Bump github.com/cilium/cilium from 1.18.8 to 1.18.9

[dependabot]

Bumps github.com/cilium/cilium from 1.18.8 to 1.18.9.

Release notes

Sourced from github.com/cilium/cilium's releases.

1.18.9

Summary of Changes

Minor Changes:

• Fix performance bug in L7 policy proxy redirect handling (Backport PR cilium/cilium#44827, Upstream PR cilium/cilium#44613, @​fristonio)
• helm,docs: add configDriftDetection Helm values and documentation (Backport PR cilium/cilium#44972, Upstream PR cilium/cilium#44703, @​PhilipSchmid)

Bugfixes:

• cilium/cilium#44949@​fristonio)
• Ensure completion.WaitGroup always has a timeout (Backport PR cilium/cilium#45218, Upstream PR cilium/cilium#44731, @​jrajahalme)
• envoy: Fix xds server npds listeners accounting (Backport PR cilium/cilium#45218, Upstream PR cilium/cilium#44830, @​fristonio)
• Fix a slow memory leak triggered by incremental policy updates (Backport PR cilium/cilium#45053, Upstream PR cilium/cilium#44328, @​odinuge)
• Fix endpoints for static pods stuck in init identity (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#45016, @​aaroniscode)
• Fix memory leak triggered by policies being created and deleted (Backport PR cilium/cilium#44827, Upstream PR cilium/cilium#44724, @​odinuge)
• Fix panic in Hubble Relay when new peer address is unresolvable (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#45021, @​pesarkhobeee)
• Fixed a bug in dual-stack cluster-pool IPAM where an operator restart with a pre-existing duplicate IPv6 PodCIDR could cause the affected node's IPv4 PodCIDR to be incorrectly freed and reassigned to another node. (Backport PR cilium/cilium#44867, Upstream PR cilium/cilium#44832, @​christarazi)
• Fixed a bug in service load balancing where backend slot assignments could have gaps when maintenance backends exist, potentially causing traffic misrouting. (Backport PR cilium/cilium#44972, Upstream PR cilium/cilium#43902, @​Aman-Cool)
• Fixed an issue where policy update ack is never completed after endpoint deletion. (Backport PR cilium/cilium#44819, Upstream PR cilium/cilium#44754, @​jrajahalme)
• Fixed ipcache identity update hang when last proxy listener is removed. (Backport PR cilium/cilium#45218, Upstream PR cilium/cilium#44597, @​jrajahalme)
• Fixes increased CPU usage in hubble observe caused by log coloring feature, even when coloring was disabled (Backport PR cilium/cilium#44827, Upstream PR cilium/cilium#44119, @​tporeba)
• lb: fix panic in orphan backend cleanup when addr is zero-value (Backport PR cilium/cilium#45053, Upstream PR cilium/cilium#44853, @​vipul-21)
• lb: Skip nil slots during BPF map restore to prevent panic (Backport PR cilium/cilium#44972, Upstream PR cilium/cilium#44895, @​vipul-21)
• operator/identitygc: fix nil pointer dereference on shutdown (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#45091, @​tsotne95)

CI Changes:

• .github/workflows: disable cache for go steps (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#45073, @​aanm)
• .github/workflows: replace external set-commit-status action (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#45078, @​aanm)
• .github: cleanup disk before ci-verifier tests (Backport PR cilium/cilium#45053, Upstream PR cilium/cilium#44971, @​aanm)
• ci: add fail-fast false to ci image builds (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#45079, @​Artyop)
• ci: set TMPDIR=/host/tmp in datapath verifier tests (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#45047, @​aanm)
• cilium/cilium#45220@​YutaroHayakawa)
• fix: escape $ character in regex to prevent injection (Backport PR cilium/cilium#44827, Upstream PR cilium/cilium#44638, @​peoyekunle)

Misc Changes:

• .github/workflows: do not use deployments for environments (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#44908, @​aanm)
• cilium/cilium#45346@​aanm)
• bpf: Clear tc_classid on all ingress code paths (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#42105, @​pchaigno)
• cilium/cilium#44940@​cilium-renovate[bot])
• cilium/cilium#45042@​cilium-renovate[bot])
• cilium/cilium#45174@​cilium-renovate[bot])
• cilium/cilium#45309@​cilium-renovate[bot])
• cilium/cilium#44833@​cilium-renovate[bot])
• cilium/cilium#45274@​cilium-renovate[bot])
• cilium/cilium#45172@​cilium-renovate[bot])
• cilium/cilium#45281@​cilium-renovate[bot])
• cilium/cilium#45040@​cilium-renovate[bot])
• cilium/cilium#45316@​cilium-renovate[bot])
• cilium/cilium#44935@​cilium-renovate[bot])
• cilium/cilium#45306@​cilium-renovate[bot])

... (truncated)

Changelog

Sourced from github.com/cilium/cilium's changelog.

v1.18.9

Summary of Changes

Minor Changes:

• Fix performance bug in L7 policy proxy redirect handling (Backport PR cilium/cilium#44827, Upstream PR cilium/cilium#44613, @​fristonio)
• helm,docs: add configDriftDetection Helm values and documentation (Backport PR cilium/cilium#44972, Upstream PR cilium/cilium#44703, @​PhilipSchmid)

