chore: Bump github.com/siderolabs/talos/pkg/machinery from 1.12.0-beta.0 to 1.12.0-beta.1

[dependabot]

Bumps github.com/siderolabs/talos/pkg/machinery from 1.12.0-beta.0 to 1.12.0-beta.1.

Release notes

Sourced from github.com/siderolabs/talos/pkg/machinery's releases.

v1.12.0-beta.1

Talos 1.12.0-beta.1 (2025-12-01)

Welcome to the v1.12.0-beta.1 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

API Server Cipher Suites

The Kubernetes API server in Talos has been updated to use a more secure set of TLS cipher suites by default. This is in line with a set of best practices documented in CIS 1.12 benchmark.

You can still expand the list of supported cipher suites via the cluster.apiServer.extraArgs."tls-cipher-suites" machine configuration field if needed.

New User Volume type - bind

New field in UserVolumeConfig - volumeType that defaults to partition, but can be set to directory. When set to directory, provisioning and filesystem operations are skipped and a directory is created under /var/mnt/<name>.

The directory type enables lightweight storage volumes backed by a host directory, instead of requiring a full block device partition.

When volumeType = "directory":

• A directory is created at /var/mnt/<metadata.name>;
• provisioning, filesystem and encryption are prohibited.

Note: this mode does not provide filesystem-level isolation and inherits the EPHEMERAL partition capacity limits. It should not be used for workloads requiring predictable storage quotas.

Disk Encryption

Talos versions prior to v1.12 used the state of PCR 7 and signed policies locked to PCR 11 for TPM based disk encryption.

Talos now supports configuring which PCRs states are to be used for TPM based disk encryption via the options.pcrs field in the tpm section of the disk encryption configuration.

If user doesn't specify any options Talos defaults to using PCR 7 for backwards compatibility with existing installations.

This change was made to improve compatibility with systems that may have varying states in PCR 7 due to UEFI Secure Boot configurations and users may wish to disable locking to PCR 7 state entirely.

Signed PCR policies will still be bound to PCR 11.

The currently used PCR's can be seen with talosctl get volumestatus <volume> -o yaml command.

... (truncated)

Commits

• c9a4f95 release(v1.12.0-beta.1): prepare release
• d321d7d chore: correct condition for running k8s integration tests
• 736f32a chore: disable k8s integration tests for 1GiB worker nodes
• d9de616 chore(ci): skip multipath extension tests
• 57d6683 chore: update pkgs and tools version
• 949323a feat: present kernel log as talosctl logs kernel
• 7531fcb test: fix flaky LinkSpec/Wireguard test
• 1dbc64d fix: simplify OOM expression
• 0ffb1d8 fix: trim trailing dots from certificate SANs
• 9a2f6d9 fix: support specifying patch file without '@' symbol
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[netlify]

✅ Deploy Preview for wonderful-swartz-a1308c ready!

Name	Link
🔨 Latest commit	5116162
🔍 Latest deploy log	https://app.netlify.com/projects/wonderful-swartz-a1308c/deploys/6936236a7a16e4000856dc5c
😎 Deploy Preview	https://deploy-preview-1546--wonderful-swartz-a1308c.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[dependabot]

Superseded by #1563.