chore(deps): update dependency gruntwork-io/terragrunt to v1

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Update	Change
gruntwork-io/terragrunt	major	0.72.0 → 1.0.0

---

Release Notes

gruntwork-io/terragrunt (gruntwork-io/terragrunt)

v1.0.0

Compare Source

🎉 v1.0.0 Release

Terragrunt is now v1!

This means that Terragrunt will no longer have any breaking changes in minor releases, with all future breaking changes taking place in (infrequent) future major releases.

For a list of guarantees that will be observed by maintainers for the duration of Terragrunt 1.0, see the Terragrunt 1.0 Guarantees page in the docs.

🛠️ Breaking Changes

Consistent .terragrunt-cache directory generation

Terragrunt now creates a .terragrunt-cache directory for every run, regardless of whether the terragrunt.hcl file defines a terraform block with a source attribute.

This change improves consistency across all Terragrunt executions, as OpenTofu/Terraform will now always run within the .terragrunt-cache directory. This standardized behavior simplifies troubleshooting and makes the execution model more predictable.

[!NOTE]
If you currently depend on hidden files located in units to be available in your cache directory, use the include_in_copy attribute of the terraform block.

Removal of tflint

Terragrunt has been shipping with a version of tflint compiled into the binary to allow for more convenient usage without installing tflint directly. However due to the adoption of a BUSL license in tflint, the version included in Terragrunt was frozen.

The dependency on tflint is now fully removed from Terragrunt. If you want to call tflint using a before_hook using Terragrunt, you will have to have tflint installed locally to do so.

To reduce the burden of this breaking change, Terragrunt will continue to provide conveniences like automatically running tflint init on behalf of users, although it no longer ships with a compiled version of tflint in the terragrunt binary.

To learn more, read the documentation on the integration with tflint.

Discovery commands discover hidden configurations by default

The find and list commands now discover units/stacks in hidden directories by default (this previously required usage of the --hidden flag), notably this now discovers .terragrunt-stack directories by default. The commands also now support an opt-in --no-hidden flag to avoid discovery in hidden directories.

The --hidden flag has been deprecated, and will not be removed in 1.0. Using the flag no longer does anything.

render --format=json no longer discovers dependents by default

Prior to this release, the render --format=json command would automatically start to perform dependent discovery on other units related to the unit being rendered. Avoiding this required usage of the --disable-dependent-modules flag. That behavior has been removed. HCL and JSON rendering of unit configurations will now proceed without the additional overhead of dependent discovery by default.

This functionality is better served by a combination of find and graph-based filters.

e.g. If you want to detect all the dependents of a given unit foo, expecting to find the dependent unit bar you can run the following:

$ terragrunt find --filter '...^foo'
bar

If you aren't familiar with filters, this reads as "find all dependents of foo, not foo itself"

Windows compatibility in file paths improved

All HCL functions now return operating system native file paths without forward slash normalization.

• get_terragrunt_dir()
• get_original_terragrunt_dir()
• get_parent_terragrunt_dir()
• get_path_from_repo_root()
• get_path_to_repo_root()
• find_in_parent_folders()
• path_relative_to_include()
• path_relative_from_include()

If you and your team do not work in Windows environments, you are unlikely to see any change as a consequence of this. If you do use Terragrunt in a Windows environment, Terragrunt will now return appropriate Windows file paths, with backslashes as file path separators instead of Unix-like forward slashes.

If you need to normalize paths, you can use the replace function to achieve this.

# root.hcl

remote_state {
  backend = "s3"

  generate = {
    path      = "backend.tf"
    if_exists = "overwrite_terragrunt"
  }

  config = {
    bucket = "my-tofu-state"

    key            = "${replace(path_relative_to_include(), "\\", "/")}/tofu.tfstate"
    region         = "us-east-1"
    encrypt        = true
    dynamodb_table = "my-lock-table"
  }
}

Ambiguous unit/stack components now throw errors

Previously, Terragrunt would silently engage in undefined behavior when both a terragrunt.hcl and terragrunt.stack.hcl file existed in the same directory.

