lilly/lillinfra

Fork 0

Update all non-major dependencies #42

Open

renovatebot wants to merge 1 commit from renovate/all-minor-patch into main

renovatebot commented

2026-05-25 16:46:49 +02:00

Collaborator

This PR contains the following updates:

Package	Type	Update	Change
cert-manager		minor	`v1.18.2` → `v1.20.3`
cert-manager		patch	`v1.20.2` → `v1.20.3`
csi-driver-nfs		minor	`v4.11.0` → `v4.13.3`
docker.io/netboxcommunity/netbox	Kustomization	minor	`v4.3` → `v4.6`
ghcr.io/goauthentik/server (source)	Kustomization	minor	`2026.2` → `2026.5`
metallb/metallb	Kustomization	patch	`v0.16.0` → `v0.16.1`
pnpm (source)	packageManager	minor	`10.28.0` → `10.34.4`
proxmox (source)	required_provider	minor	`0.81.0` → `0.111.0`
zonefile (source)	required_provider	minor	`0.1.2` → `0.2.0`

Release Notes

cert-manager/cert-manager (cert-manager)

`v1.20.3`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.20.3 removes the issuer owner reference from challenges which was blocking challenge garbage collection, removes unnecessary write verbs from the cert-manager-edit aggregate ClusterRole, and updates Go to fix reported CVEs.

Changes by Kind

Bug or Regression

Remove Challenge create and Order create, patch, update verbs from the cert-manager-edit aggregate ClusterRole. (#8940, @wallrj-cyberark)
Remove issuer owner reference from challenges blocking challenge garbage collection (#8759, @cert-manager-bot)

Other (Cleanup or Flake)

Bump go to 1.26.3, other deps to fix several govulncheck issues (#8789, @SgtCoDFish)
Update Go to v1.26.4 to fix CVE-2026-27145, CVE-2026-42504, and CVE-2026-42507 (#8926, @wallrj-cyberark)

`v1.20.2`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.20.2 fixes invalid YAML generated in the Helm chart when both webhook.config
and webhook.volumes are defined, and bumps Go to 1.26.2 along with dependencies
to address reported vulnerabilities.

Changes by Kind

Bug or Regression

Helm: Fix invalid YAML generated when both webhook.config and webhook.volumes are defined. (#8665, @cert-manager-bot)

Other (Cleanup or Flake)

Bump go dependencies with reported vulnerabilities (#8704, @erikgb)
Bump go to 1.26.2 (#8703, @erikgb)

`v1.20.1`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.20.1 fixes an issue for OpenShift users that has to do with the finalizer RBAC, bumps gRPC to address a reported non-affecting vulnerability, and fixes a duplicate parentRef bug when both issuer config and annotations are present (Gateway API).

Bug or Regression

Fixed duplicate parentRef bug when both issuer config and annotations are present. (#8658, @hjoshi123)
Add missing issuer finalizer RBAC to the order controller to support owner references. This was preventing OpenShift users from being able to upgrade to v1.20.0. (#8655, @erikgb)
Bump google.golang.org/grpc to fix vulnerability reported by scanners. This isn't a vulnerability that affects cert-manager, but we are bumping it because it is reported by scanners. (#8657, @erikgb)

`v1.20.0`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.20.0 adds alpha support for the new ListenerSet resource, adds support for Azure Private DNS; parentRefs are no longer required when using ACME with Gateway API, and OtherNames was promoted to Beta.

Changes by Kind

Feature

Added a set of flags to permit setting NetworkPolicy across all deployed containers. Remove redundant global IP ranges from example policies. (#8370, @jcpunk)
Added selectable fields to custom resource definitions for .spec.issuerRef.{group, kind, name} (#8256, @tareksha)
Added support for specifying imagePullSecrets in the startupapicheck-job Helm template to enable pulling images from private registries. (#8186, @mathieu-clnk)
Added 'extraContainers' helm chart value, allowing the deployment of arbitrary sidecar containers within the cert-manager operator pod. This can be used to support, for e.g., AWS IAM Roles Anywhere for Route53 DNS01 verification. (#8355, @dancmeyers)
Added parentRef override annotations on the Certificate resource. (#8518, @hjoshi123)
Added support for azure private zones for dns01 issuer. (#8494, @hjoshi123)
Added support for configuring PEM decoding size limits, allowing operators to handle larger certificates and keys. (#7642, @robertlestak)
Added support for unhealthyPodEvictionPolicy in PodDisruptionBudget (#7728, @jcpunk)
For Venafi provider, read venafi.cert-manager.io/custom-fields annotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. (#8301, @k0da)
Improve error message when CA issuers are misconfigured to use a clashing secret name (#8374, @majiayu000)
Introduce a new Ingress annotation acme.cert-manager.io/http01-ingress-ingressclassname to override http01.ingress.ingressClassName field in HTTP-01 challenge solvers. (#8244, @lunarwhite)
Update global.nodeSelector to helm chart to perform a merge and allow for a single nodeSelector to be set across all services. (#8195, @StingRayZA)
Vault issuers will now include the Vault server address as one of the default audiences on generated service account tokens. (#8228, @terinjokes)
Added experimental XListenerSets feature gate (#8394, @hjoshi123)

Documentation

Add GWAPI documentation to NOTES.TXT in helm chart (#8353, @jaxels10)

Bug or Regression

Adds logs for cases when acme server returns us a fatal error in the order controller (#8199, @Peac36)
Fixed an issue where kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed (#8160, @inteon)
Changes to the Duration and RenewBefore annotations on ingress and gateway-api resources will now trigger certificate updates. (#8232, @eleanor-merry)
Fix an issue where ACME challenge TXT records are not cleaned up when there are many resource records in CloudDNS. (#8456, @tkna)
Fix unregulated retries with the DigitalOcean DNS-01 solver
Add full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging (#8221, @wallrj-cyberark)
Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. (#8403, @calm329)
Fixed an issue where HTTP-01 challenges failed when the Host header contains an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. (#8424, @SlashNephy)
Fixed the HTTP-01 Gateway solver creating invalid HTTPRoutes by not setting spec.hostnames when the challenge DNSName is an IP address. (#8443, @alviss7)
Revert API defaults for issuer reference kind and group introduced in 0.19.0 (#8173, @erikgb)
Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. (#8469, @SgtCoDFish)
Update Go to v1.25.5 to fix CVE-2025-61727 and CVE-2025-61729 (#8290, @octo-sts[bot])
When Prometheus monitoring is enabled, the metrics label is now set to the intended value of cert-manager. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). (#8162, @LiquidPL)

Other (Cleanup or Flake)

Promoted the OtherNames feature to Beta and enabled it by default (#8288, @wallrj-cyberark)
Promoting XListenerSets feature gate to ListenerSets (#8501, @hjoshi123)
Rebranding of the Venafi Issuer to CyberArk (#8215, @iossifbenbassat123)
Switched to SSA for challenge finalizer updates (#8519, @inteon)
The default container user (UID) is now 65532 (previously 1000) and the default container group (GID) is now 65532 (previously 0) (#8408, @wallrj-cyberark)
The feature-gate DefaultPrivateKeyRotationPolicyAlways moved from Beta to GA and can no longer be disabled. (#8287, @wallrj-cyberark)
Update cert-manager's ACME client, forked from golang/x/crypto (#8268, @SgtCoDFish)
Use the latest version of Kyverno (1.16.2) in the best-practice installation tests (#8389, @wallrj-cyberark)
We stopped testing with Coutour due to it not supporting the new XListenerSet resource, and moved to kgateway. (#8426, @hjoshi123)

`v1.20.0-beta.0`

Compare Source

Changes since v1.20.0-alpha.1

In this release, parentRef override annotations, Azure private DNS zone support, and configurable PEM size limits were added, while an ACME TXT record cleanup issue in CloudDNS and a potential controller panic from malformed DNS responses were fixed.

Feature

Added parentRef override annotations on the Certificate resource. (#8518, @hjoshi123)
Added support for azure private zones for dns01 issuer. (#8494, @hjoshi123)
Added support for configuring PEM decoding size limits, allowing operators to handle larger certificates and keys. (#7642, @robertlestak)

Bug or Regression

Fix an issue where ACME challenge TXT records are not cleaned up when there are many resource records in CloudDNS. (#8456, @tkna)
Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. (#8469, @SgtCoDFish)

Other (Cleanup or Flake)

Promoting xlistenerset feature gate to listenerset (#8501, @hjoshi123)
Switched to SSA for challenge finalizer updates (#8519, @inteon)

`v1.20.0-alpha.1`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

This is a pre-release for cert-manager v1.20.0. Please help with testing!

Changed since v1.20.0-alpha.0

This alpha release adds experimental XListenerSet support, NetworkPolicy and CRD selectable field features, fixes critical bugs including an infinite re-issuance loop and IPv6 HTTP-01 challenge issues, patches security vulnerabilities (CVE-2025-61727, CVE-2025-61729), promotes OtherNames to Beta and DefaultPrivateKeyRotationPolicyAlways to GA, and changes the default container UID/GID from 1000/0 to 65532/65532.

Feature

Added experimental XListenerSet feature gate (#8394, @hjoshi123)
Add a set of flags to permit setting NetworkPolicy across all deployed containers.
Remove redundant global IP ranges from example policies. (#8370, @jcpunk)
Add selectable fields to custom resource definitions for .spec.issuerRef.{group, kind, name} (#8256, @tareksha)
Added 'extraContainers' helm chart value, allowing the deployment of arbitrary sidecar containers within the cert-manager operator pod. This can be used to support, for e.g., AWS IAM Roles Anywhere for Route53 DNS01 verification. (#8355, @dancmeyers)
Added support for unhealthyPodEvictionPolicy in PodDisruptionBudget (#7728, @jcpunk)
For Venafi provider, read venafi.cert-manager.io/custom-fields annotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. (#8301, @k0da)
Improve error message when CA issuers are misconfigured to use a clashing secret name (#8374, @majiayu000)
Introduce a new Ingress annotation acme.cert-manager.io/http01-ingress-ingressclassname to override http01.ingress.ingressClassName field in HTTP-01 challenge solvers. (#8244, @lunarwhite)
Update global.nodeSelector to helm chart to perform a merge and allow for a single nodeSelector to be set across all services. (#8195, @StingRayZA)
Vault issuers will now include the Vault server address as one of the default audiences on generated service account tokens. (#8228, @terinjokes)

Bug or Regression

Changes to the Duration and RenewBefore annotations on ingress and gateway-api resources will now trigger certificate updates. (#8232, @eleanor-merry)
Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. (#8403, @calm329)
Fixed an issue where HTTP-01 challenges failed when the Host header containing an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. (#8424, @SlashNephy)
Fixed the HTTP-01 Gateway solver creating invalid HTTPRoutes by not setting spec.hostnames when the challenge DNSName is an IP address. (#8443, @alviss7)
Update Go to v1.25.5 to fix CVE-2025-61727 and CVE-2025-61729 (#8290, @octo-sts[bot])

Other (Cleanup or Flake)

Promoted the OtherNames feature to Beta and enabled it by default (#8288, @wallrj-cyberark)
The default container user (UID) is now 65532 (previously 1000) and the default container group (GID) is now 65532 (previously 0) (#8408, @wallrj-cyberark)
The feature-gate DefaultPrivateKeyRotationPolicyAlways moved from Beta to GA and can no longer be disabled. (#8287, @wallrj-cyberark)
Update cert-manager's ACME client, forked from golang/x/crypto (#8268, @SgtCoDFish)
Use the latest version of Kyverno (1.16.2) in the best-practice installation tests (#8389, @wallrj-cyberark)
Rebranding of the Venafi Issuer to CyberArk (#8215, @iossifbenbassat123)
Add GWAPI documentation to NOTES.TXT in helm chart (#8353, @jaxels10)
We stopped testing with Coutour due to it not supporting the new XListenerSet resource, and moved to kgateway. (#8426, @hjoshi123)

Dependencies Changes

Added

github.com/aws/aws-sdk-go-v2/service/signin: v1.0.5
github.com/go-openapi/testify/v2: v2.0.2

Changed

cloud.google.com/go/auth: v0.17.0 → v0.18.1
github.com/Azure/azure-sdk-for-go/sdk/azcore: v1.19.1 → v1.21.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity: v1.13.0 → v1.13.1
github.com/AzureAD/microsoft-authentication-library-for-go: v1.5.0 → v1.6.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: v1.29.0 → v1.30.0
github.com/Masterminds/semver/v3: v3.3.1 → v3.4.0
github.com/Venafi/vcert/v5: v5.12.2 → v5.12.3
github.com/akamai/AkamaiOPEN-edgegrid-golang/v12: v12.1.0 → v12.3.0
github.com/aws/aws-sdk-go-v2/config: v1.31.16 → v1.32.7
github.com/aws/aws-sdk-go-v2/credentials: v1.18.20 → v1.19.7
github.com/aws/aws-sdk-go-v2/feature/ec2/imds: v1.18.12 → v1.18.17
github.com/aws/aws-sdk-go-v2/internal/configsources: v1.4.12 → v1.4.17
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2: v2.7.12 → v2.7.17
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding: v1.13.2 → v1.13.4
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url: v1.13.12 → v1.13.17
github.com/aws/aws-sdk-go-v2/service/route53: v1.59.2 → v1.62.1
github.com/aws/aws-sdk-go-v2/service/sso: v1.30.0 → v1.30.9
github.com/aws/aws-sdk-go-v2/service/ssooidc: v1.35.4 → v1.35.13
github.com/aws/aws-sdk-go-v2/service/sts: v1.39.0 → v1.41.6
github.com/aws/aws-sdk-go-v2: v1.39.5 → v1.41.1
github.com/aws/smithy-go: v1.23.2 → v1.24.0
github.com/cncf/xds/go: 2ac532f → 0feb691
github.com/digitalocean/godo: v1.167.0 → v1.173.0
github.com/envoyproxy/go-control-plane/envoy: v1.32.4 → v1.35.0
github.com/envoyproxy/go-control-plane: v0.13.4 → 75eaa19
github.com/go-jose/go-jose/v4: v4.1.2 → v4.1.3
github.com/go-openapi/jsonpointer: v0.22.1 → v0.22.4
github.com/go-openapi/jsonreference: v0.21.2 → v0.21.4
github.com/go-openapi/swag/jsonname: v0.25.1 → v0.25.4
github.com/google/gnostic-models: v0.7.0 → v0.7.1
github.com/google/pprof: d1b30fe → 27863c8
github.com/googleapis/enterprise-certificate-proxy: v0.3.6 → v0.3.11
github.com/googleapis/gax-go/v2: v2.15.0 → v2.16.0
github.com/hashicorp/vault/sdk: v0.20.0 → v0.21.0
github.com/miekg/dns: v1.1.68 → v1.1.72
github.com/onsi/ginkgo/v2: v2.22.0 → v2.27.2
github.com/onsi/gomega: v1.36.1 → v1.38.2
github.com/sagikazarmark/locafero: v0.10.0 → v0.11.0
github.com/spf13/afero: v1.14.0 → v1.15.0
github.com/spf13/cast: v1.9.2 → v1.10.0
github.com/spf13/cobra: v1.10.1 → v1.10.2
github.com/spf13/viper: v1.20.1 → v1.21.0
github.com/spiffe/go-spiffe/v2: v2.5.0 → v2.6.0
go.etcd.io/bbolt: v1.4.2 → v1.4.3
go.etcd.io/etcd/api/v3: v3.6.4 → v3.6.5
go.etcd.io/etcd/client/pkg/v3: v3.6.4 → v3.6.5
go.etcd.io/etcd/client/v3: v3.6.4 → v3.6.5
go.etcd.io/etcd/pkg/v3: v3.6.4 → v3.6.5
go.etcd.io/etcd/server/v3: v3.6.4 → v3.6.5
go.opentelemetry.io/auto/sdk: v1.1.0 → v1.2.1
go.opentelemetry.io/contrib/detectors/gcp: v1.36.0 → v1.38.0
go.opentelemetry.io/otel/metric: v1.37.0 → v1.39.0
go.opentelemetry.io/otel/sdk/metric: v1.37.0 → v1.39.0
go.opentelemetry.io/otel/sdk: v1.37.0 → v1.39.0
go.opentelemetry.io/otel/trace: v1.37.0 → v1.39.0
go.opentelemetry.io/otel: v1.37.0 → v1.39.0
go.uber.org/zap: v1.27.0 → v1.27.1
go.yaml.in/yaml/v2: v2.4.2 → v2.4.3
golang.org/x/crypto: v0.43.0 → v0.47.0
golang.org/x/mod: v0.28.0 → v0.31.0
golang.org/x/net: v0.46.0 → v0.49.0
golang.org/x/oauth2: v0.32.0 → v0.34.0
golang.org/x/sync: v0.17.0 → v0.19.0
golang.org/x/sys: v0.37.0 → v0.40.0
golang.org/x/telemetry: aef8a43 → 8fff8a5
golang.org/x/term: v0.36.0 → v0.39.0
golang.org/x/text: v0.30.0 → v0.33.0
golang.org/x/tools: v0.37.0 → v0.40.0
google.golang.org/api: v0.254.0 → v0.262.0
google.golang.org/genproto/googleapis/api: a7a43d2 → ff82c1b
google.golang.org/genproto/googleapis/bytestream: 3a174f9 → 409b4a9
google.golang.org/genproto/googleapis/rpc: 3a174f9 → 409b4a9
google.golang.org/genproto: 513f239 → ff82c1b
google.golang.org/grpc: v1.76.0 → v1.78.0
google.golang.org/protobuf: v1.36.10 → v1.36.11
k8s.io/api: v0.34.1 → v0.35.0
k8s.io/apiextensions-apiserver: v0.34.1 → v0.35.0
k8s.io/apimachinery: v0.34.1 → v0.35.0
k8s.io/apiserver: v0.34.1 → v0.35.0
k8s.io/client-go: v0.34.1 → v0.35.0
k8s.io/code-generator: v0.34.1 → v0.35.0
k8s.io/component-base: v0.34.1 → v0.35.0
k8s.io/gengo/v2: c297c0c → ec3ebc5
k8s.io/kms: v0.34.1 → v0.35.0
k8s.io/kube-aggregator: v0.34.1 → v0.35.0
k8s.io/kube-openapi: 589584f → 4e65d59
k8s.io/utils: 0af2bda → bc988d5
sigs.k8s.io/controller-runtime: v0.22.4 → v0.23.1
sigs.k8s.io/gateway-api: v1.4.0 → v1.4.1
sigs.k8s.io/structured-merge-diff/v6: v6.3.0 → d9cc664
software.sslmate.com/src/go-pkcs12: v0.6.0 → v0.7.0

Removed

github.com/zeebo/errs: v1.4.0

`v1.20.0-alpha.0`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

⚠️ This is a pre-release. For testing only!

Changes since `v1.19.0`

Feature

Add built-in "Ready" status metrics for ClusterIssuer and Issuer resources. (#8188, @mikeluttikhuis)
Add support for specifying imagePullSecrets in the startupapicheck-job Helm template to enable pulling images from private registries. (#8186, @mathieu-clnk)

Bug or Regression

Adds logs for cases when acme server returns us a fatal error in the order controller (#8199, @Peac36)
BUGFIX: in case kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed (#8160, @inteon)
Fix unregulated retries with the DigitalOcean DNS-01 solver (#8221, @wallrj-cyberark)
Add full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging (#8221, @wallrj-cyberark)
Revert API defaults for issuer reference kind and group introduced in 0.19.0 (#8173, @erikgb)
When Prometheus monitoring is enabled, the metrics label is now set to the intended value of cert-manager. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). (#8162, @LiquidPL)

`v1.19.6`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

This patch release fixes an RBAC issue with the cert-manager-edit aggregate ClusterRole, which previously granted unnecessary write access to Challenge and Order resources. It also includes Go version bumps to address reported CVEs. All users are recommended to upgrade.

Changes by Kind

Bug or Regression

Remove Challenge create and Order create, patch, update verbs from the cert-manager-edit aggregate ClusterRole. (#8941, @wallrj-cyberark)

Other (Cleanup or Flake)

Update Go to v1.25.11 to fix CVE-2026-27145, CVE-2026-42504, and CVE-2026-42507 (#8925, @wallrj-cyberark)
Upgrade Go to 1.25.10 to fix reported vulnerabilities, along with other dependency bumps (#8788, @SgtCoDFish)

`v1.19.5`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

This is a simple patch release to fix some reported vulnerabilities. All users are recommended to upgrade.

Changes by Kind

Other (Cleanup or Flake)

Bump go dependencies with reported vulnerabilities (#8706, @erikgb)
Bump go to 1.25.8 to address several reported vulnerabilities (#8628, @SgtCoDFish)
Bump go to 1.25.9 (#8705, @erikgb)

`v1.19.4`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.19.4 is a simple patch release to fix some reported vulnerabilities - notably CVE-2026-24051 and CVE-2025-68121. All users should upgrade.

Changes by Kind

Bug or Regression

Bump go to address CVE-2025-68121 (#8526, @SgtCoDFish)
Bump otel SDK to address GO-2026-4394 (#8531, @SgtCoDFish)

`v1.19.3`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

This release contains three bug fixes, including a fix for the MODERATE severity DoS issue in GHSA-gx3x-vq4p-mhhv. All users should upgrade to the latest release.

Changes by Kind

Bug or Regression

Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. (#8415, @cert-manager-bot)
Fixed an issue where HTTP-01 challenges failed when the Host header contained an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. (#8436, @cert-manager-bot)
Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. (#8468, @SgtCoDFish)

Other (Cleanup or Flake)

Bump go to 1.25.6 (#8459, @SgtCoDFish)

`v1.19.2`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We updated Go to fix some vulnerabilities in the standard library.

📖 Read the full 1.19 release notes on the cert-manager.io website before upgrading.

Changes since `v1.19.1`

Bug or Regression

Address false positive vulnerabilities CVE-2025-47914 and CVE-2025-58181 which were reported by Trivy. (#8283, @SgtCoDFish)
Update Go to v1.25.5 to fix CVE-2025-61727 and CVE-2025-61729 (#8294, @wallrj-cyberark)
Update global.nodeSelector to helm chart to perform a merge and allow for a single nodeSelector to be set across all services. (#8233, @cert-manager-bot)

Other (Cleanup or Flake)

Update cert-manager's ACME client, forked from golang/x/crypto (#8270, @SgtCoDFish)
Updated Debian 12 distroless base images (#8326, @wallrj-cyberark)

`v1.19.1`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We reverted the CRD-based API defaults for Certificate.Spec.IssuerRef and CertificateRequest.Spec.IssuerRef after they were found to cause unexpected certificate renewals after upgrading to 1.19.0. We will try re-introducing these API defaults in cert-manager 1.20.
We fixed a bug that caused certificates to be re-issued unexpectedly if the issuerRef kind or group was changed to one of the "runtime" default values.
We upgraded Go to 1.25.3 to address the following security vulnerabilities: CVE-2025-61724, CVE-2025-58187, CVE-2025-47912, CVE-2025-58183, CVE-2025-61723, CVE-2025-58186, CVE-2025-58185, CVE-2025-58188, and CVE-2025-61725.

📖 Read the full 1.19 release notes on the cert-manager.io website before upgrading.

Changes since v1.19.0:

Bug or Regression

BUGFIX: in case kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed (#8175, @cert-manager-bot)
Bump Go to 1.25.3 to fix a backwards incompatible change to the validation of DNS names in X.509 SAN fields which prevented the use of DNS names with a trailing dot (#8177, @wallrj-cyberark)
Revert API defaults for issuer reference kind and group introduced in 0.19.0 (#8178, @cert-manager-bot)

`v1.19.0`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

⚠️ Known issues: The following known issues are fixed in v1.19.1:

Unexpected certificate renewal after upgrading to 1.19.0

This release focuses on expanding platform compatibility, improving deployment flexibility, enhancing observability, and addressing key reliability issues.

📖 Read the full release notes at cert-manager.io: https://cert-manager.io/docs/releases/release-notes/release-notes-1.19

Changes since v1.18.0:

Feature

Add IPv6 rules to the default network policy (#7726, @jcpunk)
Add global.nodeSelector to helm chart to allow for a single nodeSelector to be set across all services. (#7818, @StingRayZA)
Add a feature gate to default to Ingress pathType Exact in ACME HTTP01 Ingress challenge solvers. (#7795, @sspreitzer)
Add generated applyconfigurations allowing clients to make type-safe server-side apply requests for cert-manager resources. (#7866, @erikgb)
Added API defaults to issuer references group (cert-manager.io) and kind (Issuer). (#7414, @erikgb)
Added certmanager_certificate_challenge_status Prometheus metric. (#7736, @hjoshi123)
Added protocol field for rfc2136 DNS01 provider (#7881, @hjoshi123)
Added experimental field hostUsers flag to all pods. Not set by default. (#7973, @hjoshi123)
Support configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global --acme-http01-solver-resource-* settings. (#7972, @lunarwhite)
The CAInjectorMerging feature has been promoted to BETA and is now enabled by default (#8017, @ThatsMrTalbot)
The controller, webhook and ca-injector now log their version and git commit on startup for easier debugging and support. (#8072, @prasad89)
Updated certificate metrics to the collector approach. (#7856, @hjoshi123)

Bug or Regression

ACME: Increased challenge authorization timeout to 2 minutes to fix error waiting for authorization (#7796, @hjoshi123)
BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (#7816, @kinolaev)
Enforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (class, ingressClassName, name) are specified simultaneously (#8021, @lunarwhite)
Increase maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities (#7961, @SgtCoDFish)
Reverted adding the global.rbac.disableHTTPChallengesRole Helm option. (#7836, @inteon)
This change removes the path label of core ACME client metrics and will require users to update their monitoring dashboards and alerting rules if using those metrics. (#8109, @mladen-rusev-cyberark)
Use the latest version of ingress-nginx in E2E tests to ensure compatibility (#7792, @wallrj)

Other (Cleanup or Flake)

Helm: Fix naming template of tokenrequest RoleBinding resource to improve consistency (#7761, @lunarwhite)
Improve error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data (#7928, @SgtCoDFish)
Major upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. (#8003, @hjoshi123)
Update kind images to include the Kubernetes 1.33 node image (#7786, @wallrj)
Use maps.Copy for cleaner map handling (#8092, @quantpoet)
Vault: Migrate Vault E2E add-on tests from deprecated vault-client-go to the new vault/api client. (#8059, @armagankaratosun)

`v1.19.0-alpha.0`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

⚠️ This is a pre-release. For testing only!

Changes since v1.18.0:

Feature

Add IPv6 rules to the default network policy (#7726, @jcpunk)
Add global.nodeSelector to helm chart to allow for a single nodeSelector to be set across all services. (#7818, @StingRayZA)
Add generated applyconfigurations allowing clients to make type safe server-side apply requests for cert-manager resources. (#7866, @erikgb)
Added API defaults to issuer references group (cert-manager.io) and kind (Issuer). (#7414, @erikgb)
Added certmanager_certificate_challenge_status Prometheus metric. (#7736, @hjoshi123)
Added protocol field for rfc2136 DNS01 provider (#7881, @hjoshi123)
CAInjectorMerging has been promoted to BETA and is now enabled by default (#8017, @ThatsMrTalbot)
Feature: Add support for ACME profiles extension. (#7777, @wallrj)
Support configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global --acme-http01-solver-resource-* settings. (#7972, @lunarwhite)
The controller, webhook and ca-injector now logs its version and git commit on startup for easier debugging and support. (#8072, @prasad89)
Updated certificate metrics to the collector approach. (#7856, @hjoshi123)

Bug or Regression

ACME: Increased challenge authorization timeout to 2 minutes to fix error waiting for authorization (#7796, @hjoshi123)
BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (#7816, @kinolaev)
Enforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (class, ingressClassName, name) are specified simultaneously (#8021, @lunarwhite)
Increase maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities (#7961, @SgtCoDFish)
Reverted adding the global.rbac.disableHTTPChallengesRole Helm option. (#7836, @inteon)
Use the latest version of ingress-nginx in E2E tests to ensure compatibility (#7792, @wallrj)

Other (Cleanup or Flake)

Helm: Fix naming template of tokenrequest RoleBinding resource to improve consistency (#7761, @lunarwhite)
Improve error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data (#7928, @SgtCoDFish)
Major upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. (#8003, @hjoshi123)
Update kind images to include the Kubernetes 1.33 node image (#7786, @wallrj)
Use maps.Copy for cleaner map handling (#8092, @quantpoet)

`v1.18.6`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.18.6 is a simple patch release to fix some reported vulnerabilities, most notably CVE-2025-68121.

NB: We didn't attempt to patch CVE-2026-24051 but that vulnerability affects macOS only, so cert-manager will be unaffected.

Changes by Kind

Bug or Regression

Bump Go to address CVE-2025-68121 (#8525, @SgtCoDFish)

`v1.18.5`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

This release contains three bug fixes, including a fix for the MODERATE severity DoS issue in GHSA-gx3x-vq4p-mhhv. All users should upgrade to the latest release.

Changes by Kind

Bug or Regression

Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. (#8414, @cert-manager-bot)
Fixed an issue where HTTP-01 challenges failed when the Host header contains an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. (#8437, @cert-manager-bot)
Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. (#8467, @SgtCoDFish)

Other (Cleanup or Flake)

Bump go to 1.24.12 (#8460, @SgtCoDFish)

`v1.18.4`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We updated Go to fix some vulnerabilities in the standard library.

📖 Read the full 1.18 release notes on the cert-manager.io website before upgrading.

Changes since `v1.18.3`

Bug or Regression

Address false positive vulnerabilities CVE-2025-47914 and CVE-2025-58181 which were reported by Trivy. (#8282, @SgtCoDFish)
Update Go to v1.24.11 to fix CVE-2025-61727 and CVE-2025-61729 (#8295, @wallrj-cyberark)

Other (Cleanup or Flake)

Update cert-manager's ACME client, forked from golang/x/crypto (#8271, @SgtCoDFish)
Updated Debian 12 distroless base images (#8328, @wallrj-cyberark)

`v1.18.3`

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We fixed a bug which caused certificates to be re-issued unexpectedly, if the issuerRef kind or group was changed to one of the "runtime" default values. We increased the size limit when parsing PEM certificate chains to handle leaf certificates with large numbers of DNS named or other identities. We upgraded Go to 1.24.9 to fix various non-critical security vulnerabilities.

📖 Read the full 1.18 release notes on the cert-manager.io website before upgrading.

Changes since v1.18.2:

Bug or Regression

BUGFIX: in case kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed (#8174, @cert-manager-bot)
Bump Go to 1.24.9. Fixes the following vulnerabilities: CVE-2025-61724, CVE-2025-58187, CVE-2025-47912, CVE-2025-58183, CVE-2025-61723, CVE-2025-58186, CVE-2025-58185, CVE-2025-58188, CVE-2025-61725 (#8176, @wallrj-cyberark)
Increase maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities (#7966, @cert-manager-bot)

Other (Cleanup or Flake)

Improve error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data (#7964, @cert-manager-bot)
Upgrades Go to v1.24.6 (#7974, @SgtCoDFish)

kubernetes-csi/csi-driver-nfs (csi-driver-nfs)

`v4.13.3`: release

Compare Source

What's Changed

chore: pin all GitHub Actions to full-length commit SHAs by @andyzhangx in #1094
[release-4.13] fix: update csi release tools to fix broken image build due to missing gcb-docker-gcloud image by @andyzhangx in #1096
fix: set nodeDriverRegistrar.livenessProbe.enabled default to true by @andyzhangx in #1101
fix: cherry-pick #1102 - correct storageclass annotations and node dnsPolicy in latest chart by @andyzhangx in #1104
feat: add --timeout flag for node-driver-registrar (cherry-pick to release-4.13) by @andyzhangx in #1107
fix: correct storageclass annotations and node dnsPolicy in latest chart by @andyzhangx in #1103
[release-4.13] fix: detect and remount stale NFS mounts in NodePublishVolume by @k8s-infra-cherrypick-robot in #1109
[release-4.13] fix: use syscall.Chmod to correctly handle setgid/setuid/sticky bits in mountPermissions by @k8s-infra-cherrypick-robot in #1110
[release-4.13] fix: preserve file timestamps when restoring snapshots via TarUnpack by @k8s-infra-cherrypick-robot in #1120
[release-4.13] chore: bump Go version to 1.25.10 in trivy workflow by @k8s-infra-cherrypick-robot in #1123
[release-1.20] fix: CVE-2026-29181 by @andyzhangx in #1124
[release-4.13] fix: build with go1.26.3 to fix go CVE by @andyzhangx in #1129
[release-4.13] chore(deps): bump build-image/debian-base from bookworm-v1.0.7 to bookworm-v1.0.8 by @k8s-infra-cherrypick-robot in #1138
[release-4.13] fix: CVE-2026-35469 by @andyzhangx in #1141
[release-4.13] chore: bump Go version to 1.25.11 in trivy workflow by @k8s-infra-cherrypick-robot in #1149
[release-4.13] fix: build with go1.26.4 to fix go CVE by @andyzhangx in #1151
Update csi-release-tools for release-4.13 by @andyzhangx in #1155
[release-4.13] fix: prevent liveness-probe port conflict during controller rolling update by @k8s-infra-cherrypick-robot in #1156
[release-4.13] fix: prevent VolumeSnapshotClass server/share from overriding source volume mount in CreateSnapshot by @k8s-infra-cherrypick-robot in #1159
doc: cut v4.13.3 release by @andyzhangx in #1160

Full Changelog: https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.13.2...v4.13.3

`v4.13.2`: release

Compare Source

What's Changed

[release-4.13] fix: avoid VolumeAttributesClass error logs in csi sidecar containers by @andyzhangx in #1049
[release-4.13] test: upgrade to golint 2.10 by @k8s-infra-cherrypick-robot in #1069
[release-4.13] test: fix CVE-2026-25679 in trivy action by @k8s-infra-cherrypick-robot in #1070
[release-4.13] security: Update trivy-action to use sha for v0.35.0 by @k8s-infra-cherrypick-robot in #1076
fix: CVE-2026-33186 by @andyzhangx in #1077
[release-4.13] chore: build with go1.25.9 by @andyzhangx in #1085
[release-4.13] test: fix trivy action failure by @k8s-infra-cherrypick-robot in #1083
[release-4.13] cleanup: add validatePath to newNFSVolume by @k8s-infra-cherrypick-robot in #1089
doc: cut v4.13.2 release by @andyzhangx in #1092

Full Changelog: https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.13.1...v4.13.2

`v4.13.1`: release

Compare Source

What's Changed

[release-4.13] chore: validate mount path by @k8s-infra-cherrypick-robot in #1041
[release-4.13] chore: Update csi release tools by @andyzhangx in #1043
doc: cut v4.13.1 release by @andyzhangx in #1042

New Contributors

@k8s-infra-cherrypick-robot made their first contribution in #1041

Full Changelog: https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.13.0...v4.13.1

`v4.13.0`: release

Compare Source

What's Changed

chore(deps): bump golang.org/x/net from 0.45.0 to 0.46.0 by @dependabot[bot] in #979
doc: cut v4.12.0 release by @andyzhangx in #978
chore: Update csi release tools by @andyzhangx in #981
chore(deps): bump golang.org/x/mod from 0.28.0 to 0.29.0 by @dependabot[bot] in #982
chore: Update csi release tools by @andyzhangx in #984
doc: update new chart versions by @andyzhangx in #990
Release tool update by @darshansreenivas in #992
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.26.0 to 2.27.2 by @dependabot[bot] in #996
chore: Update csi release tools by @andyzhangx in #997
chore: upgrade CSI driver sidecar image versions by @andyzhangx in #1000
fix: CVE-2025-52881 by @andyzhangx in #1003
test: upgrade to csi-test v5.4.0 by @andyzhangx in #1005
fix: CVE-2025-58181 by @andyzhangx in #1007
chore(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0 by @dependabot[bot] in #1008
chore(deps): bump golang.org/x/mod from 0.29.0 to 0.30.0 by @dependabot[bot] in #1009
doc: fix volumeHandle format by @andyzhangx in #1010
Make baseRepo feature work by default without per-image repository overrides by @Copilot in #1012
test: fix trivy CVE-2025-61727 by @andyzhangx in #1013
docs: fix typo (hlem → helm) by @thakurnishu in #1016
chore(deps): bump github.com/onsi/gomega from 1.38.2 to 1.38.3 by @dependabot[bot] in #1017
fix: CVE-2025-13281 by @andyzhangx in #1021
chore: upgrade csi-provisioner to v6.1.0 by @andyzhangx in #1020
chore: build image with go1.24.11 to fix CVE by @andyzhangx in #1022
cleanup: refine mount time out error message by @andyzhangx in #1023
test: fix CVE-2025-61726 trivy failure by @andyzhangx in #1027
chore(deps): bump build-image/debian-base from bookworm-v1.0.6 to bookworm-v1.0.7 by @dependabot[bot] in #1028
chore: Update csi release tools by @andyzhangx in #1029
feat: add optional healthcheck for node-driver-registrar by @ajhetherington in #1026
feat: add --enable-snapshot-compression flag to control snapshot compression by @Copilot in #1011
chore: remove vendor-specific cloud-provider-azure dependency from generic NFS CSI driver by @Copilot in #1024

New Contributors

@darshansreenivas made their first contribution in #992
@Copilot made their first contribution in #1012
@thakurnishu made their first contribution in #1016
@ajhetherington made their first contribution in #1026

Full Changelog: https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.12.0...v4.13.0

`v4.12.1`: release

Compare Source

What's Changed

doc: cut v4.12.1 release by @andyzhangx in #987
[release-4.12] chore: Update csi release tools by @andyzhangx in #988

Full Changelog: https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.12.0...v4.12.1

`v4.12.0`: release

Compare Source

What's Changed

doc: cut v4.11.0 release by @andyzhangx in #880
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.0 to 2.23.1 by @dependabot[bot] in #883
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.1 to 2.23.2 by @dependabot[bot] in #884
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.2 to 2.23.3 by @dependabot[bot] in #887
chore(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6 by @dependabot[bot] in #888
chore(deps): bump github.com/onsi/gomega from 1.36.2 to 1.36.3 by @dependabot[bot] in #890
chore: use go1.24 by @andyzhangx in #895
chore(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 by @dependabot[bot] in #893
chore(deps): bump google.golang.org/grpc from 1.71.0 to 1.71.1 by @dependabot[bot] in #896
chore(deps): bump github.com/onsi/gomega from 1.36.3 to 1.37.0 by @dependabot[bot] in #897
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 by @dependabot[bot] in #898
chore(deps): bump golang.org/x/net from 0.38.0 to 0.39.0 by @dependabot[bot] in #900
test: fix CVE-2025-22871 in trivy action by @andyzhangx in #902
chore: upgrade resizer sidecar image version to v1.13.2 by @andyzhangx in #903
feat: add POD_NAMESPACE environment var by @mfhunruh in #901
chore(deps): bump google.golang.org/grpc from 1.71.1 to 1.72.0 by @dependabot[bot] in #904
chore: upgrade snapshot sidecar image to v8.2.1 by @andyzhangx in #905
fix: goroutine leak when timeout by @andyzhangx in #907
chore(deps): bump golang.org/x/net from 0.39.0 to 0.40.0 by @dependabot[bot] in #910
chore: create voume/snapshot should respect mountOptions in secret by @andyzhangx in #911
chore(deps): bump google.golang.org/grpc from 1.72.0 to 1.72.1 by @dependabot[bot] in #913
chore(deps): bump google.golang.org/grpc from 1.72.1 to 1.72.2 by @dependabot[bot] in #916
chore: upgrade sidecar image versions by @andyzhangx in #920
chore(deps): bump google.golang.org/grpc from 1.72.2 to 1.73.0 by @dependabot[bot] in #922
chore(deps): bump golang.org/x/mod from 0.24.0 to 0.25.0 by @dependabot[bot] in #924
test: fix CVE-2025-4673 in trivy action by @andyzhangx in #926
chore(deps): bump build-image/debian-base from bookworm-v1.0.4 to bookworm-v1.0.5 by @dependabot[bot] in #928
chore(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 by @dependabot[bot] in #925
chore(deps): bump sigs.k8s.io/yaml from 1.4.0 to 1.5.0 by @dependabot[bot] in #931
chore: upgrade snapshot and csi-resizer image versions by @andyzhangx in #932
chore(deps): bump golang.org/x/mod from 0.25.0 to 0.26.0 by @dependabot[bot] in #933
chore(deps): bump golang.org/x/net from 0.41.0 to 0.42.0 by @dependabot[bot] in #934
chore(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.0 by @dependabot[bot] in #935
chore(deps): bump google.golang.org/grpc from 1.74.0 to 1.74.2 by @dependabot[bot] in #936
chore(deps): bump github.com/onsi/gomega from 1.37.0 to 1.38.0 by @dependabot[bot] in #937
chore(deps): bump sigs.k8s.io/yaml from 1.5.0 to 1.6.0 by @dependabot[bot] in #938
chore(deps): bump golang.org/x/net from 0.42.0 to 0.43.0 by @dependabot[bot] in #941
chore(deps): bump golang.org/x/mod from 0.26.0 to 0.27.0 by @dependabot[bot] in #942
test: fix CVE-2025-47907 trivy test failure by @andyzhangx in #943
chore(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.7 by @dependabot[bot] in #947
chore(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in #948
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.4 to 2.25.0 by @dependabot[bot] in #951
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.25.0 to 2.25.1 by @dependabot[bot] in #952
chore(deps): bump github.com/onsi/gomega from 1.38.0 to 1.38.1 by @dependabot[bot] in #953
chore(deps): bump google.golang.org/grpc from 1.74.2 to 1.75.0 by @dependabot[bot] in #954
fix: CVE-2025-5187 by @andyzhangx in #956
chore(deps): bump actions/setup-go from 5 to 6 by @dependabot[bot] in #958
chore(deps): bump github.com/onsi/gomega from 1.38.1 to 1.38.2 by @dependabot[bot] in #957
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.25.1 to 2.25.3 by @dependabot[bot] in #959
chore(deps): bump golang.org/x/mod from 0.27.0 to 0.28.0 by @dependabot[bot] in #960
chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 by @dependabot[bot] in #961
chore(deps): bump google.golang.org/protobuf from 1.36.7 to 1.36.9 by @dependabot[bot] in #962
chore(deps): bump google.golang.org/grpc from 1.75.0 to 1.75.1 by @dependabot[bot] in #963
chore(deps): bump golang.org/x/net from 0.43.0 to 0.44.0 by @dependabot[bot] in #964
chore(deps): bump build-image/debian-base from bookworm-v1.0.5 to bookworm-v1.0.6 by @dependabot[bot] in #966
chore: upgrade csi sidecar image versions by @andyzhangx in #967
doc: update semver change doc for helm chart install by @andyzhangx in #969
chore(deps): bump google.golang.org/protobuf from 1.36.9 to 1.36.10 by @dependabot[bot] in #970
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.25.3 to 2.26.0 by @dependabot[bot] in #971
chore(deps): bump google.golang.org/grpc from 1.75.1 to 1.76.0 by @dependabot[bot] in #972
chore(deps): bump github/codeql-action from 3 to 4 by @dependabot[bot] in #975
chore(deps): bump golang.org/x/net from 0.44.0 to 0.45.0 by @dependabot[bot] in #976
feat: support multiple storage classes creation using helm chart by @andyzhangx in #977

New Contributors

@mfhunruh made their first contribution in #901

Full Changelog: https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.11.0...v4.12.0

metallb/metallb (metallb/metallb)

`v0.16.1`

Compare Source

pnpm/pnpm (pnpm)

`v10.34.4`

Compare Source

`v10.34.3`: pnpm 10.34.3

Compare Source

⚠️ Security fix — environment variables in a project `.npmrc` (action may be required)

Following GHSA-3qhv-2rgh-x77r, pnpm no longer expands ${ENV_VAR} placeholders that come from a repository-controlled config file, because a malicious repository could otherwise use them to leak your environment secrets (npm tokens, CI job tokens, etc.) to an attacker-controlled registry during install. This applies to:

the project/workspace .npmrc — registry, @scope:registry, proxy URLs, URL-scoped keys (//host/…), and credential values (_authToken, _auth, _password, username, tokenHelper, cert, key);
registry URLs in pnpm-workspace.yaml.

This release also closes a bypass where a project .npmrc could set userconfig, globalconfig, or prefix to make pnpm load a repo-supplied file as trusted config (via @pnpm/npm-conf@3.0.3).

Environment variables are still expanded in trusted config: your user-level ~/.npmrc, the global config, CLI options, and environment config.

If your authentication broke after upgrading, move the token out of the committed .npmrc:


# Writes to your user/global config, not the repository:
pnpm config set "//registry.npmjs.org/:_authToken" "$NPM_TOKEN"

Or keep the ${NPM_TOKEN} line but put it in your user-level ~/.npmrc instead of the repo. In GitHub Actions, actions/setup-node with registry-url already writes a user-level .npmrc, so NODE_AUTH_TOKEN keeps working. For other CI where editing each pipeline is hard, set NPM_CONFIG_USERCONFIG=.npmrc in the CI environment to declare the project .npmrc trusted.

See https://pnpm.io/npmrc for full migration details.

Patch Changes

Improved the warning printed when a project .npmrc uses an environment variable in a registry/proxy URL or in registry credentials. The message now explains why the setting was ignored and how to migrate it to a trusted source — for example by running pnpm config set "<key>" <value> to store it in the global config, or by keeping the ${...} line in the user-level ~/.npmrc — with a link to https://pnpm.io/npmrc.
A repository-controlled project or workspace .npmrc can no longer redirect which files pnpm loads as its trusted user and global configuration. Previously such a file could set userconfig, globalconfig, or prefix to point at an attacker-supplied file shipped in the repository, and pnpm would load it as a trusted config source — bypassing the protection that prevents repository config from expanding environment variables into registry request destinations and credentials, and allowing it to set tokenHelper. The user/global config file locations are now resolved only from trusted sources (CLI options, environment config, the npm builtin config, and defaults) before the project and workspace .npmrc files are read. Fixed by upgrading @pnpm/npm-conf to 3.0.3.

Platinum Sponsors

Gold Sponsors

`v10.34.2`: pnpm 10.34.2

Compare Source

⚠️ Security fix — environment variables in a project `.npmrc` (action may be required)

the project/workspace .npmrc — registry, @scope:registry, proxy URLs, URL-scoped keys (//host/…), and credential values (_authToken, _auth, _password, username, tokenHelper, cert, key);
registry URLs in pnpm-workspace.yaml.

This release also closes a bypass where a project .npmrc could set userconfig, globalconfig, or prefix to make pnpm load a repo-supplied file as trusted config (via @pnpm/npm-conf@3.0.3).

Environment variables are still expanded in trusted config: your user-level ~/.npmrc, the global config, CLI options, and environment config.

If your authentication broke after upgrading, move the token out of the committed .npmrc:


# Writes to your user/global config, not the repository:
pnpm config set "//registry.npmjs.org/:_authToken" "$NPM_TOKEN"

See https://pnpm.io/npmrc for full migration details.

Patch Changes

Package-manager bootstrap traffic is now resolved through trusted registries and trusted network config. When pnpm downloads the pnpm version requested by a repository's packageManager field, the registry it fetches from (and the proxy/TLS settings used for that traffic) now come exclusively from trusted config sources — CLI options, env config, user and global .npmrc — defaulting to the public npm registry, instead of the repository's project/workspace settings.
pnpm now verifies the npm registry signature of a package-manager binary before spawning it. When the packageManager field (or pnpm self-update) makes pnpm download another pnpm version, the staged install is verified corepack-style: the integrity recorded in the staged lockfile must carry a valid npm registry signature for the exact name@version, validated against npm's public signing keys that ship embedded in the pnpm CLI. Verification fails closed — a tampered download, an unsigned package, or an unreachable registry refuses the version switch rather than running an unverified binary. It runs only when the wanted version is actually downloaded (a tools-directory cache miss), so repeated commands pay no extra network round trip.
Environment variable expansion is now trust-aware for registry/auth config and request destinations. Repository-controlled config files (the project and workspace .npmrc and pnpm-workspace.yaml) can no longer expand ${...} placeholders in registry/proxy request destinations, URL-scoped keys, or registry credential values, preventing repository-controlled configuration from exfiltrating environment secrets through request URLs. Trusted user/global/CLI/env config keeps full env expansion, so existing token and registry setup flows continue to work.
Reject reserved manifest bin names ("", ".", "..", and scoped forms such as @scope/..) when resolving a package's bins. These names previously passed the bin-name guard and, when joined to the global bin directory during global remove/update/add operations, could resolve to the global bin directory itself or its parent and have it recursively deleted.
Require trusted package identity before package-name onlyBuiltDependencies (and allowBuilds) entries can approve lifecycle scripts for git, git-hosted tarball, direct tarball, and local directory artifacts. To approve one of those artifacts explicitly, use its peer-suffix-free lockfile depPath as the key. Lockfile entries are now rejected when a registry-style dependency path (name@semver) is backed by a git, directory, or git-hosted tarball resolution (ERR_PNPM_RESOLUTION_SHAPE_MISMATCH), so the dependency path is a reliable artifact identity by the time scripts can run.
pnpm now verifies the detached OpenPGP signature of a Node.js release's SHASUMS256.txt against the Node.js release team's public keys (embedded in the pnpm CLI) before trusting its hashes. The Node.js download mirror is repository-configurable (node-mirror:<channel> in .npmrc), and the integrity check previously trusted a SHASUMS256.txt fetched from that same mirror — a circular check that a malicious mirror could satisfy with a tampered binary and matching hashes. A mirror that proxies the real signed SHASUMS keeps working unchanged. Only the release channel publishes signed SHASUMS files, so pre-release channels (rc, nightly, …) remain unverified.

