Skip to content

ci(deps): update dependency hashicorp/terraform to v1.13.3

Deniz Raif Durmazrequested to merge
renovate/terraform-monorepo into main

This MR contains the following updates:

Package Update Change
hashicorp/terraform minor 1.10.5 -> 1.13.3

Release Notes

hashicorp/terraform (hashicorp/terraform)

v1.13.3

Compare Source

1.13.3 (September 17, 2025)

BUG FIXES:

  • variable validation: keep sensitive and ephemeral metadata when evaluating variable conditions. (#​37595)

v1.13.2

Compare Source

1.13.2 (September 10, 2025)

BUG FIXES:

  • test: Fix the order of execution of cleanup nodes (#​37546)

  • apply: hide sensitive inputs when values have changed between plan and apply (#​37582)

v1.13.1

Compare Source

1.13.1 (August 27, 2025)

BUG FIXES:

  • Fix regression that caused terraform test with zero tests to return a non-zero exit code. (#​37477)

  • terraform test: prevent panic when resolving incomplete references (#​37484)

v1.13.0

Compare Source

1.13.0 (August 20, 2025)

NEW FEATURES:

  • The new command terraform stacks exposes some stack operations through the cli. Use terraform stacks -usage to see available commands. (#​36931)

ENHANCEMENTS:

  • Filesystem functions are now checked for consistent results to catch invalid data during apply (#​37001)

  • Allow successful init when provider constraint matches at least one valid version (#​37137)

  • Performance fix for evaluating high cardinality resources (#​37154)

  • TF Test: Allow parallel execution of teardown operations (#​37169)

  • terraform test: Test authors can now specify definitions for external variables that are referenced within test files directly within the test file itself. (#​37195)

  • terraform test: File-level variable blocks can now reference run outputs and other variables." (#​37205)

  • skip redundant comparisons when comparing planned set changes (#​37280)

  • type checking: improve error message on type mismatches. (#​37298)

BUG FIXES:

  • Added a missing warning diagnostic that alerts users when child module contains an ignored cloud block. (#​37180)

  • Nested module outputs could lose sensitivity, even when marked as such in the configuration (#​37212)

  • workspace: Updated validation to reject workspaces named "" (#​37267)

  • workspace: Updated the workspace delete command to reject "" as an invalid workspace name (#​37275)

  • plan: truncate invalid or dynamic references in the relevant attributes (#​37290)

  • Test run Parallelism of 1 should not result in deadlock (#​37292)

  • static validation: detect invalid static references via indexes on objects. (#​37298)

  • Fixes resource identity being dropped from state in certain cases (#​37396)

NOTES:

  • The command terraform rpcapi is now generally available. It is not intended for public consumption, but exposes certain Terraform operations through an RPC interface compatible with go-plugin. (#​37067)

UPGRADE NOTES:

  • terraform test: External variables referenced within test files should now be accompanied by a variable definition block within the test file. This is optional, but users with complex external variables may see error diagnostics without the additional variable definition. (#​37195)

Previous Releases

For information on prior major and minor releases, refer to their changelogs:

v1.12.2

Compare Source

1.12.2 (June 11, 2025)

BUG FIXES:

  • partial ephemeral values were rejected in ephemeral outputs (#​37210)

v1.12.1

Compare Source

1.12.1 (May 21, 2025)

BUG FIXES:

  • Include resource identity in import apply UI output (#​37044)

  • Fix regression during provider installation by reverting back to not sending HEAD requests. (#​36998)

  • Avoid crash on test failure in comparison in function call (#​37071)

v1.12.0

Compare Source

1.12.0 (May 14, 2025)

NEW FEATURES:

  • Added Terraform backend implementation for OCI Object Storage (#​34465)

ENHANCEMENTS:

  • Terraform Test command now accepts a -parallelism=n option, which sets the number of parallel operations in a test run's plan/apply operation. (#​34237)

  • Logical binary operators can now short-circuit (#​36224)

  • Terraform Test: Runs can now be annotated for possible parallel execution. (#​34180)

  • Allow terraform init when tests are present but no configuration files are directly inside the current directory (#​35040)

  • Terraform Test: Continue subsequent test execution when an expected failure is not encountered. (#​34969)

  • Produce detailed diagnostic objects when test run assertions fail (#​34428)

  • backend/oss: Supports more standard environment variables to keep same with provider setting (#​36581)

  • Improved elapsed time display in UI Hook to show minutes and seconds in mm:ss format. (#​36368)

  • Update legacy term used in error messages. (Terraform Cloud agent => HCP Terraform Agent) (#​36706)

  • import blocks: Now support importing a resource via a new identity attribute. This is mutually exclusive with the id attribute (#​36703)

BUG FIXES:

  • Refreshed state was not used in the plan for orphaned resource instances (#​36394)

  • Fixes malformed Terraform version error when the remote backend reads a remote workspace that specifies a Terraform version constraint. (#​36356)

  • Changes to the order of sensitive attributes in the state format would erroneously indicate a plan contained changes when there were none. (#​36465)