With this release, Terragrunt will start to throw warnings and prevent such usage. Users will have to ensure that only one of a unit (terragrunt.hcl) or stack configuration (terragrunt.stack.hcl) exist in a unit or stack directory, respectively.

✨ New Features

Tips added

Terragrunt will now provide helpful tips when it detects usage patterns that might benefit from some additional guidance.

You can disable the display of tips at any time using --no-tips or disable individual tips with --no-tip, (e.g. --no-tip=debugging-docs).

--report-file support for single runs

The --report-file will now generate reports even when runs are performed without the --all flag.

Improved error messages for undefined flags

Detection has been added for scenarios when a user is using a flag that might be meant to be passed to OpenTofu/Terraform in the run command, and suggests using the -- argument to pass it through.

As an example:

$ terragrunt run providers lock -platform linux_amd64 -platform darwin_arm64
14:52:19.496 ERROR  flag `-platform` is not a Terragrunt flag. If this is an OpenTofu/Terraform flag, use `--` to forward it (e.g., `terragrunt run -- <command> -platform`).

🏎️ Performance Improvements

Discovery performance improved

The way in which Terragrunt discovers and filters units and stacks for runs has improved significantly.

Terragrunt is now better at avoiding parsing units/stacks unnecessarily, based on the filter you use. Previously, the logic used was more coarse, and could result in a requirement to parse some configurations (e.g. presence of a dependency graph expression) to result in parsing all configurations. Discovery has been refactored to allow for much more careful opt-in parsing based on the need to support the filter used by users (or lack thereof).

This will also result in improvements to Terragrunt's ability to ignore broken parts of infrastructure estates when Terragrunt can predictably determine that it won't impact a run.

EncodeSourceVersion execution sped up

The performance of EncodeSourceVersion has been improved by utilizing SkipDir to optimize directory traversals.

Special thanks to @​healthy-pod for contributing this improvement!

Provider Cache Server used for fetching outputs from dependencies

The Provider Cache Server is now used when fetching outputs from dependencies, improving performance of output resolution for users using the provider cache server.

🐛 Bug Fixes

Improved filter parsing errors

Parsing errors returned when invalid filter queries are used with --filter have been improved to provide more detailed error messages and actionable recommendations.

Retries added for registry timeouts in provider cache server

The Provider Cache Server will now perform automatic retries on timeouts to OpenTofu/Terraform provider registries.

Discoverability of init-from-module documentation improved

The special internal init-from-module command referenced in hooks has had its documentation improved to make it easier to discover. It was difficult to find in the terraform HCL block documentation, and that resulted in confusion for users.

Over-warning on strict controls prevented

Using --strict-mode resulted in over-warning on completed controls. Those warnings will no longer appear when using strict mode.

Stdout/stderr from run_cmd emitted when included

A bug prevented the run_cmd HCL function from emitting to stdout/stderr when included by a unit. That bug has been fixed.

Provider Cache Server integration with custom registries fixed

The Provider Cache Server now properly integrates with custom registries. You will still need to use the --provider-cache-registry-names flag to ensure that the Provider Cache Server properly handles proxying requests to the custom provider registry.

The no_run attribute of exclude is fixed

A bug prevented the no_run attribute of the exclude block from being respected when being explicitly set to false (as opposed to not being defined at all). This bug has been fixed.

The --report-file is now respected for single runs

The --report-file will now generate reports even when runs are performed without the --all flag.

Path manipulation removed from log messages

Log messages no longer have paths updated automatically. This caused confusion for users when seeing OpenTofu/Terraform stdout and hook stdout emitted through logs, as paths were unconditionally updated to be relative to the unit path. This logic has been moved to logging call sites to ensure that external process stdout/stderr is not manipulated unexpectedly.

Absolute URLs in registry self-discovery integration with Provider Cache Server Fixed

When using the Provider Cache Server in conjunction with a remote registry using absolute URLs for modules, the Provider Cache Server will now properly resolve the module source.

