Update Terraform cloudflare to v5.19.0

[renovate]

This PR contains the following updates:

Package	Type	Change
cloudflare (source)	required_provider	5.18.0 → 5.19.0

---

Release Notes

cloudflare/terraform-provider-cloudflare (cloudflare)

v5.19.0

Compare Source

Full Changelog: v5.18.0...v5.19.0

New Resources

• cloudflare_ai_gateway: Manage AI Gateway instances (e8d7f3b)
• cloudflare_certificate_authorities_hostname_associations: Manage mTLS certificate hostname associations (97df6f2)
• cloudflare_custom_page_asset: Manage custom page assets (8b71d20)
• cloudflare_pipeline: Manage Cloudflare Pipelines (de21a25)
• cloudflare_r2_data_catalog: Manage R2 Data Catalog (e8d7f3b)
• cloudflare_user_group: Manage user groups (4cf8755)
• cloudflare_user_group_members: Manage user group memberships (4cf8755)
• cloudflare_vulnerability_scanner_credential: Manage vulnerability scanner credentials (4cf8755)
• cloudflare_vulnerability_scanner_credential_set: Manage vulnerability scanner credential sets (4cf8755)
• cloudflare_vulnerability_scanner_target_environment: Manage vulnerability scanner target environments (4cf8755)
• cloudflare_workers_observability_destination: Manage Workers Observability destinations (312d3af)
• cloudflare_zero_trust_device_ip_profile: Manage Zero Trust device IP profiles (7b251d2)
• cloudflare_zero_trust_device_subnet: Manage Zero Trust device subnets (ebb8216)
• cloudflare_zero_trust_dlp_settings: Manage Zero Trust DLP settings (4cf8755)

Features

• account: state upgrader for v4 to v5 migration (82ee06e)
• account_member: state upgrader for v4 to v5 migration (62d0ea7)
• account_token: state upgrader for v4 to v5 migration (a0469d7)
• authenticated_origin_pulls: state upgrader for v4 to v5 migration (c4054b7)
• authenticated_origin_pulls_hostname_certificate: state upgrader for v4 to v5 migration (c4054b7)
• byo_ip_prefix: state upgrader for v4 to v5 migration (8d58cab)
• custom_hostname: state upgrader for v4 to v5 migration (24e4f0e)
• custom_ssl: state upgrader for v4 to v5 migration (ada4f8f)
• leaked_credential_check: state upgrader for v4 to v5 migration (9372a7d)
• leaked_credential_check_rule: state upgrader for v4 to v5 migration (745f1e2)
• logpush_ownership_challenge: state upgrader for v4 to v5 migration (25785268)
• mtls_certificate: state upgrader for v4 to v5 migration (70d46e0)
• observatory_scheduled_test: state upgrader for v4 to v5 migration (a2883c9)
• pages_domain: state upgrader for v4 to v5 migration (91c6024)
• regional_tiered_cache: state upgrader for v4 to v5 migration (430edbd)
• ruleset: add content_converter and redirects_for_ai_training support to configuration rules (726b8e7)
• turnstile_widget: state upgrader for v4 to v5 migration (94b9515)
• workers_custom_domain: state upgrader for v4 to v5 migration (6a40c69)
• zero_trust_device_custom_profile: state upgrader for v4 to v5 migration (77090dc)
• zero_trust_device_default_profile: state upgrader for v4 to v5 migration (77090dc)
• zero_trust_device_posture_integration: state upgrader for v4 to v5 migration (32bc328)
• zero_trust_gateway_certificate: state upgrader for v4 to v5 migration (ceff5a4)
• zero_trust_gateway_settings: state upgrader for v4 to v5 migration (3dae4a3)
• zero_trust_gateway_logging: make importable (c5d144b)
• zero_trust_organization: state upgrader for v4 to v5 migration (9eb3a25)
• zero_trust_tunnel_cloudflared_virtual_network: state upgrader for v4 to v5 migration (1f0f135)
• zone_setting: state upgrader for v4 to v5 migration (7ba7600)
• add browser rendering devtools methods (7f83203)
• bump go sdk version (070ea0b)
• enable treeshaking and client options for setting zone and account IDs (43b90cb)
• promote AI Gateway Terraform config from staging to main (75baa04)

