#5909 test(atlantis): fake change to trigger plan Pull request opened by Luthernmr ## what ## why ## tests ## references runatlantis/atlantis

#5910 chore(deps): update github/codeql-action action to v3.30.9 in .github/workflows/scorecard.yml (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | | ------------------------------------------------------------------------ | ------ | ------ | ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | v3.30.8 -> v3.30.9 | [[OpenSSF Scorecard](https://camo.githubusercontent.com/022cb174dc4b9ace5867eeb6408ad79e645ea194cd77cf4d40ff05e6763dd313/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f6769746875622f636f6465716c2d616374696f6e2f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/github/codeql-action) | --- ### Release Notes github/codeql-action (github/codeql-action) ### `v3.30.9` Compare Source ##### CodeQL Action Changelog See the releases page for the relevant changes to the CodeQL CLI and language packs. ##### 3.30.9 - 17 Oct 2025 • Update default CodeQL bundle version to 2.23.3. #​3205 • Experimental: A new

setup-codeql

action has been added which is similar to

init

, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #​3204 See the full CHANGELOG.md for more information. --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

#5911 chore(deps): update github/codeql-action digest to d198d2f in .github/workflows/codeql.yml (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | | ------------------------------------------------------------------------ | ------ | ------ | ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | digest | 4221315 -> d198d2f | [[OpenSSF Scorecard](https://camo.githubusercontent.com/022cb174dc4b9ace5867eeb6408ad79e645ea194cd77cf4d40ff05e6763dd313/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f6769746875622f636f6465716c2d616374696f6e2f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/github/codeql-action) | --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

#5912 chore(deps): update go in go.mod (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | Pending | OpenSSF | | ----------------------------------------------------------------------- | ------ | ------ | ------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | | [go](https://go.dev/) ([source](https://redirect.github.com/golang/go)) | golang | patch | 1.25.1 -> 1.25.3 | [[OpenSSF Scorecard](https://camo.githubusercontent.com/c969aea50aa6c73e27384d8508b5fc8f9d31bd400c588089a1c7a7cdbb51ec23/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f676f6c616e672f676f2f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/golang/go) | | | golang | final | patch | 1.25.1 -> 1.25.2 | 1.25.3 | | | golang | stage | patch | 1.25.1-alpine -> 1.25.3-alpine | | | --- ### Release Notes golang/go (go) ### `v1.25.3` ### `v1.25.2` --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

#5913 chore(deps): update dependency @playwright/test to v1.56.1 in package.json (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | | ------------------------------------------------------------------------------------------------------- | --------------- | ------ | -------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [@playwright/test](https://playwright.dev) ([source](https://redirect.github.com/microsoft/playwright)) | devDependencies | minor | [1.55.1 -> 1.56.1](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.55.1/1.56.1) | [[OpenSSF Scorecard](https://camo.githubusercontent.com/b704a4066dce71232654bf39c03e5a6655e421664877e1dfa13e2a2b9183006b/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f6d6963726f736f66742f706c61797772696768742f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/microsoft/playwright) | --- ### Release Notes microsoft/playwright (@​playwright/test) ### `v1.56.1` Compare Source #### Highlights #​37871 chore: allow local-network-access permission in chromium #​37891 fix(agents): remove workspaceFolder ref from vscode mcp #​37759 chore: rename agents to test agents #​37757 chore(mcp): fallback to cwd when resolving test config #### Browser Versions • Chromium 141.0.7390.37 • Mozilla Firefox 142.0.1 • WebKit 26.0 ### `v1.56.0` Compare Source #### Playwright Agents Introducing Playwright Agents, three custom agent definitions designed to guide LLMs through the core process of building a Playwright test: • 🎭 planner explores the app and produces a Markdown test plan • 🎭 generator transforms the Markdown plan into the Playwright Test files • 🎭 healer executes the test suite and automatically repairs failing tests Run

npx playwright init-agents

with your client of choice to generate the latest agent definitions: ### Generate agent files for each agentic loop ### Visual Studio Code npx playwright init-agents --loop=vscode ### Claude Code npx playwright init-agents --loop=claude ### opencode npx playwright init-agents --loop=opencode

[!NOTE]

VS Code v1.105 (currently on the VS Code Insiders channel) is needed for the agentic experience in VS Code. It will become stable shortly, we are a bit ahead of times with this functionality!