SOPS decryption race condition fixed

A race condition in the concurrent access to SOPS decrypted secrets in different environments combined with usage of the --auth-provider-cmd flag resulted in authentication failures. Synchronization controls have been introduced to ensure authentication proceeds correctly for each environment independently.

Version constraints in stack runs fixed

When running against a stack, a bug prevented Terragrunt + OpenTofu/Terraform version constraints from being respected while using the terragrunt_version_constraint and terraform_version_constraint HCL attributes. That bug has been fixed.

Interrupt signal propagation to OpenTofu/Terraform fixed

The mechanism by which Terragrunt sends interrupt signals to OpenTofu/Terraform processes it started has been made more robust. Terragrunt will now send the interrupt signal in the event that a user explicitly sends an interrupt signal to Terragrunt in addition to scenarios where Terragrunt's context cancellation is triggered (e.g. in the event of a timeout).

Remote state configuration parsing fixed

Remote state configuration parsing (especially S3) is now more tolerant of common input formats, reducing decode-related failures from type mismatches in configuration values.

Parsing behavior has also been made more consistent across related remote configuration blocks in Terragrunt, with regression tests added to prevent future breakages.

Invalid unit configurations cause explicit errors instead of silently being excluded during runs

A bug in discovery logic resulted in units with invalid HCL configurations being silently excluded from runs with a warning. This bug has been fixed, and attempting to parse invalid HCL configurations during a run will result in an error.

Partial parse configuration cache fixed

A bug affecting the partial parse configuration cache (in use when the --use-partial-parse-config-cache flag is supplied) has been resolved, ensuring configurations are cached and read accurately without incorrect cache collisions.

Engine output adjusted

The display and formatting of engine outputs have been updated to be cleaner and more intuitive for users when running Terragrunt workflows.

Stdout/Stderr entries emitted from engines will now have the engine tool listed instead of tofu.

More accurate matching of retryable errors

Fixes a bug where retries were triggered when an expected error is matched against non-stderr output from external process errors.

Duplicate error reporting fixed

Fixes a bug where duplicate errors were reported when running units through the worker pool subsystem.

Interaction between --working-dir and -detailed-exitcode fixed

Fixes a bug where the wrong cache key was used for storing exit codes for OpenTofu/Terraform runs in units when the --working-dir flag was also used.

Variable sanitization via escaping added

Escaping added for interpolation expressions (e.g. ${foo}) that are unlikely to be desired by users.

Removing usage of filepath.Abs and reducing usage of filepath.ToSlash

Usage of the Golang filepath.Abs and filepath.ToSlash standard library functions significantly reduced. Overly broad application of these functions to file paths caused subtle operating system compatibility issues and incompatibility with the --working-dir flag.

The codebase has been updated to only use filepath.Abs early on in initialization of the CLI prior to setting the value of --working-dir (after which, working dir is considered the source of truth for file path canonicalization) and tests. The codebase has been updated to use filepath.ToSlash only where unix-style forward slash normalization is a requirement (e.g. when used in file path globs).

Handling of backend init when disable_init=true

Fixes a bug where disable_init = true affected behavior beyond Terragrunt's bootstrap operations. disable_init now correctly limits its scope to Terragrunt bootstrap steps only.

Fix detection of offline usage in Provider Cache Server

A bug in the detection of offline usage in the Provider Cache Server resulted in attempts to reach the default provider registry for OpenTofu/Terraform to trigger errors even when using the Provider Cache Server to proxy requests to a network or filesystem mirror.

This has been fixed. When the default provider registry isn't available for OpenTofu/Terraform for any reason, the Provider Cache Server will use the provided network/filesystem mirror instead without attempting to use the discovery endpoint. This will help users in air-gapped environments using the Provider Cache Server.

Improved log messages for hooks with errors

Hooks encountering errors will now return errors that better communicate whether an error was caused by failure to execute an external process or successfully running an external process, but receiving a non-zero exit code.

