sidero icon indicating copy to clipboard operation
sidero copied to clipboard
verified publisher icon siderolabs

chore: Bump github.com/siderolabs/talos from 1.12.0-beta.0 to 1.12.0-rc.0 in /sfyra

Open dependabot[bot] opened this issue 1 week ago • 1 comments

Bumps github.com/siderolabs/talos from 1.12.0-beta.0 to 1.12.0-rc.0.

Release notes

Sourced from github.com/siderolabs/talos's releases.

v1.12.0-rc.0

Talos 1.12.0-rc.0 (2025-12-09)

Welcome to the v1.12.0-rc.0 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

API Server Cipher Suites

The Kubernetes API server in Talos has been updated to use a more secure set of TLS cipher suites by default. This is in line with a set of best practices documented in CIS 1.12 benchmark.

You can still expand the list of supported cipher suites via the cluster.apiServer.extraArgs."tls-cipher-suites" machine configuration field if needed.

New User Volume type - bind

New field in UserVolumeConfig - volumeType that defaults to partition, but can be set to directory. When set to directory, provisioning and filesystem operations are skipped and a directory is created under /var/mnt/<name>.

The directory type enables lightweight storage volumes backed by a host directory, instead of requiring a full block device partition.

When volumeType = "directory":

  • A directory is created at /var/mnt/<metadata.name>;
  • provisioning, filesystem and encryption are prohibited.

Note: this mode does not provide filesystem-level isolation and inherits the EPHEMERAL partition capacity limits. It should not be used for workloads requiring predictable storage quotas.

Disk Encryption

Talos versions prior to v1.12 used the state of PCR 7 and signed policies locked to PCR 11 for TPM based disk encryption.

Talos now supports configuring which PCRs states are to be used for TPM based disk encryption via the options.pcrs field in the tpm section of the disk encryption configuration.

If user doesn't specify any options Talos defaults to using PCR 7 for backwards compatibility with existing installations.

This change was made to improve compatibility with systems that may have varying states in PCR 7 due to UEFI Secure Boot configurations and users may wish to disable locking to PCR 7 state entirely.

Signed PCR policies will still be bound to PCR 11.

The currently used PCR's can be seen with talosctl get volumestatus <volume> -o yaml command.

... (truncated)

Commits
  • 0613076 release(v1.12.0-rc.0): prepare release
  • bc4de5b fix: constants file
  • 4a15763 docs: update release notes
  • 2973365 fix: correct condition to use UKI cmdline in GRUB
  • 0ac5892 docs: drop machine.network example
  • 184a45c test: bird2 extension
  • 8eac9f3 docs: add omni join token example to create qemu command
  • e79a94d fix: adapt SELinuxSuite.TestNoPtrace to new strace version
  • 7a1bb4c fix: mark secureboot as supported for metal
  • 5c6ee6a fix: clear provisioning data on SideroLink config change
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Dec 15 '25 01:12 dependabot[bot]

Deploy Preview for wonderful-swartz-a1308c ready!

Name Link
Latest commit 7958e04c647a8f0a7706e3e1aac8be5e91d40d6e
Latest deploy log https://app.netlify.com/projects/wonderful-swartz-a1308c/deploys/693f5dfdc24e19000813422a
Deploy Preview https://deploy-preview-1560--wonderful-swartz-a1308c.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

netlify[bot] avatar Dec 15 '25 01:12 netlify[bot]

Superseded by #1567.

dependabot[bot] avatar Dec 22 '25 01:12 dependabot[bot]