Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(v1.15) Bump go-jose #32869

Merged
merged 1 commit into from
Jun 4, 2024
Merged

(v1.15) Bump go-jose #32869

merged 1 commit into from
Jun 4, 2024

Conversation

ferozsalam
Copy link
Contributor

Clears a CVE from appearing in the operator-generic image.

@ferozsalam
(v1.15) Bump go-jose
23e3bc6 
Clears a CVE from appearing in the operator-generic image

Signed-off-by: Feroz Salam <feroz.salam@isovalent.com>
@ferozsalam ferozsalam added the release-note/misc This PR makes changes that have no direct user impact. label Jun 4, 2024
@ferozsalam ferozsalam requested a review from a team as a code owner June 4, 2024 09:25
@maintainer-s-little-helper maintainer-s-little-helper bot added backport/1.15 This PR represents a backport for Cilium 1.15.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master. labels Jun 4, 2024
@julianwiedmann julianwiedmann requested review from a team and marseel and removed request for a team June 4, 2024 09:28
@ferozsalam
Copy link
Contributor Author

/test-backport-1.15

@qmonnet qmonnet added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jun 4, 2024
@julianwiedmann julianwiedmann merged commit 8274a26 into v1.15 Jun 4, 2024
250 checks passed
@julianwiedmann julianwiedmann deleted the pr/feroz/bump-go-jose branch June 4, 2024 14:09
@michi-covalent michi-covalent mentioned this pull request Jun 8, 2024
Merged
github-merge-queue bot pushed a commit to microsoft/retina that referenced this pull request Jun 11, 2024
@dependabot
deps: bump github.com/cilium/cilium from 1.15.5 to 1.15.6 (#464)
7e022b4 
Bumps [github.com/cilium/cilium](https://github.com/cilium/cilium) from
1.15.5 to 1.15.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cilium/cilium/blob/1.15.6/CHANGELOG.md">github.com/cilium/cilium's
changelog</a>.</em></p>
<blockquote>
<h2>v1.15.6</h2>
<h2>Summary of Changes</h2>
<p><strong>Minor Changes:</strong></p>
<ul>
<li><code>cilium/cilium#32872</code><a
href="https://github.com/gandro"><code>@​gandro</code></a>)</li>
<li>Generate SBOMs using Syft instead of bom (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32307">#32307</a>,
<a
href="https://github.com/ferozsalam"><code>@​ferozsalam</code></a>)</li>
<li>Improved background resynchronization of nodes. Before all nodes
were being updated at the same time, now we spread updates over time to
average out CPU usage. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32748">#32748</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32577">#32577</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>Introduce CLI commands to troubleshoot connectivity issues to the
etcd kvstore and clustermesh control plane (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32568">#32568</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32336">#32336</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>ipsec: Improve CPU usage of cilum-agent in large clusters (Backport
PR <a
href="https://redirect.github.com/cilium/cilium/issues/32882">#32882</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32588">#32588</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>KVStoreMesh: expose remote clusters information and introduce
dedicated CLI command (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32568">#32568</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32156">#32156</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
</ul>
<p><strong>Bugfixes:</strong></p>
<ul>
<li>.github/workflows: fix digests file creation (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32860">#32860</a>,
<a href="https://github.com/aanm"><code>@​aanm</code></a>)</li>
<li><code>cilium/cilium#32649</code><a
href="https://github.com/pippolo84"><code>@​pippolo84</code></a>)</li>
<li>Add missing kvstore-max-consecutive-quorum-errors option to
clustermesh-apiserver/kvstoremesh binaries (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32117">#32117</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>bgp: service eTP=local, withdraw route when last backend on the node
goes in terminating state (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32536">#32536</a>,
<a
href="https://github.com/harsimran-pabla"><code>@​harsimran-pabla</code></a>)</li>
<li>Cilium BGPv1 Reconciler - Handle updated and deprecated Cidr fields