Learn more about Playwright Agents #### New APIs • New methods page.consoleMessages() and page.pageErrors() for retrieving the most recent console messages from the page • New method page.requests() for retrieving the most recent network requests from the page • Added `--test-list` and `--test-list-invert` to allow manual specification of specific tests from a file #### UI Mode and HTML Reporter • Added option to

'html'

reporter to disable the "Copy prompt" button • Added option to

'html'

reporter and UI Mode to merge files, collapsing test and describe blocks into a single unified list • Added option to UI Mode mirroring the

--update-snapshots

options • Added option to UI Mode to run only a single worker at a time #### Breaking Changes • Event browserContext.on('backgroundpage') has been deprecated and will not be emitted. Method browserContext.backgroundPages() will return an empty list #### Miscellaneous • Aria snapshots render and compare

input

placeholder

• Added environment variable

PLAYWRIGHT_TEST

to Playwright worker processes to allow discriminating on testing status #### Browser Versions • Chromium 141.0.7390.37 • Mozilla Firefox 142.0.1 • WebKit 26.0 --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

#5914 chore(deps): update dependency open-policy-agent/conftest to v0.63.0 in dockerfile (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Update | Change | OpenSSF | | ------------------------------------------------------------------------------------ | ------ | ---------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [open-policy-agent/conftest](https://redirect.github.com/open-policy-agent/conftest) | minor | 0.62.0 -> 0.63.0 | [[OpenSSF Scorecard](https://camo.githubusercontent.com/02a4aef64d2c5192de53266ba3c27ad831608eb54e62f90ce37392cbb2a73789/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f6f70656e2d706f6c6963792d6167656e742f636f6e66746573742f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/open-policy-agent/conftest) | --- ### Release Notes open-policy-agent/conftest (open-policy-agent/conftest) ### `v0.63.0` Compare Source #### Changelog ##### New Features • `30b9a8d`: feat: add reformat command for JSON output conversion (#​1153) (@​thevilledev) ##### Bug Fixes • `ffb6ce3`: fix: Add explicit line-number to GitHub output (#​1173) (@​tun0) ##### OPA Changes • `64bf641`: build(deps): bump github.com/open-policy-agent/opa from 1.6.0 to 1.7.1 (#​1156) (@​dependabot[bot]) • `981983b`: build(deps): bump github.com/open-policy-agent/opa from 1.7.1 to 1.8.0 (#​1165) (@​dependabot[bot]) • `c7aa1d4`: build(deps): bump github.com/open-policy-agent/opa from 1.8.0 to 1.9.0 (#​1175) (@​dependabot[bot]) ##### Other Changes • `0d903ce`: build(deps): bump actions/checkout from 4 to 5 (#​1158) (@​dependabot[bot]) • `364cf32`: build(deps): bump actions/setup-go from 5 to 6 (#​1171) (@​dependabot[bot]) • `d4aa81f`: build(deps): bump actions/setup-python from 5 to 6 (#​1172) (@​dependabot[bot]) • `a1ecf3f`: build(deps): bump alpine from 3.22.0 to 3.22.1 (#​1152) (@​dependabot[bot]) • `b87ca5f`: build(deps): bump cuelang.org/go from 0.13.2 to 0.14.1 (#​1159) (@​dependabot[bot]) • `1c5abaa`: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.2 to 0.9.3 (#​1177) (@​dependabot[bot]) • `2a509fe`: build(deps): bump github.com/hashicorp/go-getter from 1.7.8 to 1.7.9 (#​1162) (@​dependabot[bot]) • `a433ed0`: build(deps): bump github.com/hashicorp/go-getter from 1.7.9 to 1.8.0 (#​1169) (@​dependabot[bot]) • `d9dca30`: build(deps): bump github.com/hashicorp/go-getter from 1.8.0 to 1.8.1 (#​1174) (@​dependabot[bot]) • `b51f6d9`: build(deps): bump github.com/hashicorp/go-getter from 1.8.1 to 1.8.2 (#​1178) (@​dependabot[bot]) • `c664099`: build(deps): bump github.com/moby/buildkit from 0.23.2 to 0.24.0 (#​1166) (@​dependabot[bot]) • `5378cc3`: build(deps): bump github.com/moby/buildkit from 0.24.0 to 0.25.0 (#​1176) (@​dependabot[bot]) • `fb4c503`: build(deps): bump golang from 1.25.0-alpine to 1.25.1-alpine (#​1170) (<https://redi… runatlantis/atlantis

