DEPENDENCIES:

• build(deps): github.com/hashicorp/terraform-plugin-sdk/v2 from 2.38.2 to 2.39.0 (#1204)
• build(deps): golang.org/x/net from 0.50.0 to 0.51.0 (#1204)
• build(deps): hashicorp/setup-terraform from 3 to 4 (#1205)
• build(deps): github.com/fastly/go-fastly/v13 from 13.0.0 to 13.0.1 (#1206)

For example, if you are searching for an exact match FQDN for "example.com", you may call GET /domain-management/v1/domains?fqdn=example.com&fqdn_match=exact. Or if you want all subdomains for "example.com", you might use end_with, like this: GET /domain-management/v1/domains?fqdn=.example.com&fqdn_match=end_with.

Valid fqdn_match options are: exact, starts_with, ends_with, and contains. If no value is passed, we default to contains (which is a fuzzy match for the FQDN, the default behavior).

Documentation:

• fix(changelog): change code blocks to be all on one line #1670

BUG FIXES:

• fix(ngwaf/rules): corrected the condition type assertion for nested single conditions in a group condition (#1198)

DOCUMENTATION:

• docs(templates/guides): add a guide for adding a versionless domain to a service using a wildcard tls subscription (#1194)
• docs(templates/guides): add a guide for using versionless domains with a Certainly subscription to a new devlivery service (#1195)
• docs(templates/guides): add a guide for migrating delivery service classic domain to a versionless domain (#1202)
• docs(templates/guides): add a guide for linking versionless domains to a service when the domains are not managed in Terraform (#1199)
• docs(templates/guides): add a guide for migrating from the deprecated 'fastly_domain_v1' and 'fastly_domain_v1_service_link' resources and data sources (#1200)
• docs(ngwaf/rules): updated list of supported values for the 'operator' field for NGWAF WAF rule conditions (#1201)

BREAKING CHANGES

This release of the Fastly CLI includes a significant reorganization of the commands which are used to manage the configuration of Fastly services (both Delivery and Compute services). Specifically, each of the command families listed below have been changed from fastly <family> create/delete/describe/list/update to fastly service <family> create/delete/describe/list/update. For nearly all of these command families, the previous commands are still available but are not listed in the fastly help output. In addition, invocations of the previous commands will generate a deprecation message, which includes the new command that should be used instead.

The fastly domain family of commands are the lone exception; those commands exist in both the old and new forms, but the top-level commands are used to manage 'versionless' domains (a new feature of the Fastly platform, and those commands were previously named fastly domain-v1 create/delete/describe/list/update), while the service-level commands are used to manage 'classic' domains. As a result, you will need to update any scripts or workflows which used the fastly domain create/delete/describe/list/update commands to use the fastly service domain create/delete/describe/list/update commands instead.

The command families which have been reorganized and are available in both the old and new forms are:

• acl
• aclentry
• alert
• backend
• dictionary
• dictionary-entry
• healthcheck
• imageoptimizerdefaults
• logging
• purge
• rate-limit
• resource-link
• service-auth
• service-version
• vcl

Breaking:

• breaking(domain) - service-version oriented domain commands have been moved under the service domain command. Versionless domain-v1 commands have been moved to the domain command (#1615)

Deprecations:

• deprecated(auth): fastly profile, fastly sso, and fastly auth-token command trees are deprecated and will be removed in a future release. Use fastly auth subcommands instead.
• deprecated(auth): --profile and --enable-sso global flags are deprecated. Use --token <name> to select a stored auth token by name, or fastly auth login --sso --token <name> for SSO.

Enhancements:

• feat(auth): auth login --sso now requires --token <name> to explicitly name the stored token. This prevents accidentally overwriting tokens in multi-user SSO workflows.
• feat(auth): add FASTLY_DISABLE_AUTH_COMMAND env var to hide the fastly auth command tree from help, completions, and invocation.
• feat(auth): when FASTLY_DISABLE_AUTH_COMMAND is set, the --token/-t global flag is also disabled. Use FASTLY_API_TOKEN or stored config tokens instead.
• feat(ngwaf/rules): Upgrade go-fastly to v13.0.0 and allow ngwaf rules to accept multival conditions (#1655)
• feat(rust): Allow testing with prerelease Rust versions (#1604)
• feat(compute/hashfiles): remove hashsum subcommand (#1608)
• feat(ngwaf/rules): add support for CRUD operations for NGWAF rules (#1605)
• feat(compute/deploy): added the --no-default-domain flag to allow for the skipping of automatic domain creation when deploying a Compute service(#1610)
• refactor(argparser/flags.go): add flag conversion utilities for converting string flags to bools and checking ascending and desecnding flags (#1611)
• feat(service/purge): Add 'service purge' command as replacement for 'purge', with an unlisted and deprecated alias of 'purge'. (#1612)
• feat(service/version): Add 'service version ..' commands as replacements for 'service-version ..', with unlisted and deprecated aliases of 'service-version ..'. (#1614)
• feat(service/vcl): moved the vcl command under the service command, with an unlisted and deprecated alias of vcl (#1616)
• feat(service/healthcheck): moved the healthcheck command under the service command, with an unlisted and deprecated alias of healthcheck (#1619)
• feat(service/backend): moved the backend command under the service command, with an unlisted and deprecated alias of backend (#1621)
• feat(service/acl): moved the acl and aclentry commands under the service command, with a unlisted and deprecated aliases of acl and aclentry (#1621)
• feat(version): If the latest version is at least one major version higher than the current version, provide links to the release notes for the major version(s) so the user can review them before upgrading. (#1623)
• feat(service/imageoptimizerdefaults): moved the imageoptimizerdefaults commands under the service command, with an unlisted and deprecated alias of imageoptimizerdefaults (#1627)
• feat(service/alert): moved the alerts command to the service alert command, with an unlisted and deprecated alias of alerts (#1616)
• feat(service/dictionary-entry): moved the dictionary-entry commands under the service command, with an unlisted and deprecated alias of dictionary-entry (#1628)
• feat(service/dictionary): moved the dictionary command under the service command, with an unlisted and deprecated alias of dictionary (#1621)
• feat(service/ratelimit): moved the rate-limit commands under the service command, with an unlisted and deprecated alias of rate-limit (#1632)
• feat(compute/build): Remove Rust version restriction, allowing 1.93.0 and later versions to be used. (#1633)
• feat(service/resourcelink): moved the resource-link commands under the service command, with an unlisted and deprecated alias of resource-link (#1635)
• feat(service/logging): moved the logging commands under the service command, with an unlisted and deprecated alias of logging (#1642)
• feat(service/auth): moved the service-auth commands under the service command and renamed to auth, with an unlisted and deprecated alias of service-auth (#1643)
• feat(compute/build): Block version 1.93.0 of Rust to avoid a wasm32-wasip2 bug. (#1653)
• feat(service/vcl): escape control characters when displaying VCL content for cleaner terminal output (#1637)

Bug fixes:

• fix(docker): Use base image toolchain instead of reinstalling stable, which could pull in an unvalidated Rust version.
• fix(compute/serve): ensure hostname has a port number when building pushpin routes (#1631)
• fix(manifest): Correct setup.Defined to include checks for ObjectStores and SecretStores (#1639)

Dependencies:

• build(deps): golang from 1.24 to 1.25 (#1651)
• build(deps): actions/upload-artifact from 5 to 6 (#1603)
• build(deps): actions/download-artifact from 6 to 7 (#1603)
• build(deps): golang.org/x/term from 0.37.0 to 0.38.0 (#1602)
• build(deps): golang.org/x/crypto from 0.45.0 to 0.46.0 (#1602)
• build(deps): golang.org/x/mod from 0.30.0 to 0.31.0 (#1602)
• build(deps): golang.org/x/net from 0.47.0 to 0.48.0 (#1602)
• build(deps): golang.org/x/text from 0.31.0 to 0.32.0 (#1602)
• build(deps): github.com/pierrec/lz4/v4 from 4.1.22 to 4.1.23 (#1606)
• build(deps): github.com/google/go-querystring from 1.1.0 to 1.2.0 (#1607)
• build(deps): golang.org/x/sys from 0.39.0 to 0.40.0 (#1613)
• build(deps): golang.org/x/term from 0.38.0 to 0.39.0 (#1613)
• build(deps): golang.org/x/crypto from 0.46.0 to 0.47.0 (#1613)
• build(deps): golang.org/x/mod from 0.31.0 to 0.32.0 (#1613)
• build(deps): golang.org/x/net from 0.48.0 to 0.49.0 (#1613)
• build(deps): golang.org/x/text from 0.32.0 to 0.33.0 (#1613)
• build(deps): github.com/fastly/go-fastly/v13 from 12.1.0 to 12.1.1 (#1613)
• build(deps): github.com/clipperhouse/uax29/v2 from 2.3.0 to 2.3.1 (#1625)
• build(deps): github.com/klauspost/compress from 1.18.2 to 1.18.3 (#1625)
• build(deps): github.com/pierrec/lz4/v4 from 4.1.23 to 4.1.25 (#1625)
• build(deps): github.com/clipperhouse/uax29/v2 from 2.3.1 to 2.4.0 (#1634)
• build(deps): github.com/clipperhouse/uax29/v2 from 2.4.0 to 2.5.0 (#1647)
• build(deps): golang.org/x/sys from 0.40.0 to 0.41.0 (#1652)
• build(deps): golang.org/x/term from 0.39.0 to 0.40.0 (#1652)
• build(deps): golang.org/x/crypto from 0.47.0 to 0.48.0 (#1652)
• build(deps): golang.org/x/mod from 0.32.0 to 0.33.0 (#1652)
• build(deps): github.com/clipperhouse/uax29/v2 from 2.5.0 to 2.6.0 (#1652)
• build(deps): github.com/klauspost/compress from 1.18.3 to 1.18.4 (#1652)
• build(deps): golang.org/x/net from 0.49.0 to 0.50.0 (#1652)
• build(deps): golang.org/x/oauth2 from 0.34.0 to 0.35.0 (#1652)
• build(deps): golang.org/x/text from 0.33.0 to 0.34.0 (#1652)
• build(deps): github.com/clipperhouse/uax29/v2 from 2.6.0 to 2.7.0 (#1657)
• build(deps): golang.org/x/text from 0.33.0 to 0.34.0 (#1652)
• build(deps): github.com/mattn/go-runewidth from 0.0.19 to 0.0.20 (#1659)
• build(deps): goreleaser/goreleaser-action from 6 to 7 (#1660)