for CiliumLoadBalancerIPPool (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32694">#32694</a>,
<a
href="https://github.com/dswaffordcw"><code>@​dswaffordcw</code></a>)</li>
<li>cni: Reserve local ports for DNS proxy even if IPv6 is disabled
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32725">#32725</a>,
<a href="https://github.com/gandro"><code>@​gandro</code></a>)</li>
<li>egressgw: Let the EGW manager relax rp_filter on egress device
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32778">#32778</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32679">#32679</a>,
<a
href="https://github.com/ysksuzuki"><code>@​ysksuzuki</code></a>)</li>
<li>Fix DNS proxy regression from Cilium 1.15 on IPv4 only nodes
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/31671">#31671</a>,
<a
href="https://github.com/foyerunix"><code>@​foyerunix</code></a>)</li>
<li>Fix indexing bug in the logic for picking NodePort addresses. In
rare cases this may have caused wrong address to be selected for
NodePort use, or an out-of-bounds access. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32506">#32506</a>,
<a href="https://github.com/joamaki"><code>@​joamaki</code></a>)</li>
<li>Fix PromQL query in Cilium Metrics dashboard (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32017">#32017</a>,
<a
href="https://github.com/mikemykhaylov"><code>@​mikemykhaylov</code></a>)</li>
<li>Fix rare race condition afflicting clustermesh when disconnecting
from a remote cluster, possibly causing the agent to panic (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32513">#32513</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>Fixes accidentally ignoring the preflight.nodeSelector Helm value.
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32548">#32548</a>,
<a href="https://github.com/squeed"><code>@​squeed</code></a>)</li>
<li>Fixes unencrypted traffic among nodes when IPsec is used with L7
egress proxy. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32932">#32932</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32683">#32683</a>,
<a
href="https://github.com/jschwinger233"><code>@​jschwinger233</code></a>)</li>
<li>ingress: Set the default value for max_stream_timeout (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/31514">#31514</a>,
<a href="https://github.com/tskinn"><code>@​tskinn</code></a>)</li>
<li>Introduce timeout when waiting for the initial synchronization from
remote clusters, to avoid blocking forever necessary GC operations in
case of clustermesh misconfigurations. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32802">#32802</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32671">#32671</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>ipsec: Safely delete Xfrm state (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32450">#32450</a>,
<a
href="https://github.com/jschwinger233"><code>@​jschwinger233</code></a>)</li>
<li>proxy: Re-enable proxy rule installation in native-routing mode for
CEC (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32481">#32481</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32367">#32367</a>,
<a href="https://github.com/sayboras"><code>@​sayboras</code></a>)</li>
<li>Remove deprecated <code>hubble.ui.securityContext.enabled</code>
from hubble-ui deployment template (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32338">#32338</a>,
<a href="https://github.com/stelucz"><code>@​stelucz</code></a>)</li>
</ul>
<p><strong>CI Changes:</strong></p>
<ul>
<li>CI: Add job name validation (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32462">#32462</a>,
<a href="https://github.com/brlbil"><code>@​brlbil</code></a>)</li>
<li>ci: Filter supported versions of EKS (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32304">#32304</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>ci: Filter supported versions of GKE (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32302">#32302</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>ci: l4lb: gather more infos about docker-in-docker issues (Backport
PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32570">#32570</a>,
<a
href="https://github.com/mhofstetter"><code>@​mhofstetter</code></a>)</li>
<li>ci: l4lb: restart docker-in-docker container on failure (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32600">#32600</a>,