Relative paths in reading files fixed

A bug in the logic for incorporating includes as absolute paths in tracked "read" files has been fixed.

OpenTofu file extensions handled in catalog and scaffold

Terragrunt catalog now lists modules that use .tofu, .tf.json, or .tofu.json files. Terragrunt scaffold now parses variables from .tofu files — previously, variables defined in .tofu files were silently missing from the generated terragrunt.hcl.

Bootstrap use_lockfile boolean handling fixed

A bug in remote state backend configuration caused use_lockfile = true to be emitted as use_lockfile = "true" (quoted string), which OpenTofu/Terraform rejects. Boolean values in backend config are now normalized correctly.

Provider cache lock file corruption fixed

A bug that could cause provider cache lock file corruption has been fixed.

Git filter discovery for read_terragrunt_config fixed

Git-filter discovery now correctly detects stacks affected by changes to sidecar files read via read_terragrunt_config(), by parsing stack files to check FilesRead against diff paths instead of relying on generic directory-based detection.

S3 bucket tagging moved to bucket creation

S3 bucket tagging during backend bootstrapping has been moved to bucket creation. This prevents errors caused when SCPs restrict creation of buckets without appropriate tags.

Windows user input fixed

A bug on Windows caused user input prompts (e.g. for confirming apply) to stop working after subprocess execution. Terragrunt now saves and restores console state around every subprocess execution and re-enables Virtual Terminal processing.

Authentication during queue construction fixed

A bug in the logic for parsing configurations during discovery for use-cases like --filter 'reading=*' where configurations need to be parsed to determine whether or not they end up in the final run queue has been fixed. Configurations will now properly call any configured --auth-provider-cmd authenticator before parsing configurations, preventing errors for HCL functions like sops_decrypt_file that require authentication before parsing can proceed.

hcl fmt on unintended files during scaffold fixed

A bug caused hcl fmt to run on files that weren't generated by scaffold. Formatting is now scoped to only scaffolded content.

Input precision loss fixed

A bug in the way Terragrunt handled setting of OpenTofu/Terraform inputs from numbers resulted in precision loss. That bug has been fixed.

📖 Documentation Updates

1.0 Guarantees

A living document named Terragrunt 1.0 Guarantees has been added to the Terragrunt website clarifying what is and isn't considered a breaking change for the duration of 1.0.

Over time, as ambiguity in edge-cases for what is considered a breaking change are addressed, the page will be updated so that you can be confident your workflows won't be impaired.

llms.txt added

An /llms.txt route has been added to the Terragrunt website to make it easier for LLMs to consume Terragrunt documentation in Markdown format.

New Home for the Terragrunt website!

The Terragrunt website is now hosted at https://terragrunt.com and https://docs.terragrunt.com for marketing and documentation purposes, respectively.

Existing links to https://terragrunt.gruntwork.io should seamlessly redirect to the new domain that hosts the content for that URI.

🧪 Experiments Updated

Engines now use GitHub environment variables for downloads

When downloading engines using the engine experiment, Terragrunt will detect and leverage the GH_TOKEN and GITHUB_TOKEN environment variables if present to authenticate with the GitHub API while performing release discovery and download of engines.

⚙️ Process Updates

Go bumped to v1.26

The version of Golang used to compile the Terragrunt binary has been updated to v1.26.0.

OpenTofu/Terraform Compatibility Updated

Terragrunt is now continuously tested against OpenTofu 1.11.4 and Terraform 1.14.4 in CI.