#5915 fix: Prevent any users from approving custom policy sets - fix tests Pull request opened by dimisjim ## what contains the changes of #5331 but in addition fixes the tests (as requested by the maintainers here: #5331 (comment), #5331 (comment)) so that the changes of the previous PR can be merged also a new test was added as requested here: #5331 (comment) runatlantis/atlantis

#5745 feat: Adjust Endpoint Base-Path Based on ATLANTIS_ATLANTIS_URL Pull request opened by adam-verigin ## what The Atlantis documentation for --atlantis-url says:

Supports a basepath if you're hosting Atlantis under a path.

However, setting a URL with a basepath only updates the URLs in the Atlantis UI; none of the Atlantis endpoints are updated to include the basepath. This PR updates the mux Router so that if the

--atlantis-url

includes a base path, all the endpoints will also be prefixed with the same base path. ## why My team is hoping to host multiple Atlantis instances behind a single AWS ALB, using path-based routing. ALBs don't let us modify the request path, so we need Atlantis to be able to serve from a base path. This PR allows us to do that. Right now, this will append this functionality to the

--atlantis-url

flag. I could understand if you would prefer a separate flag, like

--atlantis-base-path

, to make this functionality more explicit. If you would prefer that, please let me know and I can update the PR. ## tests • I've added some tests to verify that the base path is correctly extracted from the

--atlantis-url

flag I have deployed this with and without a basepath set to manually verify the behaviour. I would love to add more tests to verify that the endpoints are correctly registered with the base path, but I'm not sure of a good way to do that. If you have any guidance on how I could do that, please let me know. ## references The base path support was originally added in #213 runatlantis/atlantis

#5918 chore(deps): update dependency open-policy-agent/conftest to v0.63.0 in testing/dockerfile (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Update | Change | OpenSSF | | ------------------------------------------------------------------------------------ | ------ | ---------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [open-policy-agent/conftest](https://redirect.github.com/open-policy-agent/conftest) | minor | 0.62.0 -> 0.63.0 | [[OpenSSF Scorecard](https://camo.githubusercontent.com/02a4aef64d2c5192de53266ba3c27ad831608eb54e62f90ce37392cbb2a73789/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f6f70656e2d706f6c6963792d6167656e742f636f6e66746573742f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/open-policy-agent/conftest) | --- ### Release Notes open-policy-agent/conftest (open-policy-agent/conftest) ### `v0.63.0` Compare Source #### Changelog ##### New Features • `30b9a8d`: feat: add reformat command for JSON output conversion (#​1153) (@​thevilledev) ##### Bug Fixes • `ffb6ce3`: fix: Add explicit line-number to GitHub output (#​1173) (@​tun0) ##### OPA Changes • `64bf641`: build(deps): bump github.com/open-policy-agent/opa from 1.6.0 to 1.7.1 (#​1156) (@​dependabot[bot]) • `981983b`: build(deps): bump github.com/open-policy-agent/opa from 1.7.1 to 1.8.0 (#​1165) (@​dependabot[bot]) • `c7aa1d4`: build(deps): bump github.com/open-policy-agent/opa from 1.8.0 to 1.9.0 (#​1175) (@​dependabot[bot]) ##### Other Changes • `0d903ce`: build(deps): bump actions/checkout from 4 to 5 (#​1158) (@​dependabot[bot]) • `364cf32`: build(deps): bump actions/setup-go from 5 to 6 (#​1171) (@​dependabot[bot]) • `d4aa81f`: build(deps): bump actions/setup-python from 5 to 6 (#​1172) (@​dependabot[bot]) • `a1ecf3f`: build(deps): bump alpine from 3.22.0 to 3.22.1 (#​1152) (@​dependabot[bot]) • `b87ca5f`: build(deps): bump cuelang.org/go from 0.13.2 to 0.14.1 (#​1159) (@​dependabot[bot]) • `1c5abaa`: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.2 to 0.9.3 (#​1177) (@​dependabot[bot]) • `2a509fe`: build(deps): bump github.com/hashicorp/go-getter from 1.7.8 to 1.7.9 (#​1162) (@​dependabot[bot]) • `a433ed0`: build(deps): bump github.com/hashicorp/go-getter from 1.7.9 to 1.8.0 (#​1169) (@​dependabot[bot]) • `d9dca30`: build(deps): bump github.com/hashicorp/go-getter from 1.8.0 to 1.8.1 (#​1174) (@​dependabot[bot]) • `b51f6d9`: build(deps): bump github.com/hashicorp/go-getter from 1.8.1 to 1.8.2 (#​1178) (@​dependabot[bot]) • `c664099`: build(deps): bump github.com/moby/buildkit from 0.23.2 to 0.24.0 (#​1166) (@​dependabot[bot]) • `5378cc3`: build(deps): bump github.com/moby/buildkit from 0.24.0 to 0.25.0 (#​1176) (@​dependabot[bot]) • `fb4c503`: build(deps): bump golang from 1.25.0-alpine to 1.25.1-alpine (#​1170) (<https://redi… runatlantis/atlantis