<a
href="https://github.com/mhofstetter"><code>@​mhofstetter</code></a>)</li>
<li>eks: Don't use spot instances (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32553">#32553</a>,
<a
href="https://github.com/michi-covalent"><code>@​michi-covalent</code></a>)</li>
<li>GCP OIDC instead of SA creds. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32707">#32707</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/30809">#30809</a>,
<a
href="https://github.com/viktor-kurchenko"><code>@​viktor-kurchenko</code></a>)</li>
<li>gha: cover TLS auth mode in clustermesh upgrade/downgrade tests
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32684">#32684</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>gha: test certificate generation methods in conformance clustermesh
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32654">#32654</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>Modify GitHub Actions Workflows to echo the inputs they are given
when triggered by a <code>workflow_dispatch</code> event. (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/31424">#31424</a>,
<a
href="https://github.com/learnitall"><code>@​learnitall</code></a>)</li>
<li>Use GH_RUNNER_EXTRA_POWER for CI image workflow (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32402">#32402</a>,
<a
href="https://github.com/michi-covalent"><code>@​michi-covalent</code></a>)</li>
<li>workflows: ignore &quot;No egress gateway found&quot; drops
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32564">#32564</a>,
<a href="https://github.com/jibi"><code>@​jibi</code></a>)</li>
<li>workflows: Remove stale CodeQL workflow (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32084">#32084</a>,
<a href="https://github.com/pchaigno"><code>@​pchaigno</code></a>)</li>
</ul>
<p><strong>Misc Changes:</strong></p>
<ul>
<li><code>cilium/cilium#32869</code><a
href="https://github.com/ferozsalam"><code>@​ferozsalam</code></a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cilium/cilium/commit/a09e05e6b63d82dbc3a1b0de1721a3407c340e7c"><code>a09e05e</code></a>
Prepare for release v1.15.6</li>
<li><a
href="https://github.com/cilium/cilium/commit/9299c0fd0024e33397cffc666ff851e82af28741"><code>9299c0f</code></a>
bugtool: Add post-processing masking function for Envoy</li>
<li><a
href="https://github.com/cilium/cilium/commit/0191b1ebcfdd61cefd06da0315a0e7d504167407"><code>0191b1e</code></a>
bugtool: Add json masking function</li>
<li><a
href="https://github.com/cilium/cilium/commit/b6483461d5ce56f8abab9a2faefc5c0d984eda48"><code>b648346</code></a>
docs: ipsec: remove limitation for native-routing with L7 egress
policy</li>
<li><a
href="https://github.com/cilium/cilium/commit/5197d4ce2b953acc14c2879983948171dceb4934"><code>5197d4c</code></a>
proxy/routes: Also routes egress proxy's return traffic to 2005</li>
<li><a
href="https://github.com/cilium/cilium/commit/7f3e1b7992cfb4070dce4b13dc8e0a49e8f42f5a"><code>7f3e1b7</code></a>
iptables: Ensure iptables masquerading works for proxy traffic</li>
<li><a
href="https://github.com/cilium/cilium/commit/8dadbce310fc04dbf8488afa5599ee3130162b7a"><code>8dadbce</code></a>
Don't set 0x200 mark for proxy to world traffic in iptables
PREROUTING</li>
<li><a
href="https://github.com/cilium/cilium/commit/2091036619539ec546a0f525c1323ee258d45bc8"><code>2091036</code></a>
chore(deps): update dependency cilium/hubble to v0.13.5</li>
<li><a
href="https://github.com/cilium/cilium/commit/8a6f25ff602da8be9417667cea04c41759408713"><code>8a6f25f</code></a>
fqdn: Forward-compatibility with Cilium 1.16 fqdn identities</li>
<li><a
href="https://github.com/cilium/cilium/commit/6eb495d8a905dd88a471f06ceb7d4c785f5a1f09"><code>6eb495d</code></a>
images: update cilium-{runtime,builder}</li>
<li>Additional commits viewable in <a
href="https://github.com/cilium/cilium/compare/1.15.5...1.15.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cilium/cilium&package-manager=go_modules&previous-version=1.15.5&new-version=1.15.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot pushed a commit to microsoft/retina that referenced this pull request Jun 11, 2024
@dependabot
deps: bump github.com/cilium/cilium from 1.15.5 to 1.15.6 (#464)
40d37e6 
Bumps [github.com/cilium/cilium](https://github.com/cilium/cilium) from