Platinum Sponsors

Gold Sponsors

`v10.34.1`: pnpm 10.34.1

Compare Source

Patch Changes

Reject pnpm-lock.yaml entries whose remote tarball resolution: block is missing the integrity field. Previously the worker that extracts a downloaded tarball skipped hash verification when no integrity was supplied and minted a fresh one from the unverified bytes, so an attacker who could both alter the lockfile (e.g. via a pull request that strips integrity:) and serve modified content at the referenced tarball URL could install a tampered package without any error — including under --frozen-lockfile. pnpm now fails closed at lockfile-read time with ERR_PNPM_MISSING_TARBALL_INTEGRITY. Git-hosted tarballs (gitHosted: true or a URL on codeload.github.com / bitbucket.org / gitlab.com) and file: tarballs are exempt — the commit SHA in a git-host URL and the user-controlled local path already anchor the bytes.

Platinum Sponsors

Gold Sponsors

`v10.34.0`: pnpm 10.34

Compare Source

Minor Changes

Treat tarball-integrity mismatches against the lockfile as a hard failure by default. Previously, pnpm install (non-frozen) would log ERR_PNPM_TARBALL_INTEGRITY, silently re-resolve from the registry, and overwrite the locked integrity — which meant a compromised registry, proxy, or republished version could substitute attacker-controlled content on a clean machine even though the project shipped a committed lockfile.

pnpm install now exits with ERR_PNPM_TARBALL_INTEGRITY and a hint pointing at the new opt-in flag.

The only opt-in is pnpm install --update-checksums — narrowly scoped to refreshing the locked integrity values from what the registry currently serves. Mirrors yarn's flag of the same name. A warning still prints when the bypass takes effect so the operation is auditable.

--force and pnpm update deliberately do not bypass the integrity check. They are routine refresh operations; silently overwriting a locked integrity in those flows would erase the protection a committed lockfile is supposed to provide. --frozen-lockfile behavior is unchanged. --fix-lockfile keeps its documented purpose (filling in missing lockfile entries) and is also not a bypass.

Patch Changes

Pin unscoped per-registry settings (_authToken, _auth, username/_password, tokenHelper, inline cert/key) to the registry declared in the same config source at load time, so a later layer overriding registry= (workspace .npmrc, pnpm-workspace.yaml, CLI --registry) cannot redirect a credential or client certificate authored for a different host. A deprecation warning is emitted whenever an unscoped per-registry setting is encountered, naming the source and the URL it was pinned to. Reported by JUNYI LIU.
Fixed minimumReleaseAge handling when cached metadata is abbreviated. The npm registry returns abbreviated package metadata (without the per-version time field) by default, which made the maturity check throw ERR_PNPM_MISSING_TIME whenever cached abbreviated metadata was reused. pnpm now upgrades cached abbreviated metadata to the full document via a follow-up fetch when minimumReleaseAge is active, persists the upgrade to the on-disk cache so subsequent installs skip the extra fetch, and lets ERR_PNPM_MISSING_TIME from the cache fast-path fall through to the network fetch even under strict mode.
Reject git resolutions whose commit field is not a 40-character hexadecimal SHA before invoking git. A malicious lockfile could otherwise smuggle a value such as --upload-pack=<command> through git fetch / git checkout, which on SSH or local-file transports executes the supplied command.
Reject patch files whose diff --git headers reference paths outside the patched package directory. Previously a malicious .patch file added via a pull request could write, delete, or rename arbitrary files reachable by the user running pnpm install.
Fixed --prefix=<dir> not being honored when locating the workspace root. The --prefix → dir rename was applied after workspace detection, so workspace settings declared in <dir>/pnpm-workspace.yaml were not loaded when pnpm was invoked from outside <dir> #11535.
Reject dependency aliases that contain path-traversal segments (such as @x/../../../../../.git/hooks) when reading them from a package manifest or symlinking them into node_modules. A malicious registry package could otherwise use a transitive dependency key to make pnpm install create symlinks at attacker-chosen paths outside the intended node_modules directory.

Platinum Sponsors

Gold Sponsors

`v10.33.4`: pnpm 10.33.4

Compare Source

Patch Changes

Pin the integrity of git-hosted tarballs (codeload.github.com, gitlab.com, bitbucket.org) in the lockfile so that subsequent installs detect a tampered or substituted tarball and refuse to install it. Previously the lockfile only stored the tarball URL for git dependencies, so a compromised git host or a man-in-the-middle could serve arbitrary code on later installs without lockfile changes.

A new gitHosted: true field is recorded on git-hosted tarball resolutions in the lockfile, letting every reader/writer route them by a single typed check instead of pattern-matching the tarball URL in each call site. Lockfiles written by older pnpm versions are enriched on load (URL fallback) so the field can be relied on uniformly across the codebase.
Fix a regression where pnpm --recursive --filter '!<pkg>' run/exec/test/add would include the workspace root in the matched projects. The workspace root is now correctly excluded by default when only negative --filter arguments are provided, matching the documented behavior. To include the root, pass --include-workspace-root #11341.

Platinum Sponsors

Gold Sponsors

`v10.33.3`: pnpm 10.33.3

Compare Source

Patch Changes

When self-updating from v10's @pnpm/exe to v11+ on Intel macOS (darwin-x64), pnpm self-update now transparently switches to the JS-only pnpm package on npm instead of installing @pnpm/exe@v11+ (which doesn't ship a working binary for Intel Macs because of an upstream Node.js SEA bug — see #11423 and nodejs/node#62893). Without this, the self-update would silently leave the user with no working pnpm binary. The new install requires Node.js to be available on PATH; a warning is printed when the swap happens. All other host/version combinations are unchanged.
pnpm self-update (with no version argument) no longer downgrades pnpm when the registry's latest dist-tag points to an older release than the currently active version. Run pnpm self-update latest to force a downgrade #11418.

Platinum Sponsors

Gold Sponsors

`v10.33.2`: pnpm 10.33.2

Compare Source

Patch Changes

Globally-installed bins no longer fail with ERR_PNPM_NO_IMPORTER_MANIFEST_FOUND when pnpm was installed via the standalone @pnpm/exe binary (e.g. curl -fsSL https://get.pnpm.io/install.sh | sh -) on a system without a separate Node.js installation. Previously, when which('node') failed during pnpm add --global, pnpm fell back to process.execPath, which in @pnpm/exe is the pnpm binary itself — and that path was baked into the generated bin shim, causing the shim to invoke pnpm instead of Node #11291, #4645.
Fix an infinite fork-bomb that could happen when pnpm was installed with one version (e.g. npm install -g pnpm@A) and run inside a project whose package.json selected a different pnpm version via the packageManager field (e.g. pnpm@B), while a pnpm-workspace.yaml also existed at the project root.

The child's environment is now forced to manage-package-manager-versions=false (v10) and pm-on-fail=ignore (v11+), which disables the package-manager-version handling in whichever pnpm runs as the child.

Fixes #11337.

Platinum Sponsors

Gold Sponsors

`v10.33.1`: pnpm 10.33.1

Compare Source

Patch Changes

When a project's packageManager field selects pnpm v11 or newer, commands that v10 would have passed through to npm (version, login, logout, publish, unpublish, deprecate, dist-tag, docs, ping, search, star, stars, unstar, whoami, etc.) are now handed over to the wanted pnpm, which implements them natively. Previously they silently shelled out to npm — making, for example, pnpm version --help print npm's help on a project with packageManager: pnpm@11.0.0-rc.3 #11328.

Platinum Sponsors

Gold Sponsors

`v10.33.0`: pnpm 10.33

Compare Source

Minor Changes

Added a new dedupePeers setting that reduces peer dependency duplication. When enabled, peer dependency suffixes use version-only identifiers (name@version) instead of full dep paths, eliminating nested suffixes like (foo@1.0.0(bar@2.0.0)). This dramatically reduces the number of package instances in projects with many recursive peer dependencies #11070.

Patch Changes

Fail on incompatible lockfiles in CI when frozen lockfile mode is enabled, while preserving non-frozen CI fallback behavior.
When package metadata is malformed or can't be fetched, the error thrown will now show the originating error.
Fixed intermittent failures when multiple pnpm dlx calls run concurrently for the same package. When the global virtual store is enabled, the importer now verifies file content before skipping a rename, avoiding destructive swap-renames that break concurrent processes. Also tolerates EPERM during bin creation on Windows and properly propagates enableGlobalVirtualStore through the install pipeline.
Fixed handling of non-string version selectors in hoistPeers, preventing invalid peer dependency specifiers.
Improve the non-interactive modules purge error hint to include the confirmModulesPurge=false workaround.

When pnpm needs to recreate node_modules but no TTY is available, the error now suggests either setting CI=true or disabling the purge confirmation prompt via confirmModulesPurge=false.

Adds a regression test for the non-TTY flow.
Fixed false "Command not found" errors on Windows when a command exists in PATH but exits with a non-zero code. Also fixed path resolution for --filter contexts where the command runs in a different package directory.
When a pnpm-lock.yaml contains two documents, ignore the first one. pnpm v11 will write two lockfile documents into pnpm-lock.yaml in order to store pnpm version integrities and config dependency resolutions.
Fixed a bug preventing the clearCache function returned by createNpmResolver from properly clearing metadata cache.

Platinum Sponsors

Gold Sponsors

`v10.32.1`: pnpm 10.32.1

Compare Source

Patch Changes

Fix a regression where pnpm-workspace.yaml without a packages field caused all directories to be treated as workspace projects. This broke projects that use pnpm-workspace.yaml only for settings (e.g. minimumReleaseAge) without defining workspace packages #10909.

Platinum Sponsors

Gold Sponsors

`v10.32.0`: pnpm 10.32

Compare Source

Minor Changes

Added --all flag to pnpm approve-builds that approves all pending builds without interactive prompts #10136.

Patch Changes

Reverted change related to setting explicitly the npm config file path, which caused regressions.
Reverted fix related to lockfile-include-tarball-url. Fixes #10915.

Platinum Sponsors

Gold Sponsors

`v10.31.0`: pnpm 10.31

Compare Source

Minor Changes

When pnpm updates the pnpm-workspace.yaml, comments, string formatting, and whitespace will be preserved.

Patch Changes

Added -F as a short alias for the --filter option in the help output.
Handle undefined pkgSnapshot in pnpm why -r #10700.
Fix headless install not being used when a project has an injected self-referencing file: dependency that resolves to link: in the lockfile.
Fixed a race condition when multiple worker threads import the same package to the global virtual store concurrently. The rename operation now tolerates ENOTEMPTY/EEXIST errors if another thread already completed the import.
When lockfile-include-tarball-url is set to false, tarball URLs are now always excluded from the lockfile. Previously, tarball URLs could still appear for packages hosted under non-standard URLs, making the behavior flaky and inconsistent #6667.
Fixed optimisticRepeatInstall skipping install when overrides, packageExtensions, ignoredOptionalDependencies, patchedDependencies, or peersSuffixMaxLength changed.
Fixed pnpm patch-commit failing with "unable to access '/.config/git/attributes': Permission denied" error in environments where HOME is unset or non-standard (Docker containers, CI systems).

The issue occurred because pnpm was setting HOME and the Windows user profile env var to empty strings to suppress user git configuration when running git diff. This caused git to resolve the home directory (~) as root (/), leading to permission errors when attempting to access /.config/git/attributes.

Now uses GIT_CONFIG_GLOBAL: os.devNull instead, which is git's proper mechanism for bypassing user-level configuration without corrupting the home directory path resolution.

Fixes #6537
Fix pnpm why -r --parseable missing dependents when multiple workspace packages share the same dependency #8100.
Fix link-workspace-packages=true incorrectly linking workspace packages when the requested version doesn't match the workspace package's version. Previously, on fresh installs the version constraint is overridden to * in the fallback resolution paths, causing any workspace package with a matching name to be linked regardless of version #10173.
Fixed pnpm update --interactive table breaking with long version strings (e.g., prerelease versions like 7.0.0-dev.20251209.1) by dynamically calculating column widths instead of using hardcoded values #10316.
Explicitly tell npm the path to the global rc config file.
The parameter set by the --allow-build flag is written to allowBuilds.
Fix a bug in which specifying filter on pnpm-workspace.yaml would cause pnpm to not detect any projects.
Print help message on running pnpm dlx without arguments and exit.

Platinum Sponsors

Gold Sponsors

`v10.30.3`: pnpm 10.30.3

Compare Source

Patch Changes

Fixed version switching via packageManager field failing when pnpm is installed as a standalone executable in environments without a system Node.js #10687.

Platinum Sponsors

Gold Sponsors

`v10.30.2`: pnpm 10.30.2

Compare Source

Patch Changes

Fix auto-installed peer dependencies ignoring overrides when a stale version exists in the lockfile.
Fixed "input line too long" error on Windows when running lifecycle scripts with the global virtual store enabled #10673.
Update @zkochan/js-yaml to fix moderate vulnerability.

Platinum Sponsors

Gold Sponsors

`v10.30.1`: pnpm 10.30.1

Compare Source

Patch Changes

Use the /-/npm/v1/security/audits/quick endpoint as the primary audit endpoint, falling back to /-/npm/v1/security/audits when it fails #10649.

Platinum Sponsors

Gold Sponsors

`v10.30.0`: pnpm 10.30

Compare Source

Minor Changes

pnpm why now shows a reverse dependency tree. The searched package appears at the root with its dependents as branches, walking back to workspace roots. This replaces the previous forward-tree output which was noisy and hard to read for deeply nested dependencies.

Patch Changes

Revert pnpm why dependency pruning to prefer correctness over memory consumption. Reverted PR: #7122.
Optimize pnpm why and pnpm list performance in workspaces with many importers by sharing the dependency graph and materialization cache across all importers instead of rebuilding them independently for each one #10596.

Platinum Sponsors

Gold Sponsors

`v10.29.3`: pnpm 10.29.3

Compare Source

Patch Changes

Fixed an out-of-memory error in pnpm list (and pnpm why) on large dependency graphs by replacing the recursive tree builder with a two-phase approach: a BFS dependency graph followed by cached tree materialization. Duplicate subtrees are now deduplicated in the output, shown as "deduped (N deps hidden)" #10586.
Fixed allowBuilds not working when set via .pnpmfile.cjs #10516.
When the enableGlobalVirtualStore option is set, the pnpm deploy command would incorrectly create symlinks to the global virtual store. To keep the deploy directory self-contained, pnpm deploy now ignores this setting and always creates a localized virtual store within the deploy directory.
Fixed minimumReleaseAgeExclude not being respected by pnpm dlx #10338.

Platinum Sponsors

Gold Sponsors

`v10.29.2`: pnpm 10.29.2

Compare Source

Patch Changes

Reverted a fix shipped in v10.29.1, which caused another issue #10571.
Reverted fix: Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #10497.

Platinum Sponsors

Gold Sponsors

`v10.29.1`: pnpm 10.29.1

Compare Source

Minor Changes

The pnpm dlx / pnpx command now supports the catalog: protocol. Example: pnpm dlx shx@catalog:.
Support configuring auditLevel in the pnpm-workspace.yaml file #10540.
Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #10436.

Patch Changes

Fixed pnpm list --json returning incorrect paths when using global virtual store #10187.
Fix pnpm store path and pnpm store status using workspace root for path resolution when storeDir is relative #10290.
Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists #10497.
Fixed a bug where catalogMode: strict would write the literal string "catalog:" to pnpm-workspace.yaml instead of the resolved version specifier when re-adding an existing catalog dependency #10176.
Fixed the documentation URL shown in pnpm completion --help to point to the correct page at https://pnpm.io/completion #10281.
Skip local file: protocol dependencies during pnpm fetch. This fixes an issue where pnpm fetch would fail in Docker builds when local directory dependencies were not available #10460.
Fixed pnpm audit --json to respect the --audit-level setting for both exit code and output filtering #10540.
update tar to version 7.5.7 to fix security issue

Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: CVE-2026-24842
Fix pnpm audit --fix replacing reference overrides (e.g. $foo) with concrete versions #10325.
Fix shamefullyHoist set via updateConfig in .pnpmfile.cjs not being converted to publicHoistPattern #10271.
pnpm help should correctly report if the currently running pnpm CLI is bundled with Node.js #10561.
Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for node_modules/.bin, causing binaries to not be found when running commands like pnpm exec #10457.

Platinum Sponsors

Gold Sponsors

`v10.28.2`: pnpm 10.28.2

Compare Source

Patch Changes

Security fix: prevent path traversal in directories.bin field.
When pnpm installs a file: or git: dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into node_modules.

This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., /etc/passwd, ~/.ssh/id_rsa) and have their contents copied when the package is installed.

Note: This only affects file: and git: dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected.
Fixed optional dependencies to request full metadata from the registry to get the libc field, which is required for proper platform compatibility checks #9950.

Platinum Sponsors

Gold Sponsors

`v10.28.1`: pnpm 10.28.1

Compare Source

Patch Changes

Fixed installation of config dependencies from private registries.

Added support for object type in configDependencies when the tarball URL returned from package metadata differs from the computed URL #10431.
Fix path traversal vulnerability in binary fetcher ZIP extraction
- Validate ZIP entry paths before extraction to prevent writing files outside target directory
- Validate BinaryResolution.prefix (basename) to prevent directory escape via crafted prefix
- Both attack vectors now throw ERR_PNPM_PATH_TRAVERSAL error
Support plain http:// and https:// URLs ending with .git as git repository dependencies.

Previously, URLs like https://gitea.example.org/user/repo.git#commit were not recognized as git repositories because they lacked the git+ prefix (e.g., git+https://). This caused issues when installing dependencies from self-hosted git servers like Gitea or Forgejo that don't provide tarball downloads.

Changes:
- The git resolver now runs before the tarball resolver, ensuring git URLs are handled by the correct resolver
- The git resolver now recognizes plain http:// and https:// URLs ending in .git as git repositories
- Removed the isRepository check from the tarball resolver since it's no longer needed with the new resolver order
Fixes #10468
pnpm run -r and pnpm run --filter now fail with a non-zero exit code when no packages have the specified script. Previously, this only failed when all packages were selected. Use --if-present to suppress this error #6844.
Fixed a path traversal vulnerability in tarball extraction on Windows. The path normalization was only checking for ./ but not .\. Since backslashes are directory separators on Windows, malicious packages could use paths like foo\..\..\.npmrc to write files outside the package directory.
When running "pnpm exec" from a subdirectory of a project, don't change the current working directory to the root of the project #5759.
Fixed a path traversal vulnerability in pnpm's bin linking. Bin names starting with @ bypassed validation, and after scope normalization, path traversal sequences like ../../ remained intact.
Revert Try to avoid making network calls with preferOffline #10334.
Fix --save-peer to write valid semver ranges to peerDependencies for protocol-based installs (e.g. jsr:) by deriving from resolved versions when available and falling back to * if none is available #10417.
Do not exclude the root workspace project, when it is explicitly selected via a filter #10465.

Platinum Sponsors

Gold Sponsors

bpg/terraform-provider-proxmox (proxmox)

`v0.111.0`

Compare Source

Features

acme: add write-only data_wo argument to proxmox_acme_dns_plugin (#2962) (cd4ecd7)
disk: add support for ZFS disk/zpool creation with proxmox_node_disk_zfs (#2952) (087b1d0)
openid: add write-only client_key_wo to proxmox_realm_openid (#2964) (0ef7bdc)

Miscellaneous

ci: Update actions/checkout action (v6.0.3 → v7.0.0) (#2958) (0a5bf04)
docs: update README.md (5fd272a)

`v0.110.0`

Compare Source

Features

cluster: add dynamic crs ha scheduler and auto-rebalance options (#2940) (1b14b39)
file: add ImportState to proxmox_virtual_environment_download_file (#2938) (e7a1032)
storage: add options parameter for proxmox_storage_cifs resource (#2947) (e152990)
storage: add create_base_path and create_subdirs base options for cifs,nfs,dir storage resources (#2949) (c1262fd)

Bug Fixes

core: surface underlying error on SSH file transfer failure (#2956) (45d73a6)
node: accept string-typed startall-onboot-delay in node config (#2957) (87b7992)

Miscellaneous

deps: update image golang (68cb6d6 → 87a41d2) (#2941) (b5dafd8)
deps: update module golang.org/x/crypto (v0.52.0 → v0.53.0) (#2942) (5bedef1)
deps: update module golang.org/x/net (v0.55.0 → v0.56.0) (#2943) (804860f)

`v0.109.0`

Compare Source

⚠ BREAKING CHANGES

vm: restore ipv4_addresses on refresh for existing VMs (#2932)

Features

vm: add queues option for scsi disks (#2931) (f95abbc)

Bug Fixes

core: bound SSH dial and handshake with a timeout, improve concurrent sudo checks (#2924) (d59b7bb)
vm: restore ipv4_addresses on refresh for existing VMs (#2932) (fdcc890)

Miscellaneous

ci: update actions/checkout action (v6.0.2 → v6.0.3) (#2937) (832d2f8)
ci: update actions/checkout digest (de0fac2 → df4cb1c) (#2936) (e064604)
deps: update image golang (1.26.3 → 1.26.4) (#2933) (3159f24)

`v0.108.0`

Compare Source

Features

access: add audiences parameter to openid realm resource (#2907) (71cfead)
ceph: add proxmox_ceph_status data source (#2910) (776d8bf)
vm: add agent.wait_for_ip.enabled to disable IP lookup (#2923) (58db0a0)

Bug Fixes

access: only warn on inline acl when set in config (#2918) (05f106b)
core: correct errors in diagnostic messages (#2873) (6dfdfb6)
lxc: apply idmap on first boot after container create (#2922) (f062e3e)
vm: prevent VM restart on import from keyboard/agent defaults (#2911) (7080ae0)
vm: refresh hook_script_file_id in read (#2921) (f8b2dd9)
vm: remove node-local devices before migration (#2837) (7290812)

Miscellaneous

ci: update actions/stale digest (b5d41d4 → eb5cf3a) (#2920) (8e93ff7)
deps: update image golang (6df14f4 → 2d6c802) (#2916) (50673a0)
deps: update module github.com/rogpeppe/go-internal (v1.14.1 → v1.15.0) (#2917) (b0c896e)

`v0.107.0`

Compare Source

Features

ceph: add proxmox_ceph_pool resource (#2884) (8fb6738)
ha: add failback attribute to haresource (#2865) (1b5e7d8)
node: add node_config resource and datasource (#2875) (e00e81a)

Bug Fixes

access: gate user/group acl read; deprecate inline acl (e40c1ab)
lxc: avoid nil-bool panic when disk block is omitted (#2908) (053ce10)
lxc: skip empty config PUT for lifecycle-only updates (#2888) (32b1194)
sdn: add missing acceptance build tag to EVPN Zone test (#2872) (93ed6a8)

Miscellaneous

ci: update actions/create-github-app-token action (v3.1.1 → v3.2.0) (#2879) (84f9d53)
ci: update golangci/golangci-lint-action digest (1e7e51e → 82606bf) (#2903) (287ae68)
ci: update goreleaser/goreleaser-action action (v7.2.1 → v7.2.2) (#2909) (4e63070)
ci: update hashicorp/setup-terraform action (v4.0.0 → v4.0.1) (#2878) (519319e)
ci: update hashicorp/setup-terraform digest (5e8dbf3 → dfe3c3f) (#2876) (e9d0381)
ci: use pull_request_target in project-automation (f40c393)
deps: update golangci/golangci-lint (v2.12.1 → v2.12.2) (#2867) (832e174)
deps: update image golang (1.26.2 → 1.26.3) (#2868) (a729891)
deps: update image golang (2981696 → 313faae) (#2877) (4237a30)
deps: update image golang (313faae → 6df14f4) (#2904) (1c97160)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.14.1 → v7.15.0) (#2885) (b4d87e8)
deps: update module golang.org/x/crypto (v0.51.0 → v0.52.0) (#2905) (5c4d15d)
deps: update module golang.org/x/net (v0.53.0 → v0.54.0) (#2870) (c4f2de6)
deps: update module golang.org/x/net (v0.54.0 → v0.55.0) (#2906) (ecb905d)
docs: update terraform local (2.8.0 → 2.9.0) (#2880) (7b51658)
docs: update terraform tls (4.2.1 → 4.3.0) (#2881) (15fc5ab)
vm2: error format sweep (#2861) (047c4d4)

`v0.106.0`

Compare Source

Features

lxc: add support for mknod() feature (#2845) (07f91b4)

Bug Fixes

lxc: allow disabling feature flags on update (#2857) (2f3ae58)
lxc: refresh features, start_on_boot, hookscript in read (#2852) (e316aba)
network: allow unknown ports on linux bridge validate (#2855) (dacac9c)

Miscellaneous

ci: Update actions/add-to-project action (v1.0.2 → v2) (#2860) (5939390)

`v0.105.0`

Compare Source

Features

core: add SFTP file upload method (#2836) (39ca5d3)
network: add vids attribute to proxmox_network_linux_bridge (#2841) (f391b1c)
sdn: add support for EVPN controller (#2839) (ed23beb)

Bug Fixes

acme: mark eab_hmac_key and eab_kid as Sensitive (#2838) (30051b2)
ci: derive bot identity from app-slug output, not /app endpoint (b801d67)
ci: read release PR branch from action output, not gh pr view (52565bb)
lxc: gate host_managed on PVE 9.1+, not 9.0+ (#2828) (d348aed)
network: catch omitted vlan_aware in vids validator (#2849) (9e47424)

Miscellaneous

ci: update goreleaser/goreleaser-action action (v7.1.0 → v7.2.1) (#2831) (2506f61)
ci: Update JetBrains/qodana-action action (v2025.3.2 → v2026.1.0) (#2834) (d485cc9)
code: address Qodana code-quality findings (#2827) (b0e08d7)
core: add nil-safe helpers for nil to value conversion (#2829) (03493e9)
deps: update golangci/golangci-lint (v2.11.4 → v2.12.1) (#2844) (c3a14a3)
deps: update image golang (1e598ea → b54cbf5) (#2830) (16c2280)
deps: update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.40.0 → v2.40.1) (#2843) (114ce5a)
docs: configure context7.json indexing with version sync (ac70974)
lxc: restructure container docs for LLM retrieval (#2833) (7d264d8)

`v0.104.0`

Compare Source

Features

lxc: add host_managed option for container networking (#2812) (03dcffb)

Bug Fixes

lxc: apply disk acl/quota/replicate on container create (#2824) (0d64b73)
vm: stop re-emitting format= on existing import_from disks (#2822) (edfdac6)
vm: treat missing disk volume as not-found during read (#2821) (07cd772)

Miscellaneous

ci: Update googleapis/release-please-action action (v4.4.1 → v5) (#2820) (c607cbc)
ci: update goreleaser/goreleaser-action action (v7.0.0 → v7.1.0) (#2823) (4d86ada)
deps: update github.com/hashicorp/terraform-plugin-* (#2819) (65e1e16)
deps: update image golang (5f3787b → 1e598ea) (#2818) (4e2d74e)
vm2: add design for VM Plugin Framework migration (d824227)
vm2: audit VM resource implementation (#2810) (618e0cb)
vm2: mark PR #1 merged in tracker (8624144)

`v0.103.0`

Compare Source

Features

cluster: refactoring and improving proxmox_metrics_server (#2805) (354abf4)
file: add file_name_regex filter to proxmox_files data source (#2802) (c84eca9)
hw: add proxmox_hardware_pci data source (#2799) (76618a1)

Miscellaneous

cluster: align cluster_options with ADR-003/005 (#2804) (829ba6b)
deps: update image golang (fcdb3e4 → 5f3787b) (#2807) (d067ce0)

`v0.102.0`

Compare Source

⚠ BREAKING CHANGES

lxc: use computed cpu.units value instead of hardcoded 1024 (#2791)

Features

provider: add node_address_source ssh attribute for DNS-based node resolution (#2792) (87d0abb)
vm: add upgrade attribute to cloud-init initialization block (#2788) (e828b52)
vm: wait for guest agent readiness before reboot (#2790) (40317ec)

Bug Fixes

example: update /example/* to use short aliases (d6f1680)
lxc: use computed cpu.units value instead of hardcoded 1024 (#2791) (b54e6c5)

Miscellaneous

ci: update actions/create-github-app-token action (v3.0.0 → v3.1.1) (#2796) (8397ff6)
ci: update actions/setup-go digest (4b73464 → 4a36011) (#2793) (bfbf78c)
ci: update actions/upload-artifact digest (bbbca2d → 043fb46) (#2794) (5c82af8)
ci: update googleapis/release-please-action action (v4.4.0 → v4.4.1) (#2798) (7b10d95)
code: update to use Golang 1.26.x (#2785) (d2f3c70)
deps: update image golang (2a2b4b5 → fcdb3e4) (#2797) (32d0937)
deps: update module github.com/hashicorp/terraform-plugin-mux (v0.23.0 → v0.23.1) (#2795) (19925da)
docs: codify audit-discovered conventions into ADR-003/004/005 (#2787) (d8c8c75)
docs: update links to reference bpg.sh for documentation (b36528a)
docs: update upgrade.md guide (befb41d)

`v0.101.1`

Compare Source

Bug Fixes

docs: add missing examples and import sections for short-name aliases (#2784) (5f59d52)

Miscellaneous

ci: Update actions/github-script action (v8 → v9) (#2782) (c8c9823)
deps: update image golang (1.26.1 → 1.26.2) (#2778) (6805a82)
deps: update image golang (595c784 → cd78d88) (#2777) (ef0c04d)
deps: update module golang.org/x/crypto (v0.49.0 → v0.50.0) (#2780) (a963a30)
deps: update module golang.org/x/net (v0.52.0 → v0.53.0) (#2781) (d167c32)

`v0.101.0`

Compare Source

⚠ BREAKING CHANGES

vm: fix and improve VM datasources, deprecate SDK datasource (#2764)

Features

core: surface PVE task warnings from VM/container operations (#2761) (28850c8)
lxc: add cpu.limit attribute for containers (#2744) (cb25180)
lxc: add full flag to clone block (#2755) (f7010e1)
network: add linux bond interface resource (5db6deb), closes #1980

Bug Fixes

docs: add storage import docs (#2759) (079902f)
hwmapping,ha: better 'not-found' detection in read and delete (#2767) (ac53f8c)
network: adjust Linux Bridge name validator to PVE UI constraint (#2762) (190f7fa)
network: improve consistency of linux network interface resources (#2776) (57a97ce)
vm: fix and improve VM datasources, deprecate SDK datasource (#2764) (0ce6d0c)
vm: use move_disk API for EFI disk and TPM state storage migration (#2757) (c78c873)

Miscellaneous

deps: update module github.com/hashicorp/go-version (v1.8.0 → v1.9.0) (#2760) (7362ba5)
docs: update terraform local (2.7.0 → 2.8.0) (#2765) (0424b01)

`v0.100.0`

Compare Source

⚠ BREAKING CHANGES

vm: set power state of VM centrally (#2508)

Features

access: add short-name aliases for access resources (#2720) (8b690cf)
acme: add short-name aliases for ACME resources (#2721) (d386759)
cluster: add short-name aliases for cluster resources (#2725) (8fafc04)
ha: add short-name aliases for HA resources (#2722) (acd0d9f)
node: add short-name aliases for node resources (#2726) (33914d5)
provider: add short-name aliases for vm, version, and pool resources (#2728) (38dca5a)
sdn: add short-name aliases for SDN resources (#2724) (0028588)
storage: add short-name aliases for storage resources (#2727) (798f1ea)

Bug Fixes

cpu: update docs, tests (033b8f5)
docs: update broken doc links (#2754) (b7d0242)
lychee: update comments for clarity (6fea54e)
vm: mark disk size as computed to prevent passthrough drift (#2718) (cba4dd6)
vm: prevent disk resize revert when combined with config changes (#2751) (f45cf78)
vm: set power state of VM centrally (#2508) (b8ceecd)
vm: support fractional cpulimit values (#2745) (445e47c)

Miscellaneous

core: add migration helpers for resource type name rename (ADR-007) (#2719) (b2bb732)
deps: update golangci/golangci-lint (v2.11.3 → v2.11.4) (#2729) (f95bc46)
dev: update ADRs and reference examples (#2752) (15afbe8)
dev: update code-review skill (a7a489f)
docs: document usage of ZFS storage in acc tests (2eca921)
docs: update FWK reference examples documentation (c20d0be)
test: add tier-based and resource-targeted test execution (#2753) (31b4706)
test: improve acceptance test stability and reliability (#2746) (f54fca2)

`v0.99.0`

Compare Source

Features

backup: add proxmox_backup_job resource and proxmox_backup_jobs data source (#2711) (92b3e88)
file: add proxmox_files data source (#2703) (e848a57)
ha: add proxmox_virtual_environment_harule resource (PVE 9+) (#2682) (31ab05a)
provider: add support for replication (#2661) (ca9a5f7)

Bug Fixes

access: remove overly restrictive username_claim validation on openid realm (#2685) (7782dc5)
ci: correct repository reference in sync-docs workflow (f225107)
ha: handle nil Strict value in HARule and update API response validation (3bf1e8c)
lxc: ignore warnings in container create and clone tasks (#2701) (7f7e36d)
vm: reboot after disk resize when disk is not hotpluggable (#2686) (4ffb2f1)
vm: skip cloud-init device update when only config changed (#2709) (46e8362)

Miscellaneous

ci: Update actions/create-github-app-token action (v2.2.1 → v3.0.0) (#2698) (7983416)
ci: Update dorny/paths-filter action (v3.0.2 → v4.0.1) (#2699) (9828faa)
ci: update jetbrains/qodana-action action (v2025.3.1 → v2025.3.2) (#2712) (98e9407)
deps: bump google.golang.org/grpc from 1.79.2 to 1.79.3 (#2713) (c653d7c)
deps: update github.com/hashicorp/terraform-plugin-* (#2693) (db6522f)
deps: update golangci/golangci-lint (#2670) (979ce29)
deps: update golangci/golangci-lint (v2.11.2 → v2.11.3) (#2692) (a737b37)
deps: update image golang (c7e98cc → 595c784) (#2708) (d6339f9)
deps: update image golang (e2ddb15 → c7e98cc) (#2691) (c33b2ab)
deps: update module golang.org/x/crypto (v0.48.0 → v0.49.0) (#2696) (e7484c2)
deps: update module golang.org/x/net (v0.51.0 → v0.52.0) (#2697) (951bc29)
dev: introduce ADR-007 for resource type name migration to shorter prefix (1c07f6d)

`v0.98.1`

Compare Source

Bug Fixes

pool: support nested pool IDs in API endpoints (#2680) (c6c726b)
provider: preserve null tos in ACME account when API returns empty string (#2672) (f9bbd7d)
vm: replace enumerated network and IP config fields with dynamic unmarshaling (#2679) (e5b2771)
vm: support removal of network devices from VM configuration (#2674) (9b5a978)

Miscellaneous

deps: update image golang (1.26.0 → 1.26.1) (#2669) (9a8d85b)
docs: clarify example prerequisites for SSH, node name, timezone, and DHCP (8f97a34)
vm: deprecate 'enabled' attribute on 'network_device' block (#2678) (65b809d)

`v0.98.0`

Compare Source

Features

access: add OpenID Connect realm resource and documentation (#2655) (51c7535)
lxc: add support for entrypoint attribute (#2543) (178a8ad)

Bug Fixes

lxc: wrong mapping of ignore-unpack-errors attr in create API request (8fe621d)
vm: add started attribute to cloned_vm resource (#2666) (d9b292a)

Miscellaneous

ci: Update crazy-max/ghaction-import-gpg action (v6.3.0 → v7.0.0) (#2665) (e77ea1e)
ci: Update peter-evans/repository-dispatch action (v3 → v4) (#2653) (3408558)
deps: bump cloudflare/circl to v1.6.3 (da4b6ab)
deps: update image golang (9edf713 → fb612b7) (#2663) (369254f)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.14.0 → v7.14.1) (#2664) (b25f773)
docs: fix broken links (c792dc9)
docs: remove TOC section from the main documentation page (d6638f7)
docs: update badge links in readme.md (7de7db1)
docs: update os type l26 linux kernel range for vm (#2657) (cdd7356)
docs: update shields in readme.md (8988f21)
docs: update terraform proxmox (0.97.0 → 0.97.1) (#2648) (6811fb3)
fwk: standardize model files (#2651) (911d8d3)

`v0.97.1`

Compare Source

Bug Fixes

firewall: handle missing security group in Read and fix id override Create (#2647) (f526c39)
hwmapping: enable nested USB hubs (#2636) (d42fe74)
vm,lxc: add name validation (#2631) (53cce6f)
vm: allow adding EFI disk without forcing VM replacement (#2645) (d636403)

Miscellaneous

ci: Update actions/attest-build-provenance action (v3 → v4) (#2641) (de5f833)
ci: update actions/setup-go digest (7a3fe6c → 4b73464) (#2643) (9af341a)
ci: Update actions/upload-artifact action (v6 → v7) (#2642) (4d84904)
ci: Update hashicorp/setup-terraform action (#2635) (af078b7)
ci: update lycheeverse/lychee-action action (v2.7.0 → v2.8.0) (#2638) (5271851)
deps: update github.com/hashicorp/terraform-plugin-* (#2634) (345f785)
deps: update image golang (c83e68f → 9edf713) (#2633) (c47a705)
deps: update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.38.2 → v2.39.0) (#2639) (8b3bff1)
deps: update module golang.org/x/net (v0.50.0 → v0.51.0) (#2640) (587d1fe)
docs: add vm-lifecycle, multi-node, and upgrade guides (#2628) (d2b8729)

`v0.97.0`

Compare Source

Features

lxc: implement idmap support via SSH config file editing (#2579) (63334e1)

Bug Fixes

ci: exclude ARM architecture for Windows builds in goreleaser (9c268a5)
docs: clarify SSH password inheritance with API token auth (#2624) (d453924)
firewall: handle "already exists" error in SG and IPSet create (#2627) (06f3c6f)
firewall: update rules with position awareness (#2593) (2bd6b98)
lxc, vm: add retries for LXC operations, unify retry logic into shared package (#2616) (39c0198)
storage: unknown encryption_key_fingerprint after PBS apply (#2625) (82c49fd)
vm: preserve disk deletions in update request (#2614) (b12111f)
vm: remove duplicate line in ipConfigObjects (#2618) (0a4ab5b)
vm: skip cdrom devices during disk read-back on import (#2626) (64c2db2)

Miscellaneous

ci: update actions/stale digest (9971854 → b5d41d4) (#2611) (fcead36)
ci: Update goreleaser/goreleaser-action action (v6.4.0 → v7.0.0) (#2623) (f7ab67d)
deps: update golangci/golangci-lint (v2.9.0 → v2.10.1) (#2603) (3e64ec4)
docs: update terraform local (2.6.2 → 2.7.0) (#2612) (6da27f6)

`v0.96.0`

Compare Source

Features

cluster: add otel options to metrics server resource (#2595) (32dfac8)
network: add configurable timeout for network reload operations (#2573) (ed8593d)

Bug Fixes

cluster: fix Description body-building bug and standardize delete handling in options (#2601) (a704bb1)
file: retry read-back after upload for distributed storage consistency (#2571) (989a4ba)
hwmapping: add comment validator, fix acceptance tests (#2609) (f943051)
network: properly delete cidr/cidr6 when address is removed from linux (#2587) (a52a11f)
network: properly delete optional fields when removed from VLAN config (#2599) (d0f1704)
node: add CPU utilization to node data source (#2605) (1a1cbbb)
sdn: avoid mtu=0 when omitted for sdn zones (#2584) (66c43d8)
sdn: better apply resiliency, fix import of a pending zone (#2610) (a9ea3c1)
vm: clean up orphaned re-import code and clarify import_from as create-only (#2568) (2160f00)

Miscellaneous

core: unify Delete field type across API client structs (#2604) (d6a66f4)
deps: update golangci/golangci-lint (v2.8.0 → v2.9.0) (#2589) (ee0f07f)
deps: update image golang (1.25.7 → 1.26.0) (#2590) (8f5d598)
deps: update module golang.org/x/crypto (v0.47.0 → v0.48.0) (#2591) (43c295b)
deps: update module golang.org/x/net (v0.49.0 → v0.50.0) (#2592) (7b83dd8)
test: do not run SDN acceptance tests in parallel (#2607) (ac1fabd)
test: fix parallel VM tests execution (#2608) (09500be)

`v0.95.0`

Compare Source

⚠ BREAKING CHANGES

node: correct cpu_count inconsistency between _node and _nodes data sources (#2559)

Bug Fixes

docs: update PR title guidelines for breaking changes and contributor notes (d884c4a)
lxc: apply start_on_boot and features on clone and update (#2562) (b21616a)
node: correct cpu_count inconsistency between _node and _nodes data sources (#2559) (c4d8d6b)
vm: apply custom timeouts on update operations (#2561) (e9bb225)
vm: correctly update hotpluggable devices (#2556) (9d4155a)
vm: reboot before disk resize to prevent pending changes from reverting size (#2563) (3465c84)

Miscellaneous

ci: Update actions/checkout action (v4.2.2 → v6.0.2) (#2554) (9262783)
ci: update actions/checkout digest (8e8c483 → de0fac2) (#2557) (db2bba1)
deps: update image golang (011d6e2 → cc73743) (#2564) (5b10da9)
deps: update image golang (1.25.6 → 1.25.7) (#2552) (d148eb0)
deps: update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.38.1 → v2.38.2) (#2553) (aa1b8ce)
dev: update templates and define skills for LLM agent flows (#2542) (615c670)
docs: add Architecture Decision Records for the dev process (#2546) (97317f6)
docs: add notice to enable 'Import' content type to allow its use with file resources (#2558) (90ce565)
docs: fix links in DEBUGGING.md (8beb699)

`v0.94.0`

Compare Source

Features

firewall: add proxmox_virtual_environment_node_firewall (#2502) (d45f269)

Bug Fixes

lxc: provision mount points when cloning containers (#2529) (67990d7), closes #2518 #2507
network: update reload timeout and retry (#2510) (f66b9dd)
sdn: correct EVPN resource handling and improvements to base zone (#2501) (c159715)
storage: add validator for acceptable values for storage content and update docs (#2519) (fc8b018)
vm: add missing cpu types (#2499) (f51c8df)
vm: handle nil ip_config block in cloud-init during clone (#2527) (4ed5433)
vm: require reboot for CPU core or socket changes (#2534) (3ca754c), closes #2516

`v0.93.1`

Compare Source

Bug Fixes

docs: prevent path traversal in sudoers tee configuration (#2524) (bd604c4)

Miscellaneous

ci: update actions/checkout action (v6.0.1 → v6.0.2) (#2521) (84e0b97)
ci: update actions/setup-go digest (4dc6199 → 7a3fe6c) (#2520) (1a1174c)
deps: update image golang (1.25.5 → 1.25.6) (#2504) (3e75bbb)
deps: update image golang (6cc2338 → 8bbd140) (#2503) (d087c97)
deps: update module golang.org/x/net (v0.48.0 → v0.49.0) (#2506) (9fe808a)
docs: update terraform local (2.6.1 → 2.6.2) (#2522) (8c64b5e)
docs: update terraform tls (4.1.0 → 4.2.1) (#2523) (94d9dd3)

`v0.93.0`

Compare Source

Features

lxc: add path_in_datastore computed attribute for cross-resource refs (#2493) (616ec37)
lxc: enable root disk resize without recreate (#2321) (581782c)
vm: add ha-aware migration for ha-managed vms (#2476) (4f5b4fb)
vm: add support for hotplug parameter (#2356) (891fd41)

Bug Fixes

docs: improve provider documentation readability and structure (#2487) (b9457fa)
example: make lxc container use root provider so it works (#2458) (7e1a379)
lxc: allow mounting existing subvol with size argument (#2491) (0b9e1e0)
ssh: harden try_sudo for PVE 9, improve shell compatibility (#2480) (f3dd703)
vm: prevent initialization drift when cloning VM with user_account (#2486) (dbd4fd5)
vm: resizing disk deletes cdrom / cloud-init (#2484) (ae17149)

Miscellaneous

docs: minor docs fixes and improvements (#2481) (b52af8d)

`v0.92.0`

Compare Source

⚠ BREAKING CHANGES

The proxmox_virtual_environment_download_file resource now checks the upstream URL's Content-Length during every refresh with overwrite=true (default). This restores the original behavior from v0.33.0 that was accidentally removed in v0.78.2. Users who want to disable upstream checking should set overwrite=false.
The proxmox_virtual_environment_firewall_options resource now requires exactly one of vm_id or container_id to be specified. Previously, configurations with only node_name would pass validation but fail at runtime. This change enforces the requirement at validation time.