AWS and GRPC dependencies update

Updated AWS SDK and gRPC dependencies to pick up the latest bug fixes and security patches:

• google.golang.org/grpc to v1.79.1
• github.com/aws/aws-sdk-go-v2/config to v1.32.8
• github.com/aws/aws-sdk-go-v2/credentials to v1.19.8

What's Changed

• feat: Improving filter parsing errors by @​yhakbar in #​5413
• feat: Adding community invite link redirect by @​yhakbar in #​5432
• feat: .terragrunt-cache directory creation by @​denis256 in #​5402
• feat: use github auth for engine release checks / downloads by @​thisguycodes in #​5447
• feat: Adding --no-hidden flag to discovery commands and deprecating --hidden by @​yhakbar in #​5450
• feat: Adding tip system by @​yhakbar in #​5434
• fix: Addressing bucket verification flake by @​yhakbar in #​5419
• fix: Fixing TestTerragruntDestroyOrder flake by @​yhakbar in #​5427
• fix: Adding lock files to cache key for provider cache by @​yhakbar in #​5430
• fix: Fixing TestSopsDecryptOnMissing test by @​yhakbar in #​5428
• fix: Fixing TestTerragruntStackCommandsWithSymlinks test by @​yhakbar in #​5426
• fix: Adding timeout and avoiding null caching in GitHub API memoization in docs by @​yhakbar in #​5429
• fix: fixing TestTerragruntDestroyOrderWithQueueIgnoreErrors flake by @​thisguycodes in #​5436
• fix: Fixing usage of %w in logs by @​yhakbar in #​5441
• fix: Updating --auth-provider-cmd schema in flags docs by @​yhakbar in #​5435
• fix: Fixing TestAwsBootstrapBackendWithAccessLoggingFlake by @​yhakbar in #​5442
• fix: Fixing null input passing by @​yhakbar in #​5455
• fix: Fixing flake in TestDeprecatedDefaultCommand_TerraformSubcommandCliArgs by @​yhakbar in #​5456
• fix: Addressing review feedback on #​5455 by @​yhakbar in #​5459
• fix: Fixing TestAwsS3SSECustomKey by @​yhakbar in #​5457
• fix: Use helpers.CopyEnvironment wherever there's a test with side-effects by @​yhakbar in #​5460
• fix: Handle registry timeouts in provider cache server by @​yhakbar in #​5471
• fix: Adding test for init-from-module and improving discoverability by @​yhakbar in #​5491
• fix: Fixing over-warning on strict controls by @​yhakbar in #​5501
• fix: Emit output from run_cmd when included by @​yhakbar in #​5495
• fix: Fixing provider cache server integration with custom registry by @​yhakbar in #​5500
• fix: Fixing exclude no_run behavior by @​yhakbar in #​5506
• fix: Adding --report-file support to single runs by @​yhakbar in #​5507
• fix: Removing path manipulation in log messages by @​yhakbar in #​5489
• fix: Fixing cache server absolute URLs in self-discovery by @​yhakbar in #​5519
• fix: SOPS decryption env variables locking by @​denis256 in #​5522
• fix: Fixing respect for version constraints when running a stack by @​yhakbar in #​5516
• fix: Fixing signal propagation by @​yhakbar in #​5518
• fix: Addressing render --format=json by @​yhakbar in #​5511
• fix: Fixing partial parse config cache by @​yhakbar in #​5538
• fix: Using SyncWriter to fix TestTerragruntReportWithUnitTiming flakes by @​yhakbar in #​5494
• fix: Adjusting engine output by @​yhakbar in #​5386
• fix: Assume any transport errors to discovery URL are a sign that the user is offline by @​yhakbar in #​5615
• fix: duplicate error reporting in worker pool by @​anuragrao04 in #​5526
• fix: Fixing #​3514 by @​yhakbar in #​5739
• fix: Fixing #​4556 by @​yhakbar in #​5640
• fix: Fixing -detailed-exitcode when used in combination with --working-dir by @​yhakbar in #​5590
• fix: Fixing hcl fmt on unintended files during scaffold by @​yhakbar in #​5721