1.15.5 to 1.15.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cilium/cilium/blob/1.15.6/CHANGELOG.md">github.com/cilium/cilium's
changelog</a>.</em></p>
<blockquote>
<h2>v1.15.6</h2>
<h2>Summary of Changes</h2>
<p><strong>Minor Changes:</strong></p>
<ul>
<li><code>cilium/cilium#32872</code><a
href="https://github.com/gandro"><code>@​gandro</code></a>)</li>
<li>Generate SBOMs using Syft instead of bom (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32307">#32307</a>,
<a
href="https://github.com/ferozsalam"><code>@​ferozsalam</code></a>)</li>
<li>Improved background resynchronization of nodes. Before all nodes
were being updated at the same time, now we spread updates over time to
average out CPU usage. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32748">#32748</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32577">#32577</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>Introduce CLI commands to troubleshoot connectivity issues to the
etcd kvstore and clustermesh control plane (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32568">#32568</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32336">#32336</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>ipsec: Improve CPU usage of cilum-agent in large clusters (Backport
PR <a
href="https://redirect.github.com/cilium/cilium/issues/32882">#32882</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32588">#32588</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>KVStoreMesh: expose remote clusters information and introduce
dedicated CLI command (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32568">#32568</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32156">#32156</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
</ul>
<p><strong>Bugfixes:</strong></p>
<ul>
<li>.github/workflows: fix digests file creation (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32860">#32860</a>,
<a href="https://github.com/aanm"><code>@​aanm</code></a>)</li>
<li><code>cilium/cilium#32649</code><a
href="https://github.com/pippolo84"><code>@​pippolo84</code></a>)</li>
<li>Add missing kvstore-max-consecutive-quorum-errors option to
clustermesh-apiserver/kvstoremesh binaries (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32117">#32117</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>bgp: service eTP=local, withdraw route when last backend on the node
goes in terminating state (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32536">#32536</a>,
<a
href="https://github.com/harsimran-pabla"><code>@​harsimran-pabla</code></a>)</li>
<li>Cilium BGPv1 Reconciler - Handle updated and deprecated Cidr fields
for CiliumLoadBalancerIPPool (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32694">#32694</a>,
<a
href="https://github.com/dswaffordcw"><code>@​dswaffordcw</code></a>)</li>
<li>cni: Reserve local ports for DNS proxy even if IPv6 is disabled
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32725">#32725</a>,
<a href="https://github.com/gandro"><code>@​gandro</code></a>)</li>
<li>egressgw: Let the EGW manager relax rp_filter on egress device
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32778">#32778</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32679">#32679</a>,
<a
href="https://github.com/ysksuzuki"><code>@​ysksuzuki</code></a>)</li>
<li>Fix DNS proxy regression from Cilium 1.15 on IPv4 only nodes
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/31671">#31671</a>,
<a
href="https://github.com/foyerunix"><code>@​foyerunix</code></a>)</li>
<li>Fix indexing bug in the logic for picking NodePort addresses. In
rare cases this may have caused wrong address to be selected for
NodePort use, or an out-of-bounds access. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32506">#32506</a>,
<a href="https://github.com/joamaki"><code>@​joamaki</code></a>)</li>
<li>Fix PromQL query in Cilium Metrics dashboard (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32017">#32017</a>,
<a
href="https://github.com/mikemykhaylov"><code>@​mikemykhaylov</code></a>)</li>
<li>Fix rare race condition afflicting clustermesh when disconnecting
from a remote cluster, possibly causing the agent to panic (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32513">#32513</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>Fixes accidentally ignoring the preflight.nodeSelector Helm value.