#5919 fix: Add env vars for PR approval and mergeable status Pull request opened by filipenf ## what Adds 2 env vars ATLANTIS_PR_APPROVED and ATLANTIS_PR_MERGEABLE. This makes it easier for the shell command to decide if the command can proceed or not depending on the PR status ## why Makes it easier to enable custom workflows that depend on approval / mergeable status (see #5779) In scenarios where there's custom logic needed on top of the built-in

apply_requirements

, this gives extra context to the shell command being executed ## tests ## references #5779 runatlantis/atlantis

#5920 chore(deps): update github/codeql-action digest to 5d5cd55 in .github/workflows/codeql.yml (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | | ------------------------------------------------------------------------ | ------ | ------ | ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | digest | d198d2f -> 5d5cd55 | [[OpenSSF Scorecard](https://camo.githubusercontent.com/022cb174dc4b9ace5867eeb6408ad79e645ea194cd77cf4d40ff05e6763dd313/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f6769746875622f636f6465716c2d616374696f6e2f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/github/codeql-action) | --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

#5922 chore(deps): update e1himself/goss-installation-action action to v1.3.0 in .github/workflows/atlantis-image.yml (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | | ---------------------------------------------------------------------------------------------------- | ------ | ------ | ---------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [e1himself/goss-installation-action](https://redirect.github.com/e1himself/goss-installation-action) | action | minor | v1.2.1 -> v1.3.0 | [[OpenSSF Scorecard](https://camo.githubusercontent.com/faddf6c6c9c38df69b502175af0a8632ee71db9975482bf2b66fc0cd21595736/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f653168696d73656c662f676f73732d696e7374616c6c6174696f6e2d616374696f6e2f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/e1himself/goss-installation-action) | --- ### Release Notes e1himself/goss-installation-action (e1himself/goss-installation-action) ### `v1.3.0` Compare Source #### What's Changed • Add support for Github Runner platforms and architectures other than linux-x64 by @​mlipscombe in #​27 #### New Contributors • @​mlipscombe made their first contribution in #​27 Full Changelog: e1himself/goss-installation-action@v1...v1.3.0 --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

#5926 Enabling pending apply status when any of the projects has changes to… Pull request opened by rjmsilveira … be applied ## what ## why ## tests ## references runatlantis/atlantis

#5927 fix: handle global codeql checkrun correctly Pull request opened by nvanheuverzwijn ## what When checking mergeability, we now check that the WorkflowRun.File.RepositoryName is not an empty string. This structure appears only when github's codeql code analysis is enabled for all repository from the organization global settings. When codeql is enabled globally and we use the flag

gh-allow-mergeable-bypass-apply

and the PR is blocked, atlantis will always report that the PR is unmergeable and unapproved. ## why Atlantis should ignore these global workrun because they are not related and cannot be related to required workflows since they don't have a file related to it. ## tests I have used my data structure that I received from the same graphql query atlantis does and added it as a test case. ## references closes #5925 runatlantis/atlantis

#5929 chore(deps): update golang docker tag to v1.25.3 in testing/dockerfile (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | | ------- | ----- | ------ | ---------------- | | golang | final | patch | 1.25.2 -> 1.25.3 | --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