Bug Fixes

• account_member: add UseStateForUnknown to status field to prevent drift (841d6f9)
• ai_search_instance: restore original defaults for cache and cache_threshold (d28ee6b)
• apijson: return empty object from MarshalForPatch when no fields are serialisable (270fe86)
• authenticated_origin_pulls_settings: fix no prior schema and no-op upgrade (9804de7)
• certificate_pack: initialize empty lists instead of null in state upgrader to prevent drift (2017a43)
• client_certificate: fix CSR drift with normalization (a755419)
• custom_hostname: allow ssl as null (6e17010)
• custom_hostname_fallback_origin: eventual consistency (d55a74a)
• custom_origin_trust_store: fix certificate drift with normalization (42de890)
• custom_ssl: fix patch cert replacement and send bundle_method (bebe53b)
• dlp_predefined_profile: eliminate perpetual entries and enabled_entries drift (92dcfc0)
• dns_record: avoid unnecessary drift for ipv4_only and ipv6_only attributes (3df5e03)
• dns_record: remove private_routing default value (ada77b4)
• drift: preserve prior state for optional fields not returned by API (access_rule, gateway_policy, gateway_settings, zone_dnssec, dlp_predefined_profile) (b717f4d)
• leaked_credential_check_rule: handle empty ID from v4 provider state migration (70f0337)
• list_item: remove context (69f751d)
• logpush_job: update model for migration (b789273)
• logpush_job: fix acceptance tests failing due to destination re-validation on PUT (87243a1)
• managed_transforms: remove unavailable rule and fix nil pointer in state upgrade (d14644e)
• migrations: handle ambiguous schema_version state for v4/v5 coexistence (2b6246f)
• page_rule: properly encode automatic_https_rewrites (47ebbf4)
• provider credential fields marked sensitive and validation regex updated (5f6ff4f)
• r2: add degraded-response handling to the R2 custom domain resource (c8d0e0f)
• ruleset: restore phase-entrypoint fallbacks (b92500b)
• ruleset: add redirects_for_ai_training to v4 action parameters model (16470fa)
• tokens: change from set to list for token policies (9937847)
• tokens: handle revoked and expired tokens (63319ed)
• UpgradeFromV0 handles both v4 and early-v5 state formats (b09f658)
• use raw JSON deserialization in UpgradeState handlers (0e93ea6)
• workers_custom_domain: handle HTTP 200 no content header (ea0ca97)
• workers_script: add missing ratelimit binding type to schema validator (30c49a6)
• workers_script: model drift (5ae89c4)
• zero_trust_access_identity_provider: boolean drifts (421bb50)
• zero_trust_access_policy: nil pointer panic in state upgrader (ebe2b68)
• zero_trust_access_policy: normalize transforms and use raw JSON deserialization for state upgrade (18c2ae3)
• zero_trust_device_managed_networks: upgrade resource state (7c14bf5)
• zero_trust_device_posture_rule: schema default removed intentionally (eef56df)
• zero_trust_gateway_policy: make filters Computed+Optional to prevent drift (8f52f45)
• zero_trust_gateway_settings: breaking changes and reset to clean defaults (b5ca509)
• zero_trust_tunnel_cloudflared_config: dont use init (090ff6a)

Chores

• api: update composite API spec (db5b37e)
• cmd/migrate: deprecated in favor of tf-migrate; will be removed in a future release (#​7062)
• docs: caveats and callouts (31c0d88)
• internal: codegen related update (4cf8755)
• update tf-migrate version (d023e25)

Documentation

• remove TBD wording from deprecation timeline (bce670f)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

GitLab Pipeline Action

General information

Link to pipeline: https://gitlab.com/code0-tech/infrastructure/mensa/-/pipelines/2479919915

Status: Canceled
Duration: 12 minutes

Job summaries

tf-plan:server_administration

No changes. Your infrastructure matches the configuration.

tf-plan:main

No changes. Your infrastructure matches the configuration.