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32548">#32548</a>,
<a href="https://github.com/squeed"><code>@​squeed</code></a>)</li>
<li>Fixes unencrypted traffic among nodes when IPsec is used with L7
egress proxy. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32932">#32932</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32683">#32683</a>,
<a
href="https://github.com/jschwinger233"><code>@​jschwinger233</code></a>)</li>
<li>ingress: Set the default value for max_stream_timeout (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/31514">#31514</a>,
<a href="https://github.com/tskinn"><code>@​tskinn</code></a>)</li>
<li>Introduce timeout when waiting for the initial synchronization from
remote clusters, to avoid blocking forever necessary GC operations in
case of clustermesh misconfigurations. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32802">#32802</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32671">#32671</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>ipsec: Safely delete Xfrm state (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32450">#32450</a>,
<a
href="https://github.com/jschwinger233"><code>@​jschwinger233</code></a>)</li>
<li>proxy: Re-enable proxy rule installation in native-routing mode for
CEC (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32481">#32481</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32367">#32367</a>,
<a href="https://github.com/sayboras"><code>@​sayboras</code></a>)</li>
<li>Remove deprecated <code>hubble.ui.securityContext.enabled</code>
from hubble-ui deployment template (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32338">#32338</a>,
<a href="https://github.com/stelucz"><code>@​stelucz</code></a>)</li>
</ul>
<p><strong>CI Changes:</strong></p>
<ul>
<li>CI: Add job name validation (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32462">#32462</a>,
<a href="https://github.com/brlbil"><code>@​brlbil</code></a>)</li>
<li>ci: Filter supported versions of EKS (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32304">#32304</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>ci: Filter supported versions of GKE (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32302">#32302</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>ci: l4lb: gather more infos about docker-in-docker issues (Backport
PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32570">#32570</a>,
<a
href="https://github.com/mhofstetter"><code>@​mhofstetter</code></a>)</li>
<li>ci: l4lb: restart docker-in-docker container on failure (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32600">#32600</a>,
<a
href="https://github.com/mhofstetter"><code>@​mhofstetter</code></a>)</li>
<li>eks: Don't use spot instances (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32553">#32553</a>,
<a
href="https://github.com/michi-covalent"><code>@​michi-covalent</code></a>)</li>
<li>GCP OIDC instead of SA creds. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32707">#32707</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/30809">#30809</a>,
<a
href="https://github.com/viktor-kurchenko"><code>@​viktor-kurchenko</code></a>)</li>
<li>gha: cover TLS auth mode in clustermesh upgrade/downgrade tests
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32684">#32684</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>gha: test certificate generation methods in conformance clustermesh
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32654">#32654</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>Modify GitHub Actions Workflows to echo the inputs they are given
when triggered by a <code>workflow_dispatch</code> event. (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/31424">#31424</a>,
<a
href="https://github.com/learnitall"><code>@​learnitall</code></a>)</li>
<li>Use GH_RUNNER_EXTRA_POWER for CI image workflow (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32402">#32402</a>,
<a
href="https://github.com/michi-covalent"><code>@​michi-covalent</code></a>)</li>
<li>workflows: ignore &quot;No egress gateway found&quot; drops
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32564">#32564</a>,
<a href="https://github.com/jibi"><code>@​jibi</code></a>)</li>
<li>workflows: Remove stale CodeQL workflow (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32084">#32084</a>,
<a href="https://github.com/pchaigno"><code>@​pchaigno</code></a>)</li>
</ul>
<p><strong>Misc Changes:</strong></p>
<ul>
<li><code>cilium/cilium#32869</code><a
href="https://github.com/ferozsalam"><code>@​ferozsalam</code></a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cilium/cilium/commit/a09e05e6b63d82dbc3a1b0de1721a3407c340e7c"><code>a09e05e</code></a>
Prepare for release v1.15.6</li>
<li><a
href="https://github.com/cilium/cilium/commit/9299c0fd0024e33397cffc666ff851e82af28741"><code>9299c0f</code></a>
bugtool: Add post-processing masking function for Envoy</li>
<li><a
href="https://github.com/cilium/cilium/commit/0191b1ebcfdd61cefd06da0315a0e7d504167407"><code>0191b1e</code></a>