#5930 feat: Add GitLab squash merge support for automerge Pull request opened by geoff-kruss ## what Adds support for squash merging in GitLab merge requests when using Atlantis automerge functionality. Previously, GitLab automerge was limited to regular merge commits, causing failures in repositories that enforce squash-only commit policies. ## why Many organizations enforce squash commit policies on their main branches to maintain clean git history. When using Atlantis automerge with GitLab, the default merge behavior would fail with these policies, preventing automated merging of Terraform changes. This implementation enables repositories with squash-only policies to benefit from Atlantis automerge functionality by supporting the

merge_method: squash

configuration option. ## tests • Added comprehensive test coverage for GitLab squash merge functionality • Existing GitHub merge method tests continue to pass • All GitLab VCS client tests pass • Automerge integration tests pass • Tested locally with both squash and regular merge methods ## references • Addresses #5415 - Allow merge method as configurable option in atlantis.yaml • Follows established patterns from GitHub VCS client implementation • GitLab API documentation: https://docs.gitlab.com/ee/api/merge_requests.html#merge-a-merge-request runatlantis/atlantis

#5931 docs: Add new env vars to the docs Pull request opened by filipenf ## what Added new environment variables for PR approval and mergeability status. ## why New variables added in #5919 ## tests ## references #5919 runatlantis/atlantis

#5932 chore(deps): update dependency mermaid to v11.12.1 in package.json (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | | --------------------------------------------------------- | --------------- | ------ | ------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [mermaid](https://redirect.github.com/mermaid-js/mermaid) | devDependencies | patch | [11.12.0 -> 11.12.1](https://renovatebot.com/diffs/npm/mermaid/11.12.0/11.12.1) | [[OpenSSF Scorecard](https://camo.githubusercontent.com/8e87a9a1690f0e3cf51a75f6bcee6a042335af31366b2f77e279afb4c1d9a4d9/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f6d65726d6169642d6a732f6d65726d6169642f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/mermaid-js/mermaid) | --- ### Release Notes mermaid-js/mermaid (mermaid) ### `v11.12.1` Compare Source ##### Patch Changes • #​7107 `cbf8946` Thanks @​shubhamparikh2704! - fix: Updated the dependency dagre-d3-es to 7.0.13 to fix GHSA-cc8p-78qf-8p7q --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

#5933 chore(deps): update debian:12.12-slim docker digest to 4d9b5b6 in dockerfile (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | | ------- | ----- | ------ | ------------------ | | debian | stage | digest | 78d2f66 -> 4d9b5b6 | --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

#5934 fix: Use correct command name for ApprovePolicies Pull request opened by lukemassa ## what Change the command name for the project result of ApprovePolicies to the approve policies command. ## why The command being worked on is

ApprovePolicies

but we returning as if it ran the

PolicyCheck

command. As far as I can tell this bug has been present since this code was introduced: af2a806#diff-eb466bb07e603dbf2a2a91c776b4d812bf330b3dc02fcaf762380b0078296937R174 I frankly don't quite understand what this does, but if you look at the rest of the doXYZ in plan_command_runner, they follow a particular pattern of referring to commands, and this one simply seems to have been typod. ## tests N/A ## references N/A runatlantis/atlantis

#5935 feat: Add the command name to show who is holding dir lock Pull request opened by lukemassa ## what Add information into the TryLock error message that shows what command is trying to grab the lock, and which has it currently. ## why This will aid in debugging, and also moves us towards a locking strategy that is less "working directory" focused and more "command" focused. ## tests I ran atlantis plan twice one after the other and watched it fail [Screenshot 2025-11-03 at 11 59 55 PM](https://private-user-images.githubusercontent.com/2678195/509324224-ef714e1f-f1f4-42bc-a42a-6677616bfa76.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3NjIyMzM5MTMsIm5iZiI6MTc2MjIzMzYxMywicGF0aCI6Ii8yNjc4MTk1LzUwOTMyNDIyNC1lZjcxNGUxZi1mMWY0LTQyYmMtYTQyYS02Njc3NjE2YmZhNzYucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI1MTEwNCUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNTExMDRUMDUyMDEzWiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9YTU3YzZhYWMxYmM4NjQyZTA2NDhiZmE1ODUxMmYyZmI3OWM0NTlkMGUwYzNlMmQxODMwZTZhNTYzOTExMjkxZCZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QifQ.MaWZQmRHlUvaYsnOjU_wqcqy6x_3pDetTDx9k_S-q7Y) I also ran atlantis plan then pushed a commit and watched it fail on the autoplan [Screenshot 2025-11-04 at 12 09 24 AM](https://private-user-images.githubusercontent.com/2678195/509327935-b51e9fc6-51c7-41a6-850b-a6c4433504b2.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3NjIyMzM5MTMsIm5iZiI6MTc2MjIzMzYxMywicGF0aCI6Ii8yNjc4MTk1LzUwOTMyNzkzNS1iNTFlOWZjNi01MWM3LTQxYTYtODUwYi1hNmM0NDMzNTA0YjIucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI1MTEwNCUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNTExMDRUMDUyMDEzWiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9MGQwNjUyODQxNWVjNzFjYTU3MTk0M2E3NmUzZWEzNTQ5ZTVjZTY5NDhhYzNhM2RlMjMxYjcyMmI0ZWMwYWRkNCZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QifQ.H65n5HO7w4Ppo1coPQ-svXkBSSjyiVi2ATL1CTDfOns) It's worth noting that the code didn't actually know it was running an "autoplan" instead of just a "plan", this is actually a bug that this new logging has demonstrated that I plan to dig into after. ## references N/A runatlantis/atlantis

