chore(deps-dev): bump infrahub-testcontainers from 1.8.5 to 1.9.0

[dependabot]

Bumps infrahub-testcontainers from 1.8.5 to 1.9.0.

Release notes

Sourced from infrahub-testcontainers's releases.

Infrahub - v1.9.0

We're excited to announce the release of Infrahub, v1.9.0!

Two headline additions lead the release: a brand-new interactive schema visualizer that turns your schema into a navigable graph, and syslog log forwarding for Infrahub Enterprise - giving operators a live view into both the schema and the runtime. Around those, the release is centred on three themes: performance - Jinja2 computed attributes now recalculate inline on local changes instead of spawning a background task per node; artifact composition - reusable GraphQL fragment files in .infrahub.yml and artifact content composition via Jinja2 filters; and lifecycle & auditability - automatic branch deletion after merge, login/logout activity events, and custom HTTP headers on webhooks.

⚠️ After upgrading to this release, every Infrahub user account that originated from an OAuth2 or OIDC identity provider must log in again. The login flow captures additional information that Infrahub now stores against these accounts.

A future release will require this information to already be present. Any account missing it at that point will be treated as new, resulting in a duplicate account. We'll give advance notice before that release ships.

Main changes

Schema visualization

A new schema graph visualizer turns your schema into an interactive, navigable graph. Instead of opening YAML files or paging through the schema viewer one schema node at a time, you can see the whole model - nodes, generics, profiles, and templates - laid out together with their relationships drawn as edges between them.

The visualizer is a canvas you can drag, zoom, and pan, with an automatic layout. Each schema kind is colour-coded so you can tell nodes, generics, profiles, and templates apart at a glance. Relationship edges with many cardinality are animated, and self-referencing relationships are highlighted.

You'll find it as a new Graph toggle on the Schema page, switching between the existing schema viewer and the graph view. Clicking the view in graph button in a schema node's details opens the graph with that node pre-highlighted.

The visualizer includes:

• A filter panel to toggle whole namespaces or individual schema types in and out of the view, so you can isolate just the part of the model you care about.
• A node details panel that opens on click to show the selected schema's attributes and relationships, so you don't need to switch tabs to read the definition.
• Context menus on nodes and edges for quick navigation.
• Zoom, pan, and fit-to-view controls plus PNG export of the current view - useful for docs and architecture reviews.
• State persistence, so the filters and layout you set up stick around between sessions.

Syslog log forwarding (Enterprise)

Infrahub Enterprise now supports native Syslog forwarding to external SIEM systems such as Splunk, Datadog, and ELK. All infrahub.* activity events - including the new login/logout events - are can be forwarded continuously. Permission-denied errors on rejected GraphQL and REST requests are forwarded as infrahub.permission.denied events, and each destination can optionally include Infrahub's own application logs, filtered by a minimum severity. The MSG field of each syslog entry carries the JSON representation of the event.

Configuration is via the Infrahub configuration file or environment variables and supports multiple destinations, TCP or UDP transport, optional TLS, and both RFC 5424 and RFC 3164 formats - designed to meet enterprise security and compliance requirements (SOC2, ISO 27001).

Modular GraphQL queries with reusable fragments

Queries stored in a Git repository can now use standard GraphQL fragment spread syntax (...fragmentName) to pull from reusable fragment files declared in the repository's .infrahub.yml. This eliminates query duplication in multi-artifact pipelines and is a building block for the artifact composition features below. At repository sync time, Infrahub resolves each referenced fragment (including transitive dependencies), inlines only the fragments actually needed, and stores a single self-contained query document - no external fragment resolution at execution time.

Declare fragment files alongside queries in .infrahub.yml:

queries:
  - name: device_details
    file_path: "queries/device_details.gql"
graphql_fragments:

name: interface_fields
file_path: "fragments/interfaces.gql"
name: device_fields
</tr></table>

... (truncated)

Changelog

Sourced from infrahub-testcontainers's changelog.

Infrahub - v1.9.0 - 2026-04-24

Removed

• Remove proposed change comments created_at and created_by attribute and relationship in favor of already existing node metadata created_by and created_at
• Removed deprecated GraphQL queries and mutations IPAddressGetNextAvailable, IPPrefixGetNextAvailable, IPPrefixPoolGetResource, IPAddressPoolGetResource, use their Infrahub prefixed equivalents
• Removed previously deprecated "_updated_at" field within GraphQL queries. Use "updated_at" within the node_metadata instead.