• fix: Fixing CORS for terragrunt.com by @​yhakbar in #​5631
• fix: Fixing incremental lint issue by @​yhakbar in #​5592
• fix: Fixing provider cache lock file corruption by @​yhakbar in #​5692
• fix: Fixing redirect for /contact-tgs by @​yhakbar in #​5636
• fix: Fixing relative paths in tracked reading files by @​yhakbar in #​5651
• fix: Fixing SOPS call during queue construction by @​yhakbar in #​5722
• fix: handling of backend init when disable_init=true by @​denis256 in #​5594
• fix: handling of invalid paths in read_terragrunt_config by @​denis256 in #​5753
• fix: Improving error message for undefined flags by @​yhakbar in #​5571
• fix: Increasing accuracy of retryable errors match by @​yhakbar in #​5568
• fix: Moving tagging to bucket creation by @​yhakbar in #​5706
• fix: Removing usage of filepath.Abs in production code and reducing usage of filepath.ToSlash by @​yhakbar in #​5597
• fix: variables values interpolation by @​denis256 in #​5585
• fix: fixed bootstrap and use_lockfile by @​denis256 in #​5665
• fix: handling of tofu extensions by @​denis256 in #​5675
• fix: windows user input fixes by @​denis256 in #​5710
• fix: worktree fixes for read_terragrunt_config by @​denis256 in #​5682
• docs: Memoizing latest release call by @​yhakbar in #​5424
• docs: Adding 1.0 guarantees by @​yhakbar in #​5425
• docs: Update terminology to use the new root.hcl pattern by @​hashlash in #​5135
• docs: Change move command to copy and corrected supporting text in quick st… by @​therealgglggl in #​5332
• docs: Add output_dir to inputs in multiple sections by @​therealgglggl in #​5334
• docs: add instructions on bypassing tflint integration behavior by @​thisguycodes in #​5437
• docs: tweak opening wording of stacks generate by @​thisguycodes in #​5443
• docs: Adding llms.txt by @​yhakbar in #​5449
• docs: Update provider cache documentation to include a valid command by @​CodyRay in #​5276
• docs: Adding --tip and --no-tips docs by @​yhakbar in #​5468
• docs: remove lint meta comment that's getting displayed on the site by @​thisguycodes in #​5470
• docs: install page checksum signature check by @​denis256 in #​5473
• docs: New ambassador by @​karlcarstensen in #​5496
• docs: Simple component for pagefind styles by @​karlcarstensen in #​5523
• docs: Pagefind css by @​karlcarstensen in #​5524
• docs: Fix command reference in CLI redesign documentation by @​PedroMartinSteenstrup-htg in #​5541
• docs: Adding Golang compatibility notes by @​yhakbar in #​5544
• docs: Breaking down filters docs by @​yhakbar in #​5552
• docs: Revert css fixes now that docs site is live by @​karlcarstensen in #​5556
• docs: Making filter docs a bit more consistent by @​yhakbar in #​5557
• docs: Adding callout for the lack of library compatibility guarantees by @​yhakbar in #​5564
• docs: Adding a changelog by @​yhakbar in #​5754
• docs: Adding changelog copy button by @​yhakbar in #​5755
• docs: Adding more v1.0.0 changelog docs by @​yhakbar in #​5756
• docs: Adding tgs discord link by @​yhakbar in #​5750
• docs: Addressing docs gaps by @​yhakbar in #​5742
• docs: Breaking down features by @​yhakbar in #​5684
• docs: compatibility table updates by @​denis256 in #​5609
• docs: Documenting --queue-strict-include deprecation in strict controls by @​yhakbar in #​5581
• docs: Documenting deprecation of --disable-dependent-modules by @​yhakbar in #​5539
• docs: Fix 'move' to 'moved' block in documentation by @​hashlash in #​5661
• docs: Fix typo in overview documentation by @​BenjaminHerbert in #​5666
• docs: Fixing 404s by @​yhakbar in #​5637