#4709 Allow for plans to be partially successful Pull request opened by shkamensky When automerge is true, if any plan fails, all plans get deleted This is true even when running from a github comment. When dealing with many projects, there is a high likelihood that one plan can fail. This allows us to keep apply some plans and reiterate so we don't lose all progress. ## what Allow for plans to be saved when automerge is true by passing a flag. ## why Because the all-or-nothing nature of saving plans can make it very difficult to apply across many projects. For example, if 1 failed because of a DNS issue and 150 others plans succeeded, we want to apply the plans that succeeded and deal with the 1 plan manually. ## tests ## references #3002 runatlantis/atlantis

#5936 chore(deps): update debian:12.12-slim docker digest to 936abff in dockerfile (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | | ------- | ----- | ------ | ------------------ | | debian | stage | digest | 4d9b5b6 -> 936abff | --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

#5392 feat: allowing JobUrl to the PlanSuccess model for github comment templating Pull request opened by cpaloia ## What This PR adds support for including the job URL in the GitHub comment template by adding the property

JobURL

to the

PlanSuccess

model. This PR also renames the

LockURLGenerator

to

URLGenerator

as it will be used for generating more than just the lock url. Currently the code already uses the router to fulfill this interface, so I have added the function

GenerateProjectJobURL

which it gets from the router. ## Why In certain cases, it's necessary to hide Terraform plan output in GitHub comments—such as in public repositories where the output may contain sensitive information. However, users may still need access to the plan details via a secure URL, such as one behind a firewall or ingress. By including the job URL in the GitHub comment template (in addition to the existing GitHub check link), we provide users with clear guidance on why the output is hidden and where they can access it instead. ## Tests Tested locally by overriding the comment template and verifying the job URL was correctly included. ## References • Atlantis Issue #5391 ## Notes • I encountered issues running

pegomock

unless I downgraded Go to 1.23.0 in

go.mod

. • Currently, the job URL is added only to *plan success*—I considered adding it to

PolicyCheckResults

, but I’m unsure whether those results are accessible via a URL. Would appreciate any feedback on this! runatlantis/atlantis

#5937 chore(deps): update docker/metadata-action digest to 318604b in .github/workflows/atlantis-image.yml (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | | ---------------------------------------------------------------------------- | ------ | ------ | ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [docker/metadata-action](https://redirect.github.com/docker/metadata-action) | action | digest | c1e5197 -> 318604b | [[OpenSSF Scorecard](https://camo.githubusercontent.com/4ac0e476ad44ae944f7d9b7ab42df2dd360d323488952230c5d616ba959ab12e/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f646f636b65722f6d657461646174612d616374696f6e2f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/docker/metadata-action) | --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

#5939 chore(deps): update docker/setup-qemu-action digest to c7c5346 in .github/workflows/testing-env-image.yml (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | | -------------------------------------------------------------------------------- | ------ | ------ | ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [docker/setup-qemu-action](https://redirect.github.com/docker/setup-qemu-action) | action | digest | 2910929 -> c7c5346 | [[OpenSSF Scorecard](https://camo.githubusercontent.com/e5eb885f2d90f74196e7410a1fe5310ae059e266cdc1336bce526f6bd64b9c82/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f646f636b65722f73657475702d71656d752d616374696f6e2f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/docker/setup-qemu-action) | --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

