Skip to content

chore(deps): Bump github.com/siderolabs/talos/pkg/machinery from 1.14.0-alpha.1 to 1.14.0-alpha.2#5765

Closed
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/go_modules/github.com/siderolabs/talos/pkg/machinery-1.14.0-alpha.2
Closed

chore(deps): Bump github.com/siderolabs/talos/pkg/machinery from 1.14.0-alpha.1 to 1.14.0-alpha.2#5765
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/go_modules/github.com/siderolabs/talos/pkg/machinery-1.14.0-alpha.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/siderolabs/talos/pkg/machinery from 1.14.0-alpha.1 to 1.14.0-alpha.2.

Release notes

Sourced from github.com/siderolabs/talos/pkg/machinery's releases.

v1.14.0-alpha.2

Talos 1.14.0-alpha.2 (2026-06-26)

Welcome to the v1.14.0-alpha.2 release of Talos!
This is a pre-release of Talos

Please try out the release binaries and report any issues at https://github.com/siderolabs/talos/issues.

DNS over TLS (DoT) and DNS over HTTPS (DoH) Support

Talos now supports DNS over TLS (DoT) and DNS over HTTPS (DoH) for secure DNS resolution. These features allow Talos to encrypt DNS queries and responses, enhancing privacy and security for DNS traffic. The DNS protocol can be configured on a per-name server basis in the ResolverConfig document, allowing for flexible configuration of DNS resolution.

noexec on EPHEMERAL (/var)

The EPHEMERAL volume (/var) is now mounted with noexec in addition to the existing nosuid and nodev, blocking binary execution from /var.

Workloads that exec binaries placed under /var will break. For example, Longhorn v1's instance-manager exec's engine binaries the engine-image DaemonSet drops under /var/lib/longhorn/engine-binaries/, which now fails with permission denied. Affected users can opt out via a VolumeConfig document:

apiVersion: v1alpha1
kind: VolumeConfig
name: EPHEMERAL
mount:
  secure: false

NOTE: Setting secure: false will also disable nosuid and nodev, which may have security implications. Use with caution.

Upgrade note: apply this VolumeConfig patch before upgrading, otherwise affected workloads will fail after the next reboot. Longhorn v2 (SPDK data engine) runs the data plane inside the instance manager process and is not affected.

Apply Configuration Modes

The '--mode=reboot' option has been removed from the talosctl apply-config command; by default, configuration is applied without a reboot. Most configuration changes don't require a reboot; the documentation lists the changes that do.

Btrfs Support

Talos now supports mounting and provisioning btrfs filesystem for user volumes and existing volumes.

... (truncated)

Commits
  • cd8b0fe release(v1.14.0-alpha.2): prepare release
  • 917820c chore: sync pkgs/tools
  • b34be14 fix: cli.md codeblock generation
  • 25abcc6 docs: update kubespanconfig to match discoveryserviceconfig
  • 742589f feat: support multiple discovery service configs
  • fc3f27d chore: enrich the SBOM with Go module licenses
  • 47d5c33 fix: handle image cache being disabled
  • 1a965ae test: disable LongHorn ublk test and add more cores
  • 6d03b3f fix: align documented image cache partition label
  • 6447d85 fix(talosctl): use aio threads on darwin
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/siderolabs/talos/pkg/machinery](https://github.com/siderolabs/talos) from 1.14.0-alpha.1 to 1.14.0-alpha.2.
- [Release notes](https://github.com/siderolabs/talos/releases)
- [Changelog](https://github.com/siderolabs/talos/blob/main/RELEASE.md)
- [Commits](siderolabs/talos@v1.14.0-alpha.1...v1.14.0-alpha.2)

---
updated-dependencies:
- dependency-name: github.com/siderolabs/talos/pkg/machinery
  dependency-version: 1.14.0-alpha.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 71452575-1450-49fc-990a-64f7e7f5fe63

📥 Commits

Reviewing files that changed from the base of the PR and between 2e83b42 and 12066ed.

⛔ Files ignored due to path filters (2)
  • desktop/go.sum is excluded by !**/*.sum
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (2)
  • desktop/go.mod
  • go.mod
📜 Recent review details
⏰ Context from checks skipped due to timeout. (11)
  • GitHub Check: 🔍 License Check
  • GitHub Check: 🏠 Home Isolation Guard
  • GitHub Check: 🏗️ Build KSail Binary
  • GitHub Check: 🛡️ Vulnerability Scan
  • GitHub Check: 🧪 Test
  • GitHub Check: 📊 Code Coverage
  • GitHub Check: 🧹 Lint - golangci-lint
  • GitHub Check: 🏗️ Build + cask (macOS)
  • GitHub Check: 🏗️ Build (Linux)
  • GitHub Check: Analyze (go)
  • GitHub Check: Analyze (go)
⚠️ CI failures not shown inline (2)

GitHub Actions: 🔀 Enable Auto-Merge / auto-merge: chore(deps): Bump github.com/siderolabs/talos/pkg/machinery from 1.14.0-alpha.1 to 1.14.0-alpha.2

Conclusion: failure

View job details

##[group]Run set +e
 �[36;1mset +e�[0m
 �[36;1mREVIEW_OUTPUT=$(gh pr review "$PR_NUMBER" --approve --repo "$REPOSITORY" 2>&1)�[0m
 �[36;1mREVIEW_EXIT_CODE=$?�[0m
 �[36;1mset -e�[0m
 �[36;1m�[0m
 �[36;1mif [[ $REVIEW_EXIT_CODE -eq 0 ]]; then�[0m
 �[36;1m  echo "✅ PR #${PR_NUMBER} approved"�[0m
 �[36;1melif [[ "$REVIEW_OUTPUT" == *"Can not approve your own pull request"* ]]; then�[0m
 �[36;1m  echo "::warning::Could not approve PR #${PR_NUMBER} because GitHub does not allow self-approval. Skipping approval."�[0m
 �[36;1melse�[0m
 �[36;1m  echo "::error::Failed to approve PR #${PR_NUMBER}."�[0m