Bugfixes:

• cilium/cilium#44949@​fristonio)
• Ensure completion.WaitGroup always has a timeout (Backport PR cilium/cilium#45218, Upstream PR cilium/cilium#44731, @​jrajahalme)
• envoy: Fix xds server npds listeners accounting (Backport PR cilium/cilium#45218, Upstream PR cilium/cilium#44830, @​fristonio)
• Fix a slow memory leak triggered by incremental policy updates (Backport PR cilium/cilium#45053, Upstream PR cilium/cilium#44328, @​odinuge)
• Fix endpoints for static pods stuck in init identity (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#45016, @​aaroniscode)
• Fix memory leak triggered by policies being created and deleted (Backport PR cilium/cilium#44827, Upstream PR cilium/cilium#44724, @​odinuge)
• Fix panic in Hubble Relay when new peer address is unresolvable (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#45021, @​pesarkhobeee)
• Fixed a bug in dual-stack cluster-pool IPAM where an operator restart with a pre-existing duplicate IPv6 PodCIDR could cause the affected node's IPv4 PodCIDR to be incorrectly freed and reassigned to another node. (Backport PR cilium/cilium#44867, Upstream PR cilium/cilium#44832, @​christarazi)
• Fixed a bug in service load balancing where backend slot assignments could have gaps when maintenance backends exist, potentially causing traffic misrouting. (Backport PR cilium/cilium#44972, Upstream PR cilium/cilium#43902, @​Aman-Cool)
• Fixed an issue where policy update ack is never completed after endpoint deletion. (Backport PR cilium/cilium#44819, Upstream PR cilium/cilium#44754, @​jrajahalme)
• Fixed ipcache identity update hang when last proxy listener is removed. (Backport PR cilium/cilium#45218, Upstream PR cilium/cilium#44597, @​jrajahalme)
• Fixes increased CPU usage in hubble observe caused by log coloring feature, even when coloring was disabled (Backport PR cilium/cilium#44827, Upstream PR cilium/cilium#44119, @​tporeba)
• lb: fix panic in orphan backend cleanup when addr is zero-value (Backport PR cilium/cilium#45053, Upstream PR cilium/cilium#44853, @​vipul-21)
• lb: Skip nil slots during BPF map restore to prevent panic (Backport PR cilium/cilium#44972, Upstream PR cilium/cilium#44895, @​vipul-21)
• operator/identitygc: fix nil pointer dereference on shutdown (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#45091, @​tsotne95)

CI Changes:

• .github/workflows: disable cache for go steps (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#45073, @​aanm)
• .github/workflows: replace external set-commit-status action (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#45078, @​aanm)
• .github: cleanup disk before ci-verifier tests (Backport PR cilium/cilium#45053, Upstream PR cilium/cilium#44971, @​aanm)
• ci: add fail-fast false to ci image builds (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#45079, @​Artyop)
• ci: set TMPDIR=/host/tmp in datapath verifier tests (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#45047, @​aanm)
• cilium/cilium#45220@​YutaroHayakawa)
• fix: escape $ character in regex to prevent injection (Backport PR cilium/cilium#44827, Upstream PR cilium/cilium#44638, @​peoyekunle)

Misc Changes:

• .github/workflows: do not use deployments for environments (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#44908, @​aanm)
• cilium/cilium#45346@​aanm)
• bpf: Clear tc_classid on all ingress code paths (Backport PR cilium/cilium#45213, Upstream PR cilium/cilium#42105, @​pchaigno)
• cilium/cilium#44940@​cilium-renovate[bot])
• cilium/cilium#45042@​cilium-renovate[bot])
• cilium/cilium#45174@​cilium-renovate[bot])
• cilium/cilium#45309@​cilium-renovate[bot])
• cilium/cilium#44833@​cilium-renovate[bot])
• cilium/cilium#45274@​cilium-renovate[bot])
• cilium/cilium#45172@​cilium-renovate[bot])
• cilium/cilium#45281@​cilium-renovate[bot])
• cilium/cilium#45040@​cilium-renovate[bot])
• cilium/cilium#45316@​cilium-renovate[bot])
• cilium/cilium#44935@​cilium-renovate[bot])

... (truncated)

Commits

• c489825 Prepare for release v1.18.9
• b30daa5 bpf: Clear tc_classid on all ingress code paths
• 0ce88fe vendor: update google.golang.org/grpc to v1.79.3
• f830f44 chore(deps): update all github action dependencies
• cd3018a ci: update docs-builder
• 15d39c1 docs: Update sphinx theme to v3.1.0
• babc41e ci: Switch catchpoint/workflow-telemetry-action to our fork
• 656cfc8 images: update cilium-{runtime,builder}
• 9b1f6be chore(deps): update docker.io/library/golang:1.25.9 docker digest to a95d3d1
• 39f59fb chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.36.6-1776000...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.62%. Comparing base (ddfd820) to head (e4762af).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #562   +/-   ##
=======================================
  Coverage   73.62%   73.62%           
=======================================
  Files          19       19           
  Lines        2927     2927           
=======================================
  Hits         2155     2155           
  Misses        523      523           
  Partials      249      249           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.