3751c8ccf test: wait for service account test job longer
• a592eb9f9 feat: update Linux to 6.12.40
• 4c40e6d3f feat: update etcd to 3.6.4
• 2bc37bd2c docs: fix error in kernel module guide
• bfc57fb86 chore: tag aws snapshots created via ci with the image name
• 06ef7108a fix: issue with volume remount on service restart
• 03efbff18 docs: add SBOM documentation
• af8a2869d fix: do not download artifacts for cron Grype scan
• 5f442159b feat: unify disk encryption configuration
• 38e176e59 chore(ci): fix datasource versioning
• 85d6b9198 feat: update etcd to v3.5.22
• dd7bd2dab docs: rewrite the getting started and prod docs for v1.10 and v1.11
• 136a899aa chore: regenerate release step with signing fixes
• 450b30d5a chore(ci): add more nvidia test matrix
• 451c2c4c3 test: add talosctl:latest to the image cache

Changes since v1.12.0-alpha.0

79 commits

• e455c7ea9 chore: use testing/synctest in tests
• 7f048e962 feat: update dependencies
• fe36b3d32 fix: stop returning EINVAL on remount of detached mounts
• c6279e04c chore: use new mount/v3 package in efivarfs
• d5197effb feat: update etcd 3.6.5, CoreDNS 1.12.4
• 33714b715 feat: release cloud image using factory
• d10a2747e docs: deprecate JSON6902 patches and interactive installer
• 1e604cbf5 fix: don't set broadcast for /31 and /32 addresses
• 65a66097a refactor: split cluster create logic into smaller parts
• ab847310e fix: provide refreshing CA pool (resolvers)
• d63c3ed7d docs: update secureboot docs
• 493f7ed9d feat: support embedded config
• 251df70f6 feat: add a userspace OOM controller
• 7bae5b40b feat: implement link configuration
• 724857dec fix(ci): skip netbird extension for tests
• e06a08698 fix: default gateway as string
• 7ed07412e fix: uefi boot entry handling logic
• ea4ed165a refactor: efivarfs mock and tests
• 1fca111e2 feat: support setting wake-on-lan for Ethernet
• 94f78dbe7 docs: add a documentation for running Talos in KVM
• 46902f8fd docs: add TrueFullstaq to adopters
• a28e5cbd5 chore: update pkgs and tools
• 7cf403db8 docs: step-by-step scaleway documentation to get an image
• 687285fa2 docs: remove 'curl' in wget command
• 9db6dc06c feat: stop mounting state partition
• 53ce93aae test: try to clear connection refused more aggressively
• 51db5279c fix: bump trustd memory limit
• 25204dc8a fix(machined): change constants.MinimumGOAMD64Level using build tag
• 9cd2d794d feat: ship nft binary with Talos rootfs
• b1416c9fe feat: record last log the failed service
• 0b129f9ef feat: enforce more KSPP and hardening sysctls
• 11872643c chore: drop docs folder
• d30fdcd88 chore: pass in github token to imager
• b88f27d80 chore: make reset test code a bit better
• 1cde53d01 test: fix several issues with tests
• 16cd127a0 docs: add docs on updating image cache
• c3ae92b14 fix: build kernel checks only on linux
• 2120904ec feat: create detached tmpfs
• 6bbee6de5 docs: remove 'ceph-data' from volume examples/docs
• 07acb3bd2 fix: use correct order to determine SideroV1 keys directory path
• 2d57fa002 fix: trim zero bytes in the DHCP host & domain response
• 451cb5f78 docs: clarify disk partition confusion
• a2122ee5c feat: implement HostConfig multi-doc
• 69ab076b4 fix: re-create cgroups when restarting runners
• 297b5cc28 docs: add docs on node labels
• e168512dd fix: apply 'ro' flag to iso9660 filesystems
• 7f7acfbb9 docs: fix typo in doc
• d57882b18 feat: update Kubernetes to 1.34.1
• f85f82f32 test: fix flakiness in RawVolumes test
• 82569e319 feat: update Linux 6.16.6
• 2fd2ab4e4 fix: remove CoreDNS cpu limit
• ce9bc32a0 chore(ci): rekres to use new runner groups
• 8b64f68f6 test: improve test stability
• 272cb860d chore: drop the --input-dir flag from the cluster create command
• 1b6533675 docs: add note about ca-signed certs for secureboot
• d3f88f50c docs: document talos vip failover behavior
• 005fc8bd5 docs: add docs on syncing configs after a kube upgrade
• 4d876d9af feat: update Go to 1.25.1
• 2b556cd22 feat: implement multi-doc StaticHostConfig
• a7b776842 docs: replace Raspberry Pi 5 links with Talos builder
• a349b20ed docs: clarify that talos does not support intermediate ca
• 895133de9 feat: support configuring PCR states to bind disk encryption
• c1360103b docs: fix command for uploading image on Hetzner
• 43b5b9d89 fix: correctly handle status-code 204
• feeb0d312 feat: update runc to 1.3.1
• 421634a14 docs: add docs on multihoming
• 41af2d230 refactor: clean up internal cluster creation code
• 3000d9e43 fix: don't bootstrap talos cluster if there's no config present
• 79cb871d0 feat: use the id of the volume in the mapped luks2 name
• 6c322710d chore: refactor mount package
• ced7186e2 refactor: update COSI to 1.11.0
• de2e24fcd docs: clarify that install-cni image is deprecated
• bef8ef509 docs: add docs on cilium's compatibility with kubespan
• e5acb10fc feat: update pkgs
• c4c1daf0e docs: add info about br_netfilter
• 5c52ecac3 docs: clarify interactive dashboard resolution control
• 15ecb02a4 feat: update Linux kernel (memcg_v1, ublk)
• 53f18c2f6 fix: enable support for VMWare arm64
• 3bbe1c0da docs: add docs on grow flag