Features

access: add LDAP realm and sync resources (#2454) (085b73b), closes #1871
docs: add universal LLM Agent instructions and contribution guidelines (#2473) (16abacc)

Bug Fixes

api: detect TFA requirement and return clear error message (#2477) (876849d)
docs: clarify documentation workflow for FWK resources (#2475) (7bd295a)
docs: fix broken links in docs (#2464) (cdeddf8)
docs: update reference to setting up proxmox (#2455) (3c11ffd)
file: restore upstream URL change detection in download_file (#2474) (ad181ee), closes #2470
firewall: make vm_id/container_id required in VM/Container -level firewall options (#2453) (5ded5d4)
storage: prevent "was absent, but now present" error for backups block (#2465) (501c09b)
vm: allow vcpus hotplug without reboot (#2466) (f864d36)
vm: correct disk speed settings for multiple disks and update detection (#2478) (0889c74)

Miscellaneous

deps: update golangci/golangci-lint (v2.7.2 → v2.8.0) (#2472) (5009161)
deps: Update module github.com/avast/retry-go/v4 (v4.7.0 → v5.0.0) (#2452) (1f664be)
docs: remove outdated Ceph handles from apt_standard_repository docs (#2471) (ccbaabd), closes #2421
docs: update terraform proxmox (0.90.0 → 0.91.0) (#2459) (d175ef0)

`v0.91.0`

Compare Source

Features

acme: add support for certificate ordering (#2292) (a2a970d)
sdn: add support for Fabric resources (#2444) (b223dad)
storage: add support for provisioning storage types (NFS/CIFS/PBS/Directory/LVM) (#2130) (f361704)

Bug Fixes

core: handle scientific notation in CustomInt/CustomInt64 unmarshaling (#2431) (4baff92)
vm: allow TPM state updates in place (#2446) (f8717c4)

Miscellaneous

code: cleanup issues reported by static code alalysis (#2442) (686e575)
code: cleanups and linter rules adjustment (#2443) (1eee491)
deps: update image golang (36b4f45 → b6ba523) (#2439) (f82f03c)
deps: update image golang (b6ba523 → 6cc2338) (#2448) (2b22bde)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.12.1 → v7.14.0) (#2438) (4bdd335)
deps: update module github.com/google/go-querystring (v1.1.0 → v1.2.0) (#2440) (ad6b9b2)
docs: add guide for creating VMs from compressed cloud images (#2449) (daa339b)
docs: update contributing guidelines and dev setup guides (#2447) (371e0a1)
docs: update terraform proxmox (0.89.1 → 0.90.0) (#2435) (975f818)

`v0.90.0`

Compare Source

Features

cloned_vm: add cloned VM resource implementation (#2424) (88cad5c)
provider: add ContentType in ListDatastoreFiles (#2423) (773b174)

Miscellaneous

ci: Update actions/upload-artifact action (v5 → v6) (#2419) (3021c54)
ci: update jetbrains/qodana-action action (v2025.2.3 → v2025.2.4) (#2426) (5b2e9ea)
ci: update jetbrains/qodana-action action (v2025.2.4 → v2025.3.1) (#2434) (db3c5bf)
deps: update image golang (20b91ed → a22b2e6) (#2418) (fa883ec)
deps: update image golang (a22b2e6 → 36b4f45) (#2425) (11fccbe)
docs and dev UX improvements (#2427) (a034e8b)

`v0.89.1`

Compare Source

Bug Fixes

vm,lxc: revert deprecation notice for pool_id attribute (#2405) (af3efa9)
vm: allow EFI disk parameter updates without VM recreation (51b8d39), closes #1515
vm: handle disk size mismatch when re-adding removed disk (#2411) (d7346d4)
vm: match CPU type format with PVE (#2409) (63f22db)
vm: prevent perpetual diff when using pool_membership without pool_id (#2408) (acc95bf)
vm: prevent unnecessary reboots on hotplug operations (#2412) (77dc49e), closes #538
vm: retry disk resize on 'does not exist' errors (#2407) (f5f5437)
vm: retry HTTP 500 errors when waiting for agent retrieving IPs (#2410) (c324ef0)

Miscellaneous

ci: update jetbrains/qodana-action action (v2025.2.2 → v2025.2.3) (#2400) (893fd6d)
deps: update golangci/golangci-lint (v2.7.1 → v2.7.2) (#2413) (99e30e1)
deps: update module golang.org/x/crypto (v0.45.0 → v0.46.0) (#2414) (67ac0b1)
deps: update module golang.org/x/net (v0.47.0 → v0.48.0) (#2415) (b0aabfd)

`v0.89.0`

Compare Source

⚠ BREAKING CHANGES

vm: revert cpu.units default to use PVE server default (#2402)

Features

lxc: add env parameter support (#2383) (ef134fc)
oci: add proxmox_virtual_environment_oci_image resource for OCI Images Management (#2373) (86a5bf1)
sdn: add possibility to apply SDN changes on a particular actions (#2386) (01e6433)

Bug Fixes

vm: do not re-import existing disks during update (#2401) (0c7fad9)
vm: revert cpu.units default to use PVE server default (#2402) (c9b8a3f)

Miscellaneous

ci: pin dependencies (#2388) (84bf77d)
ci: update actions/checkout action (v6.0.0 → v6.0.1) (#2398) (5eb8020)
ci: update actions/checkout digest (1af3b93 → 8e8c483) (#2396) (a9926ca)
ci: update actions/create-github-app-token action (v2.2.0 → v2.2.1) (#2399) (2f6c1b4)
ci: Update actions/github-script action (v7 → v8) (#2394) (aaef00e)
ci: update actions/stale digest (5f858e3 → 9971854) (#2397) (cd63393)
ci: update golangci/golangci-lint-action digest (e7fa5ac → 1e7e51e) (#2389) (6593102)
deps: update github.com/hashicorp/terraform-plugin-* (#2392) (459cdfc)
deps: update golangci/golangci-lint (v2.6.2 → v2.7.1) (#2393) (4b5652f)
deps: update image golang (1.25.4 → 1.25.5) (#2390) (54e6aa5)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.12.0 → v7.12.1) (#2391) (5952ae7)

`v0.88.0`

Compare Source

Features

provider: add OTel implementation for metrics resource (#2372) (d37a8bb)
vm,lxc: add wait_for_ip configuration for agent/network interfaces (#2362) (f24add3)
vm: support custom cloud init drive file format (#2375) (ddccd0a)

Bug Fixes

apt: add support for modern APT sources (PVE9+) (#2376) (6f6edec)
disk: restore updating boot disk. (#2150) (0da0bcb)
example: comment out otel metrics server resource (fc94e2a)
lxc: allow container creation/update with correct mountoptions (#2319) (c2dc3a7)
lxc: ignore link-local addresses when waiting for network IPs (#2357) (8c081f5)
vm: convert to template using proper endpoint (#2340) (5615298)
vm: prevent state changes after VM import (#2294) (f0bb501)

Miscellaneous

ci: Update actions/checkout action (#2361) (f5d4676)
ci: update actions/create-github-app-token action (v2.1.4 → v2.2.0) (#2366) (3055dc2)
ci: update actions/setup-go digest (4469467 → 4dc6199) (#2365) (bcce7da)
ci: update golangci/golangci-lint-action digest (0a35821 → e7fa5ac) (#2358) (dd416a1)
ci: update jetbrains/qodana-action action (v2025.2.1 → v2025.2.2) (#2360) (092df22)
deps: update golangci/golangci-lint (v2.5.0 → v2.6.2) (#2304) (0937f2b)
deps: update image golang (e68f6a0 → f60eaa8) (#2359) (b80a193)
deps: update image golang (f60eaa8 → 6981837) (#2370) (faf56bc)
deps: Update module github.com/avast/retry-go/v4 (v4.7.0 → v5.0.0) (#2380) (630240d)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.10.0 → v7.11.0) (#2379) (5e55d92)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.11.0 → v7.12.0) (#2384) (2f7bbb1)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.9.0 → v7.10.0) (#2371) (d3b4847)
deps: update module github.com/hashicorp/go-version (v1.7.0 → v1.8.0) (#2381) (ad38c5b)
deps: update module golang.org/x/crypto (v0.44.0 → v0.45.0) [security] (#2348) (78ce72e)
docs: update terraform local (2.5.3 → 2.6.1) (#2367) (d5b3c64)
update docs to pve 9.1, fix example tests (#2350) (6e2a5aa)
vm: refactor network devices update logic (#2260) (db3d7ec)

`v0.87.0`

Compare Source

Features

pool: add pool_membership resource (#2297) (95f180b)
sdn: add support for VNets datasource (#2299) (c25f19a)
vm: add purge_on_destroy and delete_unreferenced_disks_on_destroy parameters (#2345) (05a59aa)

Bug Fixes

access: imported group resource missing group_id (#2333) (ee1c525)
apt: add missing Ceph Squid (#2318) (8b9bf62)
file: better error message for unsupported import content type (#2344) (f94e25d)
firewall: appending a rule without re-creating the whole ruleset (#2310) (6290cce)
lxc: panic when cloning a container with empty IP config (#2347) (0a259ca)
lxc: race condition in container clone / reboot operations (#2320) (ce358d5)
sdn: fix subnet datasource IP address datatype (#2300) (7ffb314)
ssh: update sudo check logic and cache check results (#2309) (702500c)
vm: increase max disk limit to 31 (#2302) (2ae021a)

Miscellaneous

ci: Update golangci/golangci-lint-action action (v8 → v9) (#2330) (90810fa)
ci: update lycheeverse/lychee-action action (v2.6.1 → v2.7.0) (#2305) (9a788da)
deps: update image golang (1.25.3 → 1.25.4) (#2328) (90f876f)
deps: update image golang (6ca9eb0 → e68f6a0) (#2335) (5354d6b)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.8.1 → v7.8.2) (#2303) (cd9b5fb)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.8.2 → v7.9.0) (#2329) (76680dd)
deps: update module github.com/hashicorp/terraform-plugin-log (v0.9.0 → v0.10.0) (#2336) (6dd51fd)
deps: update module golang.org/x/crypto (v0.43.0 → v0.44.0) (#2337) (fb3fbfc)
deps: update module golang.org/x/net (v0.46.0 → v0.47.0) (#2338) (9f57e9f)
docs: document auto option for enabling SLAAC in IPv6 config in vm and lxc (#2317) (e8c70d7)
docs: update the main doc page for consistency (#2326) (7e4f421)
lxc,vm: add deprecation notice for pool_id attribute (#2312) (3c507cc)

`v0.86.0`

Compare Source

Features

firewall: ability to import firewall rules & options (#2269) (dd1afe6)
firewall: add ability to import ipsets (#2280) (33c751d)
firewall: support node-level firewall rules (#2281) (18c675b)

Bug Fixes

lxc: delete dns attributes when set to null (#2263) (a32988a)
vm: correctly detect pool membership for VM (#2264) (5a5c9c6)

Miscellaneous

ci: Update actions/upload-artifact action (v4 → v5) (#2275) (ad4bbd7)
ci: update googleapis/release-please-action action (v4.3.0 → v4.4.0) (#2273) (0bcba7b)
deps: update image golang (7d73c4c → 8c945d3) (#2253) (a2bb9b6)
deps: update image golang (8c945d3 → dd08f76) (#2270) (4c1514f)
deps: update image golang (dd08f76 → 6bac879) (#2283) (0c9879a)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.8.0 → v7.8.1) (#2271) (11d4c71)
deps: update module github.com/hashicorp/terraform-plugin-framework-timeouts (v0.6.0 → v0.7.0) (#2274) (b9ccb0d)
deps: update module github.com/pkg/sftp (v1.13.9 → v1.13.10) (#2272) (fdbe313)
docs: update CONTRIBUTING.md (#2278) (110093b)

`v0.85.1`

Compare Source

Bug Fixes

docs: clarify that ip in ct ip_config must be in CIDR notation (#2238) (f3b835f)
lxc: DNS / hostname update is not applied (#2245) (9aa1eaf)
sdn: add missing dhcp field to simple zone datasource (#2243) (b4b8d09)
sdn: handle attribute delete in all SDN resources (#2248) (50accca)
sdn: zone: make nodes attribute optional (#2242) (798623b)

Miscellaneous

deps: update image golang (1.25.2 → 1.25.3) (#2246) (3d2092f)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.7.3 → v7.8.0) (#2241) (ecf7920)
deps: update module github.com/hashicorp/terraform-plugin-docs (v0.23.0 → v0.24.0) (#2247) (6e23c90)

`v0.85.0`

Compare Source

Features

sdn: Add DHCP Config for SDN Simple Zone Resource (#2210) (f5d3d92)

Bug Fixes

file: add import content type to file datasource (#2221) (f918bed)
vm: allow cpu units = 1 for cgroups v2 compatibility (#2237) (3fc688b)

Miscellaneous

ci: update actions/stale digest (3a9db7e → 5f858e3) (#2222) (b38066b)
ci: Update peter-evans/create-issue-from-file action (v5.0.1 → v6.0.0) (#2217) (29748a5)
deps: update image golang (1.25.1 → 1.25.2) (#2228) (9e77057)
deps: update image golang (8305f5f → ab1f5c4) (#2215) (6a1f972)
deps: update module github.com/hashicorp/terraform-plugin-framework (v1.16.0 → v1.16.1) (#2216) (515c6bb)
deps: update module github.com/hashicorp/terraform-plugin-framework-validators (v0.18.0 → v0.19.0) (#2230) (761fb70)
deps: update module github.com/skeema/knownhosts (v1.3.1 → v1.3.2) (#2229) (b6022d4)
deps: update module golang.org/x/net (v0.44.0 → v0.45.0) (#2231) (60fdfd6)
deps: update module golang.org/x/net (v0.45.0 → v0.46.0) (#2236) (68bd667)

`v0.84.1`

Compare Source

Bug Fixes

api: handle PVE API's 403 response status (#2207) (46e8c24)
sdn: subnet validation errors when using value interpolation (#2204) (5f876c0)

Miscellaneous

deps: update golangci/golangci-lint (v2.4.0 → v2.5.0) (#2193) (2ab3d94)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.7.1 → v7.7.3) (#2203) (3692434)
deps: update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.38.0 → v2.38.1) (#2197) (0387296)

`v0.84.0`

Compare Source

Features

file: add file datasource (#2176) (8244813)
sdn: add support for Subnet resource and datasource (#2191) (1df305d)
sdn: add support for VNet resource and datasource (#2185) (8938d86)

Miscellaneous

deps: update github.com/hashicorp/terraform-plugin-* (#2187) (09b704a)
deps: update image golang (bb979b2 → 8305f5f) (#2186) (b70fa62)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.6.0 → v7.7.0) (#2189) (46dbc68)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.7.0 → v7.7.1) (#2192) (11f4002)
deps: update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.37.0 → v2.38.0) (#2188) (2b2d619)

`v0.83.2`

Compare Source

Bug Fixes

firewall: detect drift when rules are manually deleted (#2178) (6b84d5a)
firewall: prevent perpetual plan drift on rule attribute removal (#2177) (0e72580)
vm: disk deletion may reorder disks (#2174) (e339fef)

Miscellaneous

ci: update actions/create-github-app-token action (v2.1.1 → v2.1.4) (#2179) (70cfb58)
deps: update image golang (b773c94 → bb979b2) (#2173) (7944277)

`v0.83.1`

Compare Source

Bug Fixes

ci: update link checker config (#2151) (e017881)

Miscellaneous

ci: Update actions/setup-go action (v5 → v6) (#2154) (16814d4)
ci: Update actions/stale action (v9 → v10) (#2155) (87e6392)
code: minor code cleanups (#2156)ssh (9e22c3c)
deps: update image golang (1.25.0 → 1.25.1) (#2153) (a58bf4f)
deps: update image golang (a5e935d → d6bdb04) (#2161) (58d833d)
deps: update image golang (d6bdb04 → b773c94) (#2169) (a979850)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.5.1 → v7.6.0) (#2162) (ffdc3a5)
deps: update module golang.org/x/crypto (v0.41.0 → v0.42.0) (#2163) (4e73d56)
deps: update module golang.org/x/net (v0.43.0 → v0.44.0) (#2170) (ed366b5)
docs: improve container documentation (#2160) (380fd7f)
docs: improve vm.initialization documentation (#2158) (29ef9d2)
docs: include vm/lxc lock error details in the README known issues section (#2166) (1810273)
docs: update reference to release-build in contributing doc (#2167) (739471a)
docs: update sdn_applier example (c275e03)

`v0.83.0`

Compare Source

Features

sdn: add custom resource to apply sdn_* configurations (#2127) (e13d7ef)

Bug Fixes

docs: correct minor typos / formatting (#2144) (a2e4ff0)

Miscellaneous

ci: Update actions/attest-build-provenance action (v2 → v3) (#2142) (f62e69d)
ci: update googleapis/release-please-action action (v4.2.0 → v4.3.0) (#2136) (f634b2e)
ci: update lycheeverse/lychee-action action (v2.5.0 → v2.6.0) (#2137) (64c1ab3)
ci: update lycheeverse/lychee-action action (v2.6.0 → v2.6.1) (#2138) (7f56290)
deps: update image golang (4859242 → 5502b0e) (#2134) (20f41e8)
deps: update image golang (91e2cd4 → 4859242) (#2128) (9ae882e)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.3.0 → v7.4.0) (#2129) (11b8167)
deps: update module github.com/brianvoe/gofakeit/v7 (v7.4.0 → v7.5.1) (#2143) (2eae3ee)
deps: update module github.com/stretchr/testify (v1.10.0 → v1.11.1) (#2135) (6b00db6)

`v0.82.1`

Compare Source

Bug Fixes

vm: prevent re-creation of previously imported disks on update (#2122) (c6c1c18)

Miscellaneous

deps: update image golang (9e56f0d → 91e2cd4) (#2123) (9d179dd)
docs: fix TOC format, cleanup cloud image guide (#2121) (b321a01)

`v0.82.0`

Compare Source

Features

docs: update compatibility notes for PVE 9.x (#2116) (08ea66a)
lxc: add proxmox_virtual_environment_containers data source (#2090) (45f2805)
lxc: Add missing configuration options for container rootfs (#2067) (b2c5012)

Bug Fixes

lxc: adjust max number of container's IP configs (#2088) (602568e)
provider: parsing PVE version reported by API (#2115) (f1501e2)
vm: regression: disk re-ordering on re-apply (#2114) (634ad69)

Miscellaneous

ci: Update actions/checkout action (#2098) (3855cb2)
ci: update actions/create-github-app-token action (v2.0.6 → v2.1.0) (#2095) (6161969)
ci: update actions/create-github-app-token action (v2.1.0 → v2.1.1) (#2099) (7f5d771)
ci: update goreleaser/goreleaser-action action (v6.3.0 → v6.4.0) (#2111) (78ce7f0)
ci: update jetbrains/qodana-action action (v2025.1.1 → v2025.2.1) (#2106) (0dec643)
ci: update lycheeverse/lychee-action action (v2.4.1 → v2.5.0) (#2096) (7c98464)
deps: update golangci/golangci-lint (v2.3.0 → v2.3.1) (#2074) (9947a86)
deps: update golangci/golangci-lint (v2.3.1 → v2.4.0) (#2110) (21bed82)
deps: update image golang (1.24.5 → 1.24.6) (#2085) (ac91fe8)
deps: update image golang (1.24.6 → 1.25.0) (#2107) (9e10206)
deps: update image golang (10a15b9 → 9e56f0d) (#2109) (420add8)
deps: update module github.com/hashicorp/terraform-plugin-testing (v1.13.2 → v1.13.3) (#2113) (1863847)
deps: update module golang.org/x/crypto (v0.40.0 → v0.41.0) (#2086) (5018b31)
deps: update module golang.org/x/net (v0.42.0 → v0.43.0) (#2087) (5151dcc)
docs: cleanup and update clone-vm example (#2094) (c7cd61a)
docs: remove spurious sdn datasource .tf examples (#2092) (91e0fbf)

ahamlinman/terraform-provider-zonefile (zonefile)

`v0.2.0`

Compare Source

This release migrates the provider's Go module path and TF registry address to
match my current GitHub username.