#5940 feat: add bitbucket cloud api-user flag Pull request opened by jeronimo-caylent ## what • Adds bitbucket-api-user flag for the Bitbucket Cloud client, keeping bitbucket-user just for git operations. By default and for backward compatibility, if not bitbucket-api-user is provided, it uses the bitbucket-user flag. ## why Bitbucket Cloud deprecated App Password authentication, which previously supported the same user for both API calls and Git operations. See #5696 ## tests With the new flag:

./atlantis server --bitbucket-user '<user>' --bitbucket-api-user '<user@example.com>' --bitbucket-token '<token>' --repo-allowlist '*' --log-level info

{"level":"info","ts":"2025-11-07T10:54:04.448-0300","caller":"server/server.go:343","msg":"Supported VCS Hosts: BitbucketCloud","json":{}} {"level":"info","ts":"2025-11-07T10:54:04.814-0300","caller":"server/server.go:504","msg":"Utilizing BoltDB","json":{}} {"level":"info","ts":"2025-11-07T10:54:04.827-0300","caller":"policy/conftest_client.go:168","msg":"failed to get default conftest version. Will attempt request scoped lazy loads DEFAULT_CONFTEST_VERSION not set","json":{}} {"level":"info","ts":"2025-11-07T10:54:04.827-0300","caller":"server/server.go:1114","msg":"Atlantis started - listening on port 4141","json":{}} {"level":"info","ts":"2025-11-07T10:54:04.827-0300","caller":"scheduled/executor_service.go:51","msg":"Scheduled Executor Service started","json":{}}

Without the flag:

./atlantis server --bitbucket-user '<user>' --bitbucket-token '<token>' --repo-allowlist '*' --log-level info

{"level":"info","ts":"2025-11-07T10:54:19.114-0300","caller":"server/server.go:343","msg":"Supported VCS Hosts: BitbucketCloud","json":{}} {"level":"info","ts":"2025-11-07T10:54:19.341-0300","caller":"server/server.go:504","msg":"Utilizing BoltDB","json":{}} {"level":"info","ts":"2025-11-07T10:54:19.350-0300","caller":"policy/conftest_client.go:168","msg":"failed to get default conftest version. Will attempt request scoped lazy loads DEFAULT_CONFTEST_VERSION not set","json":{}} {"level":"info","ts":"2025-11-07T10:54:19.352-0300","caller":"server/server.go:1114","msg":"Atlantis started - listening on port 4141","json":{}} {"level":"info","ts":"2025-11-07T10:54:19.352-0300","caller":"scheduled/executor_service.go:51","msg":"Scheduled Executor Service started","json":{}}

## references • closes #5696 runatlantis/atlantis

#5941 chore(deps): update redis:7.4-alpine docker digest to ee64a64 in docker-compose.yml (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Update | Change | | ------- | ------ | ------------------ | | redis | digest | 3b73847 -> ee64a64 | --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

#5942 chore(deps): update step-security/harden-runner digest to 95d9a5d in .github/workflows/scorecard.yml (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | | -------------------------------------------------------------------------------------- | ------ | ------ | ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [step-security/harden-runner](https://redirect.github.com/step-security/harden-runner) | action | digest | f4a75cf -> 95d9a5d | [[OpenSSF Scorecard](https://camo.githubusercontent.com/79b73feee658f578ed164ed10d5294cc2e58c70ec1db9ee00d03c41311bccebc/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f737465702d73656375726974792f68617264656e2d72756e6e65722f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/step-security/harden-runner) | --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis

#5943 chore(deps): update dependency go to v1.25.4 in go.mod (main) Pull request opened by renovate[bot] This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | | ----------------------------------------------------------------------- | ------ | ------ | ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [go](https://go.dev/) ([source](https://redirect.github.com/golang/go)) | golang | patch | 1.25.3 -> 1.25.4 | [[OpenSSF Scorecard](https://camo.githubusercontent.com/c969aea50aa6c73e27384d8508b5fc8f9d31bd400c588089a1c7a7cdbb51ec23/68747470733a2f2f6170692e736563757269747973636f726563617264732e6465762f70726f6a656374732f6769746875622e636f6d2f676f6c616e672f676f2f6261646765)](https://securityscorecards.dev/viewer/?uri=github.com/golang/go) | --- ### Release Notes golang/go (go) ### `v1.25.4` --- ### Configuration 📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Enabled. ♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- • If you want to rebase/retry this PR, check this box --- This PR was generated by Mend Renovate. View the repository job log. runatlantis/atlantis