bugtool: Add json masking function</li>
<li><a
href="https://github.com/cilium/cilium/commit/b6483461d5ce56f8abab9a2faefc5c0d984eda48"><code>b648346</code></a>
docs: ipsec: remove limitation for native-routing with L7 egress
policy</li>
<li><a
href="https://github.com/cilium/cilium/commit/5197d4ce2b953acc14c2879983948171dceb4934"><code>5197d4c</code></a>
proxy/routes: Also routes egress proxy's return traffic to 2005</li>
<li><a
href="https://github.com/cilium/cilium/commit/7f3e1b7992cfb4070dce4b13dc8e0a49e8f42f5a"><code>7f3e1b7</code></a>
iptables: Ensure iptables masquerading works for proxy traffic</li>
<li><a
href="https://github.com/cilium/cilium/commit/8dadbce310fc04dbf8488afa5599ee3130162b7a"><code>8dadbce</code></a>
Don't set 0x200 mark for proxy to world traffic in iptables
PREROUTING</li>
<li><a
href="https://github.com/cilium/cilium/commit/2091036619539ec546a0f525c1323ee258d45bc8"><code>2091036</code></a>
chore(deps): update dependency cilium/hubble to v0.13.5</li>
<li><a
href="https://github.com/cilium/cilium/commit/8a6f25ff602da8be9417667cea04c41759408713"><code>8a6f25f</code></a>
fqdn: Forward-compatibility with Cilium 1.16 fqdn identities</li>
<li><a
href="https://github.com/cilium/cilium/commit/6eb495d8a905dd88a471f06ceb7d4c785f5a1f09"><code>6eb495d</code></a>
images: update cilium-{runtime,builder}</li>
<li>Additional commits viewable in <a
href="https://github.com/cilium/cilium/compare/1.15.5...1.15.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cilium/cilium&package-manager=go_modules&previous-version=1.15.5&new-version=1.15.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot pushed a commit to microsoft/retina that referenced this pull request Jun 12, 2024
@dependabot
deps: bump github.com/cilium/cilium from 1.15.5 to 1.15.6 (#464)
5dc15a9 
Bumps [github.com/cilium/cilium](https://github.com/cilium/cilium) from
1.15.5 to 1.15.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cilium/cilium/blob/1.15.6/CHANGELOG.md">github.com/cilium/cilium's
changelog</a>.</em></p>
<blockquote>
<h2>v1.15.6</h2>
<h2>Summary of Changes</h2>
<p><strong>Minor Changes:</strong></p>
<ul>
<li><code>cilium/cilium#32872</code><a
href="https://github.com/gandro"><code>@​gandro</code></a>)</li>
<li>Generate SBOMs using Syft instead of bom (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32307">#32307</a>,
<a
href="https://github.com/ferozsalam"><code>@​ferozsalam</code></a>)</li>
<li>Improved background resynchronization of nodes. Before all nodes
were being updated at the same time, now we spread updates over time to
average out CPU usage. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32748">#32748</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32577">#32577</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>Introduce CLI commands to troubleshoot connectivity issues to the
etcd kvstore and clustermesh control plane (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32568">#32568</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32336">#32336</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>ipsec: Improve CPU usage of cilum-agent in large clusters (Backport
PR <a
href="https://redirect.github.com/cilium/cilium/issues/32882">#32882</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32588">#32588</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>KVStoreMesh: expose remote clusters information and introduce
dedicated CLI command (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32568">#32568</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32156">#32156</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
</ul>
<p><strong>Bugfixes:</strong></p>
<ul>
<li>.github/workflows: fix digests file creation (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32860">#32860</a>,
<a href="https://github.com/aanm"><code>@​aanm</code></a>)</li>
<li><code>cilium/cilium#32649</code><a
href="https://github.com/pippolo84"><code>@​pippolo84</code></a>)</li>
<li>Add missing kvstore-max-consecutive-quorum-errors option to
clustermesh-apiserver/kvstoremesh binaries (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32117">#32117</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>bgp: service eTP=local, withdraw route when last backend on the node
goes in terminating state (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32536">#32536</a>,
<a
href="https://github.com/harsimran-pabla"><code>@​harsimran-pabla</code></a>)</li>
<li>Cilium BGPv1 Reconciler - Handle updated and deprecated Cidr fields
for CiliumLoadBalancerIPPool (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32694">#32694</a>,
<a
href="https://github.com/dswaffordcw"><code>@​dswaffordcw</code></a>)</li>
<li>cni: Reserve local ports for DNS proxy even if IPv6 is disabled
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32725">#32725</a>,
<a href="https://github.com/gandro"><code>@​gandro</code></a>)</li>
<li>egressgw: Let the EGW manager relax rp_filter on egress device