Bump github.com/hashicorp/nomad from 1.10.5 to 1.11.0

[dependabot]

Bumps github.com/hashicorp/nomad from 1.10.5 to 1.11.0.

Release notes

Sourced from github.com/hashicorp/nomad's releases.

v1.11.0

1.11.0 (November 11, 2025)

FEATURES:

• Client Identity: Nomad clients use identities for authenticating and authorizing itself when performing RPC calls. The identities are generated and rotated automatically by Nomad servers with configurable TTLs. [GH-26291]
• Client Introduction: Nomad clients can now be introduced to the cluster using a token-based approach. Nomad servers can be configured with introduction enforcement levels which dictate how clients can join the cluster resulting in logs and metrics to detail introduction violations. [GH-26430]
• scheduler: Enable deployments for system jobs [GH-26708]
• secrets: Adds secret block for fetching and interpolating secrets in job spec [GH-26681]

BREAKING CHANGES:

• metrics: Eval broker metrics that previously used the job ID as a label will now use the parent ID of dispatch and periodic jobs [GH-26737]
• sysbatch: Submitting a sysbatch job with a reschedule block will now return an error instead of being silently ignored [GH-26279]

SECURITY:

• build: Update go-getter to 1.8.3 that prevents a partially written file from remaining on disk with permissions that didn't include the umask. [GH-27034]
• build: Update toolchain to Go 1.25.2 to address Go stdlib CVE-2025-61724, CVE-2025-61725, CVE-2025-58187, CVE-2025-61723, CVE-2025-47912, CVE-2025-58185, CVE-2025-58186, CVE-2025-58188, and CVE-2025-58183 [GH-26909]
• job: Disallow tasks using the name "alloc" which breaks inter-task filesystem isolation [GH-27001]

IMPROVEMENTS:

• api: The Evaluations.Info method of the Go API now populates the RelatedEvals field. [GH-26156]
• build: Add tzdata to Docker container final image [GH-26794]
• build: Updated Go to 1.25.1 [GH-26823]
• cli: Add -preserve-resources flag for keeping resource block when updating jobs [GH-26841]
• cli: Added related evals and placed allocations tables to the eval status command, and exposed more fields without requiring the -verbose flag. [GH-26156]
• config: Added job_max_count option to limit number of allocs for a single job [GH-26858]
• consul connect: Allow cni/* network mode; use at your own risk [GH-26449]
• install (Enterprise): Updated license information displayed during post-install [GH-26791]
• metrics: Reduce memory usage on the Nomad leader for collecting eval broker metrics. [GH-26737]
• reporting (Enterprise): Include product usage metrics with license utilization reports [GH-27005]
• scheduler: Add reconciler annotations to the output of the eval status command [GH-26188]
• scheduler: Debug-level logs emitted by the scheduler are now single-line structured logs [GH-26169]
• scheduler: For service and batch jobs, the scheduler no longer includes stops for already-stopped canaries in plans it submits. [GH-26292]
• scheduler: For service and batch jobs, the scheduler treats a group.count=0 identically to removing the task group from the job, and will stop all non-terminal allocations. [GH-26292]

DEPRECATIONS:

• api: the Resources and Reserved fields on the Node struct in the Go API are deprecated and will be removed in Nomad 1.12.0. Use the NodeResources and ReservedResources fields instead [GH-26951]

BUG FIXES:

• acl: Fixed a bug where ACL policies would silently accept invalid or duplicate blocks [GH-26836]
• auth: Fixed a bug where workload identity tokens could not be used to list or get policies from the ACL API [GH-26772]
• build: Updated toolchain to Go 1.25.3 to address bug in TLS certificate validation [GH-26949]
• client: Fix unique identifiers for templates with same content [GH-26880]
• client: restore task network status on client restart so restarted tasks receive proper networking environment variables, hosts file, and resolv.conf. [GH-26699]
• consul (Enterprise): Fixed a bug where Consul fingerprinting would generate warning logs if there was no default cluster [GH-26787]

... (truncated)

Changelog

Sourced from github.com/hashicorp/nomad's changelog.