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | [cert-manager](https://github.com/cert-manager/cert-manager) | | minor | `v1.18.2` → `v1.20.3` | ![age](https://developer.mend.io/api/mc/badges/age/github-release-attachments/cert-manager%2fcert-manager/v1.20.3?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/github-release-attachments/cert-manager%2fcert-manager/v1.18.2/v1.20.3?slim=true) | | [cert-manager](https://github.com/cert-manager/cert-manager) | | patch | `v1.20.2` → `v1.20.3` | ![age](https://developer.mend.io/api/mc/badges/age/github-release-attachments/cert-manager%2fcert-manager/v1.20.3?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/github-release-attachments/cert-manager%2fcert-manager/v1.20.2/v1.20.3?slim=true) | | [csi-driver-nfs](https://github.com/kubernetes-csi/csi-driver-nfs) | | minor | `v4.11.0` → `v4.13.3` | ![age](https://developer.mend.io/api/mc/badges/age/github-tags/kubernetes-csi%2fcsi-driver-nfs/v4.13.3?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/kubernetes-csi%2fcsi-driver-nfs/v4.11.0/v4.13.3?slim=true) | | [docker.io/netboxcommunity/netbox](https://github.com/netbox-community/netbox-docker) | Kustomization | minor | `v4.3` → `v4.6` | ![age](https://developer.mend.io/api/mc/badges/age/docker/docker.io%2fnetboxcommunity%2fnetbox/v4.6?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/docker.io%2fnetboxcommunity%2fnetbox/v4.3/v4.6?slim=true) | | [ghcr.io/goauthentik/server](https://goauthentik.io) ([source](https://github.com/goauthentik/authentik)) | Kustomization | minor | `2026.2` → `2026.5` | ![age](https://developer.mend.io/api/mc/badges/age/docker/ghcr.io%2fgoauthentik%2fserver/2026.5?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/ghcr.io%2fgoauthentik%2fserver/2026.2/2026.5?slim=true) | | [metallb/metallb](https://github.com/metallb/metallb) | Kustomization | patch | `v0.16.0` → `v0.16.1` | ![age](https://developer.mend.io/api/mc/badges/age/github-tags/metallb%2fmetallb/v0.16.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/metallb%2fmetallb/v0.16.0/v0.16.1?slim=true) | | [pnpm](https://pnpm.io) ([source](https://github.com/pnpm/pnpm/tree/HEAD/pnpm)) | packageManager | minor | [`10.28.0` → `10.34.4`](https://renovatebot.com/diffs/npm/pnpm/10.28.0/10.34.4) | ![age](https://developer.mend.io/api/mc/badges/age/npm/pnpm/10.34.4?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pnpm/10.28.0/10.34.4?slim=true) | | [proxmox](https://search.opentofu.org/provider/bpg/proxmox) ([source](https://github.com/bpg/terraform-provider-proxmox)) | required_provider | minor | `0.81.0` → `0.111.0` | ![age](https://developer.mend.io/api/mc/badges/age/terraform-provider/bpg%2fproxmox/0.111.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/terraform-provider/bpg%2fproxmox/0.81.0/0.111.0?slim=true) | | [zonefile](https://search.opentofu.org/provider/ahamlinman/zonefile) ([source](https://github.com/ahamlinman/terraform-provider-zonefile)) | required_provider | minor | `0.1.2` → `0.2.0` | ![age](https://developer.mend.io/api/mc/badges/age/terraform-provider/ahamlinman%2fzonefile/0.2.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/terraform-provider/ahamlinman%2fzonefile/0.1.2/0.2.0?slim=true) | --- ### Release Notes <details> <summary>cert-manager/cert-manager (cert-manager)</summary> ### [`v1.20.3`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.3) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.20.2...v1.20.3) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. v1.20.3 removes the issuer owner reference from challenges which was blocking challenge garbage collection, removes unnecessary write verbs from the `cert-manager-edit` aggregate ClusterRole, and updates Go to fix reported CVEs. ##### Changes by Kind ##### Bug or Regression - Remove Challenge `create` and Order `create`, `patch`, `update` verbs from the `cert-manager-edit` aggregate ClusterRole. ([#8940](https://github.com/cert-manager/cert-manager/issues/8940), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Remove issuer owner reference from challenges blocking challenge garbage collection ([#8759](https://github.com/cert-manager/cert-manager/issues/8759), [@cert-manager-bot](https://github.com/cert-manager-bot)) ##### Other (Cleanup or Flake) - Bump go to 1.26.3, other deps to fix several govulncheck issues ([#8789](https://github.com/cert-manager/cert-manager/issues/8789), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Update Go to `v1.26.4` to fix CVE-2026-27145, CVE-2026-42504, and CVE-2026-42507 ([#8926](https://github.com/cert-manager/cert-manager/issues/8926), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) ### [`v1.20.2`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.2) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.20.1...v1.20.2) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. v1.20.2 fixes invalid YAML generated in the Helm chart when both `webhook.config` and `webhook.volumes` are defined, and bumps Go to 1.26.2 along with dependencies to address reported vulnerabilities. #### Changes by Kind ##### Bug or Regression - Helm: Fix invalid YAML generated when both `webhook.config` and `webhook.volumes` are defined. ([#8665](https://github.com/cert-manager/cert-manager/issues/8665), [@cert-manager-bot](https://github.com/cert-manager-bot)) ##### Other (Cleanup or Flake) - Bump go dependencies with reported vulnerabilities ([#8704](https://github.com/cert-manager/cert-manager/issues/8704), [@erikgb](https://github.com/erikgb)) - Bump go to 1.26.2 ([#8703](https://github.com/cert-manager/cert-manager/issues/8703), [@erikgb](https://github.com/erikgb)) ### [`v1.20.1`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.1) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.20.0...v1.20.1) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. v1.20.1 fixes an issue for OpenShift users that has to do with the finalizer RBAC, bumps gRPC to address a reported non-affecting vulnerability, and fixes a duplicate `parentRef` bug when both issuer config and annotations are present (Gateway API). ##### Bug or Regression - Fixed duplicate `parentRef` bug when both issuer config and annotations are present. ([#8658](https://github.com/cert-manager/cert-manager/issues/8658), [@hjoshi123](https://github.com/hjoshi123)) - Add missing issuer finalizer RBAC to the order controller to support owner references. This was preventing OpenShift users from being able to upgrade to v1.20.0. ([#8655](https://github.com/cert-manager/cert-manager/issues/8655), [@erikgb](https://github.com/erikgb)) - Bump google.golang.org/grpc to fix vulnerability reported by scanners. This isn't a vulnerability that affects cert-manager, but we are bumping it because it is reported by scanners. ([#8657](https://github.com/cert-manager/cert-manager/issues/8657), [@erikgb](https://github.com/erikgb)) ### [`v1.20.0`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.0) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.20.0-beta.0...v1.20.0) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. v1.20.0 adds alpha support for the new ListenerSet resource, adds support for Azure Private DNS; parentRefs are no longer required when using ACME with Gateway API, and OtherNames was promoted to Beta. #### Changes by Kind ##### Feature - Added a set of flags to permit setting NetworkPolicy across all deployed containers. Remove redundant global IP ranges from example policies. ([#8370](https://github.com/cert-manager/cert-manager/issues/8370), [@jcpunk](https://github.com/jcpunk)) - Added selectable fields to custom resource definitions for .spec.issuerRef.{group, kind, name} ([#8256](https://github.com/cert-manager/cert-manager/issues/8256), [@tareksha](https://github.com/tareksha)) - Added support for specifying `imagePullSecrets` in the `startupapicheck-job` Helm template to enable pulling images from private registries. ([#8186](https://github.com/cert-manager/cert-manager/issues/8186), [@mathieu-clnk](https://github.com/mathieu-clnk)) - Added 'extraContainers' helm chart value, allowing the deployment of arbitrary sidecar containers within the cert-manager operator pod. This can be used to support, for e.g., AWS IAM Roles Anywhere for Route53 DNS01 verification. ([#8355](https://github.com/cert-manager/cert-manager/issues/8355), [@dancmeyers](https://github.com/dancmeyers)) - Added `parentRef` override annotations on the Certificate resource. ([#8518](https://github.com/cert-manager/cert-manager/issues/8518), [@hjoshi123](https://github.com/hjoshi123)) - Added support for azure private zones for dns01 issuer. ([#8494](https://github.com/cert-manager/cert-manager/issues/8494), [@hjoshi123](https://github.com/hjoshi123)) - Added support for configuring PEM decoding size limits, allowing operators to handle larger certificates and keys. ([#7642](https://github.com/cert-manager/cert-manager/issues/7642), [@robertlestak](https://github.com/robertlestak)) - Added support for unhealthyPodEvictionPolicy in PodDisruptionBudget ([#7728](https://github.com/cert-manager/cert-manager/issues/7728), [@jcpunk](https://github.com/jcpunk)) - For Venafi provider, read `venafi.cert-manager.io/custom-fields` annotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. ([#8301](https://github.com/cert-manager/cert-manager/issues/8301), [@k0da](https://github.com/k0da)) - Improve error message when CA issuers are misconfigured to use a clashing secret name ([#8374](https://github.com/cert-manager/cert-manager/issues/8374), [@majiayu000](https://github.com/majiayu000)) - Introduce a new Ingress annotation `acme.cert-manager.io/http01-ingress-ingressclassname` to override `http01.ingress.ingressClassName` field in HTTP-01 challenge solvers. ([#8244](https://github.com/cert-manager/cert-manager/issues/8244), [@lunarwhite](https://github.com/lunarwhite)) - Update `global.nodeSelector` to helm chart to perform a `merge` and allow for a single `nodeSelector` to be set across all services. ([#8195](https://github.com/cert-manager/cert-manager/issues/8195), [@StingRayZA](https://github.com/StingRayZA)) - Vault issuers will now include the Vault server address as one of the default audiences on generated service account tokens. ([#8228](https://github.com/cert-manager/cert-manager/issues/8228), [@terinjokes](https://github.com/terinjokes)) - Added experimental `XListenerSets` feature gate ([#8394](https://github.com/cert-manager/cert-manager/issues/8394), [@hjoshi123](https://github.com/hjoshi123)) ##### Documentation - Add GWAPI documentation to NOTES.TXT in helm chart ([#8353](https://github.com/cert-manager/cert-manager/issues/8353), [@jaxels10](https://github.com/jaxels10)) ##### Bug or Regression - Adds logs for cases when acme server returns us a fatal error in the order controller ([#8199](https://github.com/cert-manager/cert-manager/issues/8199), [@Peac36](https://github.com/Peac36)) - Fixed an issue where kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed ([#8160](https://github.com/cert-manager/cert-manager/issues/8160), [@inteon](https://github.com/inteon)) - Changes to the Duration and RenewBefore annotations on ingress and gateway-api resources will now trigger certificate updates. ([#8232](https://github.com/cert-manager/cert-manager/issues/8232), [@eleanor-merry](https://github.com/eleanor-merry)) - Fix an issue where ACME challenge TXT records are not cleaned up when there are many resource records in CloudDNS. ([#8456](https://github.com/cert-manager/cert-manager/issues/8456), [@tkna](https://github.com/tkna)) - Fix unregulated retries with the DigitalOcean DNS-01 solver Add full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging ([#8221](https://github.com/cert-manager/cert-manager/issues/8221), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. ([#8403](https://github.com/cert-manager/cert-manager/issues/8403), [@calm329](https://github.com/calm329)) - Fixed an issue where HTTP-01 challenges failed when the Host header contains an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. ([#8424](https://github.com/cert-manager/cert-manager/issues/8424), [@SlashNephy](https://github.com/SlashNephy)) - Fixed the HTTP-01 Gateway solver creating invalid HTTPRoutes by not setting spec.hostnames when the challenge DNSName is an IP address. ([#8443](https://github.com/cert-manager/cert-manager/issues/8443), [@alviss7](https://github.com/alviss7)) - Revert API defaults for issuer reference kind and group introduced in 0.19.0 ([#8173](https://github.com/cert-manager/cert-manager/issues/8173), [@erikgb](https://github.com/erikgb)) - Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. ([#8469](https://github.com/cert-manager/cert-manager/issues/8469), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Update Go to `v1.25.5` to fix `CVE-2025-61727` and `CVE-2025-61729` ([#8290](https://github.com/cert-manager/cert-manager/issues/8290), [@octo-sts](https://github.com/octo-sts)\[bot]) - When Prometheus monitoring is enabled, the metrics label is now set to the intended value of `cert-manager`. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). ([#8162](https://github.com/cert-manager/cert-manager/issues/8162), [@LiquidPL](https://github.com/LiquidPL)) ##### Other (Cleanup or Flake) - Promoted the OtherNames feature to Beta and enabled it by default ([#8288](https://github.com/cert-manager/cert-manager/issues/8288), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Promoting `XListenerSets` feature gate to `ListenerSets` ([#8501](https://github.com/cert-manager/cert-manager/issues/8501), [@hjoshi123](https://github.com/hjoshi123)) - Rebranding of the Venafi Issuer to CyberArk ([#8215](https://github.com/cert-manager/cert-manager/issues/8215), [@iossifbenbassat123](https://github.com/iossifbenbassat123)) - Switched to SSA for challenge finalizer updates ([#8519](https://github.com/cert-manager/cert-manager/issues/8519), [@inteon](https://github.com/inteon)) - The default container user (UID) is now 65532 (previously 1000) and the default container group (GID) is now 65532 (previously 0) ([#8408](https://github.com/cert-manager/cert-manager/issues/8408), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - The feature-gate DefaultPrivateKeyRotationPolicyAlways moved from Beta to GA and can no longer be disabled. ([#8287](https://github.com/cert-manager/cert-manager/issues/8287), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Update cert-manager's ACME client, forked from golang/x/crypto ([#8268](https://github.com/cert-manager/cert-manager/issues/8268), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Use the latest version of Kyverno (1.16.2) in the best-practice installation tests ([#8389](https://github.com/cert-manager/cert-manager/issues/8389), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - We stopped testing with Coutour due to it not supporting the new XListenerSet resource, and moved to kgateway. ([#8426](https://github.com/cert-manager/cert-manager/issues/8426), [@hjoshi123](https://github.com/hjoshi123)) ### [`v1.20.0-beta.0`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.0-beta.0) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.20.0-alpha.1...v1.20.0-beta.0) #### Changes since v1.20.0-alpha.1 In this release, parentRef override annotations, Azure private DNS zone support, and configurable PEM size limits were added, while an ACME TXT record cleanup issue in CloudDNS and a potential controller panic from malformed DNS responses were fixed. ##### Feature - Added `parentRef` override annotations on the Certificate resource. ([#8518](https://github.com/cert-manager/cert-manager/issues/8518), [@hjoshi123](https://github.com/hjoshi123)) - Added support for azure private zones for dns01 issuer. ([#8494](https://github.com/cert-manager/cert-manager/issues/8494), [@hjoshi123](https://github.com/hjoshi123)) - Added support for configuring PEM decoding size limits, allowing operators to handle larger certificates and keys. ([#7642](https://github.com/cert-manager/cert-manager/issues/7642), [@robertlestak](https://github.com/robertlestak)) ##### Bug or Regression - Fix an issue where ACME challenge TXT records are not cleaned up when there are many resource records in CloudDNS. ([#8456](https://github.com/cert-manager/cert-manager/issues/8456), [@tkna](https://github.com/tkna)) - Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. ([#8469](https://github.com/cert-manager/cert-manager/issues/8469), [@SgtCoDFish](https://github.com/SgtCoDFish)) ##### Other (Cleanup or Flake) - Promoting xlistenerset feature gate to listenerset ([#8501](https://github.com/cert-manager/cert-manager/issues/8501), [@hjoshi123](https://github.com/hjoshi123)) - Switched to SSA for challenge finalizer updates ([#8519](https://github.com/cert-manager/cert-manager/issues/8519), [@inteon](https://github.com/inteon)) ### [`v1.20.0-alpha.1`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.0-alpha.1) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.20.0-alpha.0...v1.20.0-alpha.1) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. This is a pre-release for cert-manager v1.20.0. Please help with testing! #### Changed since v1.20.0-alpha.0 This alpha release adds experimental XListenerSet support, NetworkPolicy and CRD selectable field features, fixes critical bugs including an infinite re-issuance loop and IPv6 HTTP-01 challenge issues, patches security vulnerabilities (CVE-2025-61727, CVE-2025-61729), promotes OtherNames to Beta and DefaultPrivateKeyRotationPolicyAlways to GA, and changes the default container UID/GID from 1000/0 to 65532/65532. ##### Feature - Added experimental `XListenerSet` feature gate ([#8394](https://github.com/cert-manager/cert-manager/issues/8394), [@hjoshi123](https://github.com/hjoshi123)) - Add a set of flags to permit setting NetworkPolicy across all deployed containers. Remove redundant global IP ranges from example policies. ([#8370](https://github.com/cert-manager/cert-manager/issues/8370), [@jcpunk](https://github.com/jcpunk)) - Add selectable fields to custom resource definitions for .spec.issuerRef.{group, kind, name} ([#8256](https://github.com/cert-manager/cert-manager/issues/8256), [@tareksha](https://github.com/tareksha)) - Added 'extraContainers' helm chart value, allowing the deployment of arbitrary sidecar containers within the cert-manager operator pod. This can be used to support, for e.g., AWS IAM Roles Anywhere for Route53 DNS01 verification. ([#8355](https://github.com/cert-manager/cert-manager/issues/8355), [@dancmeyers](https://github.com/dancmeyers)) - Added support for unhealthyPodEvictionPolicy in PodDisruptionBudget ([#7728](https://github.com/cert-manager/cert-manager/issues/7728), [@jcpunk](https://github.com/jcpunk)) - For Venafi provider, read `venafi.cert-manager.io/custom-fields` annotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. ([#8301](https://github.com/cert-manager/cert-manager/issues/8301), [@k0da](https://github.com/k0da)) - Improve error message when CA issuers are misconfigured to use a clashing secret name ([#8374](https://github.com/cert-manager/cert-manager/issues/8374), [@majiayu000](https://github.com/majiayu000)) - Introduce a new Ingress annotation `acme.cert-manager.io/http01-ingress-ingressclassname` to override `http01.ingress.ingressClassName` field in HTTP-01 challenge solvers. ([#8244](https://github.com/cert-manager/cert-manager/issues/8244), [@lunarwhite](https://github.com/lunarwhite)) - Update `global.nodeSelector` to helm chart to perform a `merge` and allow for a single `nodeSelector` to be set across all services. ([#8195](https://github.com/cert-manager/cert-manager/issues/8195), [@StingRayZA](https://github.com/StingRayZA)) - Vault issuers will now include the Vault server address as one of the default audiences on generated service account tokens. ([#8228](https://github.com/cert-manager/cert-manager/issues/8228), [@terinjokes](https://github.com/terinjokes)) ##### Bug or Regression - Changes to the Duration and RenewBefore annotations on ingress and gateway-api resources will now trigger certificate updates. ([#8232](https://github.com/cert-manager/cert-manager/issues/8232), [@eleanor-merry](https://github.com/eleanor-merry)) - Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. ([#8403](https://github.com/cert-manager/cert-manager/issues/8403), [@calm329](https://github.com/calm329)) - Fixed an issue where HTTP-01 challenges failed when the Host header containing an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. ([#8424](https://github.com/cert-manager/cert-manager/issues/8424), [@SlashNephy](https://github.com/SlashNephy)) - Fixed the HTTP-01 Gateway solver creating invalid HTTPRoutes by not setting spec.hostnames when the challenge DNSName is an IP address. ([#8443](https://github.com/cert-manager/cert-manager/issues/8443), [@alviss7](https://github.com/alviss7)) - Update Go to `v1.25.5` to fix `CVE-2025-61727` and `CVE-2025-61729` ([#8290](https://github.com/cert-manager/cert-manager/issues/8290), [@octo-sts](https://github.com/octo-sts)\[bot]) ##### Other (Cleanup or Flake) - Promoted the OtherNames feature to Beta and enabled it by default ([#8288](https://github.com/cert-manager/cert-manager/issues/8288), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - The default container user (UID) is now 65532 (previously 1000) and the default container group (GID) is now 65532 (previously 0) ([#8408](https://github.com/cert-manager/cert-manager/issues/8408), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - The feature-gate DefaultPrivateKeyRotationPolicyAlways moved from Beta to GA and can no longer be disabled. ([#8287](https://github.com/cert-manager/cert-manager/issues/8287), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Update cert-manager's ACME client, forked from golang/x/crypto ([#8268](https://github.com/cert-manager/cert-manager/issues/8268), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Use the latest version of Kyverno (1.16.2) in the best-practice installation tests ([#8389](https://github.com/cert-manager/cert-manager/issues/8389), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Rebranding of the Venafi Issuer to CyberArk ([#8215](https://github.com/cert-manager/cert-manager/issues/8215), [@iossifbenbassat123](https://github.com/iossifbenbassat123)) - Add GWAPI documentation to NOTES.TXT in helm chart ([#8353](https://github.com/cert-manager/cert-manager/issues/8353), [@jaxels10](https://github.com/jaxels10)) - We stopped testing with Coutour due to it not supporting the new XListenerSet resource, and moved to kgateway. ([#8426](https://github.com/cert-manager/cert-manager/issues/8426), [@hjoshi123](https://github.com/hjoshi123)) <details> <summary>Dependencies Changes</summary> ##### Added - github.com/aws/aws-sdk-go-v2/service/signin: [v1.0.5](https://github.com/aws/aws-sdk-go-v2/service/signin/tree/v1.0.5) - github.com/go-openapi/testify/v2: [v2.0.2](https://github.com/go-openapi/testify/v2/tree/v2.0.2) ##### Changed - cloud.google.com/go/auth: v0.17.0 → v0.18.1 - github.com/Azure/azure-sdk-for-go/sdk/azcore: [v1.19.1 → v1.21.0](https://github.com/Azure/azure-sdk-for-go/sdk/azcore/compare/v1.19.1...v1.21.0) - github.com/Azure/azure-sdk-for-go/sdk/azidentity: [v1.13.0 → v1.13.1](https://github.com/Azure/azure-sdk-for-go/sdk/azidentity/compare/v1.13.0...v1.13.1) - github.com/AzureAD/microsoft-authentication-library-for-go: [v1.5.0 → v1.6.0](https://github.com/AzureAD/microsoft-authentication-library-for-go/compare/v1.5.0...v1.6.0) - github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: [v1.29.0 → v1.30.0](https://github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp/compare/v1.29.0...v1.30.0) - github.com/Masterminds/semver/v3: [v3.3.1 → v3.4.0](https://github.com/Masterminds/semver/v3/compare/v3.3.1...v3.4.0) - github.com/Venafi/vcert/v5: [v5.12.2 → v5.12.3](https://github.com/Venafi/vcert/v5/compare/v5.12.2...v5.12.3) - github.com/akamai/AkamaiOPEN-edgegrid-golang/v12: [v12.1.0 → v12.3.0](https://github.com/akamai/AkamaiOPEN-edgegrid-golang/v12/compare/v12.1.0...v12.3.0) - github.com/aws/aws-sdk-go-v2/config: [v1.31.16 → v1.32.7](https://github.com/aws/aws-sdk-go-v2/config/compare/v1.31.16...v1.32.7) - github.com/aws/aws-sdk-go-v2/credentials: [v1.18.20 → v1.19.7](https://github.com/aws/aws-sdk-go-v2/credentials/compare/v1.18.20...v1.19.7) - github.com/aws/aws-sdk-go-v2/feature/ec2/imds: [v1.18.12 → v1.18.17](https://github.com/aws/aws-sdk-go-v2/feature/ec2/imds/compare/v1.18.12...v1.18.17) - github.com/aws/aws-sdk-go-v2/internal/configsources: [v1.4.12 → v1.4.17](https://github.com/aws/aws-sdk-go-v2/internal/configsources/compare/v1.4.12...v1.4.17) - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2: [v2.7.12 → v2.7.17](https://github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/compare/v2.7.12...v2.7.17) - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding: [v1.13.2 → v1.13.4](https://github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/compare/v1.13.2...v1.13.4) - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url: [v1.13.12 → v1.13.17](https://github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/compare/v1.13.12...v1.13.17) - github.com/aws/aws-sdk-go-v2/service/route53: [v1.59.2 → v1.62.1](https://github.com/aws/aws-sdk-go-v2/service/route53/compare/v1.59.2...v1.62.1) - github.com/aws/aws-sdk-go-v2/service/sso: [v1.30.0 → v1.30.9](https://github.com/aws/aws-sdk-go-v2/service/sso/compare/v1.30.0...v1.30.9) - github.com/aws/aws-sdk-go-v2/service/ssooidc: [v1.35.4 → v1.35.13](https://github.com/aws/aws-sdk-go-v2/service/ssooidc/compare/v1.35.4...v1.35.13) - github.com/aws/aws-sdk-go-v2/service/sts: [v1.39.0 → v1.41.6](https://github.com/aws/aws-sdk-go-v2/service/sts/compare/v1.39.0...v1.41.6) - github.com/aws/aws-sdk-go-v2: [v1.39.5 → v1.41.1](https://github.com/aws/aws-sdk-go-v2/compare/v1.39.5...v1.41.1) - github.com/aws/smithy-go: [v1.23.2 → v1.24.0](https://github.com/aws/smithy-go/compare/v1.23.2...v1.24.0) - github.com/cncf/xds/go: [2ac532f → 0feb691](https://github.com/cncf/xds/go/compare/2ac532f...0feb691) - github.com/digitalocean/godo: [v1.167.0 → v1.173.0](https://github.com/digitalocean/godo/compare/v1.167.0...v1.173.0) - github.com/envoyproxy/go-control-plane/envoy: [v1.32.4 → v1.35.0](https://github.com/envoyproxy/go-control-plane/envoy/compare/v1.32.4...v1.35.0) - github.com/envoyproxy/go-control-plane: [v0.13.4 → 75eaa19](https://github.com/envoyproxy/go-control-plane/compare/v0.13.4...75eaa19) - github.com/go-jose/go-jose/v4: [v4.1.2 → v4.1.3](https://github.com/go-jose/go-jose/v4/compare/v4.1.2...v4.1.3) - github.com/go-openapi/jsonpointer: [v0.22.1 → v0.22.4](https://github.com/go-openapi/jsonpointer/compare/v0.22.1...v0.22.4) - github.com/go-openapi/jsonreference: [v0.21.2 → v0.21.4](https://github.com/go-openapi/jsonreference/compare/v0.21.2...v0.21.4) - github.com/go-openapi/swag/jsonname: [v0.25.1 → v0.25.4](https://github.com/go-openapi/swag/jsonname/compare/v0.25.1...v0.25.4) - github.com/google/gnostic-models: [v0.7.0 → v0.7.1](https://github.com/google/gnostic-models/compare/v0.7.0...v0.7.1) - github.com/google/pprof: [d1b30fe → 27863c8](https://github.com/google/pprof/compare/d1b30fe...27863c8) - github.com/googleapis/enterprise-certificate-proxy: [v0.3.6 → v0.3.11](https://github.com/googleapis/enterprise-certificate-proxy/compare/v0.3.6...v0.3.11) - github.com/googleapis/gax-go/v2: [v2.15.0 → v2.16.0](https://github.com/googleapis/gax-go/v2/compare/v2.15.0...v2.16.0) - github.com/hashicorp/vault/sdk: [v0.20.0 → v0.21.0](https://github.com/hashicorp/vault/sdk/compare/v0.20.0...v0.21.0) - github.com/miekg/dns: [v1.1.68 → v1.1.72](https://github.com/miekg/dns/compare/v1.1.68...v1.1.72) - github.com/onsi/ginkgo/v2: [v2.22.0 → v2.27.2](https://github.com/onsi/ginkgo/v2/compare/v2.22.0...v2.27.2) - github.com/onsi/gomega: [v1.36.1 → v1.38.2](https://github.com/onsi/gomega/compare/v1.36.1...v1.38.2) - github.com/sagikazarmark/locafero: [v0.10.0 → v0.11.0](https://github.com/sagikazarmark/locafero/compare/v0.10.0...v0.11.0) - github.com/spf13/afero: [v1.14.0 → v1.15.0](https://github.com/spf13/afero/compare/v1.14.0...v1.15.0) - github.com/spf13/cast: [v1.9.2 → v1.10.0](https://github.com/spf13/cast/compare/v1.9.2...v1.10.0) - github.com/spf13/cobra: [v1.10.1 → v1.10.2](https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2) - github.com/spf13/viper: [v1.20.1 → v1.21.0](https://github.com/spf13/viper/compare/v1.20.1...v1.21.0) - github.com/spiffe/go-spiffe/v2: [v2.5.0 → v2.6.0](https://github.com/spiffe/go-spiffe/v2/compare/v2.5.0...v2.6.0) - go.etcd.io/bbolt: v1.4.2 → v1.4.3 - go.etcd.io/etcd/api/v3: v3.6.4 → v3.6.5 - go.etcd.io/etcd/client/pkg/v3: v3.6.4 → v3.6.5 - go.etcd.io/etcd/client/v3: v3.6.4 → v3.6.5 - go.etcd.io/etcd/pkg/v3: v3.6.4 → v3.6.5 - go.etcd.io/etcd/server/v3: v3.6.4 → v3.6.5 - go.opentelemetry.io/auto/sdk: v1.1.0 → v1.2.1 - go.opentelemetry.io/contrib/detectors/gcp: v1.36.0 → v1.38.0 - go.opentelemetry.io/otel/metric: v1.37.0 → v1.39.0 - go.opentelemetry.io/otel/sdk/metric: v1.37.0 → v1.39.0 - go.opentelemetry.io/otel/sdk: v1.37.0 → v1.39.0 - go.opentelemetry.io/otel/trace: v1.37.0 → v1.39.0 - go.opentelemetry.io/otel: v1.37.0 → v1.39.0 - go.uber.org/zap: v1.27.0 → v1.27.1 - go.yaml.in/yaml/v2: v2.4.2 → v2.4.3 - golang.org/x/crypto: v0.43.0 → v0.47.0 - golang.org/x/mod: v0.28.0 → v0.31.0 - golang.org/x/net: v0.46.0 → v0.49.0 - golang.org/x/oauth2: v0.32.0 → v0.34.0 - golang.org/x/sync: v0.17.0 → v0.19.0 - golang.org/x/sys: v0.37.0 → v0.40.0 - golang.org/x/telemetry: aef8a43 → 8fff8a5 - golang.org/x/term: v0.36.0 → v0.39.0 - golang.org/x/text: v0.30.0 → v0.33.0 - golang.org/x/tools: v0.37.0 → v0.40.0 - google.golang.org/api: v0.254.0 → v0.262.0 - google.golang.org/genproto/googleapis/api: a7a43d2 → ff82c1b - google.golang.org/genproto/googleapis/bytestream: 3a174f9 → 409b4a9 - google.golang.org/genproto/googleapis/rpc: 3a174f9 → 409b4a9 - google.golang.org/genproto: 513f239 → ff82c1b - google.golang.org/grpc: v1.76.0 → v1.78.0 - google.golang.org/protobuf: v1.36.10 → v1.36.11 - k8s.io/api: v0.34.1 → v0.35.0 - k8s.io/apiextensions-apiserver: v0.34.1 → v0.35.0 - k8s.io/apimachinery: v0.34.1 → v0.35.0 - k8s.io/apiserver: v0.34.1 → v0.35.0 - k8s.io/client-go: v0.34.1 → v0.35.0 - k8s.io/code-generator: v0.34.1 → v0.35.0 - k8s.io/component-base: v0.34.1 → v0.35.0 - k8s.io/gengo/v2: c297c0c → ec3ebc5 - k8s.io/kms: v0.34.1 → v0.35.0 - k8s.io/kube-aggregator: v0.34.1 → v0.35.0 - k8s.io/kube-openapi: 589584f → 4e65d59 - k8s.io/utils: 0af2bda → bc988d5 - sigs.k8s.io/controller-runtime: v0.22.4 → v0.23.1 - sigs.k8s.io/gateway-api: v1.4.0 → v1.4.1 - sigs.k8s.io/structured-merge-diff/v6: v6.3.0 → d9cc664 - software.sslmate.com/src/go-pkcs12: v0.6.0 → v0.7.0 ##### Removed - github.com/zeebo/errs: [v1.4.0](https://github.com/zeebo/errs/tree/v1.4.0) </details> ### [`v1.20.0-alpha.0`](https://github.com/cert-manager/cert-manager/releases/tag/v1.20.0-alpha.0) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.6...v1.20.0-alpha.0) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. > ⚠️ This is a pre-release. For testing only! #### Changes since `v1.19.0` ##### Feature - Add built-in "Ready" status metrics for ClusterIssuer and Issuer resources. ([#8188](https://github.com/cert-manager/cert-manager/issues/8188), [@mikeluttikhuis](https://github.com/mikeluttikhuis)) - Add support for specifying `imagePullSecrets` in the `startupapicheck-job` Helm template to enable pulling images from private registries. ([#8186](https://github.com/cert-manager/cert-manager/issues/8186), [@mathieu-clnk](https://github.com/mathieu-clnk)) ##### Bug or Regression - Adds logs for cases when acme server returns us a fatal error in the order controller ([#8199](https://github.com/cert-manager/cert-manager/issues/8199), [@Peac36](https://github.com/Peac36)) - BUGFIX: in case kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed ([#8160](https://github.com/cert-manager/cert-manager/issues/8160), [@inteon](https://github.com/inteon)) - Fix unregulated retries with the DigitalOcean DNS-01 solver ([#8221](https://github.com/cert-manager/cert-manager/issues/8221), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Add full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging ([#8221](https://github.com/cert-manager/cert-manager/issues/8221), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Revert API defaults for issuer reference kind and group introduced in 0.19.0 ([#8173](https://github.com/cert-manager/cert-manager/issues/8173), [@erikgb](https://github.com/erikgb)) - When Prometheus monitoring is enabled, the metrics label is now set to the intended value of `cert-manager`. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). ([#8162](https://github.com/cert-manager/cert-manager/issues/8162), [@LiquidPL](https://github.com/LiquidPL)) ### [`v1.19.6`](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.6) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.5...v1.19.6) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. This patch release fixes an RBAC issue with the `cert-manager-edit` aggregate ClusterRole, which previously granted unnecessary write access to Challenge and Order resources. It also includes Go version bumps to address reported CVEs. All users are recommended to upgrade. #### Changes by Kind ##### Bug or Regression - Remove Challenge `create` and Order `create`, `patch`, `update` verbs from the `cert-manager-edit` aggregate ClusterRole. ([#8941](https://github.com/cert-manager/cert-manager/pull/8941), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) ##### Other (Cleanup or Flake) - Update Go to `v1.25.11` to fix CVE-2026-27145, CVE-2026-42504, and CVE-2026-42507 ([#8925](https://github.com/cert-manager/cert-manager/pull/8925), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Upgrade Go to 1.25.10 to fix reported vulnerabilities, along with other dependency bumps ([#8788](https://github.com/cert-manager/cert-manager/pull/8788), [@SgtCoDFish](https://github.com/SgtCoDFish)) ### [`v1.19.5`](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.5) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.4...v1.19.5) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. This is a simple patch release to fix some reported vulnerabilities. All users are recommended to upgrade. #### Changes by Kind ##### Other (Cleanup or Flake) - Bump go dependencies with reported vulnerabilities ([#8706](https://github.com/cert-manager/cert-manager/pull/8706), [@erikgb](https://github.com/erikgb)) - Bump go to 1.25.8 to address several reported vulnerabilities ([#8628](https://github.com/cert-manager/cert-manager/pull/8628), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Bump go to 1.25.9 ([#8705](https://github.com/cert-manager/cert-manager/pull/8705), [@erikgb](https://github.com/erikgb)) ### [`v1.19.4`](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.4) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.3...v1.19.4) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. v1.19.4 is a simple patch release to fix some reported vulnerabilities - notably CVE-2026-24051 and CVE-2025-68121. All users should upgrade. #### Changes by Kind ##### Bug or Regression - Bump go to address CVE-2025-68121 ([#8526](https://github.com/cert-manager/cert-manager/issues/8526), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Bump otel SDK to address GO-2026-4394 ([#8531](https://github.com/cert-manager/cert-manager/issues/8531), [@SgtCoDFish](https://github.com/SgtCoDFish)) ### [`v1.19.3`](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.3) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.2...v1.19.3) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. This release contains three bug fixes, including a fix for the MODERATE severity DoS issue in GHSA-gx3x-vq4p-mhhv. All users should upgrade to the latest release. #### Changes by Kind ##### Bug or Regression - Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. ([#8415](https://github.com/cert-manager/cert-manager/issues/8415), [@cert-manager-bot](https://github.com/cert-manager-bot)) - Fixed an issue where HTTP-01 challenges failed when the Host header contained an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. ([#8436](https://github.com/cert-manager/cert-manager/issues/8436), [@cert-manager-bot](https://github.com/cert-manager-bot)) - Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. ([#8468](https://github.com/cert-manager/cert-manager/issues/8468), [@SgtCoDFish](https://github.com/SgtCoDFish)) ##### Other (Cleanup or Flake) - Bump go to 1.25.6 ([#8459](https://github.com/cert-manager/cert-manager/issues/8459), [@SgtCoDFish](https://github.com/SgtCoDFish)) ### [`v1.19.2`](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.2) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.1...v1.19.2) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. We updated Go to fix some vulnerabilities in the standard library. > 📖 Read the [full 1.19 release notes](https://cert-manager.io/docs/releases/release-notes/release-notes-1.19) on the cert-manager.io website before upgrading. #### Changes since `v1.19.1` ##### Bug or Regression - Address false positive vulnerabilities `CVE-2025-47914` and `CVE-2025-58181` which were reported by Trivy. ([#8283](https://github.com/cert-manager/cert-manager/issues/8283), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Update Go to `v1.25.5` to fix `CVE-2025-61727` and `CVE-2025-61729` ([#8294](https://github.com/cert-manager/cert-manager/issues/8294), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Update `global.nodeSelector` to helm chart to perform a `merge` and allow for a single `nodeSelector` to be set across all services. ([#8233](https://github.com/cert-manager/cert-manager/issues/8233), [@cert-manager-bot](https://github.com/cert-manager-bot)) ##### Other (Cleanup or Flake) - Update cert-manager's ACME client, forked from `golang/x/crypto` ([#8270](https://github.com/cert-manager/cert-manager/issues/8270), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Updated Debian 12 distroless base images ([#8326](https://github.com/cert-manager/cert-manager/issues/8326), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) ### [`v1.19.1`](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.1) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.0...v1.19.1) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. We reverted the CRD-based API defaults for `Certificate.Spec.IssuerRef` and `CertificateRequest.Spec.IssuerRef` after they were found to cause unexpected certificate renewals after upgrading to 1.19.0. We will try re-introducing these API defaults in cert-manager `1.20`. We fixed a bug that caused certificates to be re-issued unexpectedly if the `issuerRef` kind or group was changed to one of the "runtime" default values. We upgraded Go to `1.25.3` to address the following security vulnerabilities: `CVE-2025-61724`, `CVE-2025-58187`, `CVE-2025-47912`, `CVE-2025-58183`, `CVE-2025-61723`, `CVE-2025-58186`, `CVE-2025-58185`, `CVE-2025-58188`, and `CVE-2025-61725`. > 📖 Read the [full 1.19 release notes](https://cert-manager.io/docs/releases/release-notes/release-notes-1.19) on the cert-manager.io website before upgrading. Changes since `v1.19.0`: ##### Bug or Regression - BUGFIX: in case kind or group in the `issuerRef` of a Certificate was omitted, upgrading to `1.19.x` incorrectly caused the certificate to be renewed ([#8175](https://github.com/cert-manager/cert-manager/issues/8175), [@cert-manager-bot](https://github.com/cert-manager-bot)) - Bump Go to 1.25.3 to fix a backwards incompatible change to the validation of DNS names in X.509 SAN fields which prevented the use of DNS names with a trailing dot ([#8177](https://github.com/cert-manager/cert-manager/issues/8177), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Revert API defaults for issuer reference kind and group introduced in 0.19.0 ([#8178](https://github.com/cert-manager/cert-manager/issues/8178), [@cert-manager-bot](https://github.com/cert-manager-bot)) ### [`v1.19.0`](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.0) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.19.0-alpha.0...v1.19.0) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. > ⚠️ **Known issues**: The following known issues are fixed in [v1.19.1](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.1): > > - [Unexpected certificate renewal after upgrading to 1.19.0](https://github.com/cert-manager/cert-manager/issues/8158) This release focuses on expanding platform compatibility, improving deployment flexibility, enhancing observability, and addressing key reliability issues. > 📖 Read the full release notes at cert-manager.io: <https://cert-manager.io/docs/releases/release-notes/release-notes-1.19> Changes since `v1.18.0`: #### Feature - Add IPv6 rules to the default network policy ([#7726](https://github.com/cert-manager/cert-manager/issues/7726), [@jcpunk](https://github.com/jcpunk)) - Add `global.nodeSelector` to helm chart to allow for a single `nodeSelector` to be set across all services. ([#7818](https://github.com/cert-manager/cert-manager/issues/7818), [@StingRayZA](https://github.com/StingRayZA)) - Add a feature gate to default to Ingress `pathType` `Exact` in ACME HTTP01 Ingress challenge solvers. ([#7795](https://github.com/cert-manager/cert-manager/issues/7795), [@sspreitzer](https://github.com/sspreitzer)) - Add generated `applyconfigurations` allowing clients to make type-safe server-side apply requests for cert-manager resources. ([#7866](https://github.com/cert-manager/cert-manager/issues/7866), [@erikgb](https://github.com/erikgb)) - Added API defaults to issuer references group (cert-manager.io) and kind (Issuer). ([#7414](https://github.com/cert-manager/cert-manager/issues/7414), [@erikgb](https://github.com/erikgb)) - Added `certmanager_certificate_challenge_status` Prometheus metric. ([#7736](https://github.com/cert-manager/cert-manager/issues/7736), [@hjoshi123](https://github.com/hjoshi123)) - Added `protocol` field for `rfc2136` DNS01 provider ([#7881](https://github.com/cert-manager/cert-manager/issues/7881), [@hjoshi123](https://github.com/hjoshi123)) - Added experimental field `hostUsers` flag to all pods. Not set by default. ([#7973](https://github.com/cert-manager/cert-manager/issues/7973), [@hjoshi123](https://github.com/hjoshi123)) - Support configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global `--acme-http01-solver-resource-*` settings. ([#7972](https://github.com/cert-manager/cert-manager/issues/7972), [@lunarwhite](https://github.com/lunarwhite)) - The `CAInjectorMerging` feature has been promoted to BETA and is now enabled by default ([#8017](https://github.com/cert-manager/cert-manager/issues/8017), [@ThatsMrTalbot](https://github.com/ThatsMrTalbot)) - The controller, webhook and ca-injector now log their version and git commit on startup for easier debugging and support. ([#8072](https://github.com/cert-manager/cert-manager/issues/8072), [@prasad89](https://github.com/prasad89)) - Updated `certificate` metrics to the collector approach. ([#7856](https://github.com/cert-manager/cert-manager/issues/7856), [@hjoshi123](https://github.com/hjoshi123)) #### Bug or Regression - ACME: Increased challenge authorization timeout to 2 minutes to fix `error waiting for authorization` ([#7796](https://github.com/cert-manager/cert-manager/issues/7796), [@hjoshi123](https://github.com/hjoshi123)) - BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints ([#7816](https://github.com/cert-manager/cert-manager/issues/7816), [@kinolaev](https://github.com/kinolaev)) - Enforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (`class`, `ingressClassName`, `name`) are specified simultaneously ([#8021](https://github.com/cert-manager/cert-manager/issues/8021), [@lunarwhite](https://github.com/lunarwhite)) - Increase maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities ([#7961](https://github.com/cert-manager/cert-manager/issues/7961), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Reverted adding the `global.rbac.disableHTTPChallengesRole` Helm option. ([#7836](https://github.com/cert-manager/cert-manager/issues/7836), [@inteon](https://github.com/inteon)) - This change removes the `path` label of core ACME client metrics and will require users to update their monitoring dashboards and alerting rules if using those metrics. ([#8109](https://github.com/cert-manager/cert-manager/issues/8109), [@mladen-rusev-cyberark](https://github.com/mladen-rusev-cyberark)) - Use the latest version of `ingress-nginx` in E2E tests to ensure compatibility ([#7792](https://github.com/cert-manager/cert-manager/issues/7792), [@wallrj](https://github.com/wallrj)) #### Other (Cleanup or Flake) - Helm: Fix naming template of `tokenrequest` RoleBinding resource to improve consistency ([#7761](https://github.com/cert-manager/cert-manager/issues/7761), [@lunarwhite](https://github.com/lunarwhite)) - Improve error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data ([#7928](https://github.com/cert-manager/cert-manager/issues/7928), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Major upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. ([#8003](https://github.com/cert-manager/cert-manager/issues/8003), [@hjoshi123](https://github.com/hjoshi123)) - Update kind images to include the Kubernetes 1.33 node image ([#7786](https://github.com/cert-manager/cert-manager/issues/7786), [@wallrj](https://github.com/wallrj)) - Use `maps.Copy` for cleaner map handling ([#8092](https://github.com/cert-manager/cert-manager/issues/8092), [@quantpoet](https://github.com/quantpoet)) - Vault: Migrate Vault E2E add-on tests from deprecated `vault-client-go` to the new `vault/api` client. ([#8059](https://github.com/cert-manager/cert-manager/issues/8059), [@armagankaratosun](https://github.com/armagankaratosun)) ### [`v1.19.0-alpha.0`](https://github.com/cert-manager/cert-manager/releases/tag/v1.19.0-alpha.0) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.18.6...v1.19.0-alpha.0) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. > ⚠️ This is a pre-release. For testing only! Changes since `v1.18.0`: ##### Feature - Add IPv6 rules to the default network policy ([`#7726`](https://github.com/cert-manager/cert-manager/pull/7726), [`@jcpunk`](https://github.com/jcpunk)) - Add `global.nodeSelector` to helm chart to allow for a single `nodeSelector` to be set across all services. ([`#7818`](https://github.com/cert-manager/cert-manager/pull/7818), [`@StingRayZA`](https://github.com/StingRayZA)) - Add generated `applyconfigurations` allowing clients to make type safe server-side apply requests for cert-manager resources. ([`#7866`](https://github.com/cert-manager/cert-manager/pull/7866), [`@erikgb`](https://github.com/erikgb)) - Added API defaults to issuer references group (cert-manager.io) and kind (Issuer). ([`#7414`](https://github.com/cert-manager/cert-manager/pull/7414), [`@erikgb`](https://github.com/erikgb)) - Added `certmanager_certificate_challenge_status` Prometheus metric. ([`#7736`](https://github.com/cert-manager/cert-manager/pull/7736), [`@hjoshi123`](https://github.com/hjoshi123)) - Added `protocol` field for `rfc2136` DNS01 provider ([`#7881`](https://github.com/cert-manager/cert-manager/pull/7881), [`@hjoshi123`](https://github.com/hjoshi123)) - `CAInjectorMerging` has been promoted to BETA and is now enabled by default ([`#8017`](https://github.com/cert-manager/cert-manager/pull/8017), [`@ThatsMrTalbot`](https://github.com/ThatsMrTalbot)) - Feature: Add support for [`ACME profiles extension`](https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/). ([`#7777`](https://github.com/cert-manager/cert-manager/pull/7777), [`@wallrj`](https://github.com/wallrj)) - Support configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global `--acme-http01-solver-resource-*` settings. ([`#7972`](https://github.com/cert-manager/cert-manager/pull/7972), [`@lunarwhite`](https://github.com/lunarwhite)) - The controller, webhook and ca-injector now logs its version and git commit on startup for easier debugging and support. ([`#8072`](https://github.com/cert-manager/cert-manager/pull/8072), [`@prasad89`](https://github.com/prasad89)) - Updated `certificate` metrics to the collector approach. ([`#7856`](https://github.com/cert-manager/cert-manager/pull/7856), [`@hjoshi123`](https://github.com/hjoshi123)) ##### Bug or Regression - ACME: Increased challenge authorization timeout to 2 minutes to fix `error waiting for authorization` ([`#7796`](https://github.com/cert-manager/cert-manager/pull/7796), [`@hjoshi123`](https://github.com/hjoshi123)) - BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints ([`#7816`](https://github.com/cert-manager/cert-manager/pull/7816), [`@kinolaev`](https://github.com/kinolaev)) - Enforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (`class`, `ingressClassName`, `name`) are specified simultaneously ([`#8021`](https://github.com/cert-manager/cert-manager/pull/8021), [`@lunarwhite`](https://github.com/lunarwhite)) - Increase maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities ([`#7961`](https://github.com/cert-manager/cert-manager/pull/7961), [`@SgtCoDFish`](https://github.com/SgtCoDFish)) - Reverted adding the `global.rbac.disableHTTPChallengesRole` Helm option. ([`#7836`](https://github.com/cert-manager/cert-manager/pull/7836), [`@inteon`](https://github.com/inteon)) - Use the latest version of ingress-nginx in E2E tests to ensure compatibility ([`#7792`](https://github.com/cert-manager/cert-manager/pull/7792), [`@wallrj`](https://github.com/wallrj)) ##### Other (Cleanup or Flake) - Helm: Fix naming template of `tokenrequest` RoleBinding resource to improve consistency ([`#7761`](https://github.com/cert-manager/cert-manager/pull/7761), [`@lunarwhite`](https://github.com/lunarwhite)) - Improve error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data ([`#7928`](https://github.com/cert-manager/cert-manager/pull/7928), [`@SgtCoDFish`](https://github.com/SgtCoDFish)) - Major upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. ([`#8003`](https://github.com/cert-manager/cert-manager/pull/8003), [`@hjoshi123`](https://github.com/hjoshi123)) - Update kind images to include the Kubernetes 1.33 node image ([`#7786`](https://github.com/cert-manager/cert-manager/pull/7786), [`@wallrj`](https://github.com/wallrj)) - Use `maps.Copy` for cleaner map handling ([`#8092`](https://github.com/cert-manager/cert-manager/pull/8092), [`@quantpoet`](https://github.com/quantpoet)) ### [`v1.18.6`](https://github.com/cert-manager/cert-manager/releases/tag/v1.18.6) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.18.5...v1.18.6) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. v1.18.6 is a simple patch release to fix some reported vulnerabilities, most notably [CVE-2025-68121](https://nvd.nist.gov/vuln/detail/CVE-2025-68121). NB: We didn't attempt to patch [CVE-2026-24051](https://nvd.nist.gov/vuln/detail/CVE-2026-24051) but that vulnerability affects macOS only, so cert-manager will be unaffected. #### Changes by Kind ##### Bug or Regression - Bump Go to address CVE-2025-68121 ([#8525](https://github.com/cert-manager/cert-manager/issues/8525), [@SgtCoDFish](https://github.com/SgtCoDFish)) ### [`v1.18.5`](https://github.com/cert-manager/cert-manager/releases/tag/v1.18.5) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.18.4...v1.18.5) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. This release contains three bug fixes, including a fix for the MODERATE severity DoS issue in GHSA-gx3x-vq4p-mhhv. All users should upgrade to the latest release. #### Changes by Kind ##### Bug or Regression - Fixed an infinite re-issuance loop that could occur when an issuer returns a certificate with a public key that doesn't match the CSR. The issuing controller now validates the certificate before storing it and fails with backoff on mismatch. ([#8414](https://github.com/cert-manager/cert-manager/issues/8414), [@cert-manager-bot](https://github.com/cert-manager-bot)) - Fixed an issue where HTTP-01 challenges failed when the Host header contains an IPv6 address. This means that users can now issue IP address certificates for IPv6 address subjects. ([#8437](https://github.com/cert-manager/cert-manager/issues/8437), [@cert-manager-bot](https://github.com/cert-manager-bot)) - Security (MODERATE): Fix a potential panic in the cert-manager controller when a DNS response in an unexpected order was cached. If an attacker was able to modify DNS responses (or if they controlled the DNS server) it was possible to cause denial of service for the cert-manager controller. ([#8467](https://github.com/cert-manager/cert-manager/issues/8467), [@SgtCoDFish](https://github.com/SgtCoDFish)) ##### Other (Cleanup or Flake) - Bump go to 1.24.12 ([#8460](https://github.com/cert-manager/cert-manager/issues/8460), [@SgtCoDFish](https://github.com/SgtCoDFish)) ### [`v1.18.4`](https://github.com/cert-manager/cert-manager/releases/tag/v1.18.4) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.18.3...v1.18.4) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. We updated Go to fix some vulnerabilities in the standard library. > 📖 Read the [full 1.18 release notes](https://cert-manager.io/docs/releases/release-notes/release-notes-1.18) on the cert-manager.io website before upgrading. #### Changes since `v1.18.3` ##### Bug or Regression - Address false positive vulnerabilities `CVE-2025-47914` and `CVE-2025-58181` which were reported by Trivy. ([#8282](https://github.com/cert-manager/cert-manager/issues/8282), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Update Go to `v1.24.11` to fix `CVE-2025-61727` and `CVE-2025-61729` ([#8295](https://github.com/cert-manager/cert-manager/issues/8295), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) ##### Other (Cleanup or Flake) - Update cert-manager's ACME client, forked from `golang/x/crypto` ([#8271](https://github.com/cert-manager/cert-manager/issues/8271), [@SgtCoDFish](https://github.com/SgtCoDFish)) - Updated Debian 12 distroless base images ([#8328](https://github.com/cert-manager/cert-manager/issues/8328), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) ### [`v1.18.3`](https://github.com/cert-manager/cert-manager/releases/tag/v1.18.3) [Compare Source](https://github.com/cert-manager/cert-manager/compare/v1.18.2...v1.18.3) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. We fixed a bug which caused certificates to be re-issued unexpectedly, if the issuerRef kind or group was changed to one of the "runtime" default values. We increased the size limit when parsing PEM certificate chains to handle leaf certificates with large numbers of DNS named or other identities. We upgraded Go to 1.24.9 to fix various non-critical security vulnerabilities. > 📖 Read the [full 1.18 release notes](https://cert-manager.io/docs/releases/release-notes/release-notes-1.18) on the cert-manager.io website before upgrading. Changes since `v1.18.2`: ##### Bug or Regression - BUGFIX: in case kind or group in the issuerRef of a Certificate was omitted, upgrading to 1.19.x incorrectly caused the certificate to be renewed ([#8174](https://github.com/cert-manager/cert-manager/issues/8174), [@cert-manager-bot](https://github.com/cert-manager-bot)) - Bump Go to 1.24.9. Fixes the following vulnerabilities: CVE-2025-61724, CVE-2025-58187, CVE-2025-47912, CVE-2025-58183, CVE-2025-61723, CVE-2025-58186, CVE-2025-58185, CVE-2025-58188, CVE-2025-61725 ([#8176](https://github.com/cert-manager/cert-manager/issues/8176), [@wallrj-cyberark](https://github.com/wallrj-cyberark)) - Increase maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities ([#7966](https://github.com/cert-manager/cert-manager/issues/7966), [@cert-manager-bot](https://github.com/cert-manager-bot)) ##### Other (Cleanup or Flake) - Improve error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data ([#7964](https://github.com/cert-manager/cert-manager/issues/7964), [@cert-manager-bot](https://github.com/cert-manager-bot)) - Upgrades Go to v1.24.6 ([#7974](https://github.com/cert-manager/cert-manager/issues/7974), [@SgtCoDFish](https://github.com/SgtCoDFish)) </details> <details> <summary>kubernetes-csi/csi-driver-nfs (csi-driver-nfs)</summary> ### [`v4.13.3`](https://github.com/kubernetes-csi/csi-driver-nfs/releases/tag/v4.13.3): release [Compare Source](https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.13.2...v4.13.3) ##### What's Changed - chore: pin all GitHub Actions to full-length commit SHAs by [@andyzhangx](https://github.com/andyzhangx) in [#1094](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1094) - \[release-4.13] fix: update csi release tools to fix broken image build due to missing gcb-docker-gcloud image by [@andyzhangx](https://github.com/andyzhangx) in [#1096](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1096) - fix: set nodeDriverRegistrar.livenessProbe.enabled default to true by [@andyzhangx](https://github.com/andyzhangx) in [#1101](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1101) - fix: cherry-pick [#1102](https://github.com/kubernetes-csi/csi-driver-nfs/issues/1102) - correct storageclass annotations and node dnsPolicy in latest chart by [@andyzhangx](https://github.com/andyzhangx) in [#1104](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1104) - feat: add --timeout flag for node-driver-registrar (cherry-pick to release-4.13) by [@andyzhangx](https://github.com/andyzhangx) in [#1107](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1107) - fix: correct storageclass annotations and node dnsPolicy in latest chart by [@andyzhangx](https://github.com/andyzhangx) in [#1103](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1103) - \[release-4.13] fix: detect and remount stale NFS mounts in NodePublishVolume by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1109](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1109) - \[release-4.13] fix: use syscall.Chmod to correctly handle setgid/setuid/sticky bits in mountPermissions by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1110](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1110) - \[release-4.13] fix: preserve file timestamps when restoring snapshots via TarUnpack by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1120](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1120) - \[release-4.13] chore: bump Go version to 1.25.10 in trivy workflow by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1123](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1123) - \[release-1.20] fix: CVE-2026-29181 by [@andyzhangx](https://github.com/andyzhangx) in [#1124](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1124) - \[release-4.13] fix: build with go1.26.3 to fix go CVE by [@andyzhangx](https://github.com/andyzhangx) in [#1129](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1129) - \[release-4.13] chore(deps): bump build-image/debian-base from bookworm-v1.0.7 to bookworm-v1.0.8 by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1138](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1138) - \[release-4.13] fix: CVE-2026-35469 by [@andyzhangx](https://github.com/andyzhangx) in [#1141](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1141) - \[release-4.13] chore: bump Go version to 1.25.11 in trivy workflow by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1149](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1149) - \[release-4.13] fix: build with go1.26.4 to fix go CVE by [@andyzhangx](https://github.com/andyzhangx) in [#1151](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1151) - Update csi-release-tools for release-4.13 by [@andyzhangx](https://github.com/andyzhangx) in [#1155](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1155) - \[release-4.13] fix: prevent liveness-probe port conflict during controller rolling update by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1156](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1156) - \[release-4.13] fix: prevent VolumeSnapshotClass server/share from overriding source volume mount in CreateSnapshot by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1159](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1159) - doc: cut v4.13.3 release by [@andyzhangx](https://github.com/andyzhangx) in [#1160](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1160) **Full Changelog**: <https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.13.2...v4.13.3> ### [`v4.13.2`](https://github.com/kubernetes-csi/csi-driver-nfs/releases/tag/v4.13.2): release [Compare Source](https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.13.1...v4.13.2) ##### What's Changed - \[release-4.13] fix: avoid VolumeAttributesClass error logs in csi sidecar containers by [@andyzhangx](https://github.com/andyzhangx) in [#1049](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1049) - \[release-4.13] test: upgrade to golint 2.10 by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1069](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1069) - \[release-4.13] test: fix CVE-2026-25679 in trivy action by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1070](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1070) - \[release-4.13] security: Update trivy-action to use sha for v0.35.0 by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1076](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1076) - fix: CVE-2026-33186 by [@andyzhangx](https://github.com/andyzhangx) in [#1077](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1077) - \[release-4.13] chore: build with go1.25.9 by [@andyzhangx](https://github.com/andyzhangx) in [#1085](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1085) - \[release-4.13] test: fix trivy action failure by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1083](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1083) - \[release-4.13] cleanup: add validatePath to newNFSVolume by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1089](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1089) - doc: cut v4.13.2 release by [@andyzhangx](https://github.com/andyzhangx) in [#1092](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1092) **Full Changelog**: <https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.13.1...v4.13.2> ### [`v4.13.1`](https://github.com/kubernetes-csi/csi-driver-nfs/releases/tag/v4.13.1): release [Compare Source](https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.13.0...v4.13.1) ##### What's Changed - \[release-4.13] chore: validate mount path by [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) in [#1041](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1041) - \[release-4.13] chore: Update csi release tools by [@andyzhangx](https://github.com/andyzhangx) in [#1043](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1043) - doc: cut v4.13.1 release by [@andyzhangx](https://github.com/andyzhangx) in [#1042](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1042) ##### New Contributors - [@k8s-infra-cherrypick-robot](https://github.com/k8s-infra-cherrypick-robot) made their first contribution in [#1041](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1041) **Full Changelog**: <https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.13.0...v4.13.1> ### [`v4.13.0`](https://github.com/kubernetes-csi/csi-driver-nfs/releases/tag/v4.13.0): release [Compare Source](https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.12.1...v4.13.0) ##### What's Changed - chore(deps): bump golang.org/x/net from 0.45.0 to 0.46.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#979](https://github.com/kubernetes-csi/csi-driver-nfs/pull/979) - doc: cut v4.12.0 release by [@andyzhangx](https://github.com/andyzhangx) in [#978](https://github.com/kubernetes-csi/csi-driver-nfs/pull/978) - chore: Update csi release tools by [@andyzhangx](https://github.com/andyzhangx) in [#981](https://github.com/kubernetes-csi/csi-driver-nfs/pull/981) - chore(deps): bump golang.org/x/mod from 0.28.0 to 0.29.