• docs: Fixing Migrating Deprecated Attributes by @​yhakbar in #​5638
• docs: Moving docs-starlight to docs by @​yhakbar in #​5635
• docs: Updating dependency-fetch-output-from-state experiment docs by @​yhakbar in #​5740
• docs: Updating docs dependencies by @​yhakbar in #​5686
• docs: Fix theme light/dark by @​karlcarstensen in #​5669
• docs: Fixing button by @​karlcarstensen in #​5667
• docs: Hide switcher in hamburger menu by @​karlcarstensen in #​5668
• docs: Setting up migration to docs.terragrunt.com by @​yhakbar in #​5514
• chore: removal of unused AssumeAlreadyApplied field by @​denis256 in #​5417
• chore: IaC tool CLI arguments re-ordering by @​denis256 in #​5414
• chore: IAC tool cli building improvements by @​denis256 in #​5448
• chore: Adding fuzz tests for filter by @​yhakbar in #​5420
• chore: Remove tflint by @​thisguycodes in #​5433
• chore: Using slim runners where possible by @​yhakbar in #​5461
• chore: iac cli package by @​denis256 in #​5462
• chore: removed unused public functions and constants by @​denis256 in #​5472
• chore: go bump to 1.25.6 by @​denis256 in #​5481
• chore: IaC update - Terraform 1.14.4 Opentofu 1.11.4 by @​denis256 in #​5479
• chore: Updates the discord link by @​karlcarstensen in #​5521
• chore: Adding testing for RelPathForLog by @​yhakbar in #​5513
• chore: dependencies update - otel, aws, go-git by @​denis256 in #​5533
• chore: removed unused constatns, simplified noRun checking by @​denis256 in #​5517
• chore: Adding VFS testing by @​yhakbar in #​5490
• chore: Bumping Go to 1.26 by @​yhakbar in #​5543
• chore: Remote config parsing improvements by @​denis256 in #​5540
• chore: Refactor discovery for nuanced parse handling by @​yhakbar in #​5477
• chore: Units code cleanup by @​denis256 in #​5550
• chore(deps): bump aws-actions/configure-aws-credentials from 5 to 6 by @​dependabot[bot] in #​5553
• chore: SOPS tests improvements by @​denis256 in #​5554
• chore: Removing options from components by @​yhakbar in #​5551
• chore: refactor cache dir exclusion code by @​healthy-pod in #​5559
• chore: Clean up of #​5559 by @​yhakbar in #​5561
• chore: Adding lll lint incrementally by @​yhakbar in #​5582
• chore: Adding terragrunt-infrastructure-live-stacks-example test by @​yhakbar in #​5703
• chore: Adding external testing for config by @​yhakbar in #​5653
• chore: Adding some testing for logs by @​yhakbar in #​5641
• chore: Adding test to verify that the Provider Cache Server is used when fetching outputs from dependencies by @​yhakbar in #​5611
• chore: Addressing #​5589 feedback by @​yhakbar in #​5633
• chore: Addressing #​5707 feedback by @​yhakbar in #​5712
• chore: addressing PR #​5665 feedback by @​denis256 in #​5696
• chore: Addressing review feedback from #​5597 by @​yhakbar in #​5604
• chore: aws-sdk-go-v2 dependency update by @​denis256 in #​5747
• chore: aws-sdk-go-v2 version bump by @​denis256 in #​5610
• chore: CICD base tests performance improvements by @​denis256 in #​5505
• chore: Cleaning up shell scripts by @​yhakbar in #​5707
• chore: Compile filter globs earlier by @​yhakbar in #​5574
• chore: cosign v4 upgrade by @​denis256 in #​5676
• chore: dead code removal by @​denis256 in #​5683
• chore: go dependencies update by @​denis256 in #​5634
• chore: go-getter upgrade 1.8.5 by @​denis256 in #​5691
• chore: GRPC and AWS dependencies update by @​denis256 in #​5572
• chore: handling of terragrunt and stack files by @​denis256 in #​5645
• chore: improved log message for failing hooks by @​denis256 in #​5603