Changes from siderolabs/crypto

2 commits

• 4154a77 feat: implement dynamic certificate reloader
• dae07fa chore: update to Go 1.25

Changes from siderolabs/go-api-signature

1 commit

• 68478e2 fix: return invalid signature error when a signature is required

Changes from siderolabs/go-debug

1 commit

• e21721b chore: add support for Go 1.25

Changes from siderolabs/go-loadbalancer

1 commit

• 5e7a8b2 feat: add jitter and initial health check wait support to upstreams

Changes from siderolabs/pkgs

32 commits

• 202a8e6 feat: update Linux to 6.16.9
• 3a0900f feat: enable SRv6 LWTUNNEL and BPF support
• 628efc8 chore: update linuxfirmware and rekres
• 9d1fb02 feat: support adding extra trusted certificates in the kernel
• 7fe686d fix: build nftables with embedded gmp
• fede0a7 feat: add nft binary
• 0dae01a feat: update NVIDIA to 580.82.07
• 9ac2392 feat: enable Kernel config options for IPVS Maglev hashing scheduler support
• 3c5315c feat: update dependencies
• 122fa66 feat: update Linux to 6.16.6
• ab1e866 feat: update Go to 1.25.1
• 7d6ef1b feat: update runc to 1.3.1
• e067c20 feat: enable USB audio support
• c4faa38 feat: bump dependencies
• 453cdfc feat: enable ublk support
• 9824684 fix: enable memcg v1
• 2447e11 feat: update Linux to 6.16, GCC to 15
• 2cfb920 feat: update Linux to 6.15.11, update tools, rekres
• ab4e975 feat: update Linux to 6.12.43
• cd67e36 chore: update kernel config to support max SMP CPUs
• e3b2094 fix: fix build for new NVIDIA drivers
• fd5fdfd feat: update Nvidia LTS to 580.65.06 and production to 570.172.08
• 0edf426 fix: backport CVE kernel patches to 6.12
• 26d8fef feat: enable Infiniband IRDMA support
• 16b5fac fix: re-enable CPUSETS_V1 cgroups controller
• fd53886 feat: update backportable dependencies
• d5f7467 feat: update Go to 1.24.6
• 0bd019f feat: update containerd to 2.1.4
• 0ba8b5b feat: enable F71808E watchdog driver
• 895a86b fix: enable ISCSI IBFT
• a76a67c feat: update Linux to 6.12.40
• 8b0a561 feat: enable bootloader control on amd64