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#982](https://github.com/kubernetes-csi/csi-driver-nfs/pull/982) - chore: Update csi release tools by [@andyzhangx](https://github.com/andyzhangx) in [#984](https://github.com/kubernetes-csi/csi-driver-nfs/pull/984) - doc: update new chart versions by [@andyzhangx](https://github.com/andyzhangx) in [#990](https://github.com/kubernetes-csi/csi-driver-nfs/pull/990) - Release tool update by [@darshansreenivas](https://github.com/darshansreenivas) in [#992](https://github.com/kubernetes-csi/csi-driver-nfs/pull/992) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.26.0 to 2.27.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#996](https://github.com/kubernetes-csi/csi-driver-nfs/pull/996) - chore: Update csi release tools by [@andyzhangx](https://github.com/andyzhangx) in [#997](https://github.com/kubernetes-csi/csi-driver-nfs/pull/997) - chore: upgrade CSI driver sidecar image versions by [@andyzhangx](https://github.com/andyzhangx) in [#1000](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1000) - fix: CVE-2025-52881 by [@andyzhangx](https://github.com/andyzhangx) in [#1003](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1003) - test: upgrade to csi-test v5.4.0 by [@andyzhangx](https://github.com/andyzhangx) in [#1005](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1005) - fix: CVE-2025-58181 by [@andyzhangx](https://github.com/andyzhangx) in [#1007](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1007) - chore(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#1008](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1008) - chore(deps): bump golang.org/x/mod from 0.29.0 to 0.30.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#1009](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1009) - doc: fix volumeHandle format by [@andyzhangx](https://github.com/andyzhangx) in [#1010](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1010) - Make baseRepo feature work by default without per-image repository overrides by [@Copilot](https://github.com/Copilot) in [#1012](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1012) - test: fix trivy CVE-2025-61727 by [@andyzhangx](https://github.com/andyzhangx) in [#1013](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1013) - docs: fix typo (hlem → helm) by [@thakurnishu](https://github.com/thakurnishu) in [#1016](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1016) - chore(deps): bump github.com/onsi/gomega from 1.38.2 to 1.38.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#1017](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1017) - fix: CVE-2025-13281 by [@andyzhangx](https://github.com/andyzhangx) in [#1021](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1021) - chore: upgrade csi-provisioner to v6.1.0 by [@andyzhangx](https://github.com/andyzhangx) in [#1020](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1020) - chore: build image with go1.24.11 to fix CVE by [@andyzhangx](https://github.com/andyzhangx) in [#1022](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1022) - cleanup: refine mount time out error message by [@andyzhangx](https://github.com/andyzhangx) in [#1023](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1023) - test: fix CVE-2025-61726 trivy failure by [@andyzhangx](https://github.com/andyzhangx) in [#1027](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1027) - chore(deps): bump build-image/debian-base from bookworm-v1.0.6 to bookworm-v1.0.7 by [@dependabot](https://github.com/dependabot)\[bot] in [#1028](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1028) - chore: Update csi release tools by [@andyzhangx](https://github.com/andyzhangx) in [#1029](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1029) - feat: add optional healthcheck for node-driver-registrar by [@ajhetherington](https://github.com/ajhetherington) in [#1026](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1026) - feat: add --enable-snapshot-compression flag to control snapshot compression by [@Copilot](https://github.com/Copilot) in [#1011](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1011) - chore: remove vendor-specific cloud-provider-azure dependency from generic NFS CSI driver by [@Copilot](https://github.com/Copilot) in [#1024](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1024) ##### New Contributors - [@darshansreenivas](https://github.com/darshansreenivas) made their first contribution in [#992](https://github.com/kubernetes-csi/csi-driver-nfs/pull/992) - [@Copilot](https://github.com/Copilot) made their first contribution in [#1012](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1012) - [@thakurnishu](https://github.com/thakurnishu) made their first contribution in [#1016](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1016) - [@ajhetherington](https://github.com/ajhetherington) made their first contribution in [#1026](https://github.com/kubernetes-csi/csi-driver-nfs/pull/1026) **Full Changelog**: <https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.12.0...v4.13.0> ### [`v4.12.1`](https://github.com/kubernetes-csi/csi-driver-nfs/releases/tag/v4.12.1): release [Compare Source](https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.12.0...v4.12.1) ##### What's Changed - doc: cut v4.12.1 release by [@andyzhangx](https://github.com/andyzhangx) in [#987](https://github.com/kubernetes-csi/csi-driver-nfs/pull/987) - \[release-4.12] chore: Update csi release tools by [@andyzhangx](https://github.com/andyzhangx) in [#988](https://github.com/kubernetes-csi/csi-driver-nfs/pull/988) **Full Changelog**: <https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.12.0...v4.12.1> ### [`v4.12.0`](https://github.com/kubernetes-csi/csi-driver-nfs/releases/tag/v4.12.0): release [Compare Source](https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.11.0...v4.12.0) ##### What's Changed - doc: cut v4.11.0 release by [@andyzhangx](https://github.com/andyzhangx) in [#880](https://github.com/kubernetes-csi/csi-driver-nfs/pull/880) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.0 to 2.23.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#883](https://github.com/kubernetes-csi/csi-driver-nfs/pull/883) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.1 to 2.23.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#884](https://github.com/kubernetes-csi/csi-driver-nfs/pull/884) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.2 to 2.23.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#887](https://github.com/kubernetes-csi/csi-driver-nfs/pull/887) - chore(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6 by [@dependabot](https://github.com/dependabot)\[bot] in [#888](https://github.com/kubernetes-csi/csi-driver-nfs/pull/888) - chore(deps): bump github.com/onsi/gomega from 1.36.2 to 1.36.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#890](https://github.com/kubernetes-csi/csi-driver-nfs/pull/890) - chore: use go1.24 by [@andyzhangx](https://github.com/andyzhangx) in [#895](https://github.com/kubernetes-csi/csi-driver-nfs/pull/895) - chore(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#893](https://github.com/kubernetes-csi/csi-driver-nfs/pull/893) - chore(deps): bump google.golang.org/grpc from 1.71.0 to 1.71.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#896](https://github.com/kubernetes-csi/csi-driver-nfs/pull/896) - chore(deps): bump github.com/onsi/gomega from 1.36.3 to 1.37.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#897](https://github.com/kubernetes-csi/csi-driver-nfs/pull/897) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 by [@dependabot](https://github.com/dependabot)\[bot] in [#898](https://github.com/kubernetes-csi/csi-driver-nfs/pull/898) - chore(deps): bump golang.org/x/net from 0.38.0 to 0.39.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#900](https://github.com/kubernetes-csi/csi-driver-nfs/pull/900) - test: fix CVE-2025-22871 in trivy action by [@andyzhangx](https://github.com/andyzhangx) in [#902](https://github.com/kubernetes-csi/csi-driver-nfs/pull/902) - chore: upgrade resizer sidecar image version to v1.13.2 by [@andyzhangx](https://github.com/andyzhangx) in [#903](https://github.com/kubernetes-csi/csi-driver-nfs/pull/903) - feat: add POD\_NAMESPACE environment var by [@mfhunruh](https://github.com/mfhunruh) in [#901](https://github.com/kubernetes-csi/csi-driver-nfs/pull/901) - chore(deps): bump google.golang.org/grpc from 1.71.1 to 1.72.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#904](https://github.com/kubernetes-csi/csi-driver-nfs/pull/904) - chore: upgrade snapshot sidecar image to v8.2.1 by [@andyzhangx](https://github.com/andyzhangx) in [#905](https://github.com/kubernetes-csi/csi-driver-nfs/pull/905) - fix: goroutine leak when timeout by [@andyzhangx](https://github.com/andyzhangx) in [#907](https://github.com/kubernetes-csi/csi-driver-nfs/pull/907) - chore(deps): bump golang.org/x/net from 0.39.0 to 0.40.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#910](https://github.com/kubernetes-csi/csi-driver-nfs/pull/910) - chore: create voume/snapshot should respect mountOptions in secret by [@andyzhangx](https://github.com/andyzhangx) in [#911](https://github.com/kubernetes-csi/csi-driver-nfs/pull/911) - chore(deps): bump google.golang.org/grpc from 1.72.0 to 1.72.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#913](https://github.com/kubernetes-csi/csi-driver-nfs/pull/913) - chore(deps): bump google.golang.org/grpc from 1.72.1 to 1.72.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#916](https://github.com/kubernetes-csi/csi-driver-nfs/pull/916) - chore: upgrade sidecar image versions by [@andyzhangx](https://github.com/andyzhangx) in [#920](https://github.com/kubernetes-csi/csi-driver-nfs/pull/920) - chore(deps): bump google.golang.org/grpc from 1.72.2 to 1.73.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#922](https://github.com/kubernetes-csi/csi-driver-nfs/pull/922) - chore(deps): bump golang.org/x/mod from 0.24.0 to 0.25.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#924](https://github.com/kubernetes-csi/csi-driver-nfs/pull/924) - test: fix CVE-2025-4673 in trivy action by [@andyzhangx](https://github.com/andyzhangx) in [#926](https://github.com/kubernetes-csi/csi-driver-nfs/pull/926) - chore(deps): bump build-image/debian-base from bookworm-v1.0.4 to bookworm-v1.0.5 by [@dependabot](https://github.com/dependabot)\[bot] in [#928](https://github.com/kubernetes-csi/csi-driver-nfs/pull/928) - chore(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#925](https://github.com/kubernetes-csi/csi-driver-nfs/pull/925) - chore(deps): bump sigs.k8s.io/yaml from 1.4.0 to 1.5.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#931](https://github.com/kubernetes-csi/csi-driver-nfs/pull/931) - chore: upgrade snapshot and csi-resizer image versions by [@andyzhangx](https://github.com/andyzhangx) in [#932](https://github.com/kubernetes-csi/csi-driver-nfs/pull/932) - chore(deps): bump golang.org/x/mod from 0.25.0 to 0.26.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#933](https://github.com/kubernetes-csi/csi-driver-nfs/pull/933) - chore(deps): bump golang.org/x/net from 0.41.0 to 0.42.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#934](https://github.com/kubernetes-csi/csi-driver-nfs/pull/934) - chore(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#935](https://github.com/kubernetes-csi/csi-driver-nfs/pull/935) - chore(deps): bump google.golang.org/grpc from 1.74.0 to 1.74.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#936](https://github.com/kubernetes-csi/csi-driver-nfs/pull/936) - chore(deps): bump github.com/onsi/gomega from 1.37.0 to 1.38.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#937](https://github.com/kubernetes-csi/csi-driver-nfs/pull/937) - chore(deps): bump sigs.k8s.io/yaml from 1.5.0 to 1.6.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#938](https://github.com/kubernetes-csi/csi-driver-nfs/pull/938) - chore(deps): bump golang.org/x/net from 0.42.0 to 0.43.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#941](https://github.com/kubernetes-csi/csi-driver-nfs/pull/941) - chore(deps): bump golang.org/x/mod from 0.26.0 to 0.27.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#942](https://github.com/kubernetes-csi/csi-driver-nfs/pull/942) - test: fix CVE-2025-47907 trivy test failure by [@andyzhangx](https://github.com/andyzhangx) in [#943](https://github.com/kubernetes-csi/csi-driver-nfs/pull/943) - chore(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.7 by [@dependabot](https://github.com/dependabot)\[bot] in [#947](https://github.com/kubernetes-csi/csi-driver-nfs/pull/947) - chore(deps): bump actions/checkout from 4 to 5 by [@dependabot](https://github.com/dependabot)\[bot] in [#948](https://github.com/kubernetes-csi/csi-driver-nfs/pull/948) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.23.4 to 2.25.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#951](https://github.com/kubernetes-csi/csi-driver-nfs/pull/951) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.25.0 to 2.25.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#952](https://github.com/kubernetes-csi/csi-driver-nfs/pull/952) - chore(deps): bump github.com/onsi/gomega from 1.38.0 to 1.38.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#953](https://github.com/kubernetes-csi/csi-driver-nfs/pull/953) - chore(deps): bump google.golang.org/grpc from 1.74.2 to 1.75.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#954](https://github.com/kubernetes-csi/csi-driver-nfs/pull/954) - fix: CVE-2025-5187 by [@andyzhangx](https://github.com/andyzhangx) in [#956](https://github.com/kubernetes-csi/csi-driver-nfs/pull/956) - chore(deps): bump actions/setup-go from 5 to 6 by [@dependabot](https://github.com/dependabot)\[bot] in [#958](https://github.com/kubernetes-csi/csi-driver-nfs/pull/958) - chore(deps): bump github.com/onsi/gomega from 1.38.1 to 1.38.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#957](https://github.com/kubernetes-csi/csi-driver-nfs/pull/957) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.25.1 to 2.25.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#959](https://github.com/kubernetes-csi/csi-driver-nfs/pull/959) - chore(deps): bump golang.org/x/mod from 0.27.0 to 0.28.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#960](https://github.com/kubernetes-csi/csi-driver-nfs/pull/960) - chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#961](https://github.com/kubernetes-csi/csi-driver-nfs/pull/961) - chore(deps): bump google.golang.org/protobuf from 1.36.7 to 1.36.9 by [@dependabot](https://github.com/dependabot)\[bot] in [#962](https://github.com/kubernetes-csi/csi-driver-nfs/pull/962) - chore(deps): bump google.golang.org/grpc from 1.75.0 to 1.75.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#963](https://github.com/kubernetes-csi/csi-driver-nfs/pull/963) - chore(deps): bump golang.org/x/net from 0.43.0 to 0.44.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#964](https://github.com/kubernetes-csi/csi-driver-nfs/pull/964) - chore(deps): bump build-image/debian-base from bookworm-v1.0.5 to bookworm-v1.0.6 by [@dependabot](https://github.com/dependabot)\[bot] in [#966](https://github.com/kubernetes-csi/csi-driver-nfs/pull/966) - chore: upgrade csi sidecar image versions by [@andyzhangx](https://github.com/andyzhangx) in [#967](https://github.com/kubernetes-csi/csi-driver-nfs/pull/967) - doc: update semver change doc for helm chart install by [@andyzhangx](https://github.com/andyzhangx) in [#969](https://github.com/kubernetes-csi/csi-driver-nfs/pull/969) - chore(deps): bump google.golang.org/protobuf from 1.36.9 to 1.36.10 by [@dependabot](https://github.com/dependabot)\[bot] in [#970](https://github.com/kubernetes-csi/csi-driver-nfs/pull/970) - chore(deps): bump github.com/onsi/ginkgo/v2 from 2.25.3 to 2.26.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#971](https://github.com/kubernetes-csi/csi-driver-nfs/pull/971) - chore(deps): bump google.golang.org/grpc from 1.75.1 to 1.76.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#972](https://github.com/kubernetes-csi/csi-driver-nfs/pull/972) - chore(deps): bump github/codeql-action from 3 to 4 by [@dependabot](https://github.com/dependabot)\[bot] in [#975](https://github.com/kubernetes-csi/csi-driver-nfs/pull/975) - chore(deps): bump golang.org/x/net from 0.44.0 to 0.45.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#976](https://github.com/kubernetes-csi/csi-driver-nfs/pull/976) - feat: support multiple storage classes creation using helm chart by [@andyzhangx](https://github.com/andyzhangx) in [#977](https://github.com/kubernetes-csi/csi-driver-nfs/pull/977) ##### New Contributors - [@mfhunruh](https://github.com/mfhunruh) made their first contribution in [#901](https://github.com/kubernetes-csi/csi-driver-nfs/pull/901) **Full Changelog**: <https://github.com/kubernetes-csi/csi-driver-nfs/compare/v4.11.0...v4.12.0> </details> <details> <summary>metallb/metallb (metallb/metallb)</summary> ### [`v0.16.1`](https://github.com/metallb/metallb/compare/v0.16.0...v0.16.1) [Compare Source](https://github.com/metallb/metallb/compare/v0.16.0...v0.16.1) </details> <details> <summary>pnpm/pnpm (pnpm)</summary> ### [`v10.34.4`](https://github.com/pnpm/pnpm/compare/v10.34.3...v10.34.4) [Compare Source](https://github.com/pnpm/pnpm/compare/v10.34.3...v10.34.4) ### [`v10.34.3`](https://github.com/pnpm/pnpm/releases/tag/v10.34.3): pnpm 10.34.3 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.34.2...v10.34.3) ##### ⚠️ Security fix — environment variables in a project `.npmrc` (action may be required) Following [GHSA-3qhv-2rgh-x77r](https://github.com/pnpm/pnpm/security/advisories/GHSA-3qhv-2rgh-x77r), pnpm no longer expands `${ENV_VAR}` placeholders that come from a **repository-controlled** config file, because a malicious repository could otherwise use them to leak your environment secrets (npm tokens, CI job tokens, etc.) to an attacker-controlled registry during install. This applies to: - the project/workspace `.npmrc` — `registry`, `@scope:registry`, proxy URLs, URL-scoped keys (`//host/…`), and credential values (`_authToken`, `_auth`, `_password`, `username`, `tokenHelper`, `cert`, `key`); - registry URLs in `pnpm-workspace.yaml`. This release also closes a bypass where a project `.npmrc` could set `userconfig`, `globalconfig`, or `prefix` to make pnpm load a repo-supplied file as *trusted* config (via `@pnpm/npm-conf@3.0.3`). Environment variables are **still** expanded in trusted config: your user-level `~/.npmrc`, the global config, CLI options, and environment config. **If your authentication broke after upgrading**, move the token out of the committed `.npmrc`: ```sh # Writes to your user/global config, not the repository: pnpm config set "//registry.npmjs.org/:_authToken" "$NPM_TOKEN" ``` Or keep the `${NPM_TOKEN}` line but put it in your user-level `~/.npmrc` instead of the repo. In **GitHub Actions**, `actions/setup-node` with `registry-url` already writes a user-level `.npmrc`, so `NODE_AUTH_TOKEN` keeps working. For other CI where editing each pipeline is hard, set `NPM_CONFIG_USERCONFIG=.npmrc` in the CI environment to declare the project `.npmrc` trusted. See <https://pnpm.io/npmrc> for full migration details. ##### Patch Changes - Improved the warning printed when a project `.npmrc` uses an environment variable in a registry/proxy URL or in registry credentials. The message now explains why the setting was ignored and how to migrate it to a trusted source — for example by running `pnpm config set "<key>" <value>` to store it in the global config, or by keeping the `${...}` line in the user-level `~/.npmrc` — with a link to <https://pnpm.io/npmrc>. - A repository-controlled project or workspace `.npmrc` can no longer redirect which files pnpm loads as its trusted user and global configuration. Previously such a file could set `userconfig`, `globalconfig`, or `prefix` to point at an attacker-supplied file shipped in the repository, and pnpm would load it as a trusted config source — bypassing the protection that prevents repository config from expanding environment variables into registry request destinations and credentials, and allowing it to set `tokenHelper`. The user/global config file locations are now resolved only from trusted sources (CLI options, environment config, the npm builtin config, and defaults) before the project and workspace `.npmrc` files are read. Fixed by upgrading `@pnpm/npm-conf` to `3.0.3`.  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.34.2`](https://github.com/pnpm/pnpm/releases/tag/v10.34.2): pnpm 10.34.2 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.34.1...v10.34.2) ##### ⚠️ Security fix — environment variables in a project `.npmrc` (action may be required) Following [GHSA-3qhv-2rgh-x77r](https://github.com/pnpm/pnpm/security/advisories/GHSA-3qhv-2rgh-x77r), pnpm no longer expands `${ENV_VAR}` placeholders that come from a **repository-controlled** config file, because a malicious repository could otherwise use them to leak your environment secrets (npm tokens, CI job tokens, etc.) to an attacker-controlled registry during install. This applies to: - the project/workspace `.npmrc` — `registry`, `@scope:registry`, proxy URLs, URL-scoped keys (`//host/…`), and credential values (`_authToken`, `_auth`, `_password`, `username`, `tokenHelper`, `cert`, `key`); - registry URLs in `pnpm-workspace.yaml`. This release also closes a bypass where a project `.npmrc` could set `userconfig`, `globalconfig`, or `prefix` to make pnpm load a repo-supplied file as *trusted* config (via `@pnpm/npm-conf@3.0.3`). Environment variables are **still** expanded in trusted config: your user-level `~/.npmrc`, the global config, CLI options, and environment config. **If your authentication broke after upgrading**, move the token out of the committed `.npmrc`: ```sh # Writes to your user/global config, not the repository: pnpm config set "//registry.npmjs.org/:_authToken" "$NPM_TOKEN" ``` Or keep the `${NPM_TOKEN}` line but put it in your user-level `~/.npmrc` instead of the repo. In **GitHub Actions**, `actions/setup-node` with `registry-url` already writes a user-level `.npmrc`, so `NODE_AUTH_TOKEN` keeps working. For other CI where editing each pipeline is hard, set `NPM_CONFIG_USERCONFIG=.npmrc` in the CI environment to declare the project `.npmrc` trusted. See <https://pnpm.io/npmrc> for full migration details. ##### Patch Changes - Package-manager bootstrap traffic is now resolved through trusted registries and trusted network config. When pnpm downloads the pnpm version requested by a repository's `packageManager` field, the registry it fetches from (and the proxy/TLS settings used for that traffic) now come exclusively from trusted config sources — CLI options, env config, user and global `.npmrc` — defaulting to the public npm registry, instead of the repository's project/workspace settings. - pnpm now verifies the npm registry signature of a package-manager binary before spawning it. When the `packageManager` field (or `pnpm self-update`) makes pnpm download another pnpm version, the staged install is verified corepack-style: the integrity recorded in the staged lockfile must carry a valid npm registry signature for the exact `name@version`, validated against npm's public signing keys that ship embedded in the pnpm CLI. Verification fails closed — a tampered download, an unsigned package, or an unreachable registry refuses the version switch rather than running an unverified binary. It runs only when the wanted version is actually downloaded (a tools-directory cache miss), so repeated commands pay no extra network round trip. - Environment variable expansion is now trust-aware for registry/auth config and request destinations. Repository-controlled config files (the project and workspace `.npmrc` and `pnpm-workspace.yaml`) can no longer expand `${...}` placeholders in registry/proxy request destinations, URL-scoped keys, or registry credential values, preventing repository-controlled configuration from exfiltrating environment secrets through request URLs. Trusted user/global/CLI/env config keeps full env expansion, so existing token and registry setup flows continue to work. - Reject reserved manifest `bin` names (`""`, `"."`, `".."`, and scoped forms such as `@scope/..`) when resolving a package's bins. These names previously passed the bin-name guard and, when joined to the global bin directory during global remove/update/add operations, could resolve to the global bin directory itself or its parent and have it recursively deleted. - Require trusted package identity before package-name `onlyBuiltDependencies` (and `allowBuilds`) entries can approve lifecycle scripts for git, git-hosted tarball, direct tarball, and local directory artifacts. To approve one of those artifacts explicitly, use its peer-suffix-free lockfile depPath as the key. Lockfile entries are now rejected when a registry-style dependency path (`name@semver`) is backed by a git, directory, or git-hosted tarball resolution (`ERR_PNPM_RESOLUTION_SHAPE_MISMATCH`), so the dependency path is a reliable artifact identity by the time scripts can run. - pnpm now verifies the detached OpenPGP signature of a Node.js release's `SHASUMS256.txt` against the Node.js release team's public keys (embedded in the pnpm CLI) before trusting its hashes. The Node.js download mirror is repository-configurable (`node-mirror:<channel>` in `.npmrc`), and the integrity check previously trusted a `SHASUMS256.txt` fetched from that same mirror — a circular check that a malicious mirror could satisfy with a tampered binary and matching hashes. A mirror that proxies the real signed SHASUMS keeps working unchanged. Only the `release` channel publishes signed SHASUMS files, so pre-release channels (rc, nightly, …) remain unverified.  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.34.1`](https://github.com/pnpm/pnpm/releases/tag/v10.34.1): pnpm 10.34.1 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.34.0...v10.34.1) ##### Patch Changes - Reject `pnpm-lock.yaml` entries whose remote tarball `resolution:` block is missing the `integrity` field. Previously the worker that extracts a downloaded tarball skipped hash verification when no integrity was supplied and minted a fresh one from the unverified bytes, so an attacker who could both alter the lockfile (e.g. via a pull request that strips `integrity:`) and serve modified content at the referenced tarball URL could install a tampered package without any error — including under `--frozen-lockfile`. pnpm now fails closed at lockfile-read time with `ERR_PNPM_MISSING_TARBALL_INTEGRITY`. Git-hosted tarballs (`gitHosted: true` or a URL on codeload.github.com / bitbucket.org / gitlab.com) and `file:` tarballs are exempt — the commit SHA in a git-host URL and the user-controlled local path already anchor the bytes.  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.34.0`](https://github.com/pnpm/pnpm/releases/tag/v10.34.0): pnpm 10.34 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.33.4...v10.34.0) ##### Minor Changes - Treat tarball-integrity mismatches against the lockfile as a hard failure by default. Previously, `pnpm install` (non-frozen) would log `ERR_PNPM_TARBALL_INTEGRITY`, silently re-resolve from the registry, and overwrite the locked integrity — which meant a compromised registry, proxy, or republished version could substitute attacker-controlled content on a clean machine even though the project shipped a committed lockfile. `pnpm install` now exits with `ERR_PNPM_TARBALL_INTEGRITY` and a hint pointing at the new opt-in flag. The only opt-in is **`pnpm install --update-checksums`** — narrowly scoped to refreshing the locked integrity values from what the registry currently serves. Mirrors yarn's flag of the same name. A warning still prints when the bypass takes effect so the operation is auditable. `--force` and `pnpm update` deliberately do **not** bypass the integrity check. They are routine refresh operations; silently overwriting a locked integrity in those flows would erase the protection a committed lockfile is supposed to provide. `--frozen-lockfile` behavior is unchanged. `--fix-lockfile` keeps its documented purpose (filling in missing lockfile entries) and is also not a bypass. ##### Patch Changes - Pin unscoped per-registry settings (`_authToken`, `_auth`, `username`/`_password`, `tokenHelper`, inline `cert`/`key`) to the registry declared in the same config source at load time, so a later layer overriding `registry=` (workspace `.npmrc`, `pnpm-workspace.yaml`, CLI `--registry`) cannot redirect a credential or client certificate authored for a different host. A deprecation warning is emitted whenever an unscoped per-registry setting is encountered, naming the source and the URL it was pinned to. Reported by JUNYI LIU. - Fixed `minimumReleaseAge` handling when cached metadata is abbreviated. The npm registry returns abbreviated package metadata (without the per-version `time` field) by default, which made the maturity check throw `ERR_PNPM_MISSING_TIME` whenever cached abbreviated metadata was reused. pnpm now upgrades cached abbreviated metadata to the full document via a follow-up fetch when `minimumReleaseAge` is active, persists the upgrade to the on-disk cache so subsequent installs skip the extra fetch, and lets `ERR_PNPM_MISSING_TIME` from the cache fast-path fall through to the network fetch even under strict mode. - Reject git resolutions whose `commit` field is not a 40-character hexadecimal SHA before invoking `git`. A malicious lockfile could otherwise smuggle a value such as `--upload-pack=<command>` through `git fetch` / `git checkout`, which on SSH or local-file transports executes the supplied command. - Reject patch files whose `diff --git` headers reference paths outside the patched package directory. Previously a malicious `.patch` file added via a pull request could write, delete, or rename arbitrary files reachable by the user running `pnpm install`. - Fixed `--prefix=<dir>` not being honored when locating the workspace root. The `--prefix → dir` rename was applied after workspace detection, so workspace settings declared in `<dir>/pnpm-workspace.yaml` were not loaded when pnpm was invoked from outside `<dir>` [#11535](https://github.com/pnpm/pnpm/issues/11535). - Reject dependency aliases that contain path-traversal segments (such as `@x/../../../../../.git/hooks`) when reading them from a package manifest or symlinking them into `node_modules`. A malicious registry package could otherwise use a transitive dependency key to make `pnpm install` create symlinks at attacker-chosen paths outside the intended `node_modules` directory.  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.33.4`](https://github.com/pnpm/pnpm/releases/tag/v10.33.4): pnpm 10.33.4 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.33.3...v10.33.4) ##### Patch Changes - Pin the integrity of git-hosted tarballs (codeload.github.com, gitlab.com, bitbucket.org) in the lockfile so that subsequent installs detect a tampered or substituted tarball and refuse to install it. Previously the lockfile only stored the tarball URL for git dependencies, so a compromised git host or a man-in-the-middle could serve arbitrary code on later installs without lockfile changes. A new `gitHosted: true` field is recorded on git-hosted tarball resolutions in the lockfile, letting every reader/writer route them by a single typed check instead of pattern-matching the tarball URL in each call site. Lockfiles written by older pnpm versions are enriched on load (URL fallback) so the field can be relied on uniformly across the codebase. - Fix a regression where `pnpm --recursive --filter '!<pkg>' run/exec/test/add` would include the workspace root in the matched projects. The workspace root is now correctly excluded by default when only negative `--filter` arguments are provided, matching the [documented behavior](https://pnpm.io/cli/recursive). To include the root, pass `--include-workspace-root` [#11341](https://github.com/pnpm/pnpm/issues/11341).  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.33.3`](https://github.com/pnpm/pnpm/releases/tag/v10.33.3): pnpm 10.33.3 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.33.2...v10.33.3) ##### Patch Changes - When self-updating from v10's `@pnpm/exe` to v11+ on Intel macOS (darwin-x64), `pnpm self-update` now transparently switches to the JS-only `pnpm` package on npm instead of installing `@pnpm/exe@v11+` (which doesn't ship a working binary for Intel Macs because of an upstream Node.js SEA bug — see [#11423](https://github.com/pnpm/pnpm/issues/11423) and [nodejs/node#62893](https://github.com/nodejs/node/issues/62893)). Without this, the self-update would silently leave the user with no working `pnpm` binary. The new install requires Node.js to be available on `PATH`; a warning is printed when the swap happens. All other host/version combinations are unchanged. - `pnpm self-update` (with no version argument) no longer downgrades pnpm when the registry's `latest` dist-tag points to an older release than the currently active version. Run `pnpm self-update latest` to force a downgrade [#11418](https://github.com/pnpm/pnpm/issues/11418).  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.33.2`](https://github.com/pnpm/pnpm/releases/tag/v10.33.2): pnpm 10.33.2 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.33.1...v10.33.2) ##### Patch Changes - Globally-installed bins no longer fail with `ERR_PNPM_NO_IMPORTER_MANIFEST_FOUND` when pnpm was installed via the standalone `@pnpm/exe` binary (e.g. `curl -fsSL https://get.pnpm.io/install.sh | sh -`) on a system without a separate Node.js installation. Previously, when `which('node')` failed during `pnpm add --global`, pnpm fell back to `process.execPath`, which in `@pnpm/exe` is the pnpm binary itself — and that path was baked into the generated bin shim, causing the shim to invoke pnpm instead of Node [#11291](https://github.com/pnpm/pnpm/issues/11291), [#4645](https://github.com/pnpm/pnpm/issues/4645). - Fix an infinite fork-bomb that could happen when pnpm was installed with one version (e.g. `npm install -g pnpm@A`) and run inside a project whose `package.json` selected a different pnpm version via the `packageManager` field (e.g. `pnpm@B`), while a `pnpm-workspace.yaml` also existed at the project root. The child's environment is now forced to `manage-package-manager-versions=false` (v10) and `pm-on-fail=ignore` (v11+), which disables the package-manager-version handling in whichever pnpm runs as the child. Fixes [#11337](https://github.com/pnpm/pnpm/issues/11337).  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.33.1`](https://github.com/pnpm/pnpm/releases/tag/v10.33.1): pnpm 10.33.1 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.33.0...v10.33.1) ##### Patch Changes - When a project's `packageManager` field selects pnpm v11 or newer, commands that v10 would have passed through to npm (`version`, `login`, `logout`, `publish`, `unpublish`, `deprecate`, `dist-tag`, `docs`, `ping`, `search`, `star`, `stars`, `unstar`, `whoami`, etc.) are now handed over to the wanted pnpm, which implements them natively. Previously they silently shelled out to npm — making, for example, `pnpm version --help` print npm's help on a project with `packageManager: pnpm@11.0.0-rc.3` [#11328](https://github.com/pnpm/pnpm/issues/11328).  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.33.0`](https://github.com/pnpm/pnpm/releases/tag/v10.33.0): pnpm 10.33 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.32.1...v10.33.0) ##### Minor Changes - Added a new `dedupePeers` setting that reduces peer dependency duplication. When enabled, peer dependency suffixes use version-only identifiers (`name@version`) instead of full dep paths, eliminating nested suffixes like `(foo@1.0.0(bar@2.0.0))`. This dramatically reduces the number of package instances in projects with many recursive peer dependencies [#11070](https://github.com/pnpm/pnpm/issues/11070). ##### Patch Changes - Fail on incompatible lockfiles in CI when frozen lockfile mode is enabled, while preserving non-frozen CI fallback behavior. - When package metadata is malformed or can't be fetched, the error thrown will now show the originating error. - Fixed intermittent failures when multiple `pnpm dlx` calls run concurrently for the same package. When the global virtual store is enabled, the importer now verifies file content before skipping a rename, avoiding destructive swap-renames that break concurrent processes. Also tolerates EPERM during bin creation on Windows and properly propagates `enableGlobalVirtualStore` through the install pipeline. - Fixed handling of non-string version selectors in `hoistPeers`, preventing invalid peer dependency specifiers. - Improve the non-interactive modules purge error hint to include the `confirmModulesPurge=false` workaround. When pnpm needs to recreate `node_modules` but no TTY is available, the error now suggests either setting `CI=true` or disabling the purge confirmation prompt via `confirmModulesPurge=false`. Adds a regression test for the non-TTY flow. - Fixed false "Command not found" errors on Windows when a command exists in PATH but exits with a non-zero code. Also fixed path resolution for `--filter` contexts where the command runs in a different package directory. - When a pnpm-lock.yaml contains two documents, ignore the first one. pnpm v11 will write two lockfile documents into pnpm-lock.yaml in order to store pnpm version integrities and config dependency resolutions. - Fixed a bug preventing the `clearCache` function returned by `createNpmResolver` from properly clearing metadata cache.  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.32.1`](https://github.com/pnpm/pnpm/releases/tag/v10.32.1): pnpm 10.32.1 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.32.0...v10.32.1) ##### Patch Changes - Fix a regression where `pnpm-workspace.yaml` without a `packages` field caused all directories to be treated as workspace projects. This broke projects that use `pnpm-workspace.yaml` only for settings (e.g. `minimumReleaseAge`) without defining workspace packages [#10909](https://github.com/pnpm/pnpm/issues/10909).  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.32.0`](https://github.com/pnpm/pnpm/releases/tag/v10.32.0): pnpm 10.32 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.31.0...v10.32.0) ##### Minor Changes - Added `--all` flag to `pnpm approve-builds` that approves all pending builds without interactive prompts [#10136](https://github.com/pnpm/pnpm/issues/10136). ##### Patch Changes - Reverted change related to setting explicitly the npm config file path, which caused regressions. - Reverted fix related to `lockfile-include-tarball-url`. Fixes [#10915](https://github.com/pnpm/pnpm/issues/10915).  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.31.0`](https://github.com/pnpm/pnpm/releases/tag/v10.31.0): pnpm 10.31 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.30.3...v10.31.0) ##### Minor Changes - When pnpm updates the `pnpm-workspace.yaml`, comments, string formatting, and whitespace will be preserved. ##### Patch Changes - Added `-F` as a short alias for the `--filter` option in the help output. - Handle undefined pkgSnapshot in `pnpm why -r` [#10700](https://github.com/pnpm/pnpm/issues/10700). - Fix headless install not being used when a project has an injected self-referencing `file:` dependency that resolves to `link:` in the lockfile. - Fixed a race condition when multiple worker threads import the same package to the global virtual store concurrently. The rename operation now tolerates `ENOTEMPTY`/`EEXIST` errors if another thread already completed the import. - When `lockfile-include-tarball-url` is set to `false`, tarball URLs are now always excluded from the lockfile. Previously, tarball URLs could still appear for packages hosted under non-standard URLs, making the behavior flaky and inconsistent [#6667](https://github.com/pnpm/pnpm/issues/6667). - Fixed `optimisticRepeatInstall` skipping install when `overrides`, `packageExtensions`, `ignoredOptionalDependencies`, `patchedDependencies`, or `peersSuffixMaxLength` changed. - Fixed `pnpm patch-commit` failing with "unable to access '/.config/git/attributes': Permission denied" error in environments where HOME is unset or non-standard (Docker containers, CI systems). The issue occurred because pnpm was setting `HOME` and the Windows user profile env var to empty strings to suppress user git configuration when running `git diff`. This caused git to resolve the home directory (`~`) as root (`/`), leading to permission errors when attempting to access `/.config/git/attributes`. Now uses `GIT_CONFIG_GLOBAL: os.devNull` instead, which is git's proper mechanism for bypassing user-level configuration without corrupting the home directory path resolution. Fixes [#6537](https://github.com/pnpm/pnpm/issues/6537) - Fix `pnpm why -r --parseable` missing dependents when multiple workspace packages share the same dependency [#8100](https://github.com/pnpm/pnpm/issues/8100). - Fix `link-workspace-packages=true` incorrectly linking workspace packages when the requested version doesn't match the workspace package's version. Previously, on fresh installs the version constraint is overridden to `*` in the fallback resolution paths, causing any workspace package with a matching name to be linked regardless of version [#10173](https://github.com/pnpm/pnpm/issues/10173). - Fixed `pnpm update --interactive` table breaking with long version strings (e.g., prerelease versions like `7.0.0-dev.20251209.1`) by dynamically calculating column widths instead of using hardcoded values [#10316](https://github.com/pnpm/pnpm/issues/10316). - Explicitly tell `npm` the path to the global `rc` config file. - The parameter set by the `--allow-build` flag is written to `allowBuilds`. - Fix a bug in which specifying `filter` on `pnpm-workspace.yaml` would cause pnpm to not detect any projects. - Print help message on running pnpm dlx without arguments and exit.  ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.cloud/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"></a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table>  ### [`v10.30.3`](https://github.com/pnpm/pnpm/releases/tag/v10.30.3): pnpm 10.30.3 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.30.2...v10.30.3) ##### Patch Changes - Fixed version switching via `packageManager` field failing when pnpm is installed as a standalone executable in environments without a system Node.js [#10687](https://github.com/pnpm/pnpm/issues/10687). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table> ### [`v10.30.2`](https://github.com/pnpm/pnpm/releases/tag/v10.30.2): pnpm 10.30.2 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.30.1...v10.30.2) ##### Patch Changes - Fix auto-installed peer dependencies ignoring overrides when a stale version exists in the lockfile. - Fixed "input line too long" error on Windows when running lifecycle scripts with the global virtual store enabled [#10673](https://github.com/pnpm/pnpm/pull/10673). - Update [@zkochan/js-yaml](https://github.com/zkochan/js-yaml) to fix moderate vulnerability. ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table> ### [`v10.30.1`](https://github.com/pnpm/pnpm/releases/tag/v10.30.1): pnpm 10.30.1 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.30.0...v10.30.1) ##### Patch Changes - Use the `/-/npm/v1/security/audits/quick` endpoint as the primary audit endpoint, falling back to `/-/npm/v1/security/audits` when it fails [#10649](https://github.com/pnpm/pnpm/issues/10649). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table> ### [`v10.30.0`](https://github.com/pnpm/pnpm/releases/tag/v10.30.0): pnpm 10.30 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.29.3...v10.30.0) ##### Minor Changes - `pnpm why` now shows a reverse dependency tree. The searched package appears at the root with its dependents as branches, walking back to workspace roots. This replaces the previous forward-tree output which was noisy and hard to read for deeply nested dependencies. ##### Patch Changes - Revert `pnpm why` dependency pruning to prefer correctness over memory consumption. Reverted PR: [#7122](https://github.com/pnpm/pnpm/pull/7122). - Optimize `pnpm why` and `pnpm list` performance in workspaces with many importers by sharing the dependency graph and materialization cache across all importers instead of rebuilding them independently for each one [#10596](https://github.com/pnpm/pnpm/pull/10596/changes). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table> ### [`v10.29.3`](https://github.com/pnpm/pnpm/releases/tag/v10.29.3): pnpm 10.29.3 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.29.2...v10.29.3) ##### Patch Changes - Fixed an out-of-memory error in `pnpm list` (and `pnpm why`) on large dependency graphs by replacing the recursive tree builder with a two-phase approach: a BFS dependency graph followed by cached tree materialization. Duplicate subtrees are now deduplicated in the output, shown as "deduped (N deps hidden)" [#10586](https://github.com/pnpm/pnpm/pull/10586). - Fixed `allowBuilds` not working when set via `.pnpmfile.cjs` [#10516](https://github.com/pnpm/pnpm/issues/10516). - When the [`enableGlobalVirtualStore`](https://pnpm.io/settings#enableglobalvirtualstore) option is set, the `pnpm deploy` command would incorrectly create symlinks to the global virtual store. To keep the deploy directory self-contained, `pnpm deploy` now ignores this setting and always creates a localized virtual store within the deploy directory. - Fixed `minimumReleaseAgeExclude` not being respected by `pnpm dlx` [#10338](https://github.com/pnpm/pnpm/issues/10338). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://sanity.io/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/sanity.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/sanity_light.svg" /> <img src="https://pnpm.io/img/users/sanity.svg" width="120" alt="Sanity" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://serpapi.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/serpapi_dark.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/serpapi_light.svg" /> <img src="https://pnpm.io/img/users/serpapi_dark.svg" width="160" alt="SerpApi" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://nx.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/nx.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/nx_light.svg" /> <img src="https://pnpm.io/img/users/nx.svg" width="50" alt="Nx" /> </picture> </a> </td> </tr> </tbody> </table> ### [`v10.29.2`](https://github.com/pnpm/pnpm/releases/tag/v10.29.2): pnpm 10.29.2 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.29.1...v10.29.2) ##### Patch Changes - Reverted a fix shipped in v10.29.1, which caused another issue [#10571](https://github.com/pnpm/pnpm/issues/10571). Reverted fix: Fixed pnpm run -r failing with "No projects matched the filters" when an empty pnpm-workspace.yaml exists [#10497](https://github.com/pnpm/pnpm/issues/10497). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> </tbody> </table> ### [`v10.29.1`](https://github.com/pnpm/pnpm/releases/tag/v10.29.1): pnpm 10.29.1 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.28.2...v10.29.1) ##### Minor Changes - The `pnpm dlx` / `pnpx` command now supports the `catalog:` protocol. Example: `pnpm dlx shx@catalog:`. - Support configuring `auditLevel` in the `pnpm-workspace.yaml` file [#10540](https://github.com/pnpm/pnpm/issues/10540). - Support bare `workspace:` protocol without version specifier. It is now treated as `workspace:*` and resolves to the concrete version during publish [#10436](https://github.com/pnpm/pnpm/pull/10436). ##### Patch Changes - Fixed `pnpm list --json` returning incorrect paths when using global virtual store [#10187](https://github.com/pnpm/pnpm/issues/10187). - Fix `pnpm store path` and `pnpm store status` using workspace root for path resolution when `storeDir` is relative [#10290](https://github.com/pnpm/pnpm/issues/10290). - Fixed `pnpm run -r` failing with "No projects matched the filters" when an empty `pnpm-workspace.yaml` exists [#10497](https://github.com/pnpm/pnpm/issues/10497). - Fixed a bug where `catalogMode: strict` would write the literal string `"catalog:"` to `pnpm-workspace.yaml` instead of the resolved version specifier when re-adding an existing catalog dependency [#10176](https://github.com/pnpm/pnpm/issues/10176). - Fixed the documentation URL shown in `pnpm completion --help` to point to the correct page at <https://pnpm.io/completion> [#10281](https://github.com/pnpm/pnpm/issues/10281). - Skip local `file:` protocol dependencies during `pnpm fetch`. This fixes an issue where `pnpm fetch` would fail in Docker builds when local directory dependencies were not available [#10460](https://github.com/pnpm/pnpm/issues/10460). - Fixed `pnpm audit --json` to respect the `--audit-level` setting for both exit code and output filtering [#10540](https://github.com/pnpm/pnpm/issues/10540). - update tar to version 7.5.7 to fix security issue Updating the version of dependency tar to 7.5.7 because the previous one have a security vulnerability reported here: <a href="https://github.com/advisories/GHSA-34x7-hfp2-rc4v">CVE-2026-24842</a> - Fix `pnpm audit --fix` replacing reference overrides (e.g. `$foo`) with concrete versions [#10325](https://github.com/pnpm/pnpm/issues/10325). - Fix `shamefullyHoist` set via `updateConfig` in `.pnpmfile.cjs` not being converted to `publicHoistPattern` [#10271](https://github.com/pnpm/pnpm/issues/10271). - `pnpm help` should correctly report if the currently running pnpm CLI is bundled with Node.js [#10561](https://github.com/pnpm/pnpm/issues/10561). - Add a warning when the current directory contains the PATH delimiter character. On macOS, folder names containing forward slashes (/) appear as colons (:) at the Unix layer. Since colons are PATH separators in POSIX systems, this breaks PATH injection for `node_modules/.bin`, causing binaries to not be found when running commands like `pnpm exec` [#10457](https://github.com/pnpm/pnpm/issues/10457). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> </tbody> </table> ### [`v10.28.2`](https://github.com/pnpm/pnpm/releases/tag/v10.28.2): pnpm 10.28.2 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.28.1...v10.28.2) ##### Patch Changes - Security fix: prevent path traversal in `directories.bin` field. - When pnpm installs a `file:` or `git:` dependency, it now validates that symlinks point within the package directory. Symlinks to paths outside the package root are skipped to prevent local data from being leaked into `node_modules`. This fixes a security issue where a malicious package could create symlinks to sensitive files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) and have their contents copied when the package is installed. Note: This only affects `file:` and `git:` dependencies. Registry packages (npm) have symlinks stripped during publish and are not affected. - Fixed optional dependencies to request full metadata from the registry to get the `libc` field, which is required for proper platform compatibility checks [#9950](https://github.com/pnpm/pnpm/issues/9950). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> </tbody> </table> ### [`v10.28.1`](https://github.com/pnpm/pnpm/releases/tag/v10.28.1): pnpm 10.28.1 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.28.0...v10.28.1) ##### Patch Changes - Fixed installation of config dependencies from private registries. Added support for object type in `configDependencies` when the tarball URL returned from package metadata differs from the computed URL [#10431](https://github.com/pnpm/pnpm/pull/10431). - Fix path traversal vulnerability in binary fetcher ZIP extraction - Validate ZIP entry paths before extraction to prevent writing files outside target directory - Validate BinaryResolution.prefix (basename) to prevent directory escape via crafted prefix - Both attack vectors now throw `ERR_PNPM_PATH_TRAVERSAL` error - Support plain `http://` and `https://` URLs ending with `.git` as git repository dependencies. Previously, URLs like `https://gitea.example.org/user/repo.git#commit` were not recognized as git repositories because they lacked the `git+` prefix (e.g., `git+https://`). This caused issues when installing dependencies from self-hosted git servers like Gitea or Forgejo that don't provide tarball downloads. Changes: - The git resolver now runs before the tarball resolver, ensuring git URLs are handled by the correct resolver - The git resolver now recognizes plain `http://` and `https://` URLs ending in `.git` as git repositories - Removed the `isRepository` check from the tarball resolver since it's no longer needed with the new resolver order Fixes [#10468](https://github.com/pnpm/pnpm/issues/10468) - `pnpm run -r` and `pnpm run --filter` now fail with a non-zero exit code when no packages have the specified script. Previously, this only failed when all packages were selected. Use `--if-present` to suppress this error [#6844](https://github.com/pnpm/pnpm/issues/6844). - Fixed a path traversal vulnerability in tarball extraction on Windows. The path normalization was only checking for `./` but not `.\`. Since backslashes are directory separators on Windows, malicious packages could use paths like `foo\..\..\.npmrc` to write files outside the package directory. - When running "pnpm exec" from a subdirectory of a project, don't change the current working directory to the root of the project [#5759](https://github.com/pnpm/pnpm/issues/5759). - Fixed a path traversal vulnerability in pnpm's bin linking. Bin names starting with `@` bypassed validation, and after scope normalization, path traversal sequences like `../../` remained intact. - Revert Try to avoid making network calls with preferOffline [#10334](https://github.com/pnpm/pnpm/pull/10334). - Fix `--save-peer` to write valid semver ranges to `peerDependencies` for protocol-based installs (e.g. `jsr:`) by deriving from resolved versions when available and falling back to `*` if none is available [#10417](https://github.com/pnpm/pnpm/issues/10417). - Do not exclude the root workspace project, when it is explicitly selected via a filter [#10465](https://github.com/pnpm/pnpm/pull/10465). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> </tbody> </table> </details> <details> <summary>bpg/terraform-provider-proxmox (proxmox)</summary> ### [`v0.111.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01110-2026-06-23) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.110.0...v0.111.0) ##### Features - **acme:** add write-only data\_wo argument to proxmox\_acme\_dns\_plugin ([#2962](https://github.com/bpg/terraform-provider-proxmox/issues/2962)) ([cd4ecd7](https://github.com/bpg/terraform-provider-proxmox/commit/cd4ecd7156f6ff6df610a79c586e5d15eb6da8a6)) - **disk:** add support for ZFS disk/zpool creation with `proxmox_node_disk_zfs` ([#2952](https://github.com/bpg/terraform-provider-proxmox/issues/2952)) ([087b1d0](https://github.com/bpg/terraform-provider-proxmox/commit/087b1d0a7a034d1935a0f9d976cd43806483dbfa)) - **openid:** add write-only client\_key\_wo to proxmox\_realm\_openid ([#2964](https://github.com/bpg/terraform-provider-proxmox/issues/2964)) ([0ef7bdc](https://github.com/bpg/terraform-provider-proxmox/commit/0ef7bdcc258cf01e05f2d5609356171641eb02f5)) ##### Miscellaneous - **ci:** Update actions/checkout action (v6.0.3 → v7.0.0) ([#2958](https://github.com/bpg/terraform-provider-proxmox/issues/2958)) ([0a5bf04](https://github.com/bpg/terraform-provider-proxmox/commit/0a5bf04053200e99446409dd813ee66ad4b19163)) - **docs:** update README.md ([5fd272a](https://github.com/bpg/terraform-provider-proxmox/commit/5fd272a4d6439a6f33be1fecef9b0e1080d5d407)) ### [`v0.110.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01100-2026-06-18) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.109.0...v0.110.0) ##### Features - **cluster:** add dynamic crs ha scheduler and auto-rebalance options ([#2940](https://github.com/bpg/terraform-provider-proxmox/issues/2940)) ([1b14b39](https://github.com/bpg/terraform-provider-proxmox/commit/1b14b39de0c174cf9b9f11bf9322b2ab61b64cee)) - **file:** add ImportState to `proxmox_virtual_environment_download_file` ([#2938](https://github.com/bpg/terraform-provider-proxmox/issues/2938)) ([e7a1032](https://github.com/bpg/terraform-provider-proxmox/commit/e7a1032ca8340597c027fe3ea0b479035b3409a3)) - **storage:** add `options` parameter for proxmox\_storage\_cifs resource ([#2947](https://github.com/bpg/terraform-provider-proxmox/issues/2947)) ([e152990](https://github.com/bpg/terraform-provider-proxmox/commit/e152990cdea28898c0055d77fd06ee356d162d97)) - **storage:** add create\_base\_path and create\_subdirs base options for cifs,nfs,dir storage resources ([#2949](https://github.com/bpg/terraform-provider-proxmox/issues/2949)) ([c1262fd](https://github.com/bpg/terraform-provider-proxmox/commit/c1262fd3c73dd326de42b67a459d9b86f70b8a34)) ##### Bug Fixes - **core:** surface underlying error on SSH file transfer failure ([#2956](https://github.com/bpg/terraform-provider-proxmox/issues/2956)) ([45d73a6](https://github.com/bpg/terraform-provider-proxmox/commit/45d73a6e3511de6ea82d8e97b6bc9a0ac7cc7dab)) - **node:** accept string-typed startall-onboot-delay in node config ([#2957](https://github.com/bpg/terraform-provider-proxmox/issues/2957)) ([87b7992](https://github.com/bpg/terraform-provider-proxmox/commit/87b7992cbb73ddf28cf532e528601ec2ee5b9a34)) ##### Miscellaneous - **deps:** update image golang ([`68cb6d6`](https://github.com/bpg/terraform-provider-proxmox/commit/68cb6d6) → [`87a41d2`](https://github.com/bpg/terraform-provider-proxmox/commit/87a41d2)) ([#2941](https://github.com/bpg/terraform-provider-proxmox/issues/2941)) ([b5dafd8](https://github.com/bpg/terraform-provider-proxmox/commit/b5dafd84c96e45c6ff573faf8339f1bc4d82c731)) - **deps:** update module golang.org/x/crypto (v0.52.0 → v0.53.0) ([#2942](https://github.com/bpg/terraform-provider-proxmox/issues/2942)) ([5bedef1](https://github.com/bpg/terraform-provider-proxmox/commit/5bedef142033fb8112dca06fcd983931f6a7daa1)) - **deps:** update module golang.org/x/net (v0.55.0 → v0.56.0) ([#2943](https://github.com/bpg/terraform-provider-proxmox/issues/2943)) ([804860f](https://github.com/bpg/terraform-provider-proxmox/commit/804860f6252a27d9d032517235589c0283d18cb8)) ### [`v0.109.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01090-2026-06-06) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.108.0...v0.109.0) ##### ⚠ BREAKING CHANGES - **vm:** restore ipv4\_addresses on refresh for existing VMs ([#2932](https://github.com/bpg/terraform-provider-proxmox/issues/2932)) ##### Features - **vm:** add queues option for scsi disks ([#2931](https://github.com/bpg/terraform-provider-proxmox/issues/2931)) ([f95abbc](https://github.com/bpg/terraform-provider-proxmox/commit/f95abbc00c87750e8f498c94c785b1f5310bd7a7)) ##### Bug Fixes - **core:** bound SSH dial and handshake with a timeout, improve concurrent sudo checks ([#2924](https://github.com/bpg/terraform-provider-proxmox/issues/2924)) ([d59b7bb](https://github.com/bpg/terraform-provider-proxmox/commit/d59b7bb71b884737ce11400b7ae8d1deb10da29d)) - **vm:** restore ipv4\_addresses on refresh for existing VMs ([#2932](https://github.com/bpg/terraform-provider-proxmox/issues/2932)) ([fdcc890](https://github.com/bpg/terraform-provider-proxmox/commit/fdcc890d6eb71ac8cb51d43d6227b13ce0dd63c5)) ##### Miscellaneous - **ci:** update actions/checkout action (v6.0.2 → v6.0.3) ([#2937](https://github.com/bpg/terraform-provider-proxmox/issues/2937)) ([832d2f8](https://github.com/bpg/terraform-provider-proxmox/commit/832d2f8bb2cb1a686dfb3f475afeb399aecabf00)) - **ci:** update actions/checkout digest ([`de0fac2`](https://github.com/bpg/terraform-provider-proxmox/commit/de0fac2) → [`df4cb1c`](https://github.com/bpg/terraform-provider-proxmox/commit/df4cb1c)) ([#2936](https://github.com/bpg/terraform-provider-proxmox/issues/2936)) ([e064604](https://github.com/bpg/terraform-provider-proxmox/commit/e064604608f56948ef6ae11efa2aa128680e32b5)) - **deps:** update image golang (1.26.3 → 1.26.4) ([#2933](https://github.com/bpg/terraform-provider-proxmox/issues/2933)) ([3159f24](https://github.com/bpg/terraform-provider-proxmox/commit/3159f2461250559d2a1412be2cf5c861acde865b)) ### [`v0.108.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01080-2026-06-01) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.107.0...v0.108.0) ##### Features - **access:** add audiences parameter to openid realm resource ([#2907](https://github.com/bpg/terraform-provider-proxmox/issues/2907)) ([71cfead](https://github.com/bpg/terraform-provider-proxmox/commit/71cfeadb6cfdd6cad434090ed0537d07b4108f9f)) - **ceph:** add proxmox\_ceph\_status data source ([#2910](https://github.com/bpg/terraform-provider-proxmox/issues/2910)) ([776d8bf](https://github.com/bpg/terraform-provider-proxmox/commit/776d8bfbf243f9614e2c7887e0a8c3a7c4df769c)) - **vm:** add agent.wait\_for\_ip.enabled to disable IP lookup ([#2923](https://github.com/bpg/terraform-provider-proxmox/issues/2923)) ([58db0a0](https://github.com/bpg/terraform-provider-proxmox/commit/58db0a04c422de4ca31995758b33e2e62d67d28a)) ##### Bug Fixes - **access:** only warn on inline acl when set in config ([#2918](https://github.com/bpg/terraform-provider-proxmox/issues/2918)) ([05f106b](https://github.com/bpg/terraform-provider-proxmox/commit/05f106b5a8fb1eeafd5dadf1a7c2b362e1199725)) - **core:** correct errors in diagnostic messages ([#2873](https://github.com/bpg/terraform-provider-proxmox/issues/2873)) ([6dfdfb6](https://github.com/bpg/terraform-provider-proxmox/commit/6dfdfb65b7951aa1bb58e151e5bdd568a2464efb)) - **lxc:** apply idmap on first boot after container create ([#2922](https://github.com/bpg/terraform-provider-proxmox/issues/2922)) ([f062e3e](https://github.com/bpg/terraform-provider-proxmox/commit/f062e3e4758f118c41047e586f38cee15a931c51)) - **vm:** prevent VM restart on import from keyboard/agent defaults ([#2911](https://github.com/bpg/terraform-provider-proxmox/issues/2911)) ([7080ae0](https://github.com/bpg/terraform-provider-proxmox/commit/7080ae06721934fe61b6e8c8c16d6dbe33a32ce7)) - **vm:** refresh hook\_script\_file\_id in read ([#2921](https://github.com/bpg/terraform-provider-proxmox/issues/2921)) ([f8b2dd9](https://github.com/bpg/terraform-provider-proxmox/commit/f8b2dd9f7dfc1caee0f3e92981c2d9d80bb9f194)) - **vm:** remove node-local devices before migration ([#2837](https://github.com/bpg/terraform-provider-proxmox/issues/2837)) ([7290812](https://github.com/bpg/terraform-provider-proxmox/commit/72908129a5dba98e4233eb3fa13e7e78f2dde129)) ##### Miscellaneous - **ci:** update actions/stale digest ([`b5d41d4`](https://github.com/bpg/terraform-provider-proxmox/commit/b5d41d4) → [`eb5cf3a`](https://github.com/bpg/terraform-provider-proxmox/commit/eb5cf3a)) ([#2920](https://github.com/bpg/terraform-provider-proxmox/issues/2920)) ([8e93ff7](https://github.com/bpg/terraform-provider-proxmox/commit/8e93ff7b00ab2e95f6c7d354f609e650428fafd3)) - **deps:** update image golang ([`6df14f4`](https://github.com/bpg/terraform-provider-proxmox/commit/6df14f4) → [`2d6c802`](https://github.com/bpg/terraform-provider-proxmox/commit/2d6c802)) ([#2916](https://github.com/bpg/terraform-provider-proxmox/issues/2916)) ([50673a0](https://github.com/bpg/terraform-provider-proxmox/commit/50673a0622096f96cd6defdba1914fbba05d5d77)) - **deps:** update module github.com/rogpeppe/go-internal (v1.14.1 → v1.15.0) ([#2917](https://github.com/bpg/terraform-provider-proxmox/issues/2917)) ([b0c896e](https://github.com/bpg/terraform-provider-proxmox/commit/b0c896ed6d80882463f5355b0b14573f7bbd0b54)) ### [`v0.107.