• chore: lint cache key update by @​denis256 in #​5588
• chore: Moving filters to opts by @​yhakbar in #​5591
• chore: Moving permissions down to job level when possible by @​yhakbar in #​5705
• chore: Multiple dependencies bump by @​denis256 in #​5673
• chore: Pinning workflows further by @​yhakbar in #​5704
• chore: Re-enabling rustfs test by @​yhakbar in #​5751
• chore: Reducing dependency on opts in config - Part Four by @​yhakbar in #​5573
• chore: Reducing dependency on opts in config - Part Three by @​yhakbar in #​5569
• chore: Reducing dependency on opts in config - Part Two by @​yhakbar in #​5563
• chore: Reducing dependency on opts in config by @​yhakbar in #​5560
• chore: Removing options from awshelper by @​yhakbar in #​5587
• chore: Removing options from runner and remotestate by @​yhakbar in #​5589
• chore: Removing explicit mise cache by @​yhakbar in #​5694
• chore: Removing imports of options from tf by @​yhakbar in #​5583
• chore: Removing options from shell by @​yhakbar in #​5584
• chore: Removing Terratest dependency by @​yhakbar in #​5614
• chore: Reverting tmpfs mount by @​yhakbar in #​5744
• chore: sops upgrade to 3.12.2 by @​denis256 in #​5718
• chore: sops v3.12.1 gcp storage v1.60.0 by @​denis256 in #​5618
• chore: Temporarily skipping rustfs test by @​yhakbar in #​5749
• chore: upgraded github.com/buger/jsonparser to v1.1.2 by @​denis256 in #​5729
• chore: Verifying fix for #​3080 by @​yhakbar in #​5639
• chore(deps): bump @​astrojs/vercel from 10.0.0 to 10.0.2 in /docs by @​dependabot[bot] in #​5741
• chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 by @​dependabot[bot] in #​5626
• chore(deps): bump actions/download-artifact from 8.0.0 to 8.0.1 by @​dependabot[bot] in #​5698
• chore(deps): bump actions/setup-go from 6.2.0 to 6.3.0 by @​dependabot[bot] in #​5628
• chore(deps): bump actions/stale from 10.1.1 to 10.2.0 by @​dependabot[bot] in #​5600
• chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by @​dependabot[bot] in #​5627
• chore(deps): bump digicert/ssm-code-signing from 1.1.1 to 1.2.1 by @​dependabot[bot] in #​5527
• chore(deps): bump fast-xml-parser, @​aws-sdk/client-s3, @​aws-sdk/client-dynamodb, @​aws-sdk/lib-dynamodb and @​aws-sdk/s3-request-presigner in /docs-starlight/src/fixtures/terralith-to-terragrunt/app/best-cat by @​dependabot[bot] in #​5578
• chore(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 in /test/flake by @​dependabot[bot] in #​5620
• chore(deps): bump google.golang.org/grpc from 1.79.2 to 1.79.3 by @​dependabot[bot] in #​5708
• chore(deps): bump handlebars from 4.7.8 to 4.7.9 in /docs/src/fixtures/terralith-to-terragrunt/app/best-cat by @​dependabot[bot] in #​5745
• chore(deps): bump jdx/mise-action from 3.6.1 to 3.6.2 by @​dependabot[bot] in #​5647
• chore(deps): bump jdx/mise-action from 3.6.2 to 3.6.3 by @​dependabot[bot] in #​5678
• chore(deps): bump jdx/mise-action from 3.6.3 to 4.0.0 by @​dependabot[bot] in #​5699
• chore(deps): bump mikepenz/action-junit-report from 6.1.0 to 6.3.1 by @​dependabot[bot] in #​5697
• chore(deps): bump the js-dependencies group across 1 directory with 9 updates by @​dependabot[bot] in #​5602
• chore: tests coverage collection by @​denis256 in #​5717
• build(deps): bump sigstore/cosign-installer from 3.10.1 to 4.0.0 by @​dependabot[bot] in #​5486
• chore: Revert "build(deps): bump sigstore/cosign-installer from 3.10.1 to 4.… by @​yhakbar in #​5656
• perf: speed up EncodeSourceVersion by using SkipDir by [@​healthy-pod](https://redirect.g

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.