Added

• Added condition to restrict the addition of optional attributes that participate in uniqueness constraints to generated profile schemas (#7644)
• Added display field to AttributeSchema and RelationshipSchema with enum values default and extra, defaulting to default. This controls where attributes and relationships are displayed in the UI — default shows in the main view, extra in an expanded/secondary section.
• Added infrahub db reset-deployment-id CLI command to regenerate the internal deployment_id without rebuilding the database.
• Added a delete branch modal with the option to also delete the branch from Git
• Added ability to automatically delete branches after a successful merge. When INFRAHUB_DELETE_BRANCH_AFTER_MERGE is enabled (default: False), the Infrahub branch is deleted. Optionally, when INFRAHUB_GIT_DELETE_GIT_BRANCH_AFTER_MERGE is also enabled (requires the first setting), the corresponding Git branch is deleted from synced repositories. The BranchDelete GraphQL mutation accepts a delete_from_git parameter to override the Git deletion setting per request.
• Added an "Extra" toggle button in the object details card to reveal fields marked with display "extra", which are now hidden by default
• Added login and logout activity events (infrahub.account.logged_in and infrahub.account.logged_out). Successful authentication attempts via password, OAuth2, and OIDC, as well as explicit logouts, are now queryable via the activity event feed.
• Added namespace restriction parameter into generic schemas
• Added optional description field for Python transforms in .infrahub.yml. Descriptions set in the repository config are propagated to the TransformPython.description attribute so they appear in the UI and API.
• Added parent prefix lookup to the search anywhere dialog (Cmd+K). When searching for a valid IP address or CIDR prefix, containing parent prefixes are now displayed in a dedicated "Parent Prefixes" section, ordered from most specific to least specific, across all namespaces. Supports both IPv4 and IPv6.
• Added schema graph visualizer plugin allowing users to view schemas as an interactive graph
• Added support for graphql_fragments in .infrahub.yml. Repositories can now declare reusable .gql fragment files and reference them with standard fragment spread syntax (...FragmentName) in query files. Fragment definitions are resolved (including transitive dependencies) and inlined at repository sync time, so the stored query is a self-contained document. The same rendering applies when running queries locally with infrahubctl.
• Added support for artifact content composition via Jinja2 filters. Templates running on Prefect workers can now use artifact_content, file_object_content, from_json, and from_yaml filters to inline and parse content from other artifacts and file objects. These filters are blocked in computed attributes for security.
• Added support for custom HTTP headers on webhooks. Users can create reusable key-value pairs (static or environment-variable-based) and associate them with webhooks.
• Schema selector search bar is now sticky at the top, with new collapse all and expand all buttons to quickly toggle every namespace section.
• Unified IPAM detail pages with the standard object details card, adding field metadata, extra fields toggle, edit metadata, and profiles & groups
• When delete_branch_after_merge is enabled, merging a branch now redirects to the branches list view and switches to the main branch if the deleted branch was the active one. Merging a proposed change stays on the detail page but switches to the main branch if the source branch was the active one.

Changed

• Accounts, Groups, Roles, and Global Permissions tables in Role Manager now use the same updated design and features as other object tables across the application

• Added a unified filter picker for object list views and support for node metadata filtering:

  • New: Added a unified Filter menu that displays available filters for attributes, relationships and metadata
  • New: Added metadata filters (Created at, Created by, Updated at, Updated by)
  • New: Click an active filter tag to edit it or remove via the inline X
  • Improved: Active filter tags are now editable: click a tag to change its value without removing it
  • Improved: Filter tags now display human-readable conditions (contains, is any of, is empty, before, after etc...)

• Consistent headers across object list and detail pages. Object list pages now share the same header style as detail pages, with easy access to schema, docs, and refresh actions.

• Jinja2 computed attributes are now recalculated immediately when their dependent attributes or relationships change on the same node, eliminating background task overhead for local changes.

• Telemetry snapshots are now always stored locally in the database regardless of the telemetry opt-out setting, ensuring air-gapped and opted-out deployments retain usage data for support and auditing. New CLI commands infrahubctl telemetry list and infrahubctl telemetry export allow administrators to view and export stored telemetry data. A REST API endpoint GET /api/telemetry/snapshots provides programmatic access with READ_TELEMETRY permission enforcement.

• infrahub.branch.deleted and infrahub.branch.merged events now expose the associated proposed change (when applicable) as the event's primary node instead of a related node. Consumers filtering on primaryNodeIds will match these events for a proposed change; filters relying on the proposed change appearing under relatedNodes must be updated.

• hides the internal attributes of CoreFileObject in the UI

Fixed

• Fix diff update logic that runs after merge and rebase operations to ignore diffs for merged and deleted branches. Add a new environment variable, "INFRAHUB_DIFF_UPDATE_AFTER_MERGE", that allows skipping the automatic diff updates following a merge. (#8507)
• Fix a bug in diff calculation that could cause the wrong peer to be identified for a peer object belonging to a schema that had its kind or inheritance updated on the default branch.
• Fix bug in diff calculation that would cause source property update on the user-created branch to be ignored if the schema of the owning object was migrated to a new kind or inheritance on the default branch.
• Fix bug in diff calculation that would not correctly capture conflicts if the source of an attribute or relationship was updated to conflicting values on the default branch and the user-created branch.

... (truncated)

Commits

• 7a97d8e chore: update docker-compose
• 7ca1b60 Merge pull request #9050 from opsmill/wvd-20260424-prep-release-1.9
• 3fb7ce9 spelling
• 4887b1f correct file name
• 84a7249 fix
• 1491d6f Merge remote-tracking branch 'origin/stable' into wvd-20260424-prep-release-1.9
• 70943c8 checkout pyhton_sdk @​v1.20.0
• 32d74c9 changelong and release notes
• b958499 bump version to v1.9.0
• a6781cb IFC-2312: Fix branch delete permission preventing users from deleting own bra...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[cloudflare-workers-and-pages]

Deploying infrahub-sdk-python with    Cloudflare Pages

Latest commit:	6d9f6e8
Status:	✅  Deploy successful!
Preview URL:	https://68f59569.infrahub-sdk-python.pages.dev
Branch Preview URL:	https://dependabot-uv-stable-infrahu-7egc.infrahub-sdk-python.pages.dev

View logs