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01070-2026-05-24) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.106.0...v0.107.0) ##### Features - **ceph:** add proxmox\_ceph\_pool resource ([#2884](https://github.com/bpg/terraform-provider-proxmox/issues/2884)) ([8fb6738](https://github.com/bpg/terraform-provider-proxmox/commit/8fb673836fe15ad1db2e5ba4302494d40c661b04)) - **ha:** add failback attribute to haresource ([#2865](https://github.com/bpg/terraform-provider-proxmox/issues/2865)) ([1b5e7d8](https://github.com/bpg/terraform-provider-proxmox/commit/1b5e7d85e97c7c4ab05ab2b1f6f16ef1e1da813d)) - **node:** add `node_config` resource and datasource ([#2875](https://github.com/bpg/terraform-provider-proxmox/issues/2875)) ([e00e81a](https://github.com/bpg/terraform-provider-proxmox/commit/e00e81a43e61f9a440f5dfb38afa4a9137e0091b)) ##### Bug Fixes - **access:** gate user/group acl read; deprecate inline acl ([e40c1ab](https://github.com/bpg/terraform-provider-proxmox/commit/e40c1ab8e27ae87a75db3530c4062d5f7d659156)) - **lxc:** avoid nil-bool panic when disk block is omitted ([#2908](https://github.com/bpg/terraform-provider-proxmox/issues/2908)) ([053ce10](https://github.com/bpg/terraform-provider-proxmox/commit/053ce103eb6f01827535efabb794060e1fdbafda)) - **lxc:** skip empty config PUT for lifecycle-only updates ([#2888](https://github.com/bpg/terraform-provider-proxmox/issues/2888)) ([32b1194](https://github.com/bpg/terraform-provider-proxmox/commit/32b1194b2df88c61f2cf407f490dcd6592650512)) - **sdn:** add missing acceptance build tag to EVPN Zone test ([#2872](https://github.com/bpg/terraform-provider-proxmox/issues/2872)) ([93ed6a8](https://github.com/bpg/terraform-provider-proxmox/commit/93ed6a845674136833342539711660871c9c4967)) ##### Miscellaneous - **ci:** update actions/create-github-app-token action (v3.1.1 → v3.2.0) ([#2879](https://github.com/bpg/terraform-provider-proxmox/issues/2879)) ([84f9d53](https://github.com/bpg/terraform-provider-proxmox/commit/84f9d539b68be80b29dd6f36e57794d9a29387b3)) - **ci:** update golangci/golangci-lint-action digest ([`1e7e51e`](https://github.com/bpg/terraform-provider-proxmox/commit/1e7e51e) → [`82606bf`](https://github.com/bpg/terraform-provider-proxmox/commit/82606bf)) ([#2903](https://github.com/bpg/terraform-provider-proxmox/issues/2903)) ([287ae68](https://github.com/bpg/terraform-provider-proxmox/commit/287ae6837fe28c779cfdd4a93c18a5eeb337ec5b)) - **ci:** update goreleaser/goreleaser-action action (v7.2.1 → v7.2.2) ([#2909](https://github.com/bpg/terraform-provider-proxmox/issues/2909)) ([4e63070](https://github.com/bpg/terraform-provider-proxmox/commit/4e63070a87caada0c2ad7bb19d9a53ce8005029b)) - **ci:** update hashicorp/setup-terraform action (v4.0.0 → v4.0.1) ([#2878](https://github.com/bpg/terraform-provider-proxmox/issues/2878)) ([519319e](https://github.com/bpg/terraform-provider-proxmox/commit/519319e36e720a29760a46033f81fb2ec996eb6e)) - **ci:** update hashicorp/setup-terraform digest ([`5e8dbf3`](https://github.com/bpg/terraform-provider-proxmox/commit/5e8dbf3) → [`dfe3c3f`](https://github.com/bpg/terraform-provider-proxmox/commit/dfe3c3f)) ([#2876](https://github.com/bpg/terraform-provider-proxmox/issues/2876)) ([e9d0381](https://github.com/bpg/terraform-provider-proxmox/commit/e9d038136c0baac7652992c6fcdd302b129e08fd)) - **ci:** use pull\_request\_target in project-automation ([f40c393](https://github.com/bpg/terraform-provider-proxmox/commit/f40c3939713d34387d46bc5a17162bbea90039e8)) - **deps:** update golangci/golangci-lint (v2.12.1 → v2.12.2) ([#2867](https://github.com/bpg/terraform-provider-proxmox/issues/2867)) ([832e174](https://github.com/bpg/terraform-provider-proxmox/commit/832e1743f5d66183eedf4981dead9016a172d060)) - **deps:** update image golang (1.26.2 → 1.26.3) ([#2868](https://github.com/bpg/terraform-provider-proxmox/issues/2868)) ([a729891](https://github.com/bpg/terraform-provider-proxmox/commit/a7298914781465acbcd900e25788793315747653)) - **deps:** update image golang ([`2981696`](https://github.com/bpg/terraform-provider-proxmox/commit/2981696) → [`313faae`](https://github.com/bpg/terraform-provider-proxmox/commit/313faae)) ([#2877](https://github.com/bpg/terraform-provider-proxmox/issues/2877)) ([4237a30](https://github.com/bpg/terraform-provider-proxmox/commit/4237a3055f0a773ea0c9a9eba0ae70bbc0255358)) - **deps:** update image golang ([`313faae`](https://github.com/bpg/terraform-provider-proxmox/commit/313faae) → [`6df14f4`](https://github.com/bpg/terraform-provider-proxmox/commit/6df14f4)) ([#2904](https://github.com/bpg/terraform-provider-proxmox/issues/2904)) ([1c97160](https://github.com/bpg/terraform-provider-proxmox/commit/1c97160ab931c338e4ee352f9b8e6fe4eb24ba6b)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.14.1 → v7.15.0) ([#2885](https://github.com/bpg/terraform-provider-proxmox/issues/2885)) ([b4d87e8](https://github.com/bpg/terraform-provider-proxmox/commit/b4d87e8ef70a2c3dfbd40452cec7c02cdcdb6812)) - **deps:** update module golang.org/x/crypto (v0.51.0 → v0.52.0) ([#2905](https://github.com/bpg/terraform-provider-proxmox/issues/2905)) ([5c4d15d](https://github.com/bpg/terraform-provider-proxmox/commit/5c4d15d081a31ee0bc6155e986a2e00c90924dde)) - **deps:** update module golang.org/x/net (v0.53.0 → v0.54.0) ([#2870](https://github.com/bpg/terraform-provider-proxmox/issues/2870)) ([c4f2de6](https://github.com/bpg/terraform-provider-proxmox/commit/c4f2de66446f8c1a155637ab1f62aee117f58ae6)) - **deps:** update module golang.org/x/net (v0.54.0 → v0.55.0) ([#2906](https://github.com/bpg/terraform-provider-proxmox/issues/2906)) ([ecb905d](https://github.com/bpg/terraform-provider-proxmox/commit/ecb905dc3623b1d7c09c7361e0c0a645e841fcfa)) - **docs:** update terraform local (2.8.0 → 2.9.0) ([#2880](https://github.com/bpg/terraform-provider-proxmox/issues/2880)) ([7b51658](https://github.com/bpg/terraform-provider-proxmox/commit/7b51658860c6e6c28ebce1e6d487921a234672c8)) - **docs:** update terraform tls (4.2.1 → 4.3.0) ([#2881](https://github.com/bpg/terraform-provider-proxmox/issues/2881)) ([15fc5ab](https://github.com/bpg/terraform-provider-proxmox/commit/15fc5abfe1c911cd0459181be1ace00f1af45fa8)) - **vm2:** error format sweep ([#2861](https://github.com/bpg/terraform-provider-proxmox/issues/2861)) ([047c4d4](https://github.com/bpg/terraform-provider-proxmox/commit/047c4d426c682030c6988479393bf32976908c4d)) ### [`v0.106.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01060-2026-05-06) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.105.0...v0.106.0) ##### Features - **lxc:** add support for `mknod()` feature ([#2845](https://github.com/bpg/terraform-provider-proxmox/issues/2845)) ([07f91b4](https://github.com/bpg/terraform-provider-proxmox/commit/07f91b4228f6989869c80b2e54f718e5db35e82d)) ##### Bug Fixes - **lxc:** allow disabling feature flags on update ([#2857](https://github.com/bpg/terraform-provider-proxmox/issues/2857)) ([2f3ae58](https://github.com/bpg/terraform-provider-proxmox/commit/2f3ae58a7d8c7414aa1589acb5cb2c37bff0a63e)) - **lxc:** refresh `features`, `start_on_boot`, `hookscript` in read ([#2852](https://github.com/bpg/terraform-provider-proxmox/issues/2852)) ([e316aba](https://github.com/bpg/terraform-provider-proxmox/commit/e316aba0d6040466ae028cef7262efb96be5f539)) - **network:** allow unknown `ports` on linux bridge validate ([#2855](https://github.com/bpg/terraform-provider-proxmox/issues/2855)) ([dacac9c](https://github.com/bpg/terraform-provider-proxmox/commit/dacac9cf581480523c31e5869c91d56cba00bceb)) ##### Miscellaneous - **ci:** Update actions/add-to-project action (v1.0.2 → v2) ([#2860](https://github.com/bpg/terraform-provider-proxmox/issues/2860)) ([5939390](https://github.com/bpg/terraform-provider-proxmox/commit/59393904ad7c17d94dd3c6b59d6768fd91585943)) ### [`v0.105.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01050-2026-05-02) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.104.0...v0.105.0) ##### Features - **core:** add SFTP file upload method ([#2836](https://github.com/bpg/terraform-provider-proxmox/issues/2836)) ([39ca5d3](https://github.com/bpg/terraform-provider-proxmox/commit/39ca5d39951f2d3f6c6ff6bfe1f19d08dfbf1c3d)) - **network:** add `vids` attribute to `proxmox_network_linux_bridge` ([#2841](https://github.com/bpg/terraform-provider-proxmox/issues/2841)) ([f391b1c](https://github.com/bpg/terraform-provider-proxmox/commit/f391b1c214cc86c6d35a037184d401844476650d)) - **sdn:** add support for EVPN controller ([#2839](https://github.com/bpg/terraform-provider-proxmox/issues/2839)) ([ed23beb](https://github.com/bpg/terraform-provider-proxmox/commit/ed23beb315b0afca5ac52bf1eca40a594ec8c0df)) ##### Bug Fixes - **acme:** mark `eab_hmac_key` and `eab_kid` as Sensitive ([#2838](https://github.com/bpg/terraform-provider-proxmox/issues/2838)) ([30051b2](https://github.com/bpg/terraform-provider-proxmox/commit/30051b2909f0c618df25936a5ec52c77435c41e1)) - **ci:** derive bot identity from app-slug output, not /app endpoint ([b801d67](https://github.com/bpg/terraform-provider-proxmox/commit/b801d67a21100832aeadb3911b13b70c709767d5)) - **ci:** read release PR branch from action output, not gh pr view ([52565bb](https://github.com/bpg/terraform-provider-proxmox/commit/52565bbba6f3b082fa05f9bbc6bd589961e16b58)) - **lxc:** gate `host_managed` on PVE 9.1+, not 9.0+ ([#2828](https://github.com/bpg/terraform-provider-proxmox/issues/2828)) ([d348aed](https://github.com/bpg/terraform-provider-proxmox/commit/d348aed3f980ce5d56eb22d1112e51fac9d16361)) - **network:** catch omitted `vlan_aware` in `vids` validator ([#2849](https://github.com/bpg/terraform-provider-proxmox/issues/2849)) ([9e47424](https://github.com/bpg/terraform-provider-proxmox/commit/9e47424a53832906b18a8f5c93d65496261b5efe)) ##### Miscellaneous - **ci:** update goreleaser/goreleaser-action action (v7.1.0 → v7.2.1) ([#2831](https://github.com/bpg/terraform-provider-proxmox/issues/2831)) ([2506f61](https://github.com/bpg/terraform-provider-proxmox/commit/2506f6132e7fc21e0d092be2d75e562d270e5471)) - **ci:** Update JetBrains/qodana-action action (v2025.3.2 → v2026.1.0) ([#2834](https://github.com/bpg/terraform-provider-proxmox/issues/2834)) ([d485cc9](https://github.com/bpg/terraform-provider-proxmox/commit/d485cc9a9eef90e6563e17ab253bd9ac5f152ee7)) - **code:** address Qodana code-quality findings ([#2827](https://github.com/bpg/terraform-provider-proxmox/issues/2827)) ([b0e08d7](https://github.com/bpg/terraform-provider-proxmox/commit/b0e08d72137bb2d391735c1928325602f40b7bb4)) - **core:** add nil-safe helpers for nil to value conversion ([#2829](https://github.com/bpg/terraform-provider-proxmox/issues/2829)) ([03493e9](https://github.com/bpg/terraform-provider-proxmox/commit/03493e988bd0cd51b5ae698faea0286d34c1a2a8)) - **deps:** update golangci/golangci-lint (v2.11.4 → v2.12.1) ([#2844](https://github.com/bpg/terraform-provider-proxmox/issues/2844)) ([c3a14a3](https://github.com/bpg/terraform-provider-proxmox/commit/c3a14a3e69047695df0d221a54797c90d388bc48)) - **deps:** update image golang ([`1e598ea`](https://github.com/bpg/terraform-provider-proxmox/commit/1e598ea) → [`b54cbf5`](https://github.com/bpg/terraform-provider-proxmox/commit/b54cbf5)) ([#2830](https://github.com/bpg/terraform-provider-proxmox/issues/2830)) ([16c2280](https://github.com/bpg/terraform-provider-proxmox/commit/16c228053938f6dd1741690b63a5f9da83bdf21d)) - **deps:** update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.40.0 → v2.40.1) ([#2843](https://github.com/bpg/terraform-provider-proxmox/issues/2843)) ([114ce5a](https://github.com/bpg/terraform-provider-proxmox/commit/114ce5a112be53f2ec4754b661b995fe9ee69178)) - **docs:** configure context7.json indexing with version sync ([ac70974](https://github.com/bpg/terraform-provider-proxmox/commit/ac7097469ee598315f7fe2d8ac8b7dcfeb96efa4)) - **lxc:** restructure container docs for LLM retrieval ([#2833](https://github.com/bpg/terraform-provider-proxmox/issues/2833)) ([7d264d8](https://github.com/bpg/terraform-provider-proxmox/commit/7d264d814ce4eec5952c6b79017d3a9b1c507d38)) ### [`v0.104.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01040-2026-04-25) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.103.0...v0.104.0) ##### Features - **lxc:** add `host_managed` option for container networking ([#2812](https://github.com/bpg/terraform-provider-proxmox/issues/2812)) ([03dcffb](https://github.com/bpg/terraform-provider-proxmox/commit/03dcffbfc15eac84f8f8edfeb605f6bf483ad051)) ##### Bug Fixes - **lxc:** apply disk acl/quota/replicate on container create ([#2824](https://github.com/bpg/terraform-provider-proxmox/issues/2824)) ([0d64b73](https://github.com/bpg/terraform-provider-proxmox/commit/0d64b73018a1698fa630e3958a24849dc20e4cce)) - **vm:** stop re-emitting `format=` on existing `import_from` disks ([#2822](https://github.com/bpg/terraform-provider-proxmox/issues/2822)) ([edfdac6](https://github.com/bpg/terraform-provider-proxmox/commit/edfdac61e99ad2e4474a3fdf9bd06062fb840a28)) - **vm:** treat missing disk volume as not-found during read ([#2821](https://github.com/bpg/terraform-provider-proxmox/issues/2821)) ([07cd772](https://github.com/bpg/terraform-provider-proxmox/commit/07cd77256451af736a07af3439e4480a2267caaf)) ##### Miscellaneous - **ci:** Update googleapis/release-please-action action (v4.4.1 → v5) ([#2820](https://github.com/bpg/terraform-provider-proxmox/issues/2820)) ([c607cbc](https://github.com/bpg/terraform-provider-proxmox/commit/c607cbcb01923bc7a7119b5e4b20ce91992fefbe)) - **ci:** update goreleaser/goreleaser-action action (v7.0.0 → v7.1.0) ([#2823](https://github.com/bpg/terraform-provider-proxmox/issues/2823)) ([4d86ada](https://github.com/bpg/terraform-provider-proxmox/commit/4d86ada87f875905af03b3cdf814d8af0a9c9b79)) - **deps:** update github.com/hashicorp/terraform-plugin-\* ([#2819](https://github.com/bpg/terraform-provider-proxmox/issues/2819)) ([65e1e16](https://github.com/bpg/terraform-provider-proxmox/commit/65e1e164eb214d10249dadaf0bb8101ca7ad481d)) - **deps:** update image golang ([`5f3787b`](https://github.com/bpg/terraform-provider-proxmox/commit/5f3787b) → [`1e598ea`](https://github.com/bpg/terraform-provider-proxmox/commit/1e598ea)) ([#2818](https://github.com/bpg/terraform-provider-proxmox/issues/2818)) ([4e2d74e](https://github.com/bpg/terraform-provider-proxmox/commit/4e2d74e42154bf4b941f8a432f972e466d0cedd0)) - **vm2:** add design for VM Plugin Framework migration ([d824227](https://github.com/bpg/terraform-provider-proxmox/commit/d824227aed86a89b2f2415af69b6d344bd82a6aa)) - **vm2:** audit VM resource implementation ([#2810](https://github.com/bpg/terraform-provider-proxmox/issues/2810)) ([618e0cb](https://github.com/bpg/terraform-provider-proxmox/commit/618e0cb357297c7c77b0778d2483cb3a0969b812)) - **vm2:** mark PR [#1](https://github.com/bpg/terraform-provider-proxmox/issues/1) merged in tracker ([8624144](https://github.com/bpg/terraform-provider-proxmox/commit/862414482b0d94ca5c56211d834b26dbda85990b)) ### [`v0.103.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01030-2026-04-18) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.102.0...v0.103.0) ##### Features - **cluster:** refactoring and improving `proxmox_metrics_server` ([#2805](https://github.com/bpg/terraform-provider-proxmox/issues/2805)) ([354abf4](https://github.com/bpg/terraform-provider-proxmox/commit/354abf450e7d37c0d866a94e9d714a70d1ba5e43)) - **file:** add `file_name_regex` filter to `proxmox_files` data source ([#2802](https://github.com/bpg/terraform-provider-proxmox/issues/2802)) ([c84eca9](https://github.com/bpg/terraform-provider-proxmox/commit/c84eca9d13180c11019ca91262a081506c5f28d6)) - **hw:** add `proxmox_hardware_pci` data source ([#2799](https://github.com/bpg/terraform-provider-proxmox/issues/2799)) ([76618a1](https://github.com/bpg/terraform-provider-proxmox/commit/76618a142c643ecc6820822120c583508ddc5c2f)) ##### Miscellaneous - **cluster:** align cluster\_options with ADR-003/005 ([#2804](https://github.com/bpg/terraform-provider-proxmox/issues/2804)) ([829ba6b](https://github.com/bpg/terraform-provider-proxmox/commit/829ba6bafcf86e740ca3fe09838775390d83efc9)) - **deps:** update image golang ([`fcdb3e4`](https://github.com/bpg/terraform-provider-proxmox/commit/fcdb3e4) → [`5f3787b`](https://github.com/bpg/terraform-provider-proxmox/commit/5f3787b)) ([#2807](https://github.com/bpg/terraform-provider-proxmox/issues/2807)) ([d067ce0](https://github.com/bpg/terraform-provider-proxmox/commit/d067ce083ea1ed5ab849d06253fcc52c4cedd629)) ### [`v0.102.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01020-2026-04-14) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.101.1...v0.102.0) ##### ⚠ BREAKING CHANGES - **lxc:** use computed `cpu.units` value instead of hardcoded 1024 ([#2791](https://github.com/bpg/terraform-provider-proxmox/issues/2791)) ##### Features - **provider:** add `node_address_source` ssh attribute for DNS-based node resolution ([#2792](https://github.com/bpg/terraform-provider-proxmox/issues/2792)) ([87d0abb](https://github.com/bpg/terraform-provider-proxmox/commit/87d0abb07a08f67599051b2711e572f69e292a96)) - **vm:** add `upgrade` attribute to cloud-init initialization block ([#2788](https://github.com/bpg/terraform-provider-proxmox/issues/2788)) ([e828b52](https://github.com/bpg/terraform-provider-proxmox/commit/e828b52f5028b3def9231e2617ced4550a161f84)) - **vm:** wait for guest agent readiness before reboot ([#2790](https://github.com/bpg/terraform-provider-proxmox/issues/2790)) ([40317ec](https://github.com/bpg/terraform-provider-proxmox/commit/40317ec995ba22ed713457502e35277276d8458e)) ##### Bug Fixes - **example:** update /example/\* to use short aliases ([d6f1680](https://github.com/bpg/terraform-provider-proxmox/commit/d6f168092f16e76e3bc4e5cd90e86eb3fdb63815)) - **lxc:** use computed `cpu.units` value instead of hardcoded 1024 ([#2791](https://github.com/bpg/terraform-provider-proxmox/issues/2791)) ([b54e6c5](https://github.com/bpg/terraform-provider-proxmox/commit/b54e6c5ce014a74a7ffe3440800d3e9d6a194b18)) ##### Miscellaneous - **ci:** update actions/create-github-app-token action (v3.0.0 → v3.1.1) ([#2796](https://github.com/bpg/terraform-provider-proxmox/issues/2796)) ([8397ff6](https://github.com/bpg/terraform-provider-proxmox/commit/8397ff69c37d2ea3d67c84897f2046e83746ffc4)) - **ci:** update actions/setup-go digest ([`4b73464`](https://github.com/bpg/terraform-provider-proxmox/commit/4b73464) → [`4a36011`](https://github.com/bpg/terraform-provider-proxmox/commit/4a36011)) ([#2793](https://github.com/bpg/terraform-provider-proxmox/issues/2793)) ([bfbf78c](https://github.com/bpg/terraform-provider-proxmox/commit/bfbf78c3b803c3348d0de7d5f988ac8f15cc17fe)) - **ci:** update actions/upload-artifact digest ([`bbbca2d`](https://github.com/bpg/terraform-provider-proxmox/commit/bbbca2d) → [`043fb46`](https://github.com/bpg/terraform-provider-proxmox/commit/043fb46)) ([#2794](https://github.com/bpg/terraform-provider-proxmox/issues/2794)) ([5c82af8](https://github.com/bpg/terraform-provider-proxmox/commit/5c82af893e3c569fab33933ba575851359171a54)) - **ci:** update googleapis/release-please-action action (v4.4.0 → v4.4.1) ([#2798](https://github.com/bpg/terraform-provider-proxmox/issues/2798)) ([7b10d95](https://github.com/bpg/terraform-provider-proxmox/commit/7b10d9523c68054f5b2e78c2da48c138225c8bb2)) - **code:** update to use Golang 1.26.x ([#2785](https://github.com/bpg/terraform-provider-proxmox/issues/2785)) ([d2f3c70](https://github.com/bpg/terraform-provider-proxmox/commit/d2f3c7039fcffc28060077c8b83a70986f2ea75a)) - **deps:** update image golang ([`2a2b4b5`](https://github.com/bpg/terraform-provider-proxmox/commit/2a2b4b5) → [`fcdb3e4`](https://github.com/bpg/terraform-provider-proxmox/commit/fcdb3e4)) ([#2797](https://github.com/bpg/terraform-provider-proxmox/issues/2797)) ([32d0937](https://github.com/bpg/terraform-provider-proxmox/commit/32d09376caef3019f3dc733be8393cc1ad0227f4)) - **deps:** update module github.com/hashicorp/terraform-plugin-mux (v0.23.0 → v0.23.1) ([#2795](https://github.com/bpg/terraform-provider-proxmox/issues/2795)) ([19925da](https://github.com/bpg/terraform-provider-proxmox/commit/19925da906ed176b96f4550b4f4070adfdba159e)) - **docs:** codify audit-discovered conventions into ADR-003/004/005 ([#2787](https://github.com/bpg/terraform-provider-proxmox/issues/2787)) ([d8c8c75](https://github.com/bpg/terraform-provider-proxmox/commit/d8c8c75a46ff8b1f90dce9067ebc9332b145b3ac)) - **docs:** update links to reference bpg.sh for documentation ([b36528a](https://github.com/bpg/terraform-provider-proxmox/commit/b36528a6faf3012eca92bed4ed5e0ee1acef648f)) - **docs:** update upgrade.md guide ([befb41d](https://github.com/bpg/terraform-provider-proxmox/commit/befb41dc80f73c9e62e2e8199685821a8653aea0)) ### [`v0.101.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01011-2026-04-10) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.101.0...v0.101.1) ##### Bug Fixes - **docs:** add missing examples and import sections for short-name aliases ([#2784](https://github.com/bpg/terraform-provider-proxmox/issues/2784)) ([5f59d52](https://github.com/bpg/terraform-provider-proxmox/commit/5f59d5263d112163ba5fb8eaeff0ff1af459fda7)) ##### Miscellaneous - **ci:** Update actions/github-script action (v8 → v9) ([#2782](https://github.com/bpg/terraform-provider-proxmox/issues/2782)) ([c8c9823](https://github.com/bpg/terraform-provider-proxmox/commit/c8c98237d813d2b1b4963f342d139701a9ef499a)) - **deps:** update image golang (1.26.1 → 1.26.2) ([#2778](https://github.com/bpg/terraform-provider-proxmox/issues/2778)) ([6805a82](https://github.com/bpg/terraform-provider-proxmox/commit/6805a82aae8a84fa7ab10e2ee48113001d2e373a)) - **deps:** update image golang ([`595c784`](https://github.com/bpg/terraform-provider-proxmox/commit/595c784) → [`cd78d88`](https://github.com/bpg/terraform-provider-proxmox/commit/cd78d88)) ([#2777](https://github.com/bpg/terraform-provider-proxmox/issues/2777)) ([ef0c04d](https://github.com/bpg/terraform-provider-proxmox/commit/ef0c04db7285be60474accc6c5caec3a99bf09f2)) - **deps:** update module golang.org/x/crypto (v0.49.0 → v0.50.0) ([#2780](https://github.com/bpg/terraform-provider-proxmox/issues/2780)) ([a963a30](https://github.com/bpg/terraform-provider-proxmox/commit/a963a30ef9dfdeb9988369700053132e44d00c9a)) - **deps:** update module golang.org/x/net (v0.52.0 → v0.53.0) ([#2781](https://github.com/bpg/terraform-provider-proxmox/issues/2781)) ([d167c32](https://github.com/bpg/terraform-provider-proxmox/commit/d167c32feb8cea5eb4dbe3068d5441da534c8300)) ### [`v0.101.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01010-2026-04-09) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.100.0...v0.101.0) ##### ⚠ BREAKING CHANGES - **vm:** fix and improve VM datasources, deprecate SDK datasource ([#2764](https://github.com/bpg/terraform-provider-proxmox/issues/2764)) ##### Features - **core:** surface PVE task warnings from VM/container operations ([#2761](https://github.com/bpg/terraform-provider-proxmox/issues/2761)) ([28850c8](https://github.com/bpg/terraform-provider-proxmox/commit/28850c82c257bed169f0bb878fe92372f37a162a)) - **lxc:** add `cpu.limit` attribute for containers ([#2744](https://github.com/bpg/terraform-provider-proxmox/issues/2744)) ([cb25180](https://github.com/bpg/terraform-provider-proxmox/commit/cb25180262b01eb61fa30194f9926cb1fb016e0a)) - **lxc:** add `full` flag to clone block ([#2755](https://github.com/bpg/terraform-provider-proxmox/issues/2755)) ([f7010e1](https://github.com/bpg/terraform-provider-proxmox/commit/f7010e1de932c2e7c3c3aa4964d67484d5e2bed5)) - **network:** add linux bond interface resource ([5db6deb](https://github.com/bpg/terraform-provider-proxmox/commit/5db6deb0ac7ae3bebb28adce96be8f36b9bc2a1f)), closes [#1980](https://github.com/bpg/terraform-provider-proxmox/issues/1980) ##### Bug Fixes - **docs:** add storage import docs ([#2759](https://github.com/bpg/terraform-provider-proxmox/issues/2759)) ([079902f](https://github.com/bpg/terraform-provider-proxmox/commit/079902ff7733613202269b9d454e98892bf20f4e)) - **hwmapping,ha:** better 'not-found' detection in read and delete ([#2767](https://github.com/bpg/terraform-provider-proxmox/issues/2767)) ([ac53f8c](https://github.com/bpg/terraform-provider-proxmox/commit/ac53f8c19e500395e313171dce43fdc40ff203f5)) - **network:** adjust Linux Bridge name validator to PVE UI constraint ([#2762](https://github.com/bpg/terraform-provider-proxmox/issues/2762)) ([190f7fa](https://github.com/bpg/terraform-provider-proxmox/commit/190f7fab74cc27ebacb267b84307f111779d71aa)) - **network:** improve consistency of linux network interface resources ([#2776](https://github.com/bpg/terraform-provider-proxmox/issues/2776)) ([57a97ce](https://github.com/bpg/terraform-provider-proxmox/commit/57a97ce4cce760756cf63706c5ed583f84faceb2)) - **vm:** fix and improve VM datasources, deprecate SDK datasource ([#2764](https://github.com/bpg/terraform-provider-proxmox/issues/2764)) ([0ce6d0c](https://github.com/bpg/terraform-provider-proxmox/commit/0ce6d0c0b936a6183508c8c41f4260649903057f)) - **vm:** use move\_disk API for EFI disk and TPM state storage migration ([#2757](https://github.com/bpg/terraform-provider-proxmox/issues/2757)) ([c78c873](https://github.com/bpg/terraform-provider-proxmox/commit/c78c8735727f4619981b3548cd1c8b303108cd79)) ##### Miscellaneous - **deps:** update module github.com/hashicorp/go-version (v1.8.0 → v1.9.0) ([#2760](https://github.com/bpg/terraform-provider-proxmox/issues/2760)) ([7362ba5](https://github.com/bpg/terraform-provider-proxmox/commit/7362ba5ed2b2b9790593572c1a82d7feddd487ac)) - **docs:** update terraform local (2.7.0 → 2.8.0) ([#2765](https://github.com/bpg/terraform-provider-proxmox/issues/2765)) ([0424b01](https://github.com/bpg/terraform-provider-proxmox/commit/0424b0169e3041db538b13abca391b148479aaa6)) ### [`v0.100.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#01000-2026-04-01) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.99.0...v0.100.0) ##### ⚠ BREAKING CHANGES - **vm:** set power state of VM centrally ([#2508](https://github.com/bpg/terraform-provider-proxmox/issues/2508)) ##### Features - **access:** add short-name aliases for access resources ([#2720](https://github.com/bpg/terraform-provider-proxmox/issues/2720)) ([8b690cf](https://github.com/bpg/terraform-provider-proxmox/commit/8b690cf835a507cf7c631b966815277f0d14fe42)) - **acme:** add short-name aliases for ACME resources ([#2721](https://github.com/bpg/terraform-provider-proxmox/issues/2721)) ([d386759](https://github.com/bpg/terraform-provider-proxmox/commit/d386759ffca09a6d84eb06ff457a64b62022c2a7)) - **cluster:** add short-name aliases for cluster resources ([#2725](https://github.com/bpg/terraform-provider-proxmox/issues/2725)) ([8fafc04](https://github.com/bpg/terraform-provider-proxmox/commit/8fafc043c699ea7cf4f2fefa71f5c8258a61c5da)) - **ha:** add short-name aliases for HA resources ([#2722](https://github.com/bpg/terraform-provider-proxmox/issues/2722)) ([acd0d9f](https://github.com/bpg/terraform-provider-proxmox/commit/acd0d9f7fdc15c3059a6cbeb02e49c1f0a26b532)) - **node:** add short-name aliases for node resources ([#2726](https://github.com/bpg/terraform-provider-proxmox/issues/2726)) ([33914d5](https://github.com/bpg/terraform-provider-proxmox/commit/33914d55808d25d97b9cf8123d54f501640dd290)) - **provider:** add short-name aliases for vm, version, and pool resources ([#2728](https://github.com/bpg/terraform-provider-proxmox/issues/2728)) ([38dca5a](https://github.com/bpg/terraform-provider-proxmox/commit/38dca5a91f1ea739e49e4b97e57d164f5570ad7b)) - **sdn:** add short-name aliases for SDN resources ([#2724](https://github.com/bpg/terraform-provider-proxmox/issues/2724)) ([0028588](https://github.com/bpg/terraform-provider-proxmox/commit/0028588ce3ed6a8808da5c50084755860e43d1ea)) - **storage:** add short-name aliases for storage resources ([#2727](https://github.com/bpg/terraform-provider-proxmox/issues/2727)) ([798f1ea](https://github.com/bpg/terraform-provider-proxmox/commit/798f1ea2f74186659601365589904691b1f91e7d)) ##### Bug Fixes - **cpu:** update docs, tests ([033b8f5](https://github.com/bpg/terraform-provider-proxmox/commit/033b8f5027eb2fdb83686de11bd4b67820201efb)) - **docs:** update broken doc links ([#2754](https://github.com/bpg/terraform-provider-proxmox/issues/2754)) ([b7d0242](https://github.com/bpg/terraform-provider-proxmox/commit/b7d0242a81a6bb3d36662ac1fab8b1dfe1d7eb83)) - **lychee:** update comments for clarity ([6fea54e](https://github.com/bpg/terraform-provider-proxmox/commit/6fea54e47f422cf03d0b3e333ff6eb96840c327c)) - **vm:** mark disk size as computed to prevent passthrough drift ([#2718](https://github.com/bpg/terraform-provider-proxmox/issues/2718)) ([cba4dd6](https://github.com/bpg/terraform-provider-proxmox/commit/cba4dd6936276e73a9411375378c8c05d9a5ddc9)) - **vm:** prevent disk resize revert when combined with config changes ([#2751](https://github.com/bpg/terraform-provider-proxmox/issues/2751)) ([f45cf78](https://github.com/bpg/terraform-provider-proxmox/commit/f45cf78cc7cba91ffe26f91feeb3cfcae5ad8a9a)) - **vm:** set power state of VM centrally ([#2508](https://github.com/bpg/terraform-provider-proxmox/issues/2508)) ([b8ceecd](https://github.com/bpg/terraform-provider-proxmox/commit/b8ceecd5afb2ab799b60dc90672c42538cb925b8)) - **vm:** support fractional cpulimit values ([#2745](https://github.com/bpg/terraform-provider-proxmox/issues/2745)) ([445e47c](https://github.com/bpg/terraform-provider-proxmox/commit/445e47c17c0764b0c1e3f8aadd73e9b505b8c06b)) ##### Miscellaneous - **core:** add migration helpers for resource type name rename (ADR-007) ([#2719](https://github.com/bpg/terraform-provider-proxmox/issues/2719)) ([b2bb732](https://github.com/bpg/terraform-provider-proxmox/commit/b2bb7324d2660cc79b520a02626086ed7971d7b5)) - **deps:** update golangci/golangci-lint (v2.11.3 → v2.11.4) ([#2729](https://github.com/bpg/terraform-provider-proxmox/issues/2729)) ([f95bc46](https://github.com/bpg/terraform-provider-proxmox/commit/f95bc4696720e2cb1bacac517301238a336812eb)) - **dev:** update ADRs and reference examples ([#2752](https://github.com/bpg/terraform-provider-proxmox/issues/2752)) ([15afbe8](https://github.com/bpg/terraform-provider-proxmox/commit/15afbe849fe9594e3be6cb0257b155ef41bcb3e0)) - **dev:** update code-review skill ([a7a489f](https://github.com/bpg/terraform-provider-proxmox/commit/a7a489f2924b70d5758deaebcd374b61653fc733)) - **docs:** document usage of ZFS storage in acc tests ([2eca921](https://github.com/bpg/terraform-provider-proxmox/commit/2eca921f9fde90bec3d883f46dc4b40a80638e04)) - **docs:** update FWK reference examples documentation ([c20d0be](https://github.com/bpg/terraform-provider-proxmox/commit/c20d0be5ab4a632b7c340e3781e7f60250a41d7f)) - **test:** add tier-based and resource-targeted test execution ([#2753](https://github.com/bpg/terraform-provider-proxmox/issues/2753)) ([31b4706](https://github.com/bpg/terraform-provider-proxmox/commit/31b4706600585700a4276c1b680ac3c5f58ef742)) - **test:** improve acceptance test stability and reliability ([#2746](https://github.com/bpg/terraform-provider-proxmox/issues/2746)) ([f54fca2](https://github.com/bpg/terraform-provider-proxmox/commit/f54fca2e1ff119ce4c6733dc9ba1034cc90e050c)) ### [`v0.99.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0990-2026-03-21) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.98.1...v0.99.0) ##### Features - **backup:** add `proxmox_backup_job` resource and `proxmox_backup_jobs` data source ([#2711](https://github.com/bpg/terraform-provider-proxmox/issues/2711)) ([92b3e88](https://github.com/bpg/terraform-provider-proxmox/commit/92b3e8856b1259319c23548fccb585b4c68a7adb)) - **file:** add `proxmox_files` data source ([#2703](https://github.com/bpg/terraform-provider-proxmox/issues/2703)) ([e848a57](https://github.com/bpg/terraform-provider-proxmox/commit/e848a5780816a9c525f6a224f4c0f028b8ec69e9)) - **ha:** add `proxmox_virtual_environment_harule` resource (PVE 9+) ([#2682](https://github.com/bpg/terraform-provider-proxmox/issues/2682)) ([31ab05a](https://github.com/bpg/terraform-provider-proxmox/commit/31ab05ac610c5caf0221cfd3c9b2c362052060d7)) - **provider:** add support for replication ([#2661](https://github.com/bpg/terraform-provider-proxmox/issues/2661)) ([ca9a5f7](https://github.com/bpg/terraform-provider-proxmox/commit/ca9a5f7c0029096790750d0d3f4b57507d57b4ba)) ##### Bug Fixes - **access:** remove overly restrictive `username_claim` validation on openid realm ([#2685](https://github.com/bpg/terraform-provider-proxmox/issues/2685)) ([7782dc5](https://github.com/bpg/terraform-provider-proxmox/commit/7782dc5d033a91dd0f1c962d0a3458c6497072a8)) - **ci:** correct repository reference in sync-docs workflow ([f225107](https://github.com/bpg/terraform-provider-proxmox/commit/f225107457e08a7a5b51fe51c51f3138d898f0b2)) - **ha:** handle nil Strict value in HARule and update API response validation ([3bf1e8c](https://github.com/bpg/terraform-provider-proxmox/commit/3bf1e8c764f009517123d86b7b14f46795927045)) - **lxc:** ignore warnings in container create and clone tasks ([#2701](https://github.com/bpg/terraform-provider-proxmox/issues/2701)) ([7f7e36d](https://github.com/bpg/terraform-provider-proxmox/commit/7f7e36d5a9193a86e17629c1dd58bada22a9ae6a)) - **vm:** reboot after disk resize when disk is not hotpluggable ([#2686](https://github.com/bpg/terraform-provider-proxmox/issues/2686)) ([4ffb2f1](https://github.com/bpg/terraform-provider-proxmox/commit/4ffb2f18688ec4b31e6e301782985a65e009aa67)) - **vm:** skip cloud-init device update when only config changed ([#2709](https://github.com/bpg/terraform-provider-proxmox/issues/2709)) ([46e8362](https://github.com/bpg/terraform-provider-proxmox/commit/46e8362cbce08e7fd0d44538dd43a28a85abbb17)) ##### Miscellaneous - **ci:** Update actions/create-github-app-token action (v2.2.1 → v3.0.0) ([#2698](https://github.com/bpg/terraform-provider-proxmox/issues/2698)) ([7983416](https://github.com/bpg/terraform-provider-proxmox/commit/798341634be600fcb4589138f0f8c6adddf654e7)) - **ci:** Update dorny/paths-filter action (v3.0.2 → v4.0.1) ([#2699](https://github.com/bpg/terraform-provider-proxmox/issues/2699)) ([9828faa](https://github.com/bpg/terraform-provider-proxmox/commit/9828faa09c7bd1642654aa11fc8263a8fa681527)) - **ci:** update jetbrains/qodana-action action (v2025.3.1 → v2025.3.2) ([#2712](https://github.com/bpg/terraform-provider-proxmox/issues/2712)) ([98e9407](https://github.com/bpg/terraform-provider-proxmox/commit/98e9407de5132176ea9c52a0f14296da6f0ef26f)) - **deps:** bump google.golang.org/grpc from 1.79.2 to 1.79.3 ([#2713](https://github.com/bpg/terraform-provider-proxmox/issues/2713)) ([c653d7c](https://github.com/bpg/terraform-provider-proxmox/commit/c653d7c190cdd2f1a0664c23229a4641b69efae3)) - **deps:** update github.com/hashicorp/terraform-plugin-\* ([#2693](https://github.com/bpg/terraform-provider-proxmox/issues/2693)) ([db6522f](https://github.com/bpg/terraform-provider-proxmox/commit/db6522fd4ab9ea54beb1b59ade2835fe47ca6af2)) - **deps:** update golangci/golangci-lint ([#2670](https://github.com/bpg/terraform-provider-proxmox/issues/2670)) ([979ce29](https://github.com/bpg/terraform-provider-proxmox/commit/979ce29246bc6f3ff2b54184b2bffc0e25cf0f5d)) - **deps:** update golangci/golangci-lint (v2.11.2 → v2.11.3) ([#2692](https://github.com/bpg/terraform-provider-proxmox/issues/2692)) ([a737b37](https://github.com/bpg/terraform-provider-proxmox/commit/a737b37cd2cea8aa4c786ba875ba42c995ab58c8)) - **deps:** update image golang ([`c7e98cc`](https://github.com/bpg/terraform-provider-proxmox/commit/c7e98cc) → [`595c784`](https://github.com/bpg/terraform-provider-proxmox/commit/595c784)) ([#2708](https://github.com/bpg/terraform-provider-proxmox/issues/2708)) ([d6339f9](https://github.com/bpg/terraform-provider-proxmox/commit/d6339f9333c18f3127cdf24d31161f5cf2df9341)) - **deps:** update image golang ([`e2ddb15`](https://github.com/bpg/terraform-provider-proxmox/commit/e2ddb15) → [`c7e98cc`](https://github.com/bpg/terraform-provider-proxmox/commit/c7e98cc)) ([#2691](https://github.com/bpg/terraform-provider-proxmox/issues/2691)) ([c33b2ab](https://github.com/bpg/terraform-provider-proxmox/commit/c33b2ab481c76a2d746e89b31267b2ae186a942c)) - **deps:** update module golang.org/x/crypto (v0.48.0 → v0.49.0) ([#2696](https://github.com/bpg/terraform-provider-proxmox/issues/2696)) ([e7484c2](https://github.com/bpg/terraform-provider-proxmox/commit/e7484c292907c35c8444650ad2eea2690de93e9e)) - **deps:** update module golang.org/x/net (v0.51.0 → v0.52.0) ([#2697](https://github.com/bpg/terraform-provider-proxmox/issues/2697)) ([951bc29](https://github.com/bpg/terraform-provider-proxmox/commit/951bc292fc5efb7f420ea0cd21e8811dfdfd726b)) - **dev:** introduce ADR-007 for resource type name migration to shorter prefix ([1c07f6d](https://github.com/bpg/terraform-provider-proxmox/commit/1c07f6d9c958c11dd05721bbfd74bba3155b119a)) ### [`v0.98.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0981-2026-03-09) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.98.0...v0.98.1) ##### Bug Fixes - **pool:** support nested pool IDs in API endpoints ([#2680](https://github.com/bpg/terraform-provider-proxmox/issues/2680)) ([c6c726b](https://github.com/bpg/terraform-provider-proxmox/commit/c6c726b6af4396c870c2572561523634c7634cc4)) - **provider:** preserve null `tos` in ACME account when API returns empty string ([#2672](https://github.com/bpg/terraform-provider-proxmox/issues/2672)) ([f9bbd7d](https://github.com/bpg/terraform-provider-proxmox/commit/f9bbd7dd97a2b459e73b06627e415dc2198fde42)) - **vm:** replace enumerated network and IP config fields with dynamic unmarshaling ([#2679](https://github.com/bpg/terraform-provider-proxmox/issues/2679)) ([e5b2771](https://github.com/bpg/terraform-provider-proxmox/commit/e5b277145c719ce5f99e4e38d2277a87546b921f)) - **vm:** support removal of network devices from VM configuration ([#2674](https://github.com/bpg/terraform-provider-proxmox/issues/2674)) ([9b5a978](https://github.com/bpg/terraform-provider-proxmox/commit/9b5a9786e14e2d852ef362fb238494f54a02405e)) ##### Miscellaneous - **deps:** update image golang (1.26.0 → 1.26.1) ([#2669](https://github.com/bpg/terraform-provider-proxmox/issues/2669)) ([9a8d85b](https://github.com/bpg/terraform-provider-proxmox/commit/9a8d85b43fb51b550e49566257ed670b827572de)) - **docs:** clarify example prerequisites for SSH, node name, timezone, and DHCP ([8f97a34](https://github.com/bpg/terraform-provider-proxmox/commit/8f97a34a7f631d925abec12a0254ddded04e36d9)) - **vm:** deprecate 'enabled' attribute on 'network\_device' block ([#2678](https://github.com/bpg/terraform-provider-proxmox/issues/2678)) ([65b809d](https://github.com/bpg/terraform-provider-proxmox/commit/65b809d6205337f023c78b22f442d2d5e3606530)) ### [`v0.98.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0980-2026-03-06) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.97.1...v0.98.0) ##### Features - **access:** add OpenID Connect realm resource and documentation ([#2655](https://github.com/bpg/terraform-provider-proxmox/issues/2655)) ([51c7535](https://github.com/bpg/terraform-provider-proxmox/commit/51c75354e0aae13c1f7b7e16bf0091b8a5fa526d)) - **lxc:** add support for `entrypoint` attribute ([#2543](https://github.com/bpg/terraform-provider-proxmox/issues/2543)) ([178a8ad](https://github.com/bpg/terraform-provider-proxmox/commit/178a8add4a738c1409184af1983f33966e8c5cb7)) ##### Bug Fixes - **lxc:** wrong mapping of `ignore-unpack-errors` attr in `create` API request ([8fe621d](https://github.com/bpg/terraform-provider-proxmox/commit/8fe621ddd6132c7131fa26e10e81b592241d9c3f)) - **vm:** add `started` attribute to `cloned_vm` resource ([#2666](https://github.com/bpg/terraform-provider-proxmox/issues/2666)) ([d9b292a](https://github.com/bpg/terraform-provider-proxmox/commit/d9b292ab05309e934873ebff8f0d16ef56b2e474)) ##### Miscellaneous - **ci:** Update crazy-max/ghaction-import-gpg action (v6.3.0 → v7.0.0) ([#2665](https://github.com/bpg/terraform-provider-proxmox/issues/2665)) ([e77ea1e](https://github.com/bpg/terraform-provider-proxmox/commit/e77ea1ed79752a5533c9bbf5fb902befac63f691)) - **ci:** Update peter-evans/repository-dispatch action (v3 → v4) ([#2653](https://github.com/bpg/terraform-provider-proxmox/issues/2653)) ([3408558](https://github.com/bpg/terraform-provider-proxmox/commit/34085582164e9c56933ca4c3b781b1492d021317)) - **deps:** bump cloudflare/circl to v1.6.3 ([da4b6ab](https://github.com/bpg/terraform-provider-proxmox/commit/da4b6ab101e6eefc96d450c0b602d8070bd3ff0f)) - **deps:** update image golang ([`9edf713`](https://github.com/bpg/terraform-provider-proxmox/commit/9edf713) → [`fb612b7`](https://github.com/bpg/terraform-provider-proxmox/commit/fb612b7)) ([#2663](https://github.com/bpg/terraform-provider-proxmox/issues/2663)) ([369254f](https://github.com/bpg/terraform-provider-proxmox/commit/369254f78dc25017159e6d9ad4dedb77c6347386)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.14.0 → v7.14.1) ([#2664](https://github.com/bpg/terraform-provider-proxmox/issues/2664)) ([b25f773](https://github.com/bpg/terraform-provider-proxmox/commit/b25f773aaaea96716ab91339a3997a730c070867)) - **docs:** fix broken links ([c792dc9](https://github.com/bpg/terraform-provider-proxmox/commit/c792dc93827658741d5339a90d00422b0daf242c)) - **docs:** remove TOC section from the main documentation page ([d6638f7](https://github.com/bpg/terraform-provider-proxmox/commit/d6638f79e13bc2196728eebc7df253915f0449b1)) - **docs:** update badge links in readme.md ([7de7db1](https://github.com/bpg/terraform-provider-proxmox/commit/7de7db1ad516a874ad3b6189d1e5e8447f8980f7)) - **docs:** update os type `l26` linux kernel range for vm ([#2657](https://github.com/bpg/terraform-provider-proxmox/issues/2657)) ([cdd7356](https://github.com/bpg/terraform-provider-proxmox/commit/cdd7356f5333f516c4edee63530ce4fc9ff76838)) - **docs:** update shields in readme.md ([8988f21](https://github.com/bpg/terraform-provider-proxmox/commit/8988f21eecb56b10a6f4ec7dcb596e45d77fa96b)) - **docs:** update terraform proxmox (0.97.0 → 0.97.1) ([#2648](https://github.com/bpg/terraform-provider-proxmox/issues/2648)) ([6811fb3](https://github.com/bpg/terraform-provider-proxmox/commit/6811fb3b749ff313dfd082b09459b9fe9d3c6eb8)) - **fwk:** standardize model files ([#2651](https://github.com/bpg/terraform-provider-proxmox/issues/2651)) ([911d8d3](https://github.com/bpg/terraform-provider-proxmox/commit/911d8d3430d5f416f24dd6ec3dc018be51694b2e)) ### [`v0.97.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0971-2026-02-27) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.97.0...v0.97.1) ##### Bug Fixes - **firewall:** handle missing security group in `Read` and fix id override `Create` ([#2647](https://github.com/bpg/terraform-provider-proxmox/issues/2647)) ([f526c39](https://github.com/bpg/terraform-provider-proxmox/commit/f526c3992321de337efa4d420549aa2baa9b4e48)) - **hwmapping:** enable nested USB hubs ([#2636](https://github.com/bpg/terraform-provider-proxmox/issues/2636)) ([d42fe74](https://github.com/bpg/terraform-provider-proxmox/commit/d42fe74c75c788a575aee92c4a80da4a18fa22c7)) - **vm,lxc:** add name validation ([#2631](https://github.com/bpg/terraform-provider-proxmox/issues/2631)) ([53cce6f](https://github.com/bpg/terraform-provider-proxmox/commit/53cce6fb4302ab9c0f9f697f24718afc35d3bfe0)) - **vm:** allow adding EFI disk without forcing VM replacement ([#2645](https://github.com/bpg/terraform-provider-proxmox/issues/2645)) ([d636403](https://github.com/bpg/terraform-provider-proxmox/commit/d63640316c1499aa0c61b2ba301470685b4d6b6d)) ##### Miscellaneous - **ci:** Update actions/attest-build-provenance action (v3 → v4) ([#2641](https://github.com/bpg/terraform-provider-proxmox/issues/2641)) ([de5f833](https://github.com/bpg/terraform-provider-proxmox/commit/de5f8334517f44e602fff28e31307d8d0c91eb3f)) - **ci:** update actions/setup-go digest ([`7a3fe6c`](https://github.com/bpg/terraform-provider-proxmox/commit/7a3fe6c) → [`4b73464`](https://github.com/bpg/terraform-provider-proxmox/commit/4b73464)) ([#2643](https://github.com/bpg/terraform-provider-proxmox/issues/2643)) ([9af341a](https://github.com/bpg/terraform-provider-proxmox/commit/9af341a94a2dfbf6e7df9762d94934a9e50d4bf1)) - **ci:** Update actions/upload-artifact action (v6 → v7) ([#2642](https://github.com/bpg/terraform-provider-proxmox/issues/2642)) ([4d84904](https://github.com/bpg/terraform-provider-proxmox/commit/4d84904b5764957ae66a600f3888aa681715e855)) - **ci:** Update hashicorp/setup-terraform action ([#2635](https://github.com/bpg/terraform-provider-proxmox/issues/2635)) ([af078b7](https://github.com/bpg/terraform-provider-proxmox/commit/af078b7dab3638b8d9da87f7acbc59ba1c3170c1)) - **ci:** update lycheeverse/lychee-action action (v2.7.0 → v2.8.0) ([#2638](https://github.com/bpg/terraform-provider-proxmox/issues/2638)) ([5271851](https://github.com/bpg/terraform-provider-proxmox/commit/5271851dc97a143db6a7870cfb8d549d52c2f1fd)) - **deps:** update github.com/hashicorp/terraform-plugin-\* ([#2634](https://github.com/bpg/terraform-provider-proxmox/issues/2634)) ([345f785](https://github.com/bpg/terraform-provider-proxmox/commit/345f785b7026dbeaf87c3751b3531c46380a1f8c)) - **deps:** update image golang ([`c83e68f`](https://github.com/bpg/terraform-provider-proxmox/commit/c83e68f) → [`9edf713`](https://github.com/bpg/terraform-provider-proxmox/commit/9edf713)) ([#2633](https://github.com/bpg/terraform-provider-proxmox/issues/2633)) ([c47a705](https://github.com/bpg/terraform-provider-proxmox/commit/c47a70569b7842ece5bc9e8f6f4c3b17c269dac0)) - **deps:** update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.38.2 → v2.39.0) ([#2639](https://github.com/bpg/terraform-provider-proxmox/issues/2639)) ([8b3bff1](https://github.com/bpg/terraform-provider-proxmox/commit/8b3bff197e7ea8a5be85effa65759443ef976a8b)) - **deps:** update module golang.org/x/net (v0.50.0 → v0.51.0) ([#2640](https://github.com/bpg/terraform-provider-proxmox/issues/2640)) ([587d1fe](https://github.com/bpg/terraform-provider-proxmox/commit/587d1feb7b8d6492741f9975ba807fef50193e1a)) - **docs:** add vm-lifecycle, multi-node, and upgrade guides ([#2628](https://github.com/bpg/terraform-provider-proxmox/issues/2628)) ([d2b8729](https://github.com/bpg/terraform-provider-proxmox/commit/d2b87294e72181caa12ccae497a3d4bf7837b766)) ### [`v0.97.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0970-2026-02-23) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.96.0...v0.97.0) ##### Features - **lxc:** implement idmap support via SSH config file editing ([#2579](https://github.com/bpg/terraform-provider-proxmox/issues/2579)) ([63334e1](https://github.com/bpg/terraform-provider-proxmox/commit/63334e163fe4562dce7cbfbc446d6a77b5671a62)) ##### Bug Fixes - **ci:** exclude ARM architecture for Windows builds in goreleaser ([9c268a5](https://github.com/bpg/terraform-provider-proxmox/commit/9c268a57504ba61a7516069c4478d88d0e746a86)) - **docs:** clarify SSH password inheritance with API token auth ([#2624](https://github.com/bpg/terraform-provider-proxmox/issues/2624)) ([d453924](https://github.com/bpg/terraform-provider-proxmox/commit/d4539245714a3d243d0343bf7b85e1c3a4451642)) - **firewall:** handle "already exists" error in SG and IPSet create ([#2627](https://github.com/bpg/terraform-provider-proxmox/issues/2627)) ([06f3c6f](https://github.com/bpg/terraform-provider-proxmox/commit/06f3c6f9ff78db56ddcb2db2a7db6f655898a3d1)) - **firewall:** update rules with position awareness ([#2593](https://github.com/bpg/terraform-provider-proxmox/issues/2593)) ([2bd6b98](https://github.com/bpg/terraform-provider-proxmox/commit/2bd6b98a004380e02ff672251cb841dd279a4a07)) - **lxc, vm:** add retries for LXC operations, unify retry logic into shared package ([#2616](https://github.com/bpg/terraform-provider-proxmox/issues/2616)) ([39c0198](https://github.com/bpg/terraform-provider-proxmox/commit/39c01984184eed019dcad8b8f6f4c8660bd05060)) - **storage:** unknown `encryption_key_fingerprint` after PBS apply ([#2625](https://github.com/bpg/terraform-provider-proxmox/issues/2625)) ([82c49fd](https://github.com/bpg/terraform-provider-proxmox/commit/82c49fdc87c182a0d71ed705320c8aa265f8d793)) - **vm:** preserve disk deletions in update request ([#2614](https://github.com/bpg/terraform-provider-proxmox/issues/2614)) ([b12111f](https://github.com/bpg/terraform-provider-proxmox/commit/b12111fa5d29b27349569500675515f140de1da6)) - **vm:** remove duplicate line in ipConfigObjects ([#2618](https://github.com/bpg/terraform-provider-proxmox/issues/2618)) ([0a4ab5b](https://github.com/bpg/terraform-provider-proxmox/commit/0a4ab5beee272c95bb3c9887adcfebf08e4aa3f3)) - **vm:** skip cdrom devices during disk read-back on import ([#2626](https://github.com/bpg/terraform-provider-proxmox/issues/2626)) ([64c2db2](https://github.com/bpg/terraform-provider-proxmox/commit/64c2db25f60c35a1d61bbf9a2eb9ac87cd34ccf2)) ##### Miscellaneous - **ci:** update actions/stale digest ([`9971854`](https://github.com/bpg/terraform-provider-proxmox/commit/9971854) → [`b5d41d4`](https://github.com/bpg/terraform-provider-proxmox/commit/b5d41d4)) ([#2611](https://github.com/bpg/terraform-provider-proxmox/issues/2611)) ([fcead36](https://github.com/bpg/terraform-provider-proxmox/commit/fcead36a03f65c7e538ed6ceb1c2a5af4dcd9ee8)) - **ci:** Update goreleaser/goreleaser-action action (v6.4.0 → v7.0.0) ([#2623](https://github.com/bpg/terraform-provider-proxmox/issues/2623)) ([f7ab67d](https://github.com/bpg/terraform-provider-proxmox/commit/f7ab67de8338be8d9341da1b7de65c44e1f35f92)) - **deps:** update golangci/golangci-lint (v2.9.0 → v2.10.1) ([#2603](https://github.com/bpg/terraform-provider-proxmox/issues/2603)) ([3e64ec4](https://github.com/bpg/terraform-provider-proxmox/commit/3e64ec42e28b962b528fd103107a985637f1e7f8)) - **docs:** update terraform local (2.6.2 → 2.7.0) ([#2612](https://github.com/bpg/terraform-provider-proxmox/issues/2612)) ([6da27f6](https://github.com/bpg/terraform-provider-proxmox/commit/6da27f6042997d8d32062824685ebe95ea5af93d)) ### [`v0.96.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0960-2026-02-18) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.95.0...v0.96.0) ##### Features - **cluster:** add otel options to metrics server resource ([#2595](https://github.com/bpg/terraform-provider-proxmox/issues/2595)) ([32dfac8](https://github.com/bpg/terraform-provider-proxmox/commit/32dfac87b9689a1ad768e8a12e03606ad8398006)) - **network:** add configurable timeout for network reload operations ([#2573](https://github.com/bpg/terraform-provider-proxmox/issues/2573)) ([ed8593d](https://github.com/bpg/terraform-provider-proxmox/commit/ed8593db8de12bbb3ab940ee4db1e887d4205b53)) ##### Bug Fixes - **cluster:** fix `Description` body-building bug and standardize delete handling in options ([#2601](https://github.com/bpg/terraform-provider-proxmox/issues/2601)) ([a704bb1](https://github.com/bpg/terraform-provider-proxmox/commit/a704bb17e7ec78bf7a1bf03451575e95b20aaee3)) - **file:** retry read-back after upload for distributed storage consistency ([#2571](https://github.com/bpg/terraform-provider-proxmox/issues/2571)) ([989a4ba](https://github.com/bpg/terraform-provider-proxmox/commit/989a4bad8fcd93914492a8deb190125dfbc66ad2)) - **hwmapping:** add comment validator, fix acceptance tests ([#2609](https://github.com/bpg/terraform-provider-proxmox/issues/2609)) ([f943051](https://github.com/bpg/terraform-provider-proxmox/commit/f943051bd79bd2f5d9e478eee595c524818fb2dd)) - **network:** properly delete cidr/cidr6 when address is removed from linux ([#2587](https://github.com/bpg/terraform-provider-proxmox/issues/2587)) ([a52a11f](https://github.com/bpg/terraform-provider-proxmox/commit/a52a11ff461d3b2a650cfa61d4dcebcdf1ce45e2)) - **network:** properly delete optional fields when removed from VLAN config ([#2599](https://github.com/bpg/terraform-provider-proxmox/issues/2599)) ([d0f1704](https://github.com/bpg/terraform-provider-proxmox/commit/d0f17048766efdb0a139e13c607e1507acba3c2a)) - **node:** add CPU utilization to node data source ([#2605](https://github.com/bpg/terraform-provider-proxmox/issues/2605)) ([1a1cbbb](https://github.com/bpg/terraform-provider-proxmox/commit/1a1cbbb2b205d9e0cbd2e29eb2c8dfbbb2dec8d9)) - **sdn:** avoid mtu=0 when omitted for sdn zones ([#2584](https://github.com/bpg/terraform-provider-proxmox/issues/2584)) ([66c43d8](https://github.com/bpg/terraform-provider-proxmox/commit/66c43d8366dc2957926887c2ee08d1066d8de781)) - **sdn:** better `apply` resiliency, fix import of a pending zone ([#2610](https://github.com/bpg/terraform-provider-proxmox/issues/2610)) ([a9ea3c1](https://github.com/bpg/terraform-provider-proxmox/commit/a9ea3c14c93877cea587d0cbc8261371a7b40e9a)) - **vm:** clean up orphaned re-import code and clarify `import_from` as create-only ([#2568](https://github.com/bpg/terraform-provider-proxmox/issues/2568)) ([2160f00](https://github.com/bpg/terraform-provider-proxmox/commit/2160f00e624ff83e954574c87dbdb2c542739f4b)) ##### Miscellaneous - **core:** unify Delete field type across API client structs ([#2604](https://github.com/bpg/terraform-provider-proxmox/issues/2604)) ([d6a66f4](https://github.com/bpg/terraform-provider-proxmox/commit/d6a66f445fbb164aae998d5d28e7bb24d121bcdc)) - **deps:** update golangci/golangci-lint (v2.8.0 → v2.9.0) ([#2589](https://github.com/bpg/terraform-provider-proxmox/issues/2589)) ([ee0f07f](https://github.com/bpg/terraform-provider-proxmox/commit/ee0f07f1577f77f19a1c384464eab35441dedc14)) - **deps:** update image golang (1.25.7 → 1.26.0) ([#2590](https://github.com/bpg/terraform-provider-proxmox/issues/2590)) ([8f5d598](https://github.com/bpg/terraform-provider-proxmox/commit/8f5d598b8ac927f430aa87eaaea45ac061d9a7cc)) - **deps:** update module golang.org/x/crypto (v0.47.0 → v0.48.0) ([#2591](https://github.com/bpg/terraform-provider-proxmox/issues/2591)) ([43c295b](https://github.com/bpg/terraform-provider-proxmox/commit/43c295b014118bcf9768ca81fbf1c1daa6ba771a)) - **deps:** update module golang.org/x/net (v0.49.0 → v0.50.0) ([#2592](https://github.com/bpg/terraform-provider-proxmox/issues/2592)) ([7b83dd8](https://github.com/bpg/terraform-provider-proxmox/commit/7b83dd872b9caf49056bea48fa145f1cec9ae898)) - **test:** do not run SDN acceptance tests in parallel ([#2607](https://github.com/bpg/terraform-provider-proxmox/issues/2607)) ([ac1fabd](https://github.com/bpg/terraform-provider-proxmox/commit/ac1fabd6c108da320ef5eda0b7a10563f9870e65)) - **test:** fix parallel VM tests execution ([#2608](https://github.com/bpg/terraform-provider-proxmox/issues/2608)) ([09500be](https://github.com/bpg/terraform-provider-proxmox/commit/09500be52827f7d273058834ae4c660b722ce89c)) ### [`v0.95.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0950-2026-02-08) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.94.0...v0.95.0) ##### ⚠ BREAKING CHANGES - **node:** correct `cpu_count` inconsistency between `_node` and `_nodes` data sources ([#2559](https://github.com/bpg/terraform-provider-proxmox/issues/2559)) ##### Bug Fixes - **docs:** update PR title guidelines for breaking changes and contributor notes ([d884c4a](https://github.com/bpg/terraform-provider-proxmox/commit/d884c4aaccac54ba641ffe3e91dff34bee6dccb2)) - **lxc:** apply start\_on\_boot and features on clone and update ([#2562](https://github.com/bpg/terraform-provider-proxmox/issues/2562)) ([b21616a](https://github.com/bpg/terraform-provider-proxmox/commit/b21616a0bd37e48e18307a9cadd2ca47ef209e7a)) - **node:** correct `cpu_count` inconsistency between `_node` and `_nodes` data sources ([#2559](https://github.com/bpg/terraform-provider-proxmox/issues/2559)) ([c4d8d6b](https://github.com/bpg/terraform-provider-proxmox/commit/c4d8d6b17d7140fcd21e901a817d2688111dd6bf)) - **vm:** apply custom timeouts on update operations ([#2561](https://github.com/bpg/terraform-provider-proxmox/issues/2561)) ([e9bb225](https://github.com/bpg/terraform-provider-proxmox/commit/e9bb22571d1dd1db10fe961b44a0f6dadbab91c1)) - **vm:** correctly update hotpluggable devices ([#2556](https://github.com/bpg/terraform-provider-proxmox/issues/2556)) ([9d4155a](https://github.com/bpg/terraform-provider-proxmox/commit/9d4155aeafad16b31f728df30649c79879685e61)) - **vm:** reboot before disk resize to prevent pending changes from reverting size ([#2563](https://github.com/bpg/terraform-provider-proxmox/issues/2563)) ([3465c84](https://github.com/bpg/terraform-provider-proxmox/commit/3465c84cbc5f8e2f3f79acdf9519aa181eb66607)) ##### Miscellaneous - **ci:** Update actions/checkout action (v4.2.2 → v6.0.2) ([#2554](https://github.com/bpg/terraform-provider-proxmox/issues/2554)) ([9262783](https://github.com/bpg/terraform-provider-proxmox/commit/9262783b80d08a3bd40d81aeaa9d00a37ff02c32)) - **ci:** update actions/checkout digest ([`8e8c483`](https://github.com/bpg/terraform-provider-proxmox/commit/8e8c483) → [`de0fac2`](https://github.com/bpg/terraform-provider-proxmox/commit/de0fac2)) ([#2557](https://github.com/bpg/terraform-provider-proxmox/issues/2557)) ([db2bba1](https://github.com/bpg/terraform-provider-proxmox/commit/db2bba15922b54f28ed06efa4b5d84e41f2e0e13)) - **deps:** update image golang ([`011d6e2`](https://github.com/bpg/terraform-provider-proxmox/commit/011d6e2) → [`cc73743`](https://github.com/bpg/terraform-provider-proxmox/commit/cc73743)) ([#2564](https://github.com/bpg/terraform-provider-proxmox/issues/2564)) ([5b10da9](https://github.com/bpg/terraform-provider-proxmox/commit/5b10da9f2d4a8b9435b776a0c2a5d246372d672e)) - **deps:** update image golang (1.25.6 → 1.25.7) ([#2552](https://github.com/bpg/terraform-provider-proxmox/issues/2552)) ([d148eb0](https://github.com/bpg/terraform-provider-proxmox/commit/d148eb08d3a7fcc26ae02e59058f98e28181d7fe)) - **deps:** update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.38.1 → v2.38.2) ([#2553](https://github.com/bpg/terraform-provider-proxmox/issues/2553)) ([aa1b8ce](https://github.com/bpg/terraform-provider-proxmox/commit/aa1b8cea32ee5f8c86109f49654c5c8528ed49ca)) - **dev:** update templates and define skills for LLM agent flows ([#2542](https://github.com/bpg/terraform-provider-proxmox/issues/2542)) ([615c670](https://github.com/bpg/terraform-provider-proxmox/commit/615c6705b20d8743ff81f440a89f55ed7a5728aa)) - **docs:** add Architecture Decision Records for the dev process ([#2546](https://github.com/bpg/terraform-provider-proxmox/issues/2546)) ([97317f6](https://github.com/bpg/terraform-provider-proxmox/commit/97317f6ef11a02d13fbdeec447cc48c6f87cbafd)) - **docs:** add notice to enable 'Import' content type to allow its use with file resources ([#2558](https://github.com/bpg/terraform-provider-proxmox/issues/2558)) ([90ce565](https://github.com/bpg/terraform-provider-proxmox/commit/90ce565e7dc855fc9855d3d0f29c3e41504364d9)) - **docs:** fix links in DEBUGGING.md ([8beb699](https://github.com/bpg/terraform-provider-proxmox/commit/8beb699d395d135283874852288335ecc633cdbd)) ### [`v0.94.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0940-2026-02-02) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.93.1...v0.94.0) ##### Features - **firewall:** add `proxmox_virtual_environment_node_firewall` ([#2502](https://github.com/bpg/terraform-provider-proxmox/issues/2502)) ([d45f269](https://github.com/bpg/terraform-provider-proxmox/commit/d45f26920e7ff8266793d885c7ff3dddd6a6651f)) ##### Bug Fixes - **lxc:** provision mount points when cloning containers ([#2529](https://github.com/bpg/terraform-provider-proxmox/issues/2529)) ([67990d7](https://github.com/bpg/terraform-provider-proxmox/commit/67990d72c664a46c496097946ee48eddac29ae1a)), closes [#2518](https://github.com/bpg/terraform-provider-proxmox/issues/2518) [#2507](https://github.com/bpg/terraform-provider-proxmox/issues/2507) - **network:** update reload timeout and retry ([#2510](https://github.com/bpg/terraform-provider-proxmox/issues/2510)) ([f66b9dd](https://github.com/bpg/terraform-provider-proxmox/commit/f66b9dde260d740415990b7fc275f6564fecf712)) - **sdn:** correct EVPN resource handling and improvements to base zone ([#2501](https://github.com/bpg/terraform-provider-proxmox/issues/2501)) ([c159715](https://github.com/bpg/terraform-provider-proxmox/commit/c159715e4341e87168d73f1cc58e9ead2a15be82)) - **storage:** add validator for acceptable values for storage content and update docs ([#2519](https://github.com/bpg/terraform-provider-proxmox/issues/2519)) ([fc8b018](https://github.com/bpg/terraform-provider-proxmox/commit/fc8b0181b87e9c2dcb148fb2c81d92562e6e3230)) - **vm:** add missing cpu types ([#2499](https://github.com/bpg/terraform-provider-proxmox/issues/2499)) ([f51c8df](https://github.com/bpg/terraform-provider-proxmox/commit/f51c8dfd08360808d41201bb81fd2db1896a1238)) - **vm:** handle nil `ip_config` block in cloud-init during clone ([#2527](https://github.com/bpg/terraform-provider-proxmox/issues/2527)) ([4ed5433](https://github.com/bpg/terraform-provider-proxmox/commit/4ed543348ea5357874d8d4415252ceb8c835c3bb)) - **vm:** require reboot for CPU core or socket changes ([#2534](https://github.com/bpg/terraform-provider-proxmox/issues/2534)) ([3ca754c](https://github.com/bpg/terraform-provider-proxmox/commit/3ca754cf73439a9b0e817b07926e91806a42603a)), closes [#2516](https://github.com/bpg/terraform-provider-proxmox/issues/2516) ### [`v0.93.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0931-2026-01-31) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.93.0...v0.93.1) ##### Bug Fixes - **docs:** prevent path traversal in sudoers tee configuration ([#2524](https://github.com/bpg/terraform-provider-proxmox/issues/2524)) ([bd604c4](https://github.com/bpg/terraform-provider-proxmox/commit/bd604c41a31e2a55dd6acc01b0608be3ea49c023)) ##### Miscellaneous - **ci:** update actions/checkout action (v6.0.1 → v6.0.2) ([#2521](https://github.com/bpg/terraform-provider-proxmox/issues/2521)) ([84e0b97](https://github.com/bpg/terraform-provider-proxmox/commit/84e0b97aa0d2fbc111e1db5432a97f98ed25ca6b)) - **ci:** update actions/setup-go digest ([`4dc6199`](https://github.com/bpg/terraform-provider-proxmox/commit/4dc6199) → [`7a3fe6c`](https://github.com/bpg/terraform-provider-proxmox/commit/7a3fe6c)) ([#2520](https://github.com/bpg/terraform-provider-proxmox/issues/2520)) ([1a1174c](https://github.com/bpg/terraform-provider-proxmox/commit/1a1174c73ce6089af1c66f006a51ff1acb99699f)) - **deps:** update image golang (1.25.5 → 1.25.6) ([#2504](https://github.com/bpg/terraform-provider-proxmox/issues/2504)) ([3e75bbb](https://github.com/bpg/terraform-provider-proxmox/commit/3e75bbb41f3b967f7602bb38182052518bcedbfd)) - **deps:** update image golang ([`6cc2338`](https://github.com/bpg/terraform-provider-proxmox/commit/6cc2338) → [`8bbd140`](https://github.com/bpg/terraform-provider-proxmox/commit/8bbd140)) ([#2503](https://github.com/bpg/terraform-provider-proxmox/issues/2503)) ([d087c97](https://github.com/bpg/terraform-provider-proxmox/commit/d087c97870d992711a6131ac1913e19af2f936b1)) - **deps:** update module golang.org/x/net (v0.48.0 → v0.49.0) ([#2506](https://github.com/bpg/terraform-provider-proxmox/issues/2506)) ([9fe808a](https://github.com/bpg/terraform-provider-proxmox/commit/9fe808adc8fb8aadf1d68a7540b7a9b205f123b3)) - **docs:** update terraform local (2.6.1 → 2.6.2) ([#2522](https://github.com/bpg/terraform-provider-proxmox/issues/2522)) ([8c64b5e](https://github.com/bpg/terraform-provider-proxmox/commit/8c64b5e0199eb9aad85d41739e3b0d2ef0134f18)) - **docs:** update terraform tls (4.1.0 → 4.2.1) ([#2523](https://github.com/bpg/terraform-provider-proxmox/issues/2523)) ([94d9dd3](https://github.com/bpg/terraform-provider-proxmox/commit/94d9dd3feca1a8ff285de92b58601ff2261b74a3)) ### [`v0.93.