GitHub Actions: 🔀 Enable Auto-Merge / 0_auto-merge.txt: chore(deps): Bump github.com/siderolabs/talos/pkg/machinery from 1.14.0-alpha.1 to 1.14.0-alpha.2

Conclusion: failure

View job details

##[group]Run set +e
 �[36;1mset +e�[0m
 �[36;1mREVIEW_OUTPUT=$(gh pr review "$PR_NUMBER" --approve --repo "$REPOSITORY" 2>&1)�[0m
 �[36;1mREVIEW_EXIT_CODE=$?�[0m
 �[36;1mset -e�[0m
 �[36;1m�[0m
 �[36;1mif [[ $REVIEW_EXIT_CODE -eq 0 ]]; then�[0m
 �[36;1m  echo "✅ PR #${PR_NUMBER} approved"�[0m
 �[36;1melif [[ "$REVIEW_OUTPUT" == *"Can not approve your own pull request"* ]]; then�[0m
 �[36;1m  echo "::warning::Could not approve PR #${PR_NUMBER} because GitHub does not allow self-approval. Skipping approval."�[0m
 �[36;1melse�[0m
 �[36;1m  echo "::error::Failed to approve PR #${PR_NUMBER}."�[0m
🔇 Additional comments (2)
go.mod (1)

30-30: LGTM!

Also applies to: 97-97, 556-556, 636-636, 926-926, 943-943

desktop/go.mod (1)

385-385: LGTM!

Also applies to: 442-442, 504-504, 645-645, 770-770, 790-791


📝 Walkthrough

Walkthrough

This pull request updates dependency versions in both go.mod and desktop/go.mod. Several indirect dependencies (rtnetlink, ethtool, talos machinery, yaml, genproto) are bumped to newer versions, and desktop/go.mod adds a new indirect dependency on gopacket v1.5.0.

Changes

Dependency Version Updates

Layer / File(s) Summary
Root module dependency bumps
go.mod
Updates talos machinery, genproto api/rpc, rtnetlink, ethtool, and yaml/v4 to newer versions.
Desktop module dependency bumps
desktop/go.mod
Adds new indirect gopacket dependency and updates rtnetlink, ethtool, talos machinery, yaml/v4, and genproto api/rpc versions.

Estimated code review effort: 1 (Trivial) | ~3 minutes

Related PRs: None identified.

Suggested labels: dependencies, go

Suggested reviewers: None identified.

Poem
A rabbit hops through go.mod's lines,
Bumping versions, tidy signs,
gopacket joins the indirect crew,
Talos and yaml get their due,
No code was touched, just numbers new. 🐇

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly describes the main dependency bump in this PR.
Description check ✅ Passed The description is directly related to the version bump made in the PR.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/go_modules/github.com/siderolabs/talos/pkg/machinery-1.14.0-alpha.2

Comment @coderabbitai help to get the list of available commands.

@ksail-bot ksail-bot Bot enabled auto-merge (squash) July 3, 2026 17:15
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

MegaLinter analysis: Success

✅ Linters with no issues

actionlint, bash-exec, git_diff, hadolint, jscpd, jsonlint, lychee, markdown-table-formatter, markdownlint, prettier, prettier, shellcheck, shfmt, stylelint, syft, trivy-sbom, trufflehog, v8r, v8r, yamllint

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

@devantler

Copy link
Copy Markdown
Contributor

🤖 Generated by the Daily AI Assistant

CI failure here is a real breaking API change in Talos 1.14.0-alpha.2, not a flake: alpha.2 removed Network() and APIServer() from the config.ClusterConfig interface (moved to the new KubeNetworkConfig/KubeAPIServerConfig multi-document model). Adapting ksail's Talos configmanager is an M-sized migration, tracked in #5771. This bump stays blocked until that lands (or the pin holds at alpha.1 until stable v1.14.0). Not merging as-is.

@devantler

Copy link
Copy Markdown
Contributor

🤖 Generated by the Daily AI Assistant

Closing as superseded by #5775, which bumps both siderolabs/talos and siderolabs/talos/pkg/machinery to v1.14.0-alpha.2 and performs the required configmanager accessor-API migration this bare bump lacks (alpha.2 moved CNI / network / apiserver settings into the multi-document config model).

Note: even with that migration, alpha.2 currently fails ksail's Talos System Tests due to an upstream Talos alpha.2 boot regression in Docker mode (setupSharedFilesystems: invalid argument — EINVAL from making a non-mountpoint shared). See #5775 for the full root-cause. ksail stays on alpha.1 until that is fixed upstream; dependabot will re-propose on the next Talos release.

@devantler devantler closed this Jul 4, 2026
auto-merge was automatically disabled July 4, 2026 01:19

Pull request was closed

@dependabot @github

dependabot Bot commented on behalf of github Jul 4, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@github-project-automation github-project-automation Bot moved this from 🫴 Ready to ✅ Done in 🌊 Project Board Jul 4, 2026
@dependabot dependabot Bot deleted the dependabot/go_modules/github.com/siderolabs/talos/pkg/machinery-1.14.0-alpha.2 branch July 4, 2026 01:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

Status: ✅ Done

Development

Successfully merging this pull request may close these issues.

1 participant