Changes from siderolabs/tools

8 commits

• 4f90801 chore: update openssl, curl, libexpat and rekres
• c37ac80 feat: update Go to 1.25.1
• 7c659e9 feat: update to GCC 15
• 83fd7b7 feat: migrate from pkg-config to pkgconf
• edafd5f feat: update toolchain for new Go and Linux headers
• 65789c7 chore: drop unused vars from Pkgfile
• 52db66e chore: drop protobuf-related stuff from tools
• e3c3ef2 feat: update Go to 1.24.6

Dependency Changes

• cloud.google.com/go/compute/metadata v0.7.0 -> v0.9.0
• github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.1 -> v1.19.1
• github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1 -> v1.12.0
• github.com/aws/aws-sdk-go-v2/config v1.29.17 -> v1.31.12
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.32 -> v1.18.9
• github.com/aws/aws-sdk-go-v2/service/kms v1.41.2 -> v1.45.6
• github.com/aws/smithy-go v1.22.4 -> v1.23.0
• github.com/containernetworking/plugins v1.7.1 -> v1.8.0
• github.com/cosi-project/runtime v1.10.7 -> v1.11.0
• github.com/docker/cli v28.3.3 -> v28.4.0
• github.com/docker/docker v28.3.3 -> v28.4.0
• github.com/docker/go-connections v0.5.0 -> v0.6.0
• github.com/equinix-ms/go-vmw-guestrpc v0.1.1 -> v1.0.0
• github.com/foxboron/go-uefi a3183a1 -> bf180ab
• github.com/gdamore/tcell/v2 v2.8.1 -> v2.9.0
• github.com/google/cel-go v0.26.0 -> v0.26.1
• github.com/google/go-tpm v0.9.5 -> v0.9.6
• github.com/gopacket/gopacket v1.3.1 -> v1.4.0
• github.com/hetznercloud/hcloud-go/v2 v2.22.0 -> v2.25.1
• github.com/mdlayher/netlink fbb4dce -> v1.8.0
• github.com/miekg/dns v1.1.67 -> v1.1.68
• github.com/rivo/tview a4a78f1 -> v0.42.0
• github.com/safchain/ethtool v0.6.1 -> v0.6.2
• github.com/scaleway/scaleway-sdk-go v1.0.0-beta.34 -> v1.0.0-beta.35
• github.com/siderolabs/crypto v0.6.3 -> v0.6.4
• github.com/siderolabs/go-api-signature v0.3.7 -> v0.3.8
• github.com/siderolabs/go-debug v0.5.0 -> v0.6.0
• github.com/siderolabs/go-loadbalancer v0.4.0 -> v0.5.0
• github.com/siderolabs/pkgs v1.11.0-15-g2ac857a -> v1.12.0-alpha.0-30-g202a8e6
• github.com/siderolabs/talos/pkg/machinery v1.11.0 -> v1.12.0-alpha.0
• github.com/siderolabs/tools v1.11.0-2-g8556c73 -> v1.12.0-alpha.0-7-g4f90801
• github.com/spf13/cobra v1.9.1 -> v1.10.1
• github.com/spf13/pflag v1.0.7 -> v1.0.10
• github.com/stretchr/testify v1.10.0 -> v1.11.1
• github.com/u-root/u-root v0.14.0 -> v0.15.0
• go.etcd.io/etcd/api/v3 v3.6.4 -> v3.6.5
• go.etcd.io/etcd/client/pkg/v3 v3.6.4 -> v3.6.5
• go.etcd.io/etcd/client/v3 v3.6.4 -> v3.6.5
• golang.org/x/net v0.42.0 -> v0.44.0
• golang.org/x/oauth2 v0.30.0 -> v0.31.0
• golang.org/x/sync v0.16.0 -> v0.17.0
• golang.org/x/sys v0.34.0 -> v0.36.0
• golang.org/x/term v0.33.0 -> v0.35.0
• golang.org/x/text v0.27.0 -> v0.29.0
• golang.org/x/time v0.12.0 -> v0.13.0
• google.golang.org/grpc

---

Configuration

📅 Schedule: Branch creation - "after 3am on Sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.