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0930-2026-01-12) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.92.0...v0.93.0) ##### Features - **lxc:** add `path_in_datastore` computed attribute for cross-resource refs ([#2493](https://github.com/bpg/terraform-provider-proxmox/issues/2493)) ([616ec37](https://github.com/bpg/terraform-provider-proxmox/commit/616ec379f2052bd1a512e123c0c363ee2cb894aa)) - **lxc:** enable root disk resize without recreate ([#2321](https://github.com/bpg/terraform-provider-proxmox/issues/2321)) ([581782c](https://github.com/bpg/terraform-provider-proxmox/commit/581782c4b12a6e9d35b2734194ee6c05d52c79d8)) - **vm:** add ha-aware migration for ha-managed vms ([#2476](https://github.com/bpg/terraform-provider-proxmox/issues/2476)) ([4f5b4fb](https://github.com/bpg/terraform-provider-proxmox/commit/4f5b4fb27865f1acdd884a040ad8c686a64d5036)) - **vm:** add support for `hotplug` parameter ([#2356](https://github.com/bpg/terraform-provider-proxmox/issues/2356)) ([891fd41](https://github.com/bpg/terraform-provider-proxmox/commit/891fd4185f7dad1d022c90bda137b9aa9c179106)) ##### Bug Fixes - **docs:** improve provider documentation readability and structure ([#2487](https://github.com/bpg/terraform-provider-proxmox/issues/2487)) ([b9457fa](https://github.com/bpg/terraform-provider-proxmox/commit/b9457fa9b3b30c8d5535bedfba40d81dc7a527e2)) - **example:** make lxc container use root provider so it works ([#2458](https://github.com/bpg/terraform-provider-proxmox/issues/2458)) ([7e1a379](https://github.com/bpg/terraform-provider-proxmox/commit/7e1a3796855e390d4afb2885b8d7c8ae10b7ef42)) - **lxc:** allow mounting existing subvol with size argument ([#2491](https://github.com/bpg/terraform-provider-proxmox/issues/2491)) ([0b9e1e0](https://github.com/bpg/terraform-provider-proxmox/commit/0b9e1e08999f044a1613107c3f8eadef60512267)) - **ssh:** harden try\_sudo for PVE 9, improve shell compatibility ([#2480](https://github.com/bpg/terraform-provider-proxmox/issues/2480)) ([f3dd703](https://github.com/bpg/terraform-provider-proxmox/commit/f3dd703f398697f88db5ea369a2b9355d25fdf1a)) - **vm:** prevent initialization drift when cloning VM with user\_account ([#2486](https://github.com/bpg/terraform-provider-proxmox/issues/2486)) ([dbd4fd5](https://github.com/bpg/terraform-provider-proxmox/commit/dbd4fd50526393ae3f1d9dd50ea7ba4439bb6c31)) - **vm:** resizing disk deletes cdrom / cloud-init ([#2484](https://github.com/bpg/terraform-provider-proxmox/issues/2484)) ([ae17149](https://github.com/bpg/terraform-provider-proxmox/commit/ae171496250f17c67436f22aaeccdf975f205c4c)) ##### Miscellaneous - **docs:** minor docs fixes and improvements ([#2481](https://github.com/bpg/terraform-provider-proxmox/issues/2481)) ([b52af8d](https://github.com/bpg/terraform-provider-proxmox/commit/b52af8d7948ebbf3d268699f17fc0d7fcc62eafe)) ### [`v0.92.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0920-2026-01-10) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.91.0...v0.92.0) ##### ⚠ BREAKING CHANGES - The `proxmox_virtual_environment_download_file` resource now checks the upstream URL's Content-Length during every refresh with `overwrite=true` (default). This restores the original behavior from v0.33.0 that was accidentally removed in v0.78.2. Users who want to disable upstream checking should set `overwrite=false`. - The `proxmox_virtual_environment_firewall_options` resource now requires exactly one of `vm_id` or `container_id` to be specified. Previously, configurations with only `node_name` would pass validation but fail at runtime. This change enforces the requirement at validation time. ##### Features - **access:** add LDAP realm and sync resources ([#2454](https://github.com/bpg/terraform-provider-proxmox/issues/2454)) ([085b73b](https://github.com/bpg/terraform-provider-proxmox/commit/085b73b91d5049be878a83dce67059a7bb4ba9c7)), closes [#1871](https://github.com/bpg/terraform-provider-proxmox/issues/1871) - **docs:** add universal LLM Agent instructions and contribution guidelines ([#2473](https://github.com/bpg/terraform-provider-proxmox/issues/2473)) ([16abacc](https://github.com/bpg/terraform-provider-proxmox/commit/16abacc4da7c1075b0bd4f8fb7dbb044ee6bfa01)) ##### Bug Fixes - **api:** detect TFA requirement and return clear error message ([#2477](https://github.com/bpg/terraform-provider-proxmox/issues/2477)) ([876849d](https://github.com/bpg/terraform-provider-proxmox/commit/876849dda5e8340a09028cc9a15dc2880f6c2a41)) - **docs:** clarify documentation workflow for FWK resources ([#2475](https://github.com/bpg/terraform-provider-proxmox/issues/2475)) ([7bd295a](https://github.com/bpg/terraform-provider-proxmox/commit/7bd295ab26022621216085eb63295f876722bcd5)) - **docs:** fix broken links in docs ([#2464](https://github.com/bpg/terraform-provider-proxmox/issues/2464)) ([cdeddf8](https://github.com/bpg/terraform-provider-proxmox/commit/cdeddf86c63231dbc31c5c177f5b2c1430f21326)) - **docs:** update reference to setting up proxmox ([#2455](https://github.com/bpg/terraform-provider-proxmox/issues/2455)) ([3c11ffd](https://github.com/bpg/terraform-provider-proxmox/commit/3c11ffdbb64981eb1330c197530b6f3a13858381)) - **file:** restore upstream URL change detection in `download_file` ([#2474](https://github.com/bpg/terraform-provider-proxmox/issues/2474)) ([ad181ee](https://github.com/bpg/terraform-provider-proxmox/commit/ad181ee835eeecc496fce529ac0f89e09501a277)), closes [#2470](https://github.com/bpg/terraform-provider-proxmox/issues/2470) - **firewall:** make `vm_id`/`container_id` required in VM/Container -level firewall options ([#2453](https://github.com/bpg/terraform-provider-proxmox/issues/2453)) ([5ded5d4](https://github.com/bpg/terraform-provider-proxmox/commit/5ded5d48a16eb001994e1a3c735428a1530e45c8)) - **storage:** prevent "was absent, but now present" error for backups block ([#2465](https://github.com/bpg/terraform-provider-proxmox/issues/2465)) ([501c09b](https://github.com/bpg/terraform-provider-proxmox/commit/501c09b58678c3a51d89285f2af3e4f3fd8b9f20)) - **vm:** allow vcpus hotplug without reboot ([#2466](https://github.com/bpg/terraform-provider-proxmox/issues/2466)) ([f864d36](https://github.com/bpg/terraform-provider-proxmox/commit/f864d36a557f1883e0823e15f6b37826683c5ba2)) - **vm:** correct disk speed settings for multiple disks and update detection ([#2478](https://github.com/bpg/terraform-provider-proxmox/issues/2478)) ([0889c74](https://github.com/bpg/terraform-provider-proxmox/commit/0889c74019c7711616e586a38bcc0e5a98f3d496)) ##### Miscellaneous - **deps:** update golangci/golangci-lint (v2.7.2 → v2.8.0) ([#2472](https://github.com/bpg/terraform-provider-proxmox/issues/2472)) ([5009161](https://github.com/bpg/terraform-provider-proxmox/commit/5009161379f9cb5ef1fa156a22ed262184c1b45b)) - **deps:** Update module github.com/avast/retry-go/v4 (v4.7.0 → v5.0.0) ([#2452](https://github.com/bpg/terraform-provider-proxmox/issues/2452)) ([1f664be](https://github.com/bpg/terraform-provider-proxmox/commit/1f664bed9fc5c15099983728bc5d3068aab0d03a)) - **docs:** remove outdated Ceph handles from `apt_standard_repository` docs ([#2471](https://github.com/bpg/terraform-provider-proxmox/issues/2471)) ([ccbaabd](https://github.com/bpg/terraform-provider-proxmox/commit/ccbaabd28d67596e047478f6518501b645c41fce)), closes [#2421](https://github.com/bpg/terraform-provider-proxmox/issues/2421) - **docs:** update terraform proxmox (0.90.0 → 0.91.0) ([#2459](https://github.com/bpg/terraform-provider-proxmox/issues/2459)) ([d175ef0](https://github.com/bpg/terraform-provider-proxmox/commit/d175ef0dccb529983e1eccf156aabaf38d828445)) ### [`v0.91.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0910-2026-01-03) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.90.0...v0.91.0) ##### Features - **acme:** add support for certificate ordering ([#2292](https://github.com/bpg/terraform-provider-proxmox/issues/2292)) ([a2a970d](https://github.com/bpg/terraform-provider-proxmox/commit/a2a970d06836c7740e1b6b040ebb8cfc622714c6)) - **sdn:** add support for Fabric resources ([#2444](https://github.com/bpg/terraform-provider-proxmox/issues/2444)) ([b223dad](https://github.com/bpg/terraform-provider-proxmox/commit/b223dad82886db6738f1d2a6845720267c1742d4)) - **storage:** add support for provisioning storage types (NFS/CIFS/PBS/Directory/LVM) ([#2130](https://github.com/bpg/terraform-provider-proxmox/issues/2130)) ([f361704](https://github.com/bpg/terraform-provider-proxmox/commit/f361704ccaa7d794d83c6803e120c29f0178640c)) ##### Bug Fixes - **core:** handle scientific notation in CustomInt/CustomInt64 unmarshaling ([#2431](https://github.com/bpg/terraform-provider-proxmox/issues/2431)) ([4baff92](https://github.com/bpg/terraform-provider-proxmox/commit/4baff92038235f7e4e7830a7a9b239c0a1eadf45)) - **vm:** allow TPM state updates in place ([#2446](https://github.com/bpg/terraform-provider-proxmox/issues/2446)) ([f8717c4](https://github.com/bpg/terraform-provider-proxmox/commit/f8717c41a14af6ea1d0dc31cc62f14649fae7653)) ##### Miscellaneous - **code:** cleanup issues reported by static code alalysis ([#2442](https://github.com/bpg/terraform-provider-proxmox/issues/2442)) ([686e575](https://github.com/bpg/terraform-provider-proxmox/commit/686e575fac3ac220cd8e397fa2e41770cf7b2ca3)) - **code:** cleanups and linter rules adjustment ([#2443](https://github.com/bpg/terraform-provider-proxmox/issues/2443)) ([1eee491](https://github.com/bpg/terraform-provider-proxmox/commit/1eee491ebb96f7c27dca9c962157b9af58ea9af3)) - **deps:** update image golang ([`36b4f45`](https://github.com/bpg/terraform-provider-proxmox/commit/36b4f45) → [`b6ba523`](https://github.com/bpg/terraform-provider-proxmox/commit/b6ba523)) ([#2439](https://github.com/bpg/terraform-provider-proxmox/issues/2439)) ([f82f03c](https://github.com/bpg/terraform-provider-proxmox/commit/f82f03c85fa039b705e80eeb6f2fb78859fbab24)) - **deps:** update image golang ([`b6ba523`](https://github.com/bpg/terraform-provider-proxmox/commit/b6ba523) → [`6cc2338`](https://github.com/bpg/terraform-provider-proxmox/commit/6cc2338)) ([#2448](https://github.com/bpg/terraform-provider-proxmox/issues/2448)) ([2b22bde](https://github.com/bpg/terraform-provider-proxmox/commit/2b22bde2cfb804818d2fedd31dded719614859ce)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.12.1 → v7.14.0) ([#2438](https://github.com/bpg/terraform-provider-proxmox/issues/2438)) ([4bdd335](https://github.com/bpg/terraform-provider-proxmox/commit/4bdd335fc66e38069806b9fa03d723c8cb6a307e)) - **deps:** update module github.com/google/go-querystring (v1.1.0 → v1.2.0) ([#2440](https://github.com/bpg/terraform-provider-proxmox/issues/2440)) ([ad6b9b2](https://github.com/bpg/terraform-provider-proxmox/commit/ad6b9b26f0ce37019b54649ba469d983921b67e8)) - **docs:** add guide for creating VMs from compressed cloud images ([#2449](https://github.com/bpg/terraform-provider-proxmox/issues/2449)) ([daa339b](https://github.com/bpg/terraform-provider-proxmox/commit/daa339b063c7ba3614347bc4877ffe2a3e592cd6)) - **docs:** update contributing guidelines and dev setup guides ([#2447](https://github.com/bpg/terraform-provider-proxmox/issues/2447)) ([371e0a1](https://github.com/bpg/terraform-provider-proxmox/commit/371e0a17b63ed1c16a094df220d69718d6695dcf)) - **docs:** update terraform proxmox (0.89.1 → 0.90.0) ([#2435](https://github.com/bpg/terraform-provider-proxmox/issues/2435)) ([975f818](https://github.com/bpg/terraform-provider-proxmox/commit/975f8186e20ad7d296f52a484b7b4dc7ec895f4d)) ### [`v0.90.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0900-2025-12-24) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.89.1...v0.90.0) ##### Features - **cloned\_vm:** add cloned VM resource implementation ([#2424](https://github.com/bpg/terraform-provider-proxmox/issues/2424)) ([88cad5c](https://github.com/bpg/terraform-provider-proxmox/commit/88cad5c006c9d9521ce625b5316373100c1ef60c)) - **provider:** add ContentType in ListDatastoreFiles ([#2423](https://github.com/bpg/terraform-provider-proxmox/issues/2423)) ([773b174](https://github.com/bpg/terraform-provider-proxmox/commit/773b174ce06f482280474211b60e71095b831274)) ##### Miscellaneous - **ci:** Update actions/upload-artifact action (v5 → v6) ([#2419](https://github.com/bpg/terraform-provider-proxmox/issues/2419)) ([3021c54](https://github.com/bpg/terraform-provider-proxmox/commit/3021c540d9fb027a3ebbe97f0b6e17b187d16b9f)) - **ci:** update jetbrains/qodana-action action (v2025.2.3 → v2025.2.4) ([#2426](https://github.com/bpg/terraform-provider-proxmox/issues/2426)) ([5b2e9ea](https://github.com/bpg/terraform-provider-proxmox/commit/5b2e9ea503b2171568743ff3de6cb8e048c5f2dc)) - **ci:** update jetbrains/qodana-action action (v2025.2.4 → v2025.3.1) ([#2434](https://github.com/bpg/terraform-provider-proxmox/issues/2434)) ([db3c5bf](https://github.com/bpg/terraform-provider-proxmox/commit/db3c5bf76878ef95c5030307249325256f9c1b5d)) - **deps:** update image golang ([`20b91ed`](https://github.com/bpg/terraform-provider-proxmox/commit/20b91ed) → [`a22b2e6`](https://github.com/bpg/terraform-provider-proxmox/commit/a22b2e6)) ([#2418](https://github.com/bpg/terraform-provider-proxmox/issues/2418)) ([fa883ec](https://github.com/bpg/terraform-provider-proxmox/commit/fa883ec42276d5cdd36f1e1604f61b14b7d4cc3a)) - **deps:** update image golang ([`a22b2e6`](https://github.com/bpg/terraform-provider-proxmox/commit/a22b2e6) → [`36b4f45`](https://github.com/bpg/terraform-provider-proxmox/commit/36b4f45)) ([#2425](https://github.com/bpg/terraform-provider-proxmox/issues/2425)) ([11fccbe](https://github.com/bpg/terraform-provider-proxmox/commit/11fccbe62eface03b21b16e6deb60efbfc1119ce)) - docs and dev UX improvements ([#2427](https://github.com/bpg/terraform-provider-proxmox/issues/2427)) ([a034e8b](https://github.com/bpg/terraform-provider-proxmox/commit/a034e8b6561b480d7884bf7c90d667f90e06ba32)) ### [`v0.89.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0891-2025-12-09) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.89.0...v0.89.1) ##### Bug Fixes - **vm,lxc:** revert deprecation notice for `pool_id` attribute ([#2405](https://github.com/bpg/terraform-provider-proxmox/issues/2405)) ([af3efa9](https://github.com/bpg/terraform-provider-proxmox/commit/af3efa9b41bfb16463e441aec25a08e86952c8d0)) - **vm:** allow EFI disk parameter updates without VM recreation ([51b8d39](https://github.com/bpg/terraform-provider-proxmox/commit/51b8d39b39821b0692a6c5bb880173463af50e3d)), closes [#1515](https://github.com/bpg/terraform-provider-proxmox/issues/1515) - **vm:** handle disk size mismatch when re-adding removed disk ([#2411](https://github.com/bpg/terraform-provider-proxmox/issues/2411)) ([d7346d4](https://github.com/bpg/terraform-provider-proxmox/commit/d7346d434c88a1262978d3b8137f978406cc41c8)) - **vm:** match CPU type format with PVE ([#2409](https://github.com/bpg/terraform-provider-proxmox/issues/2409)) ([63f22db](https://github.com/bpg/terraform-provider-proxmox/commit/63f22db63782af230cbf7101ecc64af86fb30568)) - **vm:** prevent perpetual diff when using `pool_membership` without `pool_id` ([#2408](https://github.com/bpg/terraform-provider-proxmox/issues/2408)) ([acc95bf](https://github.com/bpg/terraform-provider-proxmox/commit/acc95bf372d270c38e76f47c0f6eb8cacfb97a7b)) - **vm:** prevent unnecessary reboots on hotplug operations ([#2412](https://github.com/bpg/terraform-provider-proxmox/issues/2412)) ([77dc49e](https://github.com/bpg/terraform-provider-proxmox/commit/77dc49ea7cc70b7a43a7fb0cea2a0987338f7297)), closes [#538](https://github.com/bpg/terraform-provider-proxmox/issues/538) - **vm:** retry disk resize on 'does not exist' errors ([#2407](https://github.com/bpg/terraform-provider-proxmox/issues/2407)) ([f5f5437](https://github.com/bpg/terraform-provider-proxmox/commit/f5f5437c9f118690eded006cd3897dc5cce8d75e)) - **vm:** retry HTTP 500 errors when waiting for agent retrieving IPs ([#2410](https://github.com/bpg/terraform-provider-proxmox/issues/2410)) ([c324ef0](https://github.com/bpg/terraform-provider-proxmox/commit/c324ef090127dd934ace863fc2ca5d148430275a)) ##### Miscellaneous - **ci:** update jetbrains/qodana-action action (v2025.2.2 → v2025.2.3) ([#2400](https://github.com/bpg/terraform-provider-proxmox/issues/2400)) ([893fd6d](https://github.com/bpg/terraform-provider-proxmox/commit/893fd6d61fce1d8fd1ebb1468180fe0fb9d09292)) - **deps:** update golangci/golangci-lint (v2.7.1 → v2.7.2) ([#2413](https://github.com/bpg/terraform-provider-proxmox/issues/2413)) ([99e30e1](https://github.com/bpg/terraform-provider-proxmox/commit/99e30e1d1eb9579a03f85e85b1bb2ce709f1a82f)) - **deps:** update module golang.org/x/crypto (v0.45.0 → v0.46.0) ([#2414](https://github.com/bpg/terraform-provider-proxmox/issues/2414)) ([67ac0b1](https://github.com/bpg/terraform-provider-proxmox/commit/67ac0b1b088583f703c6008318a77e26c29544cf)) - **deps:** update module golang.org/x/net (v0.47.0 → v0.48.0) ([#2415](https://github.com/bpg/terraform-provider-proxmox/issues/2415)) ([b0aabfd](https://github.com/bpg/terraform-provider-proxmox/commit/b0aabfda4eed6d3e7d61268b4769a1ba33985d58)) ### [`v0.89.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0890-2025-12-06) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.88.0...v0.89.0) ##### ⚠ BREAKING CHANGES - **vm:** revert cpu.units default to use PVE server default ([#2402](https://github.com/bpg/terraform-provider-proxmox/issues/2402)) ##### Features - **lxc:** add `env` parameter support ([#2383](https://github.com/bpg/terraform-provider-proxmox/issues/2383)) ([ef134fc](https://github.com/bpg/terraform-provider-proxmox/commit/ef134fc7c589cdbf3fa449a13a23355894e4e4a5)) - **oci:** add proxmox\_virtual\_environment\_oci\_image resource for OCI Images Management ([#2373](https://github.com/bpg/terraform-provider-proxmox/issues/2373)) ([86a5bf1](https://github.com/bpg/terraform-provider-proxmox/commit/86a5bf1f35c8b1ca20c285d91421daf815cfe430)) - **sdn:** add possibility to apply SDN changes on a particular actions ([#2386](https://github.com/bpg/terraform-provider-proxmox/issues/2386)) ([01e6433](https://github.com/bpg/terraform-provider-proxmox/commit/01e64339b63f2b33281b98e67072a325afe0ade8)) ##### Bug Fixes - **vm:** do not re-import existing disks during update ([#2401](https://github.com/bpg/terraform-provider-proxmox/issues/2401)) ([0c7fad9](https://github.com/bpg/terraform-provider-proxmox/commit/0c7fad95a2b77c343a245d714f297fd6f0cab24c)) - **vm:** revert cpu.units default to use PVE server default ([#2402](https://github.com/bpg/terraform-provider-proxmox/issues/2402)) ([c9b8a3f](https://github.com/bpg/terraform-provider-proxmox/commit/c9b8a3f3b73aac6dfaa797baf0f5c66fb529e8dc)) ##### Miscellaneous - **ci:** pin dependencies ([#2388](https://github.com/bpg/terraform-provider-proxmox/issues/2388)) ([84bf77d](https://github.com/bpg/terraform-provider-proxmox/commit/84bf77dd350cbd5ca69a954454587fd63e1c8b8d)) - **ci:** update actions/checkout action (v6.0.0 → v6.0.1) ([#2398](https://github.com/bpg/terraform-provider-proxmox/issues/2398)) ([5eb8020](https://github.com/bpg/terraform-provider-proxmox/commit/5eb8020b9e789fc695c18705b9a9e408b87c37f7)) - **ci:** update actions/checkout digest ([`1af3b93`](https://github.com/bpg/terraform-provider-proxmox/commit/1af3b93) → [`8e8c483`](https://github.com/bpg/terraform-provider-proxmox/commit/8e8c483)) ([#2396](https://github.com/bpg/terraform-provider-proxmox/issues/2396)) ([a9926ca](https://github.com/bpg/terraform-provider-proxmox/commit/a9926ca8a6f33b59fc066eca395dee39ca2fb165)) - **ci:** update actions/create-github-app-token action (v2.2.0 → v2.2.1) ([#2399](https://github.com/bpg/terraform-provider-proxmox/issues/2399)) ([2f6c1b4](https://github.com/bpg/terraform-provider-proxmox/commit/2f6c1b4d1179dfc4dd7da71592f2e6b42d80d475)) - **ci:** Update actions/github-script action (v7 → v8) ([#2394](https://github.com/bpg/terraform-provider-proxmox/issues/2394)) ([aaef00e](https://github.com/bpg/terraform-provider-proxmox/commit/aaef00efd2301013b42928412ddda149832c9237)) - **ci:** update actions/stale digest ([`5f858e3`](https://github.com/bpg/terraform-provider-proxmox/commit/5f858e3) → [`9971854`](https://github.com/bpg/terraform-provider-proxmox/commit/9971854)) ([#2397](https://github.com/bpg/terraform-provider-proxmox/issues/2397)) ([cd63393](https://github.com/bpg/terraform-provider-proxmox/commit/cd63393fabebc056ad5c6ff095ac13211b42b85f)) - **ci:** update golangci/golangci-lint-action digest ([`e7fa5ac`](https://github.com/bpg/terraform-provider-proxmox/commit/e7fa5ac) → [`1e7e51e`](https://github.com/bpg/terraform-provider-proxmox/commit/1e7e51e)) ([#2389](https://github.com/bpg/terraform-provider-proxmox/issues/2389)) ([6593102](https://github.com/bpg/terraform-provider-proxmox/commit/6593102295b5c98c85e7eedaf1946ebbfeeb1ab8)) - **deps:** update github.com/hashicorp/terraform-plugin-\* ([#2392](https://github.com/bpg/terraform-provider-proxmox/issues/2392)) ([459cdfc](https://github.com/bpg/terraform-provider-proxmox/commit/459cdfc60641d84f5ec99f00e22be11395ee548b)) - **deps:** update golangci/golangci-lint (v2.6.2 → v2.7.1) ([#2393](https://github.com/bpg/terraform-provider-proxmox/issues/2393)) ([4b5652f](https://github.com/bpg/terraform-provider-proxmox/commit/4b5652fbf957a37fa42bfdda683da0532c90d395)) - **deps:** update image golang (1.25.4 → 1.25.5) ([#2390](https://github.com/bpg/terraform-provider-proxmox/issues/2390)) ([54e6aa5](https://github.com/bpg/terraform-provider-proxmox/commit/54e6aa514d0aa2729b96f5ea1d2b853816e384bb)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.12.0 → v7.12.1) ([#2391](https://github.com/bpg/terraform-provider-proxmox/issues/2391)) ([5952ae7](https://github.com/bpg/terraform-provider-proxmox/commit/5952ae7d9e79a4260eb3833c5dbe08464e6a53ea)) ### [`v0.88.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0880-2025-12-01) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.87.0...v0.88.0) ##### Features - **provider:** add OTel implementation for `metrics` resource ([#2372](https://github.com/bpg/terraform-provider-proxmox/issues/2372)) ([d37a8bb](https://github.com/bpg/terraform-provider-proxmox/commit/d37a8bbb5699c2947506300d594621c4fb699701)) - **vm,lxc:** add `wait_for_ip` configuration for agent/network interfaces ([#2362](https://github.com/bpg/terraform-provider-proxmox/issues/2362)) ([f24add3](https://github.com/bpg/terraform-provider-proxmox/commit/f24add360a7d6ac37d9b23cc9229d533100b6d2c)) - **vm:** support custom cloud init drive file format ([#2375](https://github.com/bpg/terraform-provider-proxmox/issues/2375)) ([ddccd0a](https://github.com/bpg/terraform-provider-proxmox/commit/ddccd0af6fdc086e1d65f7be28bed85b4df2ef57)) ##### Bug Fixes - **apt:** add support for modern APT sources (PVE9+) ([#2376](https://github.com/bpg/terraform-provider-proxmox/issues/2376)) ([6f6edec](https://github.com/bpg/terraform-provider-proxmox/commit/6f6edec253ac73e3a8c132debd3315e25079fd93)) - **disk:** restore updating boot disk. ([#2150](https://github.com/bpg/terraform-provider-proxmox/issues/2150)) ([0da0bcb](https://github.com/bpg/terraform-provider-proxmox/commit/0da0bcb0dc62cc74c944f082c731167ee74ae8b8)) - **example:** comment out otel metrics server resource ([fc94e2a](https://github.com/bpg/terraform-provider-proxmox/commit/fc94e2a601a1570c6de582e22e5b96cb05a4f34f)) - **lxc:** allow container creation/update with correct mountoptions ([#2319](https://github.com/bpg/terraform-provider-proxmox/issues/2319)) ([c2dc3a7](https://github.com/bpg/terraform-provider-proxmox/commit/c2dc3a75385d11eaf9740d4d871c4c6eabcaaab8)) - **lxc:** ignore link-local addresses when waiting for network IPs ([#2357](https://github.com/bpg/terraform-provider-proxmox/issues/2357)) ([8c081f5](https://github.com/bpg/terraform-provider-proxmox/commit/8c081f542f2ecdf1bf3874e2e8696138d705ece4)) - **vm:** convert to template using proper endpoint ([#2340](https://github.com/bpg/terraform-provider-proxmox/issues/2340)) ([5615298](https://github.com/bpg/terraform-provider-proxmox/commit/561529885f2f3651df29122f694fcb983b1a8adf)) - **vm:** prevent state changes after VM import ([#2294](https://github.com/bpg/terraform-provider-proxmox/issues/2294)) ([f0bb501](https://github.com/bpg/terraform-provider-proxmox/commit/f0bb5016dd50036be53d9b67ee2e93c76bdadfba)) ##### Miscellaneous - **ci:** Update actions/checkout action ([#2361](https://github.com/bpg/terraform-provider-proxmox/issues/2361)) ([f5d4676](https://github.com/bpg/terraform-provider-proxmox/commit/f5d467660cdecd04e171fd6242b6049f622e6837)) - **ci:** update actions/create-github-app-token action (v2.1.4 → v2.2.0) ([#2366](https://github.com/bpg/terraform-provider-proxmox/issues/2366)) ([3055dc2](https://github.com/bpg/terraform-provider-proxmox/commit/3055dc28479983f2ce17fa9dca35b26d361f4b3d)) - **ci:** update actions/setup-go digest ([`4469467`](https://github.com/bpg/terraform-provider-proxmox/commit/4469467) → [`4dc6199`](https://github.com/bpg/terraform-provider-proxmox/commit/4dc6199)) ([#2365](https://github.com/bpg/terraform-provider-proxmox/issues/2365)) ([bcce7da](https://github.com/bpg/terraform-provider-proxmox/commit/bcce7da9973843c21b0c56e3a698440cd83c0977)) - **ci:** update golangci/golangci-lint-action digest ([`0a35821`](https://github.com/bpg/terraform-provider-proxmox/commit/0a35821) → [`e7fa5ac`](https://github.com/bpg/terraform-provider-proxmox/commit/e7fa5ac)) ([#2358](https://github.com/bpg/terraform-provider-proxmox/issues/2358)) ([dd416a1](https://github.com/bpg/terraform-provider-proxmox/commit/dd416a1a9739b53e1d7a5b3f1660a4af87704ded)) - **ci:** update jetbrains/qodana-action action (v2025.2.1 → v2025.2.2) ([#2360](https://github.com/bpg/terraform-provider-proxmox/issues/2360)) ([092df22](https://github.com/bpg/terraform-provider-proxmox/commit/092df2280132a7d5acfb636107efe4edb68a3d77)) - **deps:** update golangci/golangci-lint (v2.5.0 → v2.6.2) ([#2304](https://github.com/bpg/terraform-provider-proxmox/issues/2304)) ([0937f2b](https://github.com/bpg/terraform-provider-proxmox/commit/0937f2b5d421d8830b07dfb03285b6e11c5d51e4)) - **deps:** update image golang ([`e68f6a0`](https://github.com/bpg/terraform-provider-proxmox/commit/e68f6a0) → [`f60eaa8`](https://github.com/bpg/terraform-provider-proxmox/commit/f60eaa8)) ([#2359](https://github.com/bpg/terraform-provider-proxmox/issues/2359)) ([b80a193](https://github.com/bpg/terraform-provider-proxmox/commit/b80a1937a70461c6c78de199650b20a2245ce58e)) - **deps:** update image golang ([`f60eaa8`](https://github.com/bpg/terraform-provider-proxmox/commit/f60eaa8) → [`6981837`](https://github.com/bpg/terraform-provider-proxmox/commit/6981837)) ([#2370](https://github.com/bpg/terraform-provider-proxmox/issues/2370)) ([faf56bc](https://github.com/bpg/terraform-provider-proxmox/commit/faf56bce9a5dd09b9ad85351844542e026695816)) - **deps:** Update module github.com/avast/retry-go/v4 (v4.7.0 → v5.0.0) ([#2380](https://github.com/bpg/terraform-provider-proxmox/issues/2380)) ([630240d](https://github.com/bpg/terraform-provider-proxmox/commit/630240d31115bed69e002c61ee4993504663d4b3)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.10.0 → v7.11.0) ([#2379](https://github.com/bpg/terraform-provider-proxmox/issues/2379)) ([5e55d92](https://github.com/bpg/terraform-provider-proxmox/commit/5e55d9272f7bc2f545efd1a4c0f26ad522db8699)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.11.0 → v7.12.0) ([#2384](https://github.com/bpg/terraform-provider-proxmox/issues/2384)) ([2f7bbb1](https://github.com/bpg/terraform-provider-proxmox/commit/2f7bbb11befca972a858ff562d190c1a73d4c75c)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.9.0 → v7.10.0) ([#2371](https://github.com/bpg/terraform-provider-proxmox/issues/2371)) ([d3b4847](https://github.com/bpg/terraform-provider-proxmox/commit/d3b48474b4a2684f0f8678eaa5afb8ba1d2d358e)) - **deps:** update module github.com/hashicorp/go-version (v1.7.0 → v1.8.0) ([#2381](https://github.com/bpg/terraform-provider-proxmox/issues/2381)) ([ad38c5b](https://github.com/bpg/terraform-provider-proxmox/commit/ad38c5befc279c8312c689a8d7c80336a875573f)) - **deps:** update module golang.org/x/crypto (v0.44.0 → v0.45.0) \[security] ([#2348](https://github.com/bpg/terraform-provider-proxmox/issues/2348)) ([78ce72e](https://github.com/bpg/terraform-provider-proxmox/commit/78ce72edc85320c33ed06d719dbc9b27c0ba931d)) - **docs:** update terraform local (2.5.3 → 2.6.1) ([#2367](https://github.com/bpg/terraform-provider-proxmox/issues/2367)) ([d5b3c64](https://github.com/bpg/terraform-provider-proxmox/commit/d5b3c64693dd13d72294c356d3d663852fbe79c9)) - update docs to pve 9.1, fix example tests ([#2350](https://github.com/bpg/terraform-provider-proxmox/issues/2350)) ([6e2a5aa](https://github.com/bpg/terraform-provider-proxmox/commit/6e2a5aa5c806e1f46373f8ff73e59ec221ae8bdd)) - **vm:** refactor network devices update logic ([#2260](https://github.com/bpg/terraform-provider-proxmox/issues/2260)) ([db3d7ec](https://github.com/bpg/terraform-provider-proxmox/commit/db3d7ec9d9a57f72ada7ed88604b609d223b0e98)) ### [`v0.87.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0870-2025-11-20) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.86.0...v0.87.0) ##### Features - **pool:** add `pool_membership` resource ([#2297](https://github.com/bpg/terraform-provider-proxmox/issues/2297)) ([95f180b](https://github.com/bpg/terraform-provider-proxmox/commit/95f180b497f7c82fef4fed565fd79fe5c244292a)) - **sdn:** add support for VNets datasource ([#2299](https://github.com/bpg/terraform-provider-proxmox/issues/2299)) ([c25f19a](https://github.com/bpg/terraform-provider-proxmox/commit/c25f19aa43a7748939dbe35a750cbcee485634a8)) - **vm:** add `purge_on_destroy` and `delete_unreferenced_disks_on_destroy` parameters ([#2345](https://github.com/bpg/terraform-provider-proxmox/issues/2345)) ([05a59aa](https://github.com/bpg/terraform-provider-proxmox/commit/05a59aa507c5c3f1b91adb2c3240a5790313f730)) ##### Bug Fixes - **access:** imported `group` resource missing `group_id` ([#2333](https://github.com/bpg/terraform-provider-proxmox/issues/2333)) ([ee1c525](https://github.com/bpg/terraform-provider-proxmox/commit/ee1c5255259fb81103e3bb3c531ddb421bc384c9)) - **apt:** add missing Ceph Squid ([#2318](https://github.com/bpg/terraform-provider-proxmox/issues/2318)) ([8b9bf62](https://github.com/bpg/terraform-provider-proxmox/commit/8b9bf6240f0f75353d440f367c4b3016f126384c)) - **file:** better error message for unsupported `import` content type ([#2344](https://github.com/bpg/terraform-provider-proxmox/issues/2344)) ([f94e25d](https://github.com/bpg/terraform-provider-proxmox/commit/f94e25de03b3468ccff87cdeb591e13fcc88741e)) - **firewall:** appending a rule without re-creating the whole ruleset ([#2310](https://github.com/bpg/terraform-provider-proxmox/issues/2310)) ([6290cce](https://github.com/bpg/terraform-provider-proxmox/commit/6290ccebc48aa4f5f109762afe3017df95e79b34)) - **lxc:** panic when cloning a container with empty IP config ([#2347](https://github.com/bpg/terraform-provider-proxmox/issues/2347)) ([0a259ca](https://github.com/bpg/terraform-provider-proxmox/commit/0a259ca43a3e0f3404bbf6938bbcf3b6da723a9b)) - **lxc:** race condition in container clone / reboot operations ([#2320](https://github.com/bpg/terraform-provider-proxmox/issues/2320)) ([ce358d5](https://github.com/bpg/terraform-provider-proxmox/commit/ce358d5c782525435b0a6dd66e144511afb6be4a)) - **sdn:** fix subnet datasource IP address datatype ([#2300](https://github.com/bpg/terraform-provider-proxmox/issues/2300)) ([7ffb314](https://github.com/bpg/terraform-provider-proxmox/commit/7ffb31447599630b698101f0aacb58ead54768ed)) - **ssh:** update sudo check logic and cache check results ([#2309](https://github.com/bpg/terraform-provider-proxmox/issues/2309)) ([702500c](https://github.com/bpg/terraform-provider-proxmox/commit/702500cb3be6c0fa53f5c4f8bf105866fc52a1b3)) - **vm:** increase max disk limit to 31 ([#2302](https://github.com/bpg/terraform-provider-proxmox/issues/2302)) ([2ae021a](https://github.com/bpg/terraform-provider-proxmox/commit/2ae021a0c3818b42660591fbe64bdc2560e829a8)) ##### Miscellaneous - **ci:** Update golangci/golangci-lint-action action (v8 → v9) ([#2330](https://github.com/bpg/terraform-provider-proxmox/issues/2330)) ([90810fa](https://github.com/bpg/terraform-provider-proxmox/commit/90810fafacc1de3de8f699836397c3f193aae3a3)) - **ci:** update lycheeverse/lychee-action action (v2.6.1 → v2.7.0) ([#2305](https://github.com/bpg/terraform-provider-proxmox/issues/2305)) ([9a788da](https://github.com/bpg/terraform-provider-proxmox/commit/9a788da00679215aeb74e61e8ca60d48b2892933)) - **deps:** update image golang (1.25.3 → 1.25.4) ([#2328](https://github.com/bpg/terraform-provider-proxmox/issues/2328)) ([90f876f](https://github.com/bpg/terraform-provider-proxmox/commit/90f876f1965dcee836239e03e6e0f43f4876001e)) - **deps:** update image golang ([`6ca9eb0`](https://github.com/bpg/terraform-provider-proxmox/commit/6ca9eb0) → [`e68f6a0`](https://github.com/bpg/terraform-provider-proxmox/commit/e68f6a0)) ([#2335](https://github.com/bpg/terraform-provider-proxmox/issues/2335)) ([5354d6b](https://github.com/bpg/terraform-provider-proxmox/commit/5354d6bd9a69b10105ea66e5edee68e44daadad6)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.8.1 → v7.8.2) ([#2303](https://github.com/bpg/terraform-provider-proxmox/issues/2303)) ([cd9b5fb](https://github.com/bpg/terraform-provider-proxmox/commit/cd9b5fbbb3c98b5e9fb19bfc94db0c13bff222b0)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.8.2 → v7.9.0) ([#2329](https://github.com/bpg/terraform-provider-proxmox/issues/2329)) ([76680dd](https://github.com/bpg/terraform-provider-proxmox/commit/76680dd729875a87d7c7511257ecf5bd28811935)) - **deps:** update module github.com/hashicorp/terraform-plugin-log (v0.9.0 → v0.10.0) ([#2336](https://github.com/bpg/terraform-provider-proxmox/issues/2336)) ([6dd51fd](https://github.com/bpg/terraform-provider-proxmox/commit/6dd51fddc61b8461f721257dae43a1b6ac312ae6)) - **deps:** update module golang.org/x/crypto (v0.43.0 → v0.44.0) ([#2337](https://github.com/bpg/terraform-provider-proxmox/issues/2337)) ([fb3fbfc](https://github.com/bpg/terraform-provider-proxmox/commit/fb3fbfc9e76d1f8ed575f80fc84a2ff9e9b02b9d)) - **deps:** update module golang.org/x/net (v0.46.0 → v0.47.0) ([#2338](https://github.com/bpg/terraform-provider-proxmox/issues/2338)) ([9f57e9f](https://github.com/bpg/terraform-provider-proxmox/commit/9f57e9f92e72bd30601ba2885fe0b23be85b2889)) - **docs:** document auto option for enabling SLAAC in IPv6 config in vm and lxc ([#2317](https://github.com/bpg/terraform-provider-proxmox/issues/2317)) ([e8c70d7](https://github.com/bpg/terraform-provider-proxmox/commit/e8c70d7267bbb6e4e4b2278860c29d1838114a3b)) - **docs:** update the main doc page for consistency ([#2326](https://github.com/bpg/terraform-provider-proxmox/issues/2326)) ([7e4f421](https://github.com/bpg/terraform-provider-proxmox/commit/7e4f421faa84c53eb60dd8b9907912fbeb2c546f)) - **lxc,vm:** add deprecation notice for pool\_id attribute ([#2312](https://github.com/bpg/terraform-provider-proxmox/issues/2312)) ([3c507cc](https://github.com/bpg/terraform-provider-proxmox/commit/3c507ccc31802e5ed5fe0c05f7c07a18153c1893)) ### [`v0.86.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0860-2025-10-28) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.85.1...v0.86.0) ##### Features - **firewall:** ability to import firewall rules & options ([#2269](https://github.com/bpg/terraform-provider-proxmox/issues/2269)) ([dd1afe6](https://github.com/bpg/terraform-provider-proxmox/commit/dd1afe63446bae0487cab6c9344bce74d00bd4bb)) - **firewall:** add ability to import ipsets ([#2280](https://github.com/bpg/terraform-provider-proxmox/issues/2280)) ([33c751d](https://github.com/bpg/terraform-provider-proxmox/commit/33c751d58344b29255dde02256baffbdd88f9149)) - **firewall:** support node-level firewall rules ([#2281](https://github.com/bpg/terraform-provider-proxmox/issues/2281)) ([18c675b](https://github.com/bpg/terraform-provider-proxmox/commit/18c675bf9ada5eae2bf94a00f24800fdb8a5425b)) ##### Bug Fixes - **lxc:** delete dns attributes when set to null ([#2263](https://github.com/bpg/terraform-provider-proxmox/issues/2263)) ([a32988a](https://github.com/bpg/terraform-provider-proxmox/commit/a32988a12897dbffef8bb2d5e5270baa70eaa64f)) - **vm:** correctly detect pool membership for VM ([#2264](https://github.com/bpg/terraform-provider-proxmox/issues/2264)) ([5a5c9c6](https://github.com/bpg/terraform-provider-proxmox/commit/5a5c9c6fceaa25ac6296b87e9651996cc1286982)) ##### Miscellaneous - **ci:** Update actions/upload-artifact action (v4 → v5) ([#2275](https://github.com/bpg/terraform-provider-proxmox/issues/2275)) ([ad4bbd7](https://github.com/bpg/terraform-provider-proxmox/commit/ad4bbd7bb51137c9af6dbaff9fe5d898ffa56c27)) - **ci:** update googleapis/release-please-action action (v4.3.0 → v4.4.0) ([#2273](https://github.com/bpg/terraform-provider-proxmox/issues/2273)) ([0bcba7b](https://github.com/bpg/terraform-provider-proxmox/commit/0bcba7ba09b30a7fb707ac5a4963d27f3dcde1c8)) - **deps:** update image golang ([`7d73c4c`](https://github.com/bpg/terraform-provider-proxmox/commit/7d73c4c) → [`8c945d3`](https://github.com/bpg/terraform-provider-proxmox/commit/8c945d3)) ([#2253](https://github.com/bpg/terraform-provider-proxmox/issues/2253)) ([a2bb9b6](https://github.com/bpg/terraform-provider-proxmox/commit/a2bb9b6eaca00a38f43dd44f09bf76f3a74f5a24)) - **deps:** update image golang ([`8c945d3`](https://github.com/bpg/terraform-provider-proxmox/commit/8c945d3) → [`dd08f76`](https://github.com/bpg/terraform-provider-proxmox/commit/dd08f76)) ([#2270](https://github.com/bpg/terraform-provider-proxmox/issues/2270)) ([4c1514f](https://github.com/bpg/terraform-provider-proxmox/commit/4c1514fb9eb5da7e69be5fc62acf96176402ed22)) - **deps:** update image golang ([`dd08f76`](https://github.com/bpg/terraform-provider-proxmox/commit/dd08f76) → [`6bac879`](https://github.com/bpg/terraform-provider-proxmox/commit/6bac879)) ([#2283](https://github.com/bpg/terraform-provider-proxmox/issues/2283)) ([0c9879a](https://github.com/bpg/terraform-provider-proxmox/commit/0c9879ab0267223b30ae52b738edcbf79e949814)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.8.0 → v7.8.1) ([#2271](https://github.com/bpg/terraform-provider-proxmox/issues/2271)) ([11d4c71](https://github.com/bpg/terraform-provider-proxmox/commit/11d4c7122ba12954ee108de81a037bccaf305e76)) - **deps:** update module github.com/hashicorp/terraform-plugin-framework-timeouts (v0.6.0 → v0.7.0) ([#2274](https://github.com/bpg/terraform-provider-proxmox/issues/2274)) ([b9ccb0d](https://github.com/bpg/terraform-provider-proxmox/commit/b9ccb0dd4f1124f3d358644fbe540ac4270e9b97)) - **deps:** update module github.com/pkg/sftp (v1.13.9 → v1.13.10) ([#2272](https://github.com/bpg/terraform-provider-proxmox/issues/2272)) ([fdbe313](https://github.com/bpg/terraform-provider-proxmox/commit/fdbe313e32896f9bd72df6b9ccf0d1fb811694f6)) - **docs:** update CONTRIBUTING.md ([#2278](https://github.com/bpg/terraform-provider-proxmox/issues/2278)) ([110093b](https://github.com/bpg/terraform-provider-proxmox/commit/110093b4e4407aaa2cd0729a9846fa2c4a9b6c04)) ### [`v0.85.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0851-2025-10-15) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.85.0...v0.85.1) ##### Bug Fixes - **docs:** clarify that ip in ct ip\_config must be in CIDR notation ([#2238](https://github.com/bpg/terraform-provider-proxmox/issues/2238)) ([f3b835f](https://github.com/bpg/terraform-provider-proxmox/commit/f3b835ffa1ac7c5700b6b055d9cda3780afa7b3d)) - **lxc:** DNS / hostname update is not applied ([#2245](https://github.com/bpg/terraform-provider-proxmox/issues/2245)) ([9aa1eaf](https://github.com/bpg/terraform-provider-proxmox/commit/9aa1eafaa6d50c3d1398a23562087032f0eeee0f)) - **sdn:** add missing `dhcp` field to `simple` zone datasource ([#2243](https://github.com/bpg/terraform-provider-proxmox/issues/2243)) ([b4b8d09](https://github.com/bpg/terraform-provider-proxmox/commit/b4b8d091a6c29361825d3df98e565813f59f9ad1)) - **sdn:** handle attribute delete in all SDN resources ([#2248](https://github.com/bpg/terraform-provider-proxmox/issues/2248)) ([50accca](https://github.com/bpg/terraform-provider-proxmox/commit/50accca1161100de60db4505783be21dbff1435e)) - **sdn:** zone: make `nodes` attribute optional ([#2242](https://github.com/bpg/terraform-provider-proxmox/issues/2242)) ([798623b](https://github.com/bpg/terraform-provider-proxmox/commit/798623b63b85245df7be8d6f1bd01a6aa7a7b63a)) ##### Miscellaneous - **deps:** update image golang (1.25.2 → 1.25.3) ([#2246](https://github.com/bpg/terraform-provider-proxmox/issues/2246)) ([3d2092f](https://github.com/bpg/terraform-provider-proxmox/commit/3d2092fe8ec3d078cb0973c672ca87ba582364ed)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.7.3 → v7.8.0) ([#2241](https://github.com/bpg/terraform-provider-proxmox/issues/2241)) ([ecf7920](https://github.com/bpg/terraform-provider-proxmox/commit/ecf79205ac1011e68b193de686ac6eae040fbd91)) - **deps:** update module github.com/hashicorp/terraform-plugin-docs (v0.23.0 → v0.24.0) ([#2247](https://github.com/bpg/terraform-provider-proxmox/issues/2247)) ([6e23c90](https://github.com/bpg/terraform-provider-proxmox/commit/6e23c9056f66f62167410d29040173b90bc6d755)) ### [`v0.85.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0850-2025-10-12) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.84.1...v0.85.0) ##### Features - **sdn:** Add DHCP Config for SDN Simple Zone Resource ([#2210](https://github.com/bpg/terraform-provider-proxmox/issues/2210)) ([f5d3d92](https://github.com/bpg/terraform-provider-proxmox/commit/f5d3d92cced4b1861c82c82ceb6b2bfc10264bd0)) ##### Bug Fixes - **file:** add `import` content type to file datasource ([#2221](https://github.com/bpg/terraform-provider-proxmox/issues/2221)) ([f918bed](https://github.com/bpg/terraform-provider-proxmox/commit/f918bede079db0da790865f6fea4f2c1e9c87a14)) - **vm:** allow cpu units = 1 for cgroups v2 compatibility ([#2237](https://github.com/bpg/terraform-provider-proxmox/issues/2237)) ([3fc688b](https://github.com/bpg/terraform-provider-proxmox/commit/3fc688b7f6f36df62909352eaffe572aa6968e1c)) ##### Miscellaneous - **ci:** update actions/stale digest ([`3a9db7e`](https://github.com/bpg/terraform-provider-proxmox/commit/3a9db7e) → [`5f858e3`](https://github.com/bpg/terraform-provider-proxmox/commit/5f858e3)) ([#2222](https://github.com/bpg/terraform-provider-proxmox/issues/2222)) ([b38066b](https://github.com/bpg/terraform-provider-proxmox/commit/b38066b42d71cd6d549833912b21ecbda27dbacc)) - **ci:** Update peter-evans/create-issue-from-file action (v5.0.1 → v6.0.0) ([#2217](https://github.com/bpg/terraform-provider-proxmox/issues/2217)) ([29748a5](https://github.com/bpg/terraform-provider-proxmox/commit/29748a5afe49938349a8efd819a7e1ca5f178024)) - **deps:** update image golang (1.25.1 → 1.25.2) ([#2228](https://github.com/bpg/terraform-provider-proxmox/issues/2228)) ([9e77057](https://github.com/bpg/terraform-provider-proxmox/commit/9e7705705a8013f5d11016ff1dd2b078518e29da)) - **deps:** update image golang ([`8305f5f`](https://github.com/bpg/terraform-provider-proxmox/commit/8305f5f) → [`ab1f5c4`](https://github.com/bpg/terraform-provider-proxmox/commit/ab1f5c4)) ([#2215](https://github.com/bpg/terraform-provider-proxmox/issues/2215)) ([6a1f972](https://github.com/bpg/terraform-provider-proxmox/commit/6a1f9728f2cbd8736ae5f52292edd50a43ce94b3)) - **deps:** update module github.com/hashicorp/terraform-plugin-framework (v1.16.0 → v1.16.1) ([#2216](https://github.com/bpg/terraform-provider-proxmox/issues/2216)) ([515c6bb](https://github.com/bpg/terraform-provider-proxmox/commit/515c6bb398d4c749bb3c3b300be7b0a1a894ea7a)) - **deps:** update module github.com/hashicorp/terraform-plugin-framework-validators (v0.18.0 → v0.19.0) ([#2230](https://github.com/bpg/terraform-provider-proxmox/issues/2230)) ([761fb70](https://github.com/bpg/terraform-provider-proxmox/commit/761fb709e35a5ca0ae0a928335d6b558bc507a64)) - **deps:** update module github.com/skeema/knownhosts (v1.3.1 → v1.3.2) ([#2229](https://github.com/bpg/terraform-provider-proxmox/issues/2229)) ([b6022d4](https://github.com/bpg/terraform-provider-proxmox/commit/b6022d4d0ab540de628b0078952257586c2ea0fa)) - **deps:** update module golang.org/x/net (v0.44.0 → v0.45.0) ([#2231](https://github.com/bpg/terraform-provider-proxmox/issues/2231)) ([60fdfd6](https://github.com/bpg/terraform-provider-proxmox/commit/60fdfd67d4d4010bfd46ba0ba311777def8231c3)) - **deps:** update module golang.org/x/net (v0.45.0 → v0.46.0) ([#2236](https://github.com/bpg/terraform-provider-proxmox/issues/2236)) ([68bd667](https://github.com/bpg/terraform-provider-proxmox/commit/68bd667b0fa9394569167b4626b3091993d96c38)) ### [`v0.84.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0841-2025-09-29) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.84.0...v0.84.1) ##### Bug Fixes - **api:** handle PVE API's 403 response status ([#2207](https://github.com/bpg/terraform-provider-proxmox/issues/2207)) ([46e8c24](https://github.com/bpg/terraform-provider-proxmox/commit/46e8c24d5bce906e5673e41b7c0151d46180fbe3)) - **sdn:** subnet validation errors when using value interpolation ([#2204](https://github.com/bpg/terraform-provider-proxmox/issues/2204)) ([5f876c0](https://github.com/bpg/terraform-provider-proxmox/commit/5f876c0fbfc06f25cbe18f396a983cd948df60ba)) ##### Miscellaneous - **deps:** update golangci/golangci-lint (v2.4.0 → v2.5.0) ([#2193](https://github.com/bpg/terraform-provider-proxmox/issues/2193)) ([2ab3d94](https://github.com/bpg/terraform-provider-proxmox/commit/2ab3d943d69c0648d749cbc85a279498c3a900ce)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.7.1 → v7.7.3) ([#2203](https://github.com/bpg/terraform-provider-proxmox/issues/2203)) ([3692434](https://github.com/bpg/terraform-provider-proxmox/commit/36924349437a7a0fd19b0c73185fdf5176d4186e)) - **deps:** update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.38.0 → v2.38.1) ([#2197](https://github.com/bpg/terraform-provider-proxmox/issues/2197)) ([0387296](https://github.com/bpg/terraform-provider-proxmox/commit/0387296c0bc5aa90cb6fd332ed0890ef75d67db0)) ### [`v0.84.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0840-2025-09-22) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.83.2...v0.84.0) ##### Features - **file:** add file datasource ([#2176](https://github.com/bpg/terraform-provider-proxmox/issues/2176)) ([8244813](https://github.com/bpg/terraform-provider-proxmox/commit/8244813b7eae6bb6442fa69f786ab9422ffdadee)) - **sdn:** add support for Subnet resource and datasource ([#2191](https://github.com/bpg/terraform-provider-proxmox/issues/2191)) ([1df305d](https://github.com/bpg/terraform-provider-proxmox/commit/1df305dfb3867f0e0bc207f928745de96db3f7f1)) - **sdn:** add support for VNet resource and datasource ([#2185](https://github.com/bpg/terraform-provider-proxmox/issues/2185)) ([8938d86](https://github.com/bpg/terraform-provider-proxmox/commit/8938d8657157085934adb15680209a374b3bc7b2)) ##### Miscellaneous - **deps:** update github.com/hashicorp/terraform-plugin-\* ([#2187](https://github.com/bpg/terraform-provider-proxmox/issues/2187)) ([09b704a](https://github.com/bpg/terraform-provider-proxmox/commit/09b704ad8e082dde47247f2a9fb64f5af7791a15)) - **deps:** update image golang ([`bb979b2`](https://github.com/bpg/terraform-provider-proxmox/commit/bb979b2) → [`8305f5f`](https://github.com/bpg/terraform-provider-proxmox/commit/8305f5f)) ([#2186](https://github.com/bpg/terraform-provider-proxmox/issues/2186)) ([b70fa62](https://github.com/bpg/terraform-provider-proxmox/commit/b70fa6267037811b650a48baec7bc07ed3b2665d)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.6.0 → v7.7.0) ([#2189](https://github.com/bpg/terraform-provider-proxmox/issues/2189)) ([46dbc68](https://github.com/bpg/terraform-provider-proxmox/commit/46dbc68da70bd4e7600c3d124b39abd07dbbc07e)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.7.0 → v7.7.1) ([#2192](https://github.com/bpg/terraform-provider-proxmox/issues/2192)) ([11f4002](https://github.com/bpg/terraform-provider-proxmox/commit/11f400288b896f8a4570f169651e20dd2cef3e10)) - **deps:** update module github.com/hashicorp/terraform-plugin-sdk/v2 (v2.37.0 → v2.38.0) ([#2188](https://github.com/bpg/terraform-provider-proxmox/issues/2188)) ([2b2d619](https://github.com/bpg/terraform-provider-proxmox/commit/2b2d619356fa7a099807c54b0a6a45e78683b15e)) ### [`v0.83.2`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0832-2025-09-14) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.83.1...v0.83.2) ##### Bug Fixes - **firewall:** detect drift when rules are manually deleted ([#2178](https://github.com/bpg/terraform-provider-proxmox/issues/2178)) ([6b84d5a](https://github.com/bpg/terraform-provider-proxmox/commit/6b84d5aa5ecd3ffb71e10050c20f79bc5ce1ff89)) - **firewall:** prevent perpetual plan drift on rule attribute removal ([#2177](https://github.com/bpg/terraform-provider-proxmox/issues/2177)) ([0e72580](https://github.com/bpg/terraform-provider-proxmox/commit/0e725801ee26642dcb872de5b1be58d0a224408e)) - **vm:** disk deletion may reorder disks ([#2174](https://github.com/bpg/terraform-provider-proxmox/issues/2174)) ([e339fef](https://github.com/bpg/terraform-provider-proxmox/commit/e339fef2d042728eaa7594607a89929892513e96)) ##### Miscellaneous - **ci:** update actions/create-github-app-token action (v2.1.1 → v2.1.4) ([#2179](https://github.com/bpg/terraform-provider-proxmox/issues/2179)) ([70cfb58](https://github.com/bpg/terraform-provider-proxmox/commit/70cfb582922e2e31662e580b2f42b124e0d481e2)) - **deps:** update image golang ([`b773c94`](https://github.com/bpg/terraform-provider-proxmox/commit/b773c94) → [`bb979b2`](https://github.com/bpg/terraform-provider-proxmox/commit/bb979b2)) ([#2173](https://github.com/bpg/terraform-provider-proxmox/issues/2173)) ([7944277](https://github.com/bpg/terraform-provider-proxmox/commit/79442773910b4309570aea8e838ea7d3b154e5be)) ### [`v0.83.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0831-2025-09-10) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.83.0...v0.83.1) ##### Bug Fixes - **ci:** update link checker config ([#2151](https://github.com/bpg/terraform-provider-proxmox/issues/2151)) ([e017881](https://github.com/bpg/terraform-provider-proxmox/commit/e017881712ad81767590c4c60877167a28f35a42)) ##### Miscellaneous - **ci:** Update actions/setup-go action (v5 → v6) ([#2154](https://github.com/bpg/terraform-provider-proxmox/issues/2154)) ([16814d4](https://github.com/bpg/terraform-provider-proxmox/commit/16814d469b4601413a9ea3fb9446bb7670884015)) - **ci:** Update actions/stale action (v9 → v10) ([#2155](https://github.com/bpg/terraform-provider-proxmox/issues/2155)) ([87e6392](https://github.com/bpg/terraform-provider-proxmox/commit/87e639232d0228a58bd3060b543e9fc05108d2c3)) - **code:** minor code cleanups ([#2156](https://github.com/bpg/terraform-provider-proxmox/issues/2156))ssh ([9e22c3c](https://github.com/bpg/terraform-provider-proxmox/commit/9e22c3c427086f4780e2ddc226edc3e235c90586)) - **deps:** update image golang (1.25.0 → 1.25.1) ([#2153](https://github.com/bpg/terraform-provider-proxmox/issues/2153)) ([a58bf4f](https://github.com/bpg/terraform-provider-proxmox/commit/a58bf4f9475c33a16f8fcead640976a5fb149cb0)) - **deps:** update image golang ([`a5e935d`](https://github.com/bpg/terraform-provider-proxmox/commit/a5e935d) → [`d6bdb04`](https://github.com/bpg/terraform-provider-proxmox/commit/d6bdb04)) ([#2161](https://github.com/bpg/terraform-provider-proxmox/issues/2161)) ([58d833d](https://github.com/bpg/terraform-provider-proxmox/commit/58d833dfa8996985253bbd75ed50a10f7e9cc0db)) - **deps:** update image golang ([`d6bdb04`](https://github.com/bpg/terraform-provider-proxmox/commit/d6bdb04) → [`b773c94`](https://github.com/bpg/terraform-provider-proxmox/commit/b773c94)) ([#2169](https://github.com/bpg/terraform-provider-proxmox/issues/2169)) ([a979850](https://github.com/bpg/terraform-provider-proxmox/commit/a9798505c828618892f33d4376295c9f6e1850d0)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.5.1 → v7.6.0) ([#2162](https://github.com/bpg/terraform-provider-proxmox/issues/2162)) ([ffdc3a5](https://github.com/bpg/terraform-provider-proxmox/commit/ffdc3a55da085f45132b686dacf26642126ff0ae)) - **deps:** update module golang.org/x/crypto (v0.41.0 → v0.42.0) ([#2163](https://github.com/bpg/terraform-provider-proxmox/issues/2163)) ([4e73d56](https://github.com/bpg/terraform-provider-proxmox/commit/4e73d5610c854cd64e6f4d4cf81b7f534183d9be)) - **deps:** update module golang.org/x/net (v0.43.0 → v0.44.0) ([#2170](https://github.com/bpg/terraform-provider-proxmox/issues/2170)) ([ed366b5](https://github.com/bpg/terraform-provider-proxmox/commit/ed366b55dc8b32b2203ec87213bf76aba6d1860d)) - **docs:** improve `container` documentation ([#2160](https://github.com/bpg/terraform-provider-proxmox/issues/2160)) ([380fd7f](https://github.com/bpg/terraform-provider-proxmox/commit/380fd7fed1d5cfbb9a2c562294a9f2ac127a0a31)) - **docs:** improve `vm.initialization` documentation ([#2158](https://github.com/bpg/terraform-provider-proxmox/issues/2158)) ([29ef9d2](https://github.com/bpg/terraform-provider-proxmox/commit/29ef9d2527132b4e726e222edb958f022260a306)) - **docs:** include vm/lxc lock error details in the README known issues section ([#2166](https://github.com/bpg/terraform-provider-proxmox/issues/2166)) ([1810273](https://github.com/bpg/terraform-provider-proxmox/commit/1810273cebc8de6092b6347c4be0393ad2f9f29b)) - **docs:** update reference to `release-build` in contributing doc ([#2167](https://github.com/bpg/terraform-provider-proxmox/issues/2167)) ([739471a](https://github.com/bpg/terraform-provider-proxmox/commit/739471a9888b264587c42da1d370848b3d95639e)) - **docs:** update sdn\_applier example ([c275e03](https://github.com/bpg/terraform-provider-proxmox/commit/c275e031ffdd9b8fdd46c09d1563be12c713541b)) ### [`v0.83.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0830-2025-08-31) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.82.1...v0.83.0) ##### Features - **sdn:** add custom resource to apply `sdn_*` configurations ([#2127](https://github.com/bpg/terraform-provider-proxmox/issues/2127)) ([e13d7ef](https://github.com/bpg/terraform-provider-proxmox/commit/e13d7ef29985ccd0ba8f79dd0ad658ee6779a8a6)) ##### Bug Fixes - **docs:** correct minor typos / formatting ([#2144](https://github.com/bpg/terraform-provider-proxmox/issues/2144)) ([a2e4ff0](https://github.com/bpg/terraform-provider-proxmox/commit/a2e4ff039450214feb2c32d84e6b18878e1dd804)) ##### Miscellaneous - **ci:** Update actions/attest-build-provenance action (v2 → v3) ([#2142](https://github.com/bpg/terraform-provider-proxmox/issues/2142)) ([f62e69d](https://github.com/bpg/terraform-provider-proxmox/commit/f62e69d160055dc0cbd5a08f5041533c079bd96e)) - **ci:** update googleapis/release-please-action action (v4.2.0 → v4.3.0) ([#2136](https://github.com/bpg/terraform-provider-proxmox/issues/2136)) ([f634b2e](https://github.com/bpg/terraform-provider-proxmox/commit/f634b2eafb631b75c04c91b39d393de6b05e36b0)) - **ci:** update lycheeverse/lychee-action action (v2.5.0 → v2.6.0) ([#2137](https://github.com/bpg/terraform-provider-proxmox/issues/2137)) ([64c1ab3](https://github.com/bpg/terraform-provider-proxmox/commit/64c1ab3148a4d7a5835c5fd957a3009c35f73761)) - **ci:** update lycheeverse/lychee-action action (v2.6.0 → v2.6.1) ([#2138](https://github.com/bpg/terraform-provider-proxmox/issues/2138)) ([7f56290](https://github.com/bpg/terraform-provider-proxmox/commit/7f56290838c363d025719a15f6e25b6e1ec8d49e)) - **deps:** update image golang ([`4859242`](https://github.com/bpg/terraform-provider-proxmox/commit/4859242) → [`5502b0e`](https://github.com/bpg/terraform-provider-proxmox/commit/5502b0e)) ([#2134](https://github.com/bpg/terraform-provider-proxmox/issues/2134)) ([20f41e8](https://github.com/bpg/terraform-provider-proxmox/commit/20f41e86e03f183bcbf295ba56c41c692fcee998)) - **deps:** update image golang ([`91e2cd4`](https://github.com/bpg/terraform-provider-proxmox/commit/91e2cd4) → [`4859242`](https://github.com/bpg/terraform-provider-proxmox/commit/4859242)) ([#2128](https://github.com/bpg/terraform-provider-proxmox/issues/2128)) ([9ae882e](https://github.com/bpg/terraform-provider-proxmox/commit/9ae882e5d7cdb19b54e9be07ba92ef92cab0054c)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.3.0 → v7.4.0) ([#2129](https://github.com/bpg/terraform-provider-proxmox/issues/2129)) ([11b8167](https://github.com/bpg/terraform-provider-proxmox/commit/11b8167fc6488fbeb7b977f0267dcc862ce05e20)) - **deps:** update module github.com/brianvoe/gofakeit/v7 (v7.4.0 → v7.5.1) ([#2143](https://github.com/bpg/terraform-provider-proxmox/issues/2143)) ([2eae3ee](https://github.com/bpg/terraform-provider-proxmox/commit/2eae3eeeeb7c12e407aa21a33e930e8219310b6b)) - **deps:** update module github.com/stretchr/testify (v1.10.0 → v1.11.1) ([#2135](https://github.com/bpg/terraform-provider-proxmox/issues/2135)) ([6b00db6](https://github.com/bpg/terraform-provider-proxmox/commit/6b00db644613520e257c6af90b5f3930cf4a4b8a)) ### [`v0.82.1`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0821-2025-08-19) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.82.0...v0.82.1) ##### Bug Fixes - **vm:** prevent re-creation of previously imported disks on update ([#2122](https://github.com/bpg/terraform-provider-proxmox/issues/2122)) ([c6c1c18](https://github.com/bpg/terraform-provider-proxmox/commit/c6c1c18a2b7a2ad80006bf5e22afec7dbf98071b)) ##### Miscellaneous - **deps:** update image golang ([`9e56f0d`](https://github.com/bpg/terraform-provider-proxmox/commit/9e56f0d) → [`91e2cd4`](https://github.com/bpg/terraform-provider-proxmox/commit/91e2cd4)) ([#2123](https://github.com/bpg/terraform-provider-proxmox/issues/2123)) ([9d179dd](https://github.com/bpg/terraform-provider-proxmox/commit/9d179dde724604d3b2f297fd805c7c2cb8f723b4)) - **docs:** fix TOC format, cleanup cloud image guide ([#2121](https://github.com/bpg/terraform-provider-proxmox/issues/2121)) ([b321a01](https://github.com/bpg/terraform-provider-proxmox/commit/b321a01b4f142d55afef53eca20c1b183386bc84)) ### [`v0.82.0`](https://github.com/bpg/terraform-provider-proxmox/blob/HEAD/CHANGELOG.md#0820-2025-08-18) [Compare Source](https://github.com/bpg/terraform-provider-proxmox/compare/v0.81.0...v0.82.0) ##### Features - **docs:** update compatibility notes for PVE 9.x ([#2116](https://github.com/bpg/terraform-provider-proxmox/issues/2116)) ([08ea66a](https://github.com/bpg/terraform-provider-proxmox/commit/08ea66a4e0e1c92851c5811bacde075d169fb1cc)) - **lxc:** add `proxmox_virtual_environment_containers` data source ([#2090](https://github.com/bpg/terraform-provider-proxmox/issues/2090)) ([45f2805](https://github.com/bpg/terraform-provider-proxmox/commit/45f28051cd18bbb5838ef0de5eedc41a97ecee3b)) - **lxc:** Add missing configuration options for container rootfs ([#2067](https://github.com/bpg/terraform-provider-proxmox/issues/2067)) ([b2c5012](https://github.com/bpg/terraform-provider-proxmox/commit/b2c50120ea552d078e9634228f8b90b356a163b9)) ##### Bug Fixes - **lxc:** adjust max number of container's IP configs ([#2088](https://github.com/bpg/terraform-provider-proxmox/issues/2088)) ([602568e](https://github.com/bpg/terraform-provider-proxmox/commit/602568e6a64945514b7e3a3294ec8fb1f98b6be8)) - **provider:** parsing PVE version reported by API ([#2115](https://github.com/bpg/terraform-provider-proxmox/issues/2115)) ([f1501e2](https://github.com/bpg/terraform-provider-proxmox/commit/f1501e2655f4d9a246be8fe826a3d385448dce17)) - **vm:** regression: disk re-ordering on re-apply ([#2114](https://github.com/bpg/terraform-provider-proxmox/issues/2114)) ([634ad69](https://github.com/bpg/terraform-provider-proxmox/commit/634ad690fefa719df7be1c7f8962cd4a5bead79a)) ##### Miscellaneous - **ci:** Update actions/checkout action ([#2098](https://github.com/bpg/terraform-provider-proxmox/issues/2098)) ([3855cb2](https://github.com/bpg/terraform-provider-proxmox/commit/3855cb293fd32486eb39aee056c3c526d4f15ba8)) - **ci:** update actions/create-github-app-token action (v2.0.6 → v2.1.0) ([#2095](https://github.com/bpg/terraform-provider-proxmox/issues/2095)) ([6161969](https://github.com/bpg/terraform-provider-proxmox/commit/61619690cce176948e4795a98075c0854a42669b)) - **ci:** update actions/create-github-app-token action (v2.1.0 → v2.1.1) ([#2099](https://github.com/bpg/terraform-provider-proxmox/issues/2099)) ([7f5d771](https://github.com/bpg/terraform-provider-proxmox/commit/7f5d77143a2c3a607ee3f647ad2d9054b9e0d00d)) - **ci:** update goreleaser/goreleaser-action action (v6.3.0 → v6.4.0) ([#2111](https://github.com/bpg/terraform-provider-proxmox/issues/2111)) ([78ce7f0](https://github.com/bpg/terraform-provider-proxmox/commit/78ce7f0db4595ecf00c0420b3d46fe78cda1d204)) - **ci:** update jetbrains/qodana-action action (v2025.1.1 → v2025.2.1) ([#2106](https://github.com/bpg/terraform-provider-proxmox/issues/2106)) ([0dec643](https://github.com/bpg/terraform-provider-proxmox/commit/0dec643b3dc670c48f3f79752cb93519e3515a36)) - **ci:** update lycheeverse/lychee-action action (v2.4.1 → v2.5.0) ([#2096](https://github.com/bpg/terraform-provider-proxmox/issues/2096)) ([7c98464](https://github.com/bpg/terraform-provider-proxmox/commit/7c98464783a70e1ca801765eb5c16fed4ce0f329)) - **deps:** update golangci/golangci-lint (v2.3.0 → v2.3.1) ([#2074](https://github.com/bpg/terraform-provider-proxmox/issues/2074)) ([9947a86](https://github.com/bpg/terraform-provider-proxmox/commit/9947a86106c7215f68183956cf0f2cde209a73fa)) - **deps:** update golangci/golangci-lint (v2.3.1 → v2.4.0) ([#2110](https://github.com/bpg/terraform-provider-proxmox/issues/2110)) ([21bed82](https://github.com/bpg/terraform-provider-proxmox/commit/21bed824e4cc4fd53cc927273798e5c6b757f89d)) - **deps:** update image golang (1.24.5 → 1.24.6) ([#2085](https://github.com/bpg/terraform-provider-proxmox/issues/2085)) ([ac91fe8](https://github.com/bpg/terraform-provider-proxmox/commit/ac91fe8de01fd61ca1015350801ffdb5451d7aa7)) - **deps:** update image golang (1.24.6 → 1.25.0) ([#2107](https://github.com/bpg/terraform-provider-proxmox/issues/2107)) ([9e10206](https://github.com/bpg/terraform-provider-proxmox/commit/9e10206e19b9f3cdf5989bef6956a4a1242a7235)) - **deps:** update image golang ([`10a15b9`](https://github.com/bpg/terraform-provider-proxmox/commit/10a15b9) → [`9e56f0d`](https://github.com/bpg/terraform-provider-proxmox/commit/9e56f0d)) ([#2109](https://github.com/bpg/terraform-provider-proxmox/issues/2109)) ([420add8](https://github.com/bpg/terraform-provider-proxmox/commit/420add86698425afba60ac06b3481b1057da5aee)) - **deps:** update module github.com/hashicorp/terraform-plugin-testing (v1.13.2 → v1.13.3) ([#2113](https://github.com/bpg/terraform-provider-proxmox/issues/2113)) ([1863847](https://github.com/bpg/terraform-provider-proxmox/commit/1863847b5764c5da9ed70d3bd9a3ce087ab185b4)) - **deps:** update module golang.org/x/crypto (v0.40.0 → v0.41.0) ([#2086](https://github.com/bpg/terraform-provider-proxmox/issues/2086)) ([5018b31](https://github.com/bpg/terraform-provider-proxmox/commit/5018b31d2aa72c66771242c0d5463f10ad20f7d0)) - **deps:** update module golang.org/x/net (v0.42.0 → v0.43.0) ([#2087](https://github.com/bpg/terraform-provider-proxmox/issues/2087)) ([5151dcc](https://github.com/bpg/terraform-provider-proxmox/commit/5151dcc7b7832a95312efe5773401e3443d26a1a)) - **docs:** cleanup and update `clone-vm` example ([#2094](https://github.com/bpg/terraform-provider-proxmox/issues/2094)) ([c7cd61a](https://github.com/bpg/terraform-provider-proxmox/commit/c7cd61a2d3aea273df40e86532fa575c0dd95b98)) - **docs:** remove spurious sdn datasource .tf examples ([#2092](https://github.com/bpg/terraform-provider-proxmox/issues/2092)) ([91e0fbf](https://github.com/bpg/terraform-provider-proxmox/commit/91e0fbf676a93dca8659ca55460ba2318b09620e)) </details> <details> <summary>ahamlinman/terraform-provider-zonefile (zonefile)</summary> ### [`v0.2.0`](https://github.com/ahamlinman/terraform-provider-zonefile/blob/HEAD/CHANGELOG.md#v020-2026-06-22) [Compare Source](https://github.com/ahamlinman/terraform-provider-zonefile/compare/v0.1.2...v0.2.0) This release migrates the provider's Go module path and TF registry address to match my current GitHub username. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).

