Dburke/issue 1353 by deannahburke · Pull Request #1 · deannahburke/cli

deannahburke · 2025-08-21T20:45:37Z

Pushing up what we have so far for review, service-version clone test is still currently failing and returning an empty JSON object rather than the service-version clone JSON output.

…in the go-dependencies group (fastly#1510)

This PR adds code to the CLI to enable `fastly compute serve` with "enable Pushpin", a new mode that locates and runs Pushpin before starting Viceroy to run guest code. This is a companion PR to fastly/Viceroy#497, and will only function after that feature has landed. ## How to enable it: It can be invoked in one of two ways: 1. set a new flag `--experimental-enable-pushpin` 2. or, set a new flag in `fastly.toml`: ```toml [local_server.pushpin] enable = true ``` ## What it does: * `fastly compute serve` starts Pushpin before starting Viceroy, and detects its startup. It also sets up to shut it down when the CLI process ends. * `pushpin` must be started at this time, because routes are set based on the backends defined in the `fastly.toml` manifest file. * "kill process" is done differently between Windows and Unix, so build flags are used to include the right implementation of `killProcess`. * Pushpin routes are set up based on the `fastly.toml` manifest file. * A route is set up per backend. * The name of each backend is set as an `id=` condition. For example, a backend named `origin` will set `id=origin`. Viceroy handles Fanout handoff by forwarding a request for this backend to Pushpin and set the header `Pushpin-Route: origin`, allowing Pushpin to match the route. * If the backend definition's URL has a path segment, then it is set as a `replace_beg` configuration on the route. For example, if a backend is configured for `http://localhost:3000/realtime`, then this is set as `replace_beg=realtime`. Pushpin will forward a request for `/api/user` to this backend as `http://localhost:3000/realtime/api/user`. * `over_http` is set for every route target, as to always enable WebSocket-over-HTTP. * If the backend URL is HTTPS, then `ssl` is added. * If the backend definition sets `override_host`, then it will be set as the `host` value of the route target. * When starting Viceroy, `--local-pushpin-proxy-port=<port>` is appended as a command-line argument, which starts Viceroy in "enable Pushpin" mode. * Pushpin proxy runs by default on port `7677`, but this can be overridden: * using `proxy_port=<port>` under `local_server.pushpin` section of the `fastly.toml` file, or * using `--pushpin-proxy-port=<port>` * Pushpin's publishing endpoint runs by default on port `5561`, but this can be overridden: * using `publish_port=<port>` under `local_server.pushpin` section of the `fastly.toml` file, or * using `--pushpin-publish-port=<port>` * The `pushpin` binary is searched on the system path, but can be specified: * using `pushpin_path=/path/to/pushpin` under the `local_server.pushpin` section of the `fastly.toml` file, or * using `--pushpin-path=/path/to/pushpin`. * The CLI writes the config and routes to temporary files in the OS temporary directory. This is cleaned up as part of shutdown. * Pushpin runner places some runtime files into a temporary directory specified in pushpin.conf. We set this to an OS temporary directory, so that multiple instances can run if necessary. This is cleaned up as part of shutdown. * Pushpin runner places logs into a directory specified in pushpin.conf. This is placed in the ./pushpin-logs directory under the current project All Submissions: * [x] Have you followed the guidelines in our Contributing document? * [x] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change? ### New Feature Submissions: * [x] Does your submission pass tests? ### Changes to Core Features: * [x] Have you added an explanation of what your changes do and why you'd like us to include them? * [ ] Have you written new tests for your core changes, as applicable? * [x] Have you successfully run tests with your changes locally? ### User Impact * [x] What is the user impact of this change? ### Are there any considerations that need to be addressed for release? The new feature is opt-in using the `--experimental-enable-pushpin` flag, and does nothing if the new flag is not set.

) All Submissions: * [x] Have you followed the guidelines in our Contributing document? * [x] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change?  ### New Feature Submissions: * [x] Does your submission pass tests? ### Changes to Core Features: * [x] Have you added an explanation of what your changes do and why you'd like us to include them? * [x] Have you written new tests for your core changes, as applicable? * [x] Have you successfully run tests with your changes locally? ### User Impact * [x] What is the user impact of this change? - _Adds a new command to show the generated VCL for a service-version_ ### Are there any considerations that need to be addressed for release?  Co-authored-by: Kevin P. Fleming <kpfleming@users.noreply.github.com>

Specify the valid permissions (read-write-admin, read-only-admin, read-write-objects, read-only-objects) and note that if you don't provide the `--bucket` flag, all buckets are accessible by the key. All Submissions: * [x] Have you followed the guidelines in our Contributing document? * [x] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change?  ### New Feature Submissions: * [x] Does your submission pass tests? ### User Impact * [x] What is the user impact of this change? Better help output.

go-fastly version 11 requires a context.Context object to be passed as the first argument in all of the API functions it exports. This commit modifies all of the code in the CLI to pass context.TODO() in that case, since the CLI does not use context objects for any other purpose. The CLI also has an internal 'interface' which maps to the complete set of API functions in the 'fastly' namespace exported by go-fastly, and hundreds of 'mock' functions used in the CLI test suite. Those have also been updated, and along the way many inconsistencies in those function signatures were corrected. go-fastly version 11 removed a deprecated set of product enablement API functions, so the `fastly products` command has been updated to use the new API functions. The tests for the `fastly products` command no longer mock the API calls as they no longer exist, and the new `fastly product` command which will appear in the next release will provide full test coverage of the CLI's use of the new product enablement API functions. There are no functional changes in this commit, and the entire test suite still passes. At least 80% of the changes in this commit were produced using [comby](https://comby.dev/). All Submissions: * [X] Have you followed the guidelines in our Contributing document? * [X] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change? ### Changes to Core Features: * [X] Have you added an explanation of what your changes do and why you'd like us to include them? * [X] Have you written new tests for your core changes, as applicable? * [X] Have you successfully run tests with your changes locally?

If a PR submitter forgets to add labels before opening the PR, then adds them later, the workflow does not re-run and the results don't take into account the label changes. All Submissions: * [X] Have you followed the guidelines in our Contributing document? * [X] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change? Co-authored-by: Anthony Gomez <anthony.gomez@fastly.com>

First, rename the `list-access-keys` command to just `list` (while maintaining an alias for compatibility) to match convention and eliminate stuttering. If there are no bucket limitations, print "all" instead of "[]", which could be misleading. All Submissions: * [x] Have you followed the guidelines in our Contributing document? * [x] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change?  ### New Feature Submissions: * [x] Does your submission pass tests? --------- Co-authored-by: Kevin P. Fleming <kpfleming@users.noreply.github.com>

Bumps the go-dependencies group with 7 updates: | Package | From | To | | --- | --- | --- | | [golang.org/x/sys](https://github.com/golang/sys) | `0.34.0` | `0.35.0` | | [golang.org/x/term](https://github.com/golang/term) | `0.33.0` | `0.34.0` | | [github.com/hashicorp/cap](https://github.com/hashicorp/cap) | `0.9.0` | `0.10.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.40.0` | `0.41.0` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.26.0` | `0.27.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.42.0` | `0.43.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.27.0` | `0.28.0` | Updates `golang.org/x/sys` from 0.34.0 to 0.35.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/sys/commit/5b936e1f126baa13682eff91c2e4d5d9e3a0b71d"><code>5b936e1</code></a> unix/linux: update to Linux kernel 6.16, Go to 1.24.5</li> <li><a href="https://github.com/golang/sys/commit/3a827038f29dfeda71ad5d6fdba5cef0b5720a97"><code>3a82703</code></a> unix: remove redundant xnu version check for {p}readv/{p}writev</li> <li><a href="https://github.com/golang/sys/commit/9920300fc80d500263287b0b4906010f81e3acc4"><code>9920300</code></a> unix: add missing nft conntrack constants</li> <li><a href="https://github.com/golang/sys/commit/ad4e0fcb710c6502fe5d4dba89040508f45ba069"><code>ad4e0fc</code></a> unix: remove redundant word in comment</li> <li><a href="https://github.com/golang/sys/commit/084ad875b3b515f8e782e5bf42ce40e316126e9e"><code>084ad87</code></a> unix: fix //sys decl after CL 548795</li> <li>See full diff in <a href="https://github.com/golang/sys/compare/v0.34.0...v0.35.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/term` from 0.33.0 to 0.34.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/term/commit/a35244d18d7756b12deca31a518c0fa1327d050a"><code>a35244d</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/term/commit/4f53e0cd3924d70667107169374a480bfd208348"><code>4f53e0c</code></a> term: allow multi-line bracketed paste to not create single line with verbati...</li> <li><a href="https://github.com/golang/term/commit/27f29d8328742b97c08c2186027d32cdc438345c"><code>27f29d8</code></a> term: remove duplicate flag and add comment on windows</li> <li>See full diff in <a href="https://github.com/golang/term/compare/v0.33.0...v0.34.0">compare view</a></li> </ul> </details> <br /> Updates `github.com/hashicorp/cap` from 0.9.0 to 0.10.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/cap/releases">github.com/hashicorp/cap's releases</a>.</em></p> <blockquote> <h2>v0.10.0</h2> <h2>What's Changed</h2> <ul> <li>Bump dependencies and update CI by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/cap/pull/158">hashicorp/cap#158</a></li> <li>Bump golang.org/x/net from 0.37.0 to 0.38.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/cap/pull/160">hashicorp/cap#160</a></li> <li>dep: Pin action/cache to a contianer sha by <a href="https://github.com/louisruch"><code>@louisruch</code></a> in <a href="https://redirect.github.com/hashicorp/cap/pull/161">hashicorp/cap#161</a></li> <li>[Compliance] - PR Template Changes Required by <a href="https://github.com/compliance-pr-automation-bot"><code>@compliance-pr-automation-bot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/cap/pull/163">hashicorp/cap#163</a></li> <li>Bump golang.org/x/oauth2 from 0.21.0 to 0.27.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/hashicorp/cap/pull/164">hashicorp/cap#164</a></li> <li>fix: use constant time comparison when comparing token hashes. by <a href="https://github.com/jimlambrt"><code>@jimlambrt</code></a> in <a href="https://redirect.github.com/hashicorp/cap/pull/165">hashicorp/cap#165</a></li> <li>doc: changelog entries for 0.10.0 release by <a href="https://github.com/jimlambrt"><code>@jimlambrt</code></a> in <a href="https://redirect.github.com/hashicorp/cap/pull/166">hashicorp/cap#166</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/compliance-pr-automation-bot"><code>@compliance-pr-automation-bot</code></a>[bot] made their first contribution in <a href="https://redirect.github.com/hashicorp/cap/pull/163">hashicorp/cap#163</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/hashicorp/cap/compare/v0.9.0...v0.10.0">https://github.com/hashicorp/cap/compare/v0.9.0...v0.10.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/cap/blob/main/CHANGELOG.md">github.com/hashicorp/cap's changelog</a>.</em></p> <blockquote> <h2>0.10.0</h2> <ul> <li>fix: use constant time comparison when comparing token hashes ([PR <a href="https://redirect.github.com/hashicorp/cap/issues/165">#165</a>](<a href="https://redirect.github.com/hashicorp/cap/pull/165">hashicorp/cap#165</a>))</li> <li>Bump golang.org/x/oauth2 from 0.21.0 to 0.27.0 ([PR <a href="https://redirect.github.com/hashicorp/cap/issues/164">#164</a>](<a href="https://redirect.github.com/hashicorp/cap/pull/164">hashicorp/cap#164</a>))</li> <li>[Compliance] - PR Template Changes Required ([PR <a href="https://redirect.github.com/hashicorp/cap/issues/163">#163</a>](<a href="https://redirect.github.com/hashicorp/cap/pull/163">hashicorp/cap#163</a>))</li> <li>dep: Pin action/cache to a contianer shad ([PR <a href="https://redirect.github.com/hashicorp/cap/issues/161">#161</a>](<a href="https://redirect.github.com/hashicorp/cap/pull/161">hashicorp/cap#161</a>))</li> <li>Bump golang.org/x/net from 0.37.0 to 0.38.0 ([PR <a href="https://redirect.github.com/hashicorp/cap/issues/160">#160</a>](<a href="https://redirect.github.com/hashicorp/cap/pull/160">hashicorp/cap#160</a>))</li> <li>Vault 33101 - Optionally ignore trailing slash in bound audience ([PR <a href="https://redirect.github.com/hashicorp/cap/issues/159">#159</a>](<a href="https://redirect.github.com/hashicorp/cap/pull/159">hashicorp/cap#159</a>))</li> <li>Bump dependencies and update CI ([PR <a href="https://redirect.github.com/hashicorp/cap/issues/158">#158</a>](<a href="https://redirect.github.com/hashicorp/cap/pull/158">hashicorp/cap#158</a>))</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hashicorp/cap/commit/c28a3de054f84aeb7a8d40922f869a630a79ffbc"><code>c28a3de</code></a> doc: changelog entries for 0.10.0 release (<a href="https://redirect.github.com/hashicorp/cap/issues/166">#166</a>)</li> <li><a href="https://github.com/hashicorp/cap/commit/b013bcda74b89824a8820d11c24b16a490c85540"><code>b013bcd</code></a> fix: use constant time comparison when comparing (<a href="https://redirect.github.com/hashicorp/cap/issues/165">#165</a>)</li> <li><a href="https://github.com/hashicorp/cap/commit/ecfaee2c3af1edc4ee0ea96f21f8802136a98a5c"><code>ecfaee2</code></a> Bump golang.org/x/oauth2 from 0.21.0 to 0.27.0 (<a href="https://redirect.github.com/hashicorp/cap/issues/164">#164</a>)</li> <li><a href="https://github.com/hashicorp/cap/commit/f99ee5e652a30364b9ab87c147a6e4293d74f6f7"><code>f99ee5e</code></a> [Compliance] - PR Template Changes Required (<a href="https://redirect.github.com/hashicorp/cap/issues/163">#163</a>)</li> <li><a href="https://github.com/hashicorp/cap/commit/a4cf4a359cd74063129b1ec06740eef61b128ed1"><code>a4cf4a3</code></a> dep: Pin action/cache to a contianer sha (<a href="https://redirect.github.com/hashicorp/cap/issues/161">#161</a>)</li> <li><a href="https://github.com/hashicorp/cap/commit/2f0c768acb74611f5c5d27ce2cf166924c93661e"><code>2f0c768</code></a> Bump golang.org/x/net from 0.37.0 to 0.38.0 (<a href="https://redirect.github.com/hashicorp/cap/issues/160">#160</a>)</li> <li><a href="https://github.com/hashicorp/cap/commit/572842c8930e9c35e65faec8fa42759202e2a586"><code>572842c</code></a> Bump golang.org/x/net from 0.33.0 to 0.36.0 (<a href="https://redirect.github.com/hashicorp/cap/issues/158">#158</a>)</li> <li>See full diff in <a href="https://github.com/hashicorp/cap/compare/v0.9.0...v0.10.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/crypto` from 0.40.0 to 0.41.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/ef5341b70697ceb55f904384bd982587224e8b0c"><code>ef5341b</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/b999374650442ee37e9bbd97d6a11ad7ed999b98"><code>b999374</code></a> acme: fix pebble subprocess output data race</li> <li><a href="https://github.com/golang/crypto/commit/c247dead11de7671a21a6c5169555e2aa5313caa"><code>c247dea</code></a> x509roots/fallback: store bundle certs directly in DER</li> <li><a href="https://github.com/golang/crypto/commit/1fda73153feef7b246f24005838c387e354e5e3b"><code>1fda731</code></a> acme: increase pebble test waitForServer attempts</li> <li><a href="https://github.com/golang/crypto/commit/1b4c3d2e8c8be172c6af8f2f72778e69e74d2e78"><code>1b4c3d2</code></a> x509roots/fallback: update bundle</li> <li><a href="https://github.com/golang/crypto/commit/b903b535d3ef82fab12a9cc0fa50fccc396ced55"><code>b903b53</code></a> acme: capture pebble test subprocess stdout/stderr</li> <li>See full diff in <a href="https://github.com/golang/crypto/compare/v0.40.0...v0.41.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/mod` from 0.26.0 to 0.27.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/mod/commit/f8a9fe217cff893cb67f4acad96a0021c13ee6e7"><code>f8a9fe2</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/mod/compare/v0.26.0...v0.27.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/net` from 0.42.0 to 0.43.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/net/commit/e74bc31d69f225b635e065a602db3fbfa9850f93"><code>e74bc31</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/net/commit/af6926ea18d0703b9f24713074bc7079cf50a744"><code>af6926e</code></a> http2: remove references to defunct http2.golang.org test server</li> <li>See full diff in <a href="https://github.com/golang/net/compare/v0.42.0...v0.43.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/text` from 0.27.0 to 0.28.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/text/commit/425d715b4a85c7698cedf621412bb53794cbda53"><code>425d715</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/text/compare/v0.27.0...v0.28.0">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | golang.org/x/net | [>= 0.38.a, < 0.39] | </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

)

…rts and types (fastly#1517) All Submissions: * [x] Have you followed the guidelines in our Contributing document? * [x] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change? ### Changes to Core Features: * [x] Have you added an explanation of what your changes do and why you'd like us to include them? * [x] Have you written new tests for your core changes, as applicable? * [x] Have you successfully run tests with your changes locally? ### User Impact * [x] What is the user impact of this change? There is no impact to the user. The changes as described in this PR are internal only. No package paths have changed, nor have any package names changed, nor have any CLI commands/subcommands changed. The only change has been to the go-fastly calls to match the latest go-fastly interface. ### Are there any considerations that need to be addressed for release? I have an internal conversation going to ascertain if this PR should be doing more (e.g. renaming command from domains-v1 to domain-management, as well as renaming the package path from domainv1 to domainmanagement). But even if we do want to go ahead with those changes we'll likely want to do that in a follow-up PR.

All Submissions: * [x] Have you followed the guidelines in our Contributing document? ### New Feature Submissions: * [x] Does your submission pass tests? ### Changes to Core Features: * [x] Have you written new tests for your core changes, as applicable? * [x] Have you successfully run tests with your changes locally? This PR implements support for retrieving and updating Image Optimizer defaults for a given VCL service .

Format correction for this entry.

This PR is a followup to fastly#1509 that includes the following fixes: * Fix to Pushpin context that inadvertently left out the path to the routes file and the cleanup function when building the context * Adds an output message indicating when "Experimental Pushpin mode" is enable * Makes Pushpin-related logs slightly less noisy

All Submissions: * [x] Have you followed the guidelines in our Contributing document? * [x] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change?  ### New Feature Submissions: * [x] Does your submission pass tests? <img width="856" height="672" alt="Screenshot 2025-08-20 at 1 26 02 PM" src="https://github.com/user-attachments/assets/83027508-1454-4614-984f-b41aa4fa28b6" />

All Submissions: * [x] Have you followed the guidelines in our Contributing document? * [x] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change?  ### New Feature Submissions: * [x] Does your submission pass tests?

…e go-dependencies group (fastly#1524)

All Submissions: * [X] Have you followed the guidelines in our Contributing document? * [X] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change?  ### New Feature Submissions: * [] Does your submission pass tests? ### Changes to Core Features: * [ x] Have you added an explanation of what your changes do and why you'd like us to include them? * [ x] Have you written new tests for your core changes, as applicable? * [ x] Have you successfully run tests with your changes locally? ### User Impact * [ ] What is the user impact of this change? - Customers can enable compression for https endpoints via cli ### Are there any considerations that need to be addressed for release?

pkg/commands/serviceversion/clone.go

…tions (fastly#1526) All Submissions: ### New Feature Submissions: * [x] Does your submission pass tests? ### Changes to Core Features: * [x] Have you added an explanation of what your changes do and why you'd like us to include them? * [x] Have you written new tests for your core changes, as applicable? * [x] Have you successfully run tests with your changes locally? Testing: ``` make test TEST_ARGS="-run TestListCommand ./pkg/commands/kvstoreentry" ok github.com/fastly/cli/pkg/commands/kvstoreentry 1.053s ``` This PR adds support for the `prefix` parameter when performing a `kv-store-entry list ` operation.

…e go_modules group (fastly#1528) Bumps the go_modules group with 1 update: [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz). Updates `github.com/ulikunitz/xz` from 0.5.13 to 0.5.14 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ulikunitz/xz/commit/7184815834c4777e8fa665946721d5fe114c2c35"><code>7184815</code></a> Preparation of release v0.5.14</li> <li><a href="https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2"><code>88ddf1d</code></a> Address Security Issue GHSA-jc7w-c686-c4v9</li> <li>See full diff in <a href="https://github.com/ulikunitz/xz/compare/v0.5.13...v0.5.14">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/ulikunitz/xz&package-manager=go_modules&previous-version=0.5.13&new-version=0.5.14)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/fastly/cli/network/alerts). </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps the go-dependencies group with 2 updates: [github.com/stretchr/testify](https://github.com/stretchr/testify) and [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz). Updates `github.com/stretchr/testify` from 1.11.0 to 1.11.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stretchr/testify/releases">github.com/stretchr/testify's releases</a>.</em></p> <blockquote> <h2>v1.11.1</h2> <p>This release fixes <a href="https://redirect.github.com/stretchr/testify/issues/1785">#1785</a> introduced in v1.11.0 where expected argument values implementing the stringer interface (<code>String() string</code>) with a method which mutates their value, when passed to mock.Mock.On (<code>m.On("Method", <expected>).Return()</code>) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.</p> <h2>What's Changed</h2> <ul> <li>Backport <a href="https://redirect.github.com/stretchr/testify/issues/1786">#1786</a> to release/1.11: mock: revert to pre-v1.11.0 argument matching behavior for mutating stringers by <a href="https://github.com/brackendawson"><code>@brackendawson</code></a> in <a href="https://redirect.github.com/stretchr/testify/pull/1788">stretchr/testify#1788</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/stretchr/testify/compare/v1.11.0...v1.11.1">https://github.com/stretchr/testify/compare/v1.11.0...v1.11.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/stretchr/testify/commit/2a57335dc9cd6833daa820bc94d9b40c26a7917d"><code>2a57335</code></a> Merge pull request <a href="https://redirect.github.com/stretchr/testify/issues/1788">#1788</a> from brackendawson/1785-backport-1.11</li> <li><a href="https://github.com/stretchr/testify/commit/af8c91234f184009f57ef29027b39ca89cb00100"><code>af8c912</code></a> Backport <a href="https://redirect.github.com/stretchr/testify/issues/1786">#1786</a> to release/1.11</li> <li>See full diff in <a href="https://github.com/stretchr/testify/compare/v1.11.0...v1.11.1">compare view</a></li> </ul> </details> <br /> Updates `github.com/ulikunitz/xz` from 0.5.14 to 0.5.15 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ulikunitz/xz/commit/7eee8a8a405163554a9accec7b9402ee21400769"><code>7eee8a8</code></a> v9.5.15: release notes and formatting</li> <li><a href="https://github.com/ulikunitz/xz/commit/235be8df4f86c943c154112d1abb3c951c86babb"><code>235be8d</code></a> lzma: Fix default for ReaderConfig.DictCap</li> <li>See full diff in <a href="https://github.com/ulikunitz/xz/compare/v0.5.14...v0.5.15">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

[//]: # (dependabot-start) Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps the go-dependencies group with 8 updates: | Package | From | To | | --- | --- | --- | | [golang.org/x/sys](https://github.com/golang/sys) | `0.35.0` | `0.36.0` | | [golang.org/x/term](https://github.com/golang/term) | `0.34.0` | `0.35.0` | | [github.com/fastly/go-fastly/v11](https://github.com/fastly/go-fastly) | `11.3.0` | `11.3.1` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.41.0` | `0.42.0` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.27.0` | `0.28.0` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.30.0` | `0.31.0` | | [golang.org/x/sync](https://github.com/golang/sync) | `0.16.0` | `0.17.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.28.0` | `0.29.0` | Updates `golang.org/x/sys` from 0.35.0 to 0.36.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/sys/commit/b06ce0514ea5467cf3ac72ad85e4d1845c51fbad"><code>b06ce05</code></a> windows: add FILE_ZERO_DATA_INFORMATION</li> <li><a href="https://github.com/golang/sys/commit/689cc11b26fb21227ba0ff5ce9222b7bd6053c30"><code>689cc11</code></a> unix: fix Listen on solaris</li> <li><a href="https://github.com/golang/sys/commit/a4712b905411aebcc0c9b999c7e61826bfe4c11d"><code>a4712b9</code></a> plan9: drop go version tags for unsupported versions</li> <li><a href="https://github.com/golang/sys/commit/0293703b0ad8c5db21b6ee27bfb7addec1877064"><code>0293703</code></a> unix: add IFAL_* consts and ifaddrlblmsg on linux</li> <li><a href="https://github.com/golang/sys/commit/ab85cbbe9104a583d3268f28d8a9ef36653cde64"><code>ab85cbb</code></a> unix/linux: extend rtnetlink constants</li> <li><a href="https://github.com/golang/sys/commit/9bd37534d8d5917ab389c2eadec7547c0c52f20b"><code>9bd3753</code></a> unix: switch (*CPUSet).Zero to clear builtin</li> <li><a href="https://github.com/golang/sys/commit/899c23279da9bc75f6c478ab908e69be3a441b4f"><code>899c232</code></a> windows/mkwinsyscall: use syscall.SyscallN instead of syscall.Syscall{6,9,12,15}</li> <li><a href="https://github.com/golang/sys/commit/543f21a0561186ad3f71483165a2a1dc32dbae4c"><code>543f21a</code></a> all: upgrade go directive to at least 1.24.0 [generated]</li> <li>See full diff in <a href="https://github.com/golang/sys/compare/v0.35.0...v0.36.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/term` from 0.34.0 to 0.35.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/term/commit/1a11b45a6fdc76d25c81fa21867a34052ba8fbd1"><code>1a11b45</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/term/commit/d862cd548e11aa25b32848fd8a08ab1a178f30fa"><code>d862cd5</code></a> all: upgrade go directive to at least 1.24.0 [generated]</li> <li>See full diff in <a href="https://github.com/golang/term/compare/v0.34.0...v0.35.0">compare view</a></li> </ul> </details> <br /> Updates `github.com/fastly/go-fastly/v11` from 11.3.0 to 11.3.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fastly/go-fastly/releases">github.com/fastly/go-fastly/v11's releases</a>.</em></p> <blockquote> <h2>v11.3.1 - 2025-09-03</h2> <h2><a href="https://github.com/fastly/go-fastly/releases/tag/v11.3.1">v11.3.1</a> (2025-09-03)</h2> <p><a href="https://github.com/fastly/go-fastly/compare/v11.3.0...v11.3.1">Full Changelog</a></p> <h3>Bug fixes:</h3> <ul> <li>fix(logging): Add CompressionCodec and GZipLevel to HTTPS update struct</li> </ul> <h3>Dependencies:</h3> <ul> <li>build(deps): <code>golang.org/x/crypto</code> from 0.40.0 to 0.41.0 (<a href="https://redirect.github.com/fastly/go-fastly/pull/740">#740</a>)</li> <li>build(deps): <code>golang.org/x/sys</code> from 0.34.0 to 0.35.0 (<a href="https://redirect.github.com/fastly/go-fastly/pull/740">#740</a>)</li> <li>build(deps): <code>github.com/stretchr/testify</code> from 1.10.0 to 1.11.0 (<a href="https://redirect.github.com/fastly/go-fastly/pull/742">#742</a>)</li> <li>build(deps): <code>github.com/stretchr/testify</code> from 1.11.0 to 1.11.1 (<a href="https://redirect.github.com/fastly/go-fastly/pull/746">#746</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/fastly/go-fastly/blob/main/CHANGELOG.md">github.com/fastly/go-fastly/v11's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/fastly/go-fastly/releases/tag/v11.3.1">v11.3.1</a> (2025-09-03)</h2> <p><a href="https://github.com/fastly/go-fastly/compare/v11.3.0...v11.3.1">Full Changelog</a></p> <h3>Bug fixes:</h3> <ul> <li>fix(logging): Add CompressionCodec and GZipLevel to HTTPS update struct</li> </ul> <h3>Dependencies:</h3> <ul> <li>build(deps): <code>golang.org/x/crypto</code> from 0.40.0 to 0.41.0 (<a href="https://redirect.github.com/fastly/go-fastly/pull/740">#740</a>)</li> <li>build(deps): <code>golang.org/x/sys</code> from 0.34.0 to 0.35.0 (<a href="https://redirect.github.com/fastly/go-fastly/pull/740">#740</a>)</li> <li>build(deps): <code>github.com/stretchr/testify</code> from 1.10.0 to 1.11.0 (<a href="https://redirect.github.com/fastly/go-fastly/pull/742">#742</a>)</li> <li>build(deps): <code>github.com/stretchr/testify</code> from 1.11.0 to 1.11.1 (<a href="https://redirect.github.com/fastly/go-fastly/pull/746">#746</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fastly/go-fastly/commit/e5d5dbd756cef0a941968e5bea5e981bff59549a"><code>e5d5dbd</code></a> release 11.3.1 (<a href="https://redirect.github.com/fastly/go-fastly/issues/748">#748</a>)</li> <li><a href="https://github.com/fastly/go-fastly/commit/19c399d0fa28a71ba1929e854bb9bb59f9817597"><code>19c399d</code></a> Add CompressionCodec and GZipLevel to Update (<a href="https://redirect.github.com/fastly/go-fastly/issues/747">#747</a>)</li> <li><a href="https://github.com/fastly/go-fastly/commit/cc9ac924f4cd6e9cc534c9ff50de5205d03282eb"><code>cc9ac92</code></a> build(deps): bump github.com/stretchr/testify from 1.11.0 to 1.11.1 in the go...</li> <li><a href="https://github.com/fastly/go-fastly/commit/1ac3a26672f2463775dff7aaaddeb31e1c203285"><code>1ac3a26</code></a> Add new section to pull request template (<a href="https://redirect.github.com/fastly/go-fastly/issues/745">#745</a>)</li> <li><a href="https://github.com/fastly/go-fastly/commit/e948bbc24e33081b4137338a071e8da4787a745b"><code>e948bbc</code></a> Remove package-level godoc about ERL being an optional platform feature. (<a href="https://redirect.github.com/fastly/go-fastly/issues/744">#744</a>)</li> <li><a href="https://github.com/fastly/go-fastly/commit/f084901183a4a0221560bf000344264b6dd79cc2"><code>f084901</code></a> build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 in the go...</li> <li><a href="https://github.com/fastly/go-fastly/commit/882655f9c5bace1cd94d909185adc2e517c5a612"><code>882655f</code></a> build(deps): bump the go-dependencies group with 2 updates (<a href="https://redirect.github.com/fastly/go-fastly/issues/740">#740</a>)</li> <li><a href="https://github.com/fastly/go-fastly/commit/1a79824469ae45b5af8b74e0422c3910556b9fac"><code>1a79824</code></a> Update CHANGELOG.md (<a href="https://redirect.github.com/fastly/go-fastly/issues/739">#739</a>)</li> <li>See full diff in <a href="https://github.com/fastly/go-fastly/compare/v11.3.0...v11.3.1">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/crypto` from 0.41.0 to 0.42.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/5307a0ce6db8057c8d7c4378dc4bd715b4985ba1"><code>5307a0c</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/9d779377cff7ff1f58520cc044fb90b10ddfc561"><code>9d77937</code></a> acme: include order problem in OrderError</li> <li><a href="https://github.com/golang/crypto/commit/8f580defa01dec23898d3cd27f6369cdcc62f71f"><code>8f580de</code></a> ssh: remove Go 1.24 build tag for ML-KEM kex</li> <li><a href="https://github.com/golang/crypto/commit/a4d1237429d6056ef197b0b911b8b9d7dca8ecf6"><code>a4d1237</code></a> ssh/knownhosts: improve IPv6 support in Normalize</li> <li><a href="https://github.com/golang/crypto/commit/b8d8dae13d7dda8706ca2ab98934ad404aacae22"><code>b8d8dae</code></a> curve25519: include potential fips140=only error in panic message</li> <li><a href="https://github.com/golang/crypto/commit/f5a2eabcab987dc84f30d5479ed5c5605b5de634"><code>f5a2eab</code></a> ssh: use curve25519.X25519 instead of curve25519.ScalarMult</li> <li><a href="https://github.com/golang/crypto/commit/44ecf3af9978b32529ce689a6964bd557c79aa1c"><code>44ecf3a</code></a> all: upgrade go directive to at least 1.24.0 [generated]</li> <li>See full diff in <a href="https://github.com/golang/crypto/compare/v0.41.0...v0.42.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/mod` from 0.27.0 to 0.28.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/mod/commit/1759e969dad244f2f1a18cb367aff8614384ffe4"><code>1759e96</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/mod/commit/f060e16ef6180dd29cfa2a803bd919f05ad55a88"><code>f060e16</code></a> all: upgrade go directive to at least 1.24.0 [generated]</li> <li>See full diff in <a href="https://github.com/golang/mod/compare/v0.27.0...v0.28.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/oauth2` from 0.30.0 to 0.31.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/oauth2/commit/014cf778b444f29c82ececa4f3ec1f6fe3db3eaf"><code>014cf77</code></a> all: upgrade go directive to at least 1.24.0 [generated]</li> <li><a href="https://github.com/golang/oauth2/commit/3c76ce5d23d0d48721316e7631625ce32afaa14b"><code>3c76ce5</code></a> endpoints: correct Naver OAuth2 endpoint URLs</li> <li>See full diff in <a href="https://github.com/golang/oauth2/compare/v0.30.0...v0.31.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/sync` from 0.16.0 to 0.17.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/sync/commit/04914c200cb38d4ea960ee6a4c314a028c632991"><code>04914c2</code></a> all: upgrade go directive to at least 1.24.0 [generated]</li> <li>See full diff in <a href="https://github.com/golang/sync/compare/v0.16.0...v0.17.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/text` from 0.28.0 to 0.29.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/text/commit/e69f31bf9cf2f46bd3325bc9bad37fe9001731c2"><code>e69f31b</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/text/commit/60c9786d9e6cc83e1900ce976fdba2e1c327d220"><code>60c9786</code></a> all: upgrade go directive to at least 1.24.0 [generated]</li> <li>See full diff in <a href="https://github.com/golang/text/compare/v0.28.0...v0.29.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…ifest file update (fastly#1535) ### Change summary This PR updates `MarshalTOML()` for `manifest/File` such that the `[local_server.pushpin]` section and its fields persist when the file is written. * The `pushpin` section as well as its individual fields are now optional, such that it will be able to persist the file back as it was before starting. * `[local_server.pushpin]` has been added to `fastly-viceroy-update.toml`, which is used by the test `TestManifestPersistsLocalServerSection`, ensuring that the section is written out and reads back in to the same value. This fixes fastly#1532. * [x] Have you followed the guidelines in our Contributing document? * [x] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change? ### Changes to Core Features: * [x] Have you successfully run tests with your changes locally? ### User Impact * [x] What is the user impact of this change? Users can now safely run CLI commands that modify fastly.toml without losing their `[local_server.pushpin]` section. ### Are there any considerations that need to be addressed for release? Since this overwrite happens right after initializing an app from the starter kit, this would be nice to get out asap. Would be great if this can be released as a quick patch release such as 11.5.1. --------- Co-authored-by: Richard Carillo <77027245+rcaril@users.noreply.github.com>

All Submissions: ### New Feature Submissions: * [x] Does your submission pass tests? ### Changes to Core Features: * [x] Have you added an explanation of what your changes do and why you'd like us to include them? * [x] Have you written new tests for your core changes, as applicable? * [x] Have you successfully run tests with your changes locally? ### User Impact - New `get` command that only provides the `value` of a `key` - Updated the `describe` to now only provide the attributes of a key, rather than the value of a key itself ### Are there any considerations that need to be addressed for release? The following features are now supported: ### Create: - add - append - prepend - metadata - if_generation_match - background_fetch ### Delete - if_generation_match - force ### Describe - if_generation_match - metadata ### Get - if_generation_match ## Tests: ``` make test TEST_ARGS="-run TestCreateCommand ./pkg/commands/kvstoreentry/" ok github.com/fastly/cli/pkg/commands/kvstoreentry 1.105s make test TEST_ARGS="-run TestGetCommand ./pkg/commands/kvstoreentry/" ok github.com/fastly/cli/pkg/commands/kvstoreentry 1.083s make test TEST_ARGS="-run TestDescribeCommand ./pkg/commands/kvstoreentry/" ok github.com/fastly/cli/pkg/commands/kvstoreentry 1.069s make test TEST_ARGS="-run TestDeleteCommand ./pkg/commands/kvstoreentry/" ok github.com/fastly/cli/pkg/commands/kvstoreentry 1.103s ``` --------- Co-authored-by: Kevin P. Fleming <kpfleming@users.noreply.github.com>

### Change summary  All Submissions: * [x] Have you followed the guidelines in our Contributing document? * [x] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change?  ### New Feature Submissions: * [x] Does your submission pass tests?

Bumps the go-dependencies group with 2 updates: [github.com/hashicorp/cap](https://github.com/hashicorp/cap) and [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc). Updates `github.com/hashicorp/cap` from 0.10.0 to 0.11.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/cap/releases">github.com/hashicorp/cap's releases</a>.</em></p> <blockquote> <h2>v0.11.0</h2> <h2>What's Changed</h2> <ul> <li>fix (ldap): fix slice append to be concurrent safe by <a href="https://github.com/jimlambrt"><code>@jimlambrt</code></a> in <a href="https://redirect.github.com/hashicorp/cap/pull/167">hashicorp/cap#167</a></li> <li>chore: update changelog for v0.11.0 by <a href="https://github.com/jimlambrt"><code>@jimlambrt</code></a> in <a href="https://redirect.github.com/hashicorp/cap/pull/168">hashicorp/cap#168</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/hashicorp/cap/compare/v0.10.0...v0.11.0">https://github.com/hashicorp/cap/compare/v0.10.0...v0.11.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hashicorp/cap/blob/main/CHANGELOG.md">github.com/hashicorp/cap's changelog</a>.</em></p> <blockquote> <h2>0.11.0</h2> <ul> <li>fix (ldap): fix slice append to be concurrent safe when searching for ldap groups ( [PR <a href="https://redirect.github.com/hashicorp/cap/issues/167">#167</a>](<a href="https://redirect.github.com/hashicorp/cap/pull/167">hashicorp/cap#167</a>))</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hashicorp/cap/commit/70a13e3d0b472b4d6c12aec92361724741e6a451"><code>70a13e3</code></a> chore: update changelog for v0.11.0 (<a href="https://redirect.github.com/hashicorp/cap/issues/168">#168</a>)</li> <li><a href="https://github.com/hashicorp/cap/commit/44d01434c2859a70918bef1437f7d3497d1cdf61"><code>44d0143</code></a> fix (ldap): fix slice append to be concurrent safe (<a href="https://redirect.github.com/hashicorp/cap/issues/167">#167</a>)</li> <li>See full diff in <a href="https://github.com/hashicorp/cap/compare/v0.10.0...v0.11.0">compare view</a></li> </ul> </details> <br /> Updates `github.com/coreos/go-oidc/v3` from 3.15.0 to 3.16.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/coreos/go-oidc/releases">github.com/coreos/go-oidc/v3's releases</a>.</em></p> <blockquote> <h2>v3.16.0</h2> <h2>What's Changed</h2> <ul> <li>refactor: Remove unused time injection from RemoteKeySet by <a href="https://github.com/ponimas"><code>@ponimas</code></a> in <a href="https://redirect.github.com/coreos/go-oidc/pull/466">coreos/go-oidc#466</a></li> <li>bump go to 1.24, remove 1.23 support, bump go-jose dependency, remove x/net dependency by <a href="https://github.com/wardviaene"><code>@wardviaene</code></a> in <a href="https://redirect.github.com/coreos/go-oidc/pull/467">coreos/go-oidc#467</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/wardviaene"><code>@wardviaene</code></a> made their first contribution in <a href="https://redirect.github.com/coreos/go-oidc/pull/467">coreos/go-oidc#467</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/coreos/go-oidc/compare/v3.15.0...v3.16.0">https://github.com/coreos/go-oidc/compare/v3.15.0...v3.16.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/coreos/go-oidc/commit/e9584733f8bb6c4683d1e98b4fb22eee121f7dff"><code>e958473</code></a> bump go to 1.24, remove 1.23 support, bump go-jose dependency, remove x/net d...</li> <li><a href="https://github.com/coreos/go-oidc/commit/69b167061fdb7270ef965f150ea6aabe11678728"><code>69b1670</code></a> refactor: Remove unused time injection from RemoteKeySet</li> <li>See full diff in <a href="https://github.com/coreos/go-oidc/compare/v3.15.0...v3.16.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

As part of issue 1353, the service-version clone command is missing the option for JSON output and to use it in scripts the output need to be parsed. This commit adds functionality to accept the --json argument to the service-version clone command and outputs the appropriate format. Unit tests passing.

Bumps the go-dependencies group with 7 updates: | Package | From | To | | --- | --- | --- | | [golang.org/x/sys](https://github.com/golang/sys) | `0.36.0` | `0.37.0` | | [golang.org/x/term](https://github.com/golang/term) | `0.35.0` | `0.36.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.42.0` | `0.43.0` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.28.0` | `0.29.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.44.0` | `0.45.0` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.31.0` | `0.32.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.29.0` | `0.30.0` | Updates `golang.org/x/sys` from 0.36.0 to 0.37.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/sys/commit/1edeebeea09c66c5a886ccfefb1be5dafac5c893"><code>1edeebe</code></a> unix: mkall.sh: fail if docker build failed</li> <li><a href="https://github.com/golang/sys/commit/ecada541268c911af0ea4e4e1d5b1b9ae9350f8a"><code>ecada54</code></a> unix: use slices.{Equal,Sort} in tests</li> <li><a href="https://github.com/golang/sys/commit/5e63aa5e0fdbc13e970e0b19c47af41dd3c96f45"><code>5e63aa5</code></a> windows: export O_FILE_FLAG_* to be used in os.OpenFile on windows</li> <li><a href="https://github.com/golang/sys/commit/033906b9f001ad8de67ebafbb9838f968715b74d"><code>033906b</code></a> unix: add (*CPUSet).Fill helper to enable all CPUs</li> <li><a href="https://github.com/golang/sys/commit/6be6c584a2e8031375fd3950a9b7bd9a867af5ee"><code>6be6c58</code></a> windows: add FlushConsoleInputBuffer and GetNumberOfConsoleInputEvents</li> <li><a href="https://github.com/golang/sys/commit/32e203842b823da11129bd4fafb58a2e67d49b6f"><code>32e2038</code></a> unix: use Go 1.21+ clear built-in</li> <li><a href="https://github.com/golang/sys/commit/137f2eda356924019c101f440bbbc0270ddd857f"><code>137f2ed</code></a> sys: add support for NetBSD getvfsstat</li> <li>See full diff in <a href="https://github.com/golang/sys/compare/v0.36.0...v0.37.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/term` from 0.35.0 to 0.36.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/term/commit/3a0828a6667fd19fb680702513ff01f7afe76772"><code>3a0828a</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/term/compare/v0.35.0...v0.36.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/crypto` from 0.42.0 to 0.43.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/627cb894b6b2021e34c4ad4af4c0a963127491e4"><code>627cb89</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/dca4914afe94ebd485672b06b9a120e18b452533"><code>dca4914</code></a> acme: fix autocert TestHTTPHandlerDefaultFallback</li> <li><a href="https://github.com/golang/crypto/commit/1336e21bd6f39d1ab82ca6412693849c2d120e1d"><code>1336e21</code></a> x509roots/fallback: update bundle</li> <li><a href="https://github.com/golang/crypto/commit/2beaa59a3c994e5d01b6d58dc348dcd6d814ef26"><code>2beaa59</code></a> ssh: add VerifiedPublicKeyCallback</li> <li><a href="https://github.com/golang/crypto/commit/66c3d8ce714c31eb5a8adb6c931b4e29f5bebcf5"><code>66c3d8c</code></a> ssh: add support for FIPS mode</li> <li><a href="https://github.com/golang/crypto/commit/ddb4e80c6ad38c8a94001924a6ff8424f5cae369"><code>ddb4e80</code></a> ssh: remove custom contains, use slices.Contains</li> <li><a href="https://github.com/golang/crypto/commit/f4d47b0db5875e61dd52acdb63be800177ab48bb"><code>f4d47b0</code></a> ssh: return clearer error when signature algorithm is used as key format</li> <li><a href="https://github.com/golang/crypto/commit/96dc232fbd7928e9c23da42e770c8b79a2348d86"><code>96dc232</code></a> x509roots/fallback/bundle: add bundle package to export root certs</li> <li><a href="https://github.com/golang/crypto/commit/8c9ba318361080ea198c7461b6db621022d0a88e"><code>8c9ba31</code></a> all: freeze and deprecate more packages</li> <li><a href="https://github.com/golang/crypto/commit/559e062ce8bfd6a39925294620b50906ca2a6f95"><code>559e062</code></a> ssh/agent: return an error for unexpected message types</li> <li>See full diff in <a href="https://github.com/golang/crypto/compare/v0.42.0...v0.43.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/mod` from 0.28.0 to 0.29.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/mod/commit/bba3e065a67271df90253c78c98f2cea7f572948"><code>bba3e06</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/mod/compare/v0.28.0...v0.29.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/net` from 0.44.0 to 0.45.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/net/commit/59706cdaa8f95502fdec64b67b4c61d6ca58727d"><code>59706cd</code></a> html: impose open element stack size limit</li> <li><a href="https://github.com/golang/net/commit/6ec8895aa5f6594da7356da7d341b98133629009"><code>6ec8895</code></a> html: align in row insertion mode with spec</li> <li><a href="https://github.com/golang/net/commit/539356380d28a16325ff967d5c20c143f1d3d2c8"><code>5393563</code></a> http2: fix RFC 9218 write scheduler not being idempotent</li> <li><a href="https://github.com/golang/net/commit/b2ab3712bcebf329a84241fdd92c9210dc40e6f1"><code>b2ab371</code></a> internal/httpsfv: implement parsing support for date and display string</li> <li><a href="https://github.com/golang/net/commit/edb764c2296fdbcd9955bdc3ef9a67394824569d"><code>edb764c</code></a> internal/httpsfv: add parsing functionality for types defined in RFC 8941</li> <li><a href="https://github.com/golang/net/commit/fbba2c22cbf63a61f869b5f69e1a8052166ba088"><code>fbba2c2</code></a> internal/httpsfv: add support for consuming Display String and Date type</li> <li><a href="https://github.com/golang/net/commit/47a241fc51f963a97809506a57a5d0316709ca32"><code>47a241f</code></a> http2: make the error channel pool per-Server</li> <li><a href="https://github.com/golang/net/commit/51f657b16c625841a01874388d4a7e3765c40dfb"><code>51f657b</code></a> webdav/internal/xml: use the built-in min function</li> <li><a href="https://github.com/golang/net/commit/f2e909b982692b7382be0f856e1d415ac86f44e1"><code>f2e909b</code></a> internal/httpsfv: implement parsing support for Dictionary and List type.</li> <li><a href="https://github.com/golang/net/commit/7d8cfcee6ce7b6f612782f2f877c3fa76d157d17"><code>7d8cfce</code></a> internal/httpsfv: add support for Bare Inner List and Item type.</li> <li>Additional commits viewable in <a href="https://github.com/golang/net/compare/v0.44.0...v0.45.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/oauth2` from 0.31.0 to 0.32.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/oauth2/commit/792c8776358f0c8689d84eef0d0c966937d560fb"><code>792c877</code></a> oauth2: use strings.Builder instead of bytes.Buffer</li> <li>See full diff in <a href="https://github.com/golang/oauth2/compare/v0.31.0...v0.32.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/text` from 0.29.0 to 0.30.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/text/commit/c6abd0305e90ada9293824462268d0ec20d02e5e"><code>c6abd03</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/text/commit/42f038dad6d204bacd83c23ca0f312d8866039ce"><code>42f038d</code></a> x/text: fix nil dereference in gotext extract</li> <li><a href="https://github.com/golang/text/commit/a42f0e2da638996f313ef6dbbe3a4435533fbd97"><code>a42f0e2</code></a> all: use built-in max/min to simplify the code</li> <li>See full diff in <a href="https://github.com/golang/text/compare/v0.29.0...v0.30.0">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | golang.org/x/net | [>= 0.38.a, < 0.39] | </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…astly#1552) ### Change summary Addresses fastly#1551  All Submissions: * [x] Have you followed the guidelines in our Contributing document? * [x] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change?  ### New Feature Submissions: * [ ] Does your submission pass tests?

Bumps the go-dependencies group with 2 updates: [github.com/klauspost/compress](https://github.com/klauspost/compress) and [golang.org/x/net](https://github.com/golang/net). Updates `github.com/klauspost/compress` from 1.18.0 to 1.18.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/klauspost/compress/releases">github.com/klauspost/compress's releases</a>.</em></p> <blockquote> <h2>v1.18.1</h2> <h2>What's Changed</h2> <ul> <li>zstd: Fix incorrect buffer size in dictionary encodes by <a href="https://github.com/klauspost"><code>@klauspost</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/1059">klauspost/compress#1059</a></li> <li>s2: check for cap, not len of buffer in EncodeBetter/Best by <a href="https://github.com/vdarulis"><code>@vdarulis</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/1080">klauspost/compress#1080</a></li> <li>zstd: Add simple zstd EncodeTo/DecodeTo functions by <a href="https://github.com/klauspost"><code>@klauspost</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/1079">klauspost/compress#1079</a></li> <li>zlib: Avoiding extra allocation in zlib.reader.Reset by <a href="https://github.com/travelpolicy"><code>@travelpolicy</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/1086">klauspost/compress#1086</a></li> <li>gzhttp: remove redundant err check in zstdReader by <a href="https://github.com/ryanfowler"><code>@ryanfowler</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/1090">klauspost/compress#1090</a></li> <li>Run modernize. Deprecate Go 1.22 by <a href="https://github.com/klauspost"><code>@klauspost</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/1095">klauspost/compress#1095</a></li> <li>flate: Simplify matchlen by <a href="https://github.com/klauspost"><code>@klauspost</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/1101">klauspost/compress#1101</a></li> <li>flate: Add examples by <a href="https://github.com/klauspost"><code>@klauspost</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/1102">klauspost/compress#1102</a></li> <li>flate: Use exact sizes for huffman tables by <a href="https://github.com/klauspost"><code>@klauspost</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/1103">klauspost/compress#1103</a></li> <li>flate: Faster load+store by <a href="https://github.com/klauspost"><code>@klauspost</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/1104">klauspost/compress#1104</a></li> <li>Add notice to S2 about MinLZ by <a href="https://github.com/klauspost"><code>@klauspost</code></a> in <a href="https://redirect.github.com/klauspost/compress/pull/1065">klauspost/compress#1065</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/wooffie"><code>@wooffie</code></a> made their first contribution in <a href="https://redirect.github.com/klauspost/compress/pull/1069">klauspost/compress#1069</a></li> <li><a href="https://github.com/vdarulis"><code>@vdarulis</code></a> made their first contribution in <a href="https://redirect.github.com/klauspost/compress/pull/1080">klauspost/compress#1080</a></li> <li><a href="https://github.com/travelpolicy"><code>@travelpolicy</code></a> made their first contribution in <a href="https://redirect.github.com/klauspost/compress/pull/1086">klauspost/compress#1086</a></li> <li><a href="https://github.com/ryanfowler"><code>@ryanfowler</code></a> made their first contribution in <a href="https://redirect.github.com/klauspost/compress/pull/1090">klauspost/compress#1090</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/klauspost/compress/compare/v1.18.0...v1.18.1">https://github.com/klauspost/compress/compare/v1.18.0...v1.18.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/klauspost/compress/commit/d10b5259eef9d3da9a58bedad041b36731967489"><code>d10b525</code></a> build(deps): bump the github-actions group with 2 updates (<a href="https://redirect.github.com/klauspost/compress/issues/1105">#1105</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/3c0d30844ced777738c26ca35394953ceb2073ae"><code>3c0d308</code></a> flate: Faster load+st0re (<a href="https://redirect.github.com/klauspost/compress/issues/1104">#1104</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/6e2f5d5b240137060e9d7c44f3c31bad2927593f"><code>6e2f5d5</code></a> flate: Use exact sizes for huffman tables (<a href="https://redirect.github.com/klauspost/compress/issues/1103">#1103</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/bda824b0286d81f2a988c89f9a8c913607e67c36"><code>bda824b</code></a> flate: Add examples (<a href="https://redirect.github.com/klauspost/compress/issues/1102">#1102</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/f44517c79cda0344a79a31a31d09cc8a532e920e"><code>f44517c</code></a> flate: Simplify matchlen (<a href="https://redirect.github.com/klauspost/compress/issues/1101">#1101</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/54cb7a5e7c540cf0b50aaa5dd36a3721db2af1e5"><code>54cb7a5</code></a> build(deps): bump the github-actions group with 3 updates (<a href="https://redirect.github.com/klauspost/compress/issues/1096">#1096</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/c43fcbb924ee8bc8453998094924d896bbe61f3a"><code>c43fcbb</code></a> Run modernize. Deprecate Go 1.22 (<a href="https://redirect.github.com/klauspost/compress/issues/1095">#1095</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/86a9489c72d0742ebe66ee9543d0f78abd82ebcd"><code>86a9489</code></a> gzhttp: remove redundant err check in zstdReader (<a href="https://redirect.github.com/klauspost/compress/issues/1090">#1090</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/ad4a0301d09c368139fd8171be06a8e0508d6088"><code>ad4a030</code></a> build(deps): bump github/codeql-action in the github-actions group (<a href="https://redirect.github.com/klauspost/compress/issues/1087">#1087</a>)</li> <li><a href="https://github.com/klauspost/compress/commit/1a8c0e48e1fa4245694103fc47721c83a9135588"><code>1a8c0e4</code></a> Avoiding extra allocation in Reset (<a href="https://redirect.github.com/klauspost/compress/issues/1086">#1086</a>)</li> <li>Additional commits viewable in <a href="https://github.com/klauspost/compress/compare/v1.18.0...v1.18.1">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/net` from 0.45.0 to 0.46.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/net/commit/2002a064a49010d8b881673c73f04e0b741e7c32"><code>2002a06</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/net/compare/v0.45.0...v0.46.0">compare view</a></li> </ul> </details> <br /> <details> <summary>Most Recent Ignore Conditions Applied to This Pull Request</summary> | Dependency Name | Ignore Conditions | | --- | --- | | golang.org/x/net | [>= 0.38.a, < 0.39] | </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…astly#1556) Add "file not found" to the `ErrReadingManifest` error message to make it clearer that the file doesn't exist, rather than a parsing or permission error. ### Change summary The current error message "error reading fastly.toml" is somewhat ambiguous and doesn't clearly indicate whether the file is missing or has parsing errors. The remediation text was present but it still seems easy to misinterpret the actual problem (as proven by it managing to throw both me, Claude and ChatGPT off 😅). This change adds ": file not found" to the error message to make it even more apparent that the file doesn't exist. **Before:** ERROR: error reading fastly.toml. Ensure the Fastly CLI is being run within a directory containing a fastly.toml file... **After:** ERROR: error reading fastly.toml: file not found. Ensure the Fastly CLI is being run within a directory containing a fastly.toml file... All Submissions: * [x] Have you followed the guidelines in our Contributing document? * [x] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change? ### Changes to Core Features: * [x] Have you written new tests for your core changes, as applicable? * [ ] Have you successfully run tests with your changes locally? ### User Impact * Users will now more easily understand that the `fastly.toml` file is missing.