1.11.0 (November 11, 2025)

FEATURES:

• Client Identity: Nomad clients use identities for authenticating and authorizing itself when performing RPC calls. The identities are generated and rotated automatically by Nomad servers with configurable TTLs. [GH-26291]
• Client Introduction: Nomad clients can now be introduced to the cluster using a token-based approach. Nomad servers can be configured with introduction enforcement levels which dictate how clients can join the cluster resulting in logs and metrics to detail introduction violations. [GH-26430]
• scheduler: Enable deployments for system jobs [GH-26708]
• secrets: Adds secret block for fetching and interpolating secrets in job spec [GH-26681]

BREAKING CHANGES:

• metrics: Eval broker metrics that previously used the job ID as a label will now use the parent ID of dispatch and periodic jobs [GH-26737]
• sysbatch: Submitting a sysbatch job with a reschedule block will now return an error instead of being silently ignored [GH-26279]

SECURITY:

• build: Update go-getter to 1.8.3 that prevents a partially written file from remaining on disk with permissions that didn't include the umask. [GH-27034]
• build: Update toolchain to Go 1.25.2 to address Go stdlib CVE-2025-61724, CVE-2025-61725, CVE-2025-58187, CVE-2025-61723, CVE-2025-47912, CVE-2025-58185, CVE-2025-58186, CVE-2025-58188, and CVE-2025-58183 [GH-26909]
• job: Disallow tasks using the name "alloc" which breaks inter-task filesystem isolation [GH-27001]

IMPROVEMENTS:

• api: The Evaluations.Info method of the Go API now populates the RelatedEvals field. [GH-26156]
• build: Add tzdata to Docker container final image [GH-26794]
• build: Updated Go to 1.25.1 [GH-26823]
• cli: Add -preserve-resources flag for keeping resource block when updating jobs [GH-26841]
• cli: Added related evals and placed allocations tables to the eval status command, and exposed more fields without requiring the -verbose flag. [GH-26156]
• config: Added job_max_count option to limit number of allocs for a single job [GH-26858]
• consul connect: Allow cni/* network mode; use at your own risk [GH-26449]
• install (Enterprise): Updated license information displayed during post-install [GH-26791]
• metrics: Reduce memory usage on the Nomad leader for collecting eval broker metrics. [GH-26737]
• reporting (Enterprise): Include product usage metrics with license utilization reports [GH-27005]
• scheduler: Add reconciler annotations to the output of the eval status command [GH-26188]
• scheduler: Debug-level logs emitted by the scheduler are now single-line structured logs [GH-26169]
• scheduler: For service and batch jobs, the scheduler no longer includes stops for already-stopped canaries in plans it submits. [GH-26292]
• scheduler: For service and batch jobs, the scheduler treats a group.count=0 identically to removing the task group from the job, and will stop all non-terminal allocations. [GH-26292]

DEPRECATIONS:

• api: the Resources and Reserved fields on the Node struct in the Go API are deprecated and will be removed in Nomad 1.12.0. Use the NodeResources and ReservedResources fields instead [GH-26951]

BUG FIXES:

• acl: Fixed a bug where ACL policies would silently accept invalid or duplicate blocks [GH-26836]
• auth: Fixed a bug where workload identity tokens could not be used to list or get policies from the ACL API [GH-26772]
• build: Updated toolchain to Go 1.25.3 to address bug in TLS certificate validation [GH-26949]
• client: Fix unique identifiers for templates with same content [GH-26880]
• client: restore task network status on client restart so restarted tasks receive proper networking environment variables, hosts file, and resolv.conf. [GH-26699]
• consul (Enterprise): Fixed a bug where Consul fingerprinting would generate warning logs if there was no default cluster [GH-26787]
• core: Fixed a bug where GC batch sizes for jobs resulted in excessively large Raft logs [GH-26974]

... (truncated)

Commits

• 9103d93 Generate files for 1.11.0 release
• 50fa3f5 docs: clarify relationship between max_parallel and canary for system job...
• 68f51ff prepare for 1.11 GA release (#27077)
• f4879f9 Docs: Nomad 1.11.0 release notes (#26983)
• 8bb0fb6 e2e: typo correction in testCanaryUpdate (#27076)
• c574dec Merge pull request #27067 from hashicorp/release/1.11.0-rc.1
• f70b6da e2e: correct assertion in the system deployments test (#27074)
• 80622db Prepare for next release
• c4e825d Generate files for 1.11.0-rc.1 release
• 5fa8f07 Merge pull request #27064 from hashicorp/release/1.11.0-rc.1-fixes
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @openhpi-bot.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[openhpi-bot]

@dependabot merge

[dependabot]

Beginning January 27, 2026, Dependabot will no longer support the @dependabot merge command. Please use GitHub's native pull request controls instead. Please see the changelog announcement for additional details.

[dependabot]

One of your CI runs failed on this pull request, so Dependabot won't merge it.

Dependabot will still automatically merge this pull request if you amend it and your tests pass.

[dependabot]

Superseded by #811.