renovatebot added 1 commit

2026-05-25 16:46:49 +02:00

Update all non-major dependencies 9657da8bf1

renovatebot force-pushed renovate/all-minor-patch from 9657da8bf1 to de343eaa1d

2026-05-27 15:16:19 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from de343eaa1d to 98043386cd

2026-05-27 15:33:32 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 98043386cd to 7cfb995b1c

2026-05-27 17:16:19 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 7cfb995b1c to e80d8d5f5c

2026-05-27 23:31:41 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from e80d8d5f5c to 3559408054

2026-05-28 01:31:20 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 3559408054 to 42e5d79b11

renovate/artifacts Artifact file update failure

2026-06-01 13:16:32 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 42e5d79b11

renovate/artifacts Artifact file update failure

to 0650aeeb91

2026-06-01 19:16:26 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 0650aeeb91 to 59905a7ee2

2026-06-06 15:46:31 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 59905a7ee2 to 08a0ca9c55

2026-06-10 16:01:21 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 08a0ca9c55 to 12f31a199a

2026-06-11 19:16:29 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 12f31a199a to 4cffd3b8d3

2026-06-15 16:03:39 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 4cffd3b8d3 to 73d1f11e86

renovate/artifacts Artifact file update failure

2026-06-18 01:02:28 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 73d1f11e86

renovate/artifacts Artifact file update failure

to fd9195f222

2026-06-18 08:32:04 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from fd9195f222 to 25505f9549

renovate/artifacts Artifact file update failure

2026-06-18 18:17:31 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from 25505f9549

renovate/artifacts Artifact file update failure

to a79b6bf51d

2026-06-19 00:46:23 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from a79b6bf51d to f417e46459

2026-06-23 06:47:19 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from f417e46459 to e5873fdcc2

2026-06-23 15:17:30 +02:00

Compare

renovatebot force-pushed renovate/all-minor-patch from e5873fdcc2 to 5c87ea6901

2026-06-25 17:32:14 +02:00

Compare

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/all-minor-patch:renovate/all-minor-patch

git switch renovate/all-minor-patch

Merge

Merge the changes and update on Forgejo.

git switch main

git merge --no-ff renovate/all-minor-patch

git switch renovate/all-minor-patch

git rebase main

git switch main

git merge --ff-only renovate/all-minor-patch

git switch renovate/all-minor-patch

git rebase main

git switch main

git merge --no-ff renovate/all-minor-patch

git switch main

git merge --squash renovate/all-minor-patch

git switch main

git merge --ff-only renovate/all-minor-patch

git switch main

git merge renovate/all-minor-patch

git push origin main

No reviewers

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

lilly/lillinfra!42

No description provided.

Update all non-major dependencies #42

Release Notes

Changes by Kind

Bug or Regression

Other (Cleanup or Flake)

Changes by Kind

Bug or Regression

Other (Cleanup or Flake)

Bug or Regression

Changes by Kind

Feature

Documentation

Bug or Regression

Other (Cleanup or Flake)

Changes since v1.20.0-alpha.1

Feature

Bug or Regression

Other (Cleanup or Flake)

Changed since v1.20.0-alpha.0

Feature

Bug or Regression

Other (Cleanup or Flake)

Added

Changed

Removed

Changes since v1.19.0

Feature

Bug or Regression

Changes by Kind

Bug or Regression

Other (Cleanup or Flake)

Changes by Kind

Other (Cleanup or Flake)

Changes by Kind

Bug or Regression

Changes by Kind

Bug or Regression

Other (Cleanup or Flake)

Changes since v1.19.1

Bug or Regression

Other (Cleanup or Flake)

Bug or Regression

Feature

Bug or Regression

Other (Cleanup or Flake)

Feature

Bug or Regression

Other (Cleanup or Flake)

Changes by Kind

Bug or Regression

Changes by Kind

Bug or Regression

Other (Cleanup or Flake)

Changes since v1.18.3

Bug or Regression

Other (Cleanup or Flake)

Bug or Regression

Other (Cleanup or Flake)

v4.13.3: release

What's Changed

v4.13.2: release

What's Changed

v4.13.1: release

What's Changed

New Contributors

v4.13.0: release

What's Changed

New Contributors

v4.12.1: release

What's Changed

v4.12.0: release

What's Changed

New Contributors

v10.34.3: pnpm 10.34.3

⚠️ Security fix — environment variables in a project .npmrc (action may be required)

Patch Changes

Platinum Sponsors

Gold Sponsors

v10.34.2: pnpm 10.34.2

⚠️ Security fix — environment variables in a project .npmrc (action may be required)

Changes since `v1.19.0`

Changes since `v1.19.1`

Changes since `v1.18.3`

`v4.13.3`: release

`v4.13.2`: release

`v4.13.1`: release

`v4.13.0`: release

`v4.12.1`: release

`v4.12.0`: release

`v10.34.3`: pnpm 10.34.3

⚠️ Security fix — environment variables in a project `.npmrc` (action may be required)

`v10.34.2`: pnpm 10.34.2

⚠️ Security fix — environment variables in a project `.npmrc` (action may be required)

`v10.34.1`: pnpm 10.34.1

`v10.34.0`: pnpm 10.34

`v10.33.4`: pnpm 10.33.4

`v10.33.3`: pnpm 10.33.3

`v10.33.2`: pnpm 10.33.2

`v10.33.1`: pnpm 10.33.1

`v10.33.0`: pnpm 10.33

`v10.32.1`: pnpm 10.32.1

`v10.32.0`: pnpm 10.32

`v10.31.0`: pnpm 10.31

`v10.30.3`: pnpm 10.30.3