) Bumps the gha-dependencies group with 2 updates: [actions/setup-node](https://github.com/actions/setup-node) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/setup-node` from 5 to 6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-node/releases">actions/setup-node's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <p><strong>Breaking Changes</strong></p> <ul> <li>Limit automatic caching to npm, update workflows and documentation by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1374">actions/setup-node#1374</a></li> </ul> <p><strong>Dependency Upgrades</strong></p> <ul> <li>Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1336">#1336</a></li> <li>Upgrade prettier from 2.8.8 to 3.6.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1334">#1334</a></li> <li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1362">#1362</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v5...v6.0.0">https://github.com/actions/setup-node/compare/v5...v6.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903"><code>2028fbc</code></a> Limit automatic caching to npm, update workflows and documentation (<a href="https://redirect.github.com/actions/setup-node/issues/1374">#1374</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/13427813f706a0f6c9b74603b31103c40ab1c35a"><code>1342781</code></a> Bump actions/publish-action from 0.3.0 to 0.4.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1362">#1362</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/89d709d423dc495668cd762a18dd4a070611be3f"><code>89d709d</code></a> Bump prettier from 2.8.8 to 3.6.2 (<a href="https://redirect.github.com/actions/setup-node/issues/1334">#1334</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/cd2651c46231bc0d6f48d6b34433b845331235fe"><code>cd2651c</code></a> Bump ts-jest from 29.1.2 to 29.4.1 (<a href="https://redirect.github.com/actions/setup-node/issues/1336">#1336</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-node/compare/v5...v6">compare view</a></li> </ul> </details> <br /> Updates `actions/download-artifact` from 4 to 5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/407">actions/download-artifact#407</a></li> <li>BREAKING fix: inconsistent path behavior for single artifact downloads by ID by <a href="https://github.com/GrantBirki"><code>@GrantBirki</code></a> in <a href="https://redirect.github.com/actions/download-artifact/pull/416">actions/download-artifact#416</a></li> </ul> <h2>v5.0.0</h2> <h3>🚨 Breaking Change</h3> <p>This release fixes an inconsistency in path behavior for single artifact downloads by ID. <strong>If you're downloading single artifacts by ID, the output path may change.</strong></p> <h4>What Changed</h4> <p>Previously, <strong>single artifact downloads</strong> behaved differently depending on how you specified the artifact:</p> <ul> <li><strong>By name</strong>: <code>name: my-artifact</code> → extracted to <code>path/</code> (direct)</li> <li><strong>By ID</strong>: <code>artifact-ids: 12345</code> → extracted to <code>path/my-artifact/</code> (nested)</li> </ul> <p>Now both methods are consistent:</p> <ul> <li><strong>By name</strong>: <code>name: my-artifact</code> → extracted to <code>path/</code> (unchanged)</li> <li><strong>By ID</strong>: <code>artifact-ids: 12345</code> → extracted to <code>path/</code> (fixed - now direct)</li> </ul> <h4>Migration Guide</h4> <h5>✅ No Action Needed If:</h5> <ul> <li>You download artifacts by <strong>name</strong></li> <li>You download <strong>multiple</strong> artifacts by ID</li> <li>You already use <code>merge-multiple: true</code> as a workaround</li> </ul> <h5>⚠️ Action Required If:</h5> <p>You download <strong>single artifacts by ID</strong> and your workflows expect the nested directory structure.</p> <p><strong>Before v5 (nested structure):</strong></p> <pre lang="yaml"><code>- uses: actions/download-artifact@v4 with: artifact-ids: 12345 path: dist # Files were in: dist/my-artifact/ </code></pre> <blockquote> <p>Where <code>my-artifact</code> is the name of the artifact you previously uploaded</p> </blockquote> <p><strong>To maintain old behavior (if needed):</strong></p> <pre lang="yaml"><code></tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/download-artifact/commit/634f93cb2916e3fdff6788551b99b062d0335ce0"><code>634f93c</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/416">#416</a> from actions/single-artifact-id-download-path</li> <li><a href="https://github.com/actions/download-artifact/commit/b19ff4302770b82aa4694b63703b547756dacce6"><code>b19ff43</code></a> refactor: resolve download path correctly in artifact download tests (mainly ...</li> <li><a href="https://github.com/actions/download-artifact/commit/e262cbee4ab8c473c61c59a81ad8e9dc760e90db"><code>e262cbe</code></a> bundle dist</li> <li><a href="https://github.com/actions/download-artifact/commit/bff23f9308ceb2f06d673043ea6311519be6a87b"><code>bff23f9</code></a> update docs</li> <li><a href="https://github.com/actions/download-artifact/commit/fff8c148a8fdd56aa81fcb019f0b5f6c65700c4d"><code>fff8c14</code></a> fix download path logic when downloading a single artifact by id</li> <li><a href="https://github.com/actions/download-artifact/commit/448e3f862ab3ef47aa50ff917776823c9946035b"><code>448e3f8</code></a> Merge pull request <a href="https://redirect.github.com/actions/download-artifact/issues/407">#407</a> from actions/nebuk89-patch-1</li> <li><a href="https://github.com/actions/download-artifact/commit/47225c44b359a5155efdbbbc352041b3e249fb1b"><code>47225c4</code></a> Update README.md</li> <li>See full diff in <a href="https://github.com/actions/download-artifact/compare/v4...v5">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

### Change summary  Allow for future commands to add an optional `-workspace-id` flag that will check for `FASTLY_WORKSPACE_ID` in env vars if no value is supplied All Submissions: * [x] Have you followed the guidelines in our Contributing document? * [x] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change?  ### New Feature Submissions: * [ ] Does your submission pass tests?

…rs to reflect expected input from API (fastly#1562) ### Change summary This fixes fastly#1329. This PR correctly maps the required fields for creating a TLS Activation. Previously we were inputting a unclear `id` field and not intaking the required `tls_domain` api field. The input flags have been updated to require the following flags instead: ``` --cert-id=CERT-ID Alphanumeric string identifying a TLS certificate --tls-config-id=TLS-CONFIG-ID Alphanumeric string identifying a TLS configuration --tls-domain=TLS-DOMAIN The domain name associated with the TLS activation ``` All Submissions: * [x] Have you followed the guidelines in our Contributing document? * [x] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change?  ### New Feature Submissions: * [x] Does your submission pass tests? ### Changes to Core Features: * [x] Have you written new tests for your core changes, as applicable? * [x] Have you successfully run tests with your changes locally? ### User Impact Users may now use the CLI for creating new TLS activations. ### Are there any considerations that need to be addressed for release? This is a breaking change as we are modifying command parameters.

…0 in the go-dependencies group (fastly#1564) Bumps the go-dependencies group with 1 update: [github.com/clipperhouse/uax29/v2](https://github.com/clipperhouse/uax29). Updates `github.com/clipperhouse/uax29/v2` from 2.2.0 to 2.3.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/clipperhouse/uax29/commit/7fc6f851f05f9773d1cb1921a5baed4eb0d2785f"><code>7fc6f85</code></a> Tighter</li> <li><a href="https://github.com/clipperhouse/uax29/commit/2a292dce29c76155b8afa8f049305ea2277bc9d4"><code>2a292dc</code></a> tidy</li> <li><a href="https://github.com/clipperhouse/uax29/commit/06e168f705fc96f8e9935aad8ba5625009a92d18"><code>06e168f</code></a> Add First method</li> <li><a href="https://github.com/clipperhouse/uax29/commit/d7be90b96f48db9b20ea2126ee728a5ae1e1c3e2"><code>d7be90b</code></a> Badges</li> <li><a href="https://github.com/clipperhouse/uax29/commit/3f278442b814abd1eea9d42d1b3ceeb8a9e08c33"><code>3f27844</code></a> Update stringish</li> <li><a href="https://github.com/clipperhouse/uax29/commit/24b37aaa1d5b2151f02472721afcf7ed7e29a791"><code>24b37aa</code></a> Comparative benchmarks (<a href="https://redirect.github.com/clipperhouse/uax29/issues/38">#38</a>)</li> <li><a href="https://github.com/clipperhouse/uax29/commit/7a6c7266563b322988724292b5dd6ad7bdc985a8"><code>7a6c726</code></a> Use external stringish package</li> <li><a href="https://github.com/clipperhouse/uax29/commit/8d213f3fce81692598b34bc00290adf384efb680"><code>8d213f3</code></a> Update README.md</li> <li><a href="https://github.com/clipperhouse/uax29/commit/e4572bd64feae45dd1ac1227a51c9e9dce4ef347"><code>e4572bd</code></a> Create LICENSE</li> <li><a href="https://github.com/clipperhouse/uax29/commit/a9cd0bfefc0c00d7f8760a47b50f4e4467ea7d07"><code>a9cd0bf</code></a> Create AGENTS.md</li> <li>Additional commits viewable in <a href="https://github.com/clipperhouse/uax29/compare/v2.2.0...v2.3.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/clipperhouse/uax29/v2&package-manager=go_modules&previous-version=2.2.0&new-version=2.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

) ### Change summary Add `node_modules/` and `target/` to default ignore patterns to prevent watching unnecessary dependency and build directories and avoid "too many open files" errors All Submissions: * [X] Have you followed the guidelines in our Contributing document? * [X] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change?  ### New Feature Submissions: * [X] Does your submission pass tests? ### Changes to Core Features: * [ ] Have you written new tests for your core changes, as applicable? * [X] Have you successfully run tests with your changes locally? ### User Impact * [ ] What is the user impact of this change? ### Are there any considerations that need to be addressed for release?

…astly#1567) Reverts fastly#1563

### Change summary The Fastly engineering team has confirmed that Rust 1.91.0 produces broken WASM packages which will crash when handling incoming requests in Compute services. This breaking change blocks that version when `fastly compute build`, `fastly compute deploy`, or `fastly compute publish` are executed. Users of this version of the CLI will see a message similar to this: ``` ✓ Verifying fastly.toml ✓ Identifying package name ✓ Identifying toolchain ERROR: version '1.91.0' of Rust has not been validated for use with Fastly Compute. Consult the Rust guide for Compute at https://www.fastly.com/documentation/guides/compute/rust/ for more information. ``` All Submissions: * [X] Have you followed the guidelines in our Contributing document? * [X] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change?

### Change summary The PR modifies the 'purge --key' command to use the bulk purge API behind the scenes. This was a necessary change due to purge requests with spaces and other characters being serialized due to the nature of the `POST /service/{service_id}/purge/{surrogate_key}` endpoint. Internal discussion on this can be found here: https://fastly.slack.com/archives/C01E7FV8P5H/p1761241147473289 All Submissions: * [x] Have you followed the guidelines in our Contributing document? * [x] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change?  ### New Feature Submissions: * [x] Does your submission pass tests? ### Changes to Core Features: * [x] Have you written new tests for your core changes, as applicable? * [x] Have you successfully run tests with your changes locally? ### User Impact This change will not apply any noticeable behavior to the end user. The commands responses will be identical. ### Are there any considerations that need to be addressed for release? Purge test file has been update to use variables instead of hard coding all test items.

…test Grip-Sig signing (fastly#1569) ### Change summary This PR updates the `pushpin.conf` generated during Pushpin integration to include the `sig_iss` and `sig_key` values: ```ini [proxy] sig_iss = viceroy sig_key = viceroy_dev_signing_key_dont_use_in_production ``` Until now, when running a Compute app locally using the Viceroy / Pushpin bridge, the backend couldn't verify requests signed via the `Grip-Sig` header because the signature was being signed by Pushpin defaults which we didn't document. This forced developers to maintain separate code paths for local vs. production (`isSigned` would be false in local, true in prod). By assigning an issuer (`viceroy`) and a deterministic symmetric key, Pushpin now produces a valid `Grip-Sig` JWT locally, allowing the same verification logic to run in both environments. > [!NOTE] > Security Note > The key `viceroy_dev_signing_key_dont_use_in_production`: > * Is dev-only, used exclusively for local Pushpin -> backend signing. > * Is deliberately low-entropy and self-descriptive so any accidental usage in production is immediately visible. > * Does not grant access to any Fastly or customer resources. (Examples below in JavaScript but origin code can be in any language) Local test code can now: ```javascript import { Publisher } from '@fanoutio/grip'; const publisher = new Publisher({ control_uri: 'http://127.0.0.1:5561/', key: undefined, verify_iss: 'viceroy', verify_key: 'viceroy_dev_signing_key_dont_use_in_production', }); ``` Production would still be: ```javascript import { Publisher } from '@fanoutio/grip'; import { PUBLIC_KEY_FASTLY_FANOUT_JWK } from '@fanoutio/grip/fastly-fanout`; const publisher = new Publisher({ control_uri: `https://api.fastly.com/service/${serviceId}`, key: FASTLY_API_TOKEN, verify_iss: `fastly:${serviceId}`, verify_key: JSON.stringify(PUBLIC_KEY_FASTLY_FANOUT_JWK), }); ``` These values can all be switched out between environments using configuration. Validation code path: ```javascript const { isProxied, isSigned } = await publisher.validateGripSig(gripSig ?? ''); // isProxied and isSigned are both true now, both in local dev and prod ``` Publish code path: ```javascript await publisher.publishHttpStream('<channel>', 'Test Publish!'); ``` (note that for local publish, `key` is not used, so it's set to undefined on the publisher config) All Submissions: * [x] Have you followed the guidelines in our Contributing document? * [x] Have you checked to ensure there aren't other open [Pull Requests](https://github.com/fastly/cli/pulls) for the same update/change? ### New Feature Submissions: * [x] Does your submission pass tests? ### Changes to Core Features: * [ ] Have you written new tests for your core changes, as applicable? * [x] Have you successfully run tests with your changes locally? ### User Impact * [ ] What is the user impact of this change? None, this enables new functionality. ### Are there any considerations that need to be addressed for release? None.

dependabot bot and others added 15 commits August 6, 2025 14:17

build(deps): bump github.com/coreos/go-oidc/v3 from 3.14.1 to 3.15.0 …

9371714

…in the go-dependencies group (fastly#1510)

build(deps): bump the gha-dependencies group with 2 updates (fastly#1515

c31f83d

)

Correct CHANGELOG entry for fastly#1509 (fastly#1519)

914f007

Format correction for this entry.

deannahburke requested a review from mdenomy August 21, 2025 20:45

dependabot bot and others added 2 commits August 21, 2025 22:24

build(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.13 in th…

13aeabf

…e go-dependencies group (fastly#1524)

mdenomy reviewed Aug 23, 2025

View reviewed changes

pkg/commands/serviceversion/clone.go Outdated Show resolved Hide resolved

mdenomy reviewed Aug 23, 2025

View reviewed changes

pkg/commands/serviceversion/clone.go Outdated Show resolved Hide resolved

rcaril and others added 10 commits August 25, 2025 13:52

Add new section to pull request template (fastly#1531)

c706754

v12.1.0 (fastly#1545)

2454072

deannahburke force-pushed the dburke/issue-1353 branch from fd891c9 to 3aaba23 Compare October 6, 2025 16:00

dependabot bot and others added 3 commits October 6, 2025 12:23

Fix linter error in clone function

261aa54

deannahburke force-pushed the dburke/issue-1353 branch from a8605cd to 261aa54 Compare October 8, 2025 19:16

dependabot bot and others added 11 commits October 14, 2025 07:06

Add changelog notes

1864a05

Fix spacing/code cleanup

9ddb27a

Fix golangci-latest job by downloading config artifact (fastly#1554)

f3db402

Remove redundant error package

16f3950

deannahburke force-pushed the dburke/issue-1353 branch from b5d87db to 16f3950 Compare October 22, 2025 19:05

rcaril and others added 10 commits October 23, 2025 16:18

Revert "fix(compute): add default ignore patterns for serve command" (f…

90a82a7

…astly#1567) Reverts fastly#1563

CHANGELOG for version 13.0.0. (fastly#1572)

a52d1a7

Change categorization from bug to feature in Changelog

d6b139c

deannahburke force-pushed the dburke/issue-1353 branch from e367d5e to d6b139c Compare November 5, 2025 20:17

Merge branch 'main' into dburke/issue-1353

e4e0dcf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dburke/issue 1353#1

Dburke/issue 1353#1
deannahburke wants to merge 61 commits intomainfrom
dburke/issue-1353

deannahburke commented Aug 21, 2025

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

13 participants

Conversation

deannahburke commented Aug 21, 2025

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

13 participants