  • Avoid reporting duplicate attribute-associated diagnostics, such as "Available Write-only Attribute Alternative" (#​36579)

  • for_each expressions in import blocks should not be able to reference the import target (#​36801)

UPGRADE NOTES:

  • On Linux, Terraform now requires Linux kernel version 3.2 or later; support for previous versions has been discontinued. (#​36478)

Previous Releases

For information on prior major and minor releases, refer to their changelogs:

v1.11.4

Compare Source

1.11.4 (April 9, 2025)

BUG FIXES:

  • disable X25519Kyber768Draft00 in TLS to prevent timouts with some AWS network firewalls (#​36791)

  • write-only attributes: internal providers should set write-only attributes to null (#​36824)

v1.11.3

Compare Source

1.11.3 (March 26, 2025)

BUG FIXES:

  • Fixes unintended exit of CLI when using the remote backend and applying with post-plan tasks configured in HCP Terraform (#​36686)

  • Modules with zero instances that contain ephemeral resources could produce an error during apply (#​36719)

v1.11.2

Compare Source

1.11.2 (March 12, 2025)

ENHANCEMENTS:

  • Azure Backend supports ADO Pipelines OIDC token refresh by using the oidc_request_url, oidc_request_token and (the new) ado_pipeline_service_connection_id. (#​36458)

BUG FIXES:

  • Return error when the templatestring function contains only a single interpolation that evaluates to a null value (#​36652)

  • Backend/azure: subscription_id be optional & skip unnecessary management plane API call in some setup (#​36595)

NOTES:

  • Updated dependency github.com/hashicorp/aws-sdk-go-base/v2 to v2.0.0-beta.62 to support newly added AWS regions (#​36625)

v1.11.1

Compare Source

1.11.1 (March 5, 2025)

BUG FIXES:

  • Temporarily revert updated Windows symlink handling until we can account for known existing configurations using non-symlink junctions. (#​36575)

  • terraform test: Fix crash when a run block attempts to cleanup after a non-applyable plan. (#​36582)

  • Updated dependency golang.org/x/oauth2 from v0.23.0 => v0.27.0 to integrate latest changes (fix for CVE-2025-22868) (#​36584)

  • lang/funcs/transpose: Avoid crash due to map with null values (#​36611)

  • Combining ephemeral and sensitive marks could fail when serializing planned changes (#​36619)

v1.11.0

Compare Source

1.11.0 (February 27, 2025)

NEW FEATURES:

  • Add write-only attributes to resources. Providers can specify that certain attributes are write-only. They are not persisted in state. You can use ephemeral values in write-only attributes. (#​36031)

  • terraform test: The -junit-xml option for the terraform test command is now generally available. This option allows the command to create a test report in JUnit XML format. Feedback during the experimental phase helped map terraform test concepts to the JUnit XML format, and new additons may happen in future releases. (#​36324)

  • S3 native state locking is now generally available. The use_lockfile argument enables users to adopt the S3-native mechanism for state locking. As part of this change, we've deprecated the DynamoDB-related arguments in favor of this new locking mechanism. While you can still use DynamoDB alongside S3-native state locking for migration purposes, we encourage migrating to the new state locking mechanism. (#​36338)

ENHANCEMENTS:

  • init: Provider installation will utilise credentials configured in a .netrc file for the download and shasum URLs returned by provider registries. (#​35843)

  • terraform test: Test runs now support using mocked or overridden values during unit test runs (e.g., with command = "plan"). Set override_during = plan in the test configuration to use the overridden values during the plan phase. The default value is override_during = apply. (#​36227)

  • terraform test: Add new state_key attribute for run blocks, allowing test authors control over which internal state file should be used for the current test run. (#​36185)

  • Updates the azure backend authentication to match the terraform-provider-azurermprovider authentication, in several ways:

    • github.com/hashicorp/go-azure-helpers: v0.43.0 -> v0.71.0
    • github.com/hashicorp/go-azure-sdk/[resource-manager/sdk]: v0.20241212.1154051. This replaces the deprecated Azure SDK used before
    • github.com/jackofallops/giovanni: v0.15.1 -> v0.27.0. Meanwhile, updating the azure storage API version from 2018-11-09 to 2023-11-03
    • Following new properties are added for the azure backend configuration:
      • use_cli
      • use_aks_workload_identity
      • client_id_file_path
      • client_certificate
      • client_id_file_path
      • client_secret_file_path (#​36258)

  • Include ca-certificates package in our official Docker image to help with certificate handling by downstream (#​36486)

BUG FIXES:

  • ephemeral values: correct error message when ephemeral values are included in provisioner output (#​36427)

  • Attempting to override a variable during apply via TF_VAR_ environment variable will now yield warning instead of misleading error. (#​36435)

  • backends: Fix crash when interrupting during interactive prompt for values (#​36448)

  • Fixes hanging behavior seen when applying a saved plan with -auto-approve using the cloud backend (#​36453)

Previous Releases

For information on prior major and minor releases, refer to their changelogs:

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Merge request reports