Bug Fixes:

• fix(npm): Include repository info in package.json of subpackages required for trusted publishing #1663

Bug Fixes:

• fix(npm): add write perms #1665

Bug Fixes:

• fix(npm): add contents write perms #1667

The names of two existing Compute metrics have been updated:

• compute_heap_limit_exceeded is now compute_service_memory_exceeded_error
• compute_bereq_errors is now compute_service_bereq_error

The following metrics have been deprecated:

• compute_guest_errors
• compute_globals_limit_exceeded
• compute_stack_limit_exceeded
• compute_resource_limit_exceeded
• compute_runtime_errors

Both APIs continue to serve data under the original and deprecated metric names for backward compatibility.

• early-hints: early hints don't need to be sync inside a FetchEve… (#1323) (22ac0cc)

ENHANCEMENTS:

• feat(product_enablement): Adding support for the domain_inspector feature to Compute services (#1175)
• feat(domain_management): Added import support for the fastly_domain_service_link resource and improved test coverage (#1178)
• feat(domains): Removed _v1 suffixes from domain-related resources and data sources, leaving deprecated aliases in place. (#1181)
• feat(products/staging): Add a Data Source for Staging IP addresses (#1186)
• feat(ngwaf/rules): Added support for multival type conditions nested in group_operator blocks. (#1189)

DEPENDENCIES:

• build(deps): github.com/fastly/go-fastly/v12 from 12.1.0 to 12.1.1 (#1177)
• build(deps): golang.org/x/net from 0.48.0 to 0.49.0 (#1177)
• build(deps): github.com/hashicorp/terraform-plugin-log from 0.9.0 to 0.10.0 (#1179)
• build(deps): github.com/hashicorp/terraform-plugin-sdk/v2 from 2.38.1 to 2.38.2 (#1180)
• build(deps): github.com/hashicorp/terraform-plugin-log from 0.9.0 to 0.10.0 (#1179)
• build(go.mod): upgrade golang to 1.25.0 and make appropriate changes (#1183)
• build(deps): github.com/fastly/go-fastly/v12 from 12.1.1 to 12.1.2 (#1185)
• build(deps): golang.org/x/net from 0.49.0 to 0.50.0 (#1188)
• build(deps): github.com/fastly/go-fastly/v12 from 12.1.2 to 13.0.0 (#1190)

• Allow custom weval binary (#1315) (b143150)
• Reusable sandboxes (#1314) (70a9d28)

Fixed

• Add security to docs rename script (#1316) (7028c0b)

• Body truncation error in chained extract_body requests (#1310) (b929648)

• Don't throw from event.client.geo or event.client.address on hostcall error (#1306) (471b112)

• For now, go back to old behavior for default exported types. (#1298) (e6d96d4)
• TransformStream shortcutting fixes (#1301) (51369ae)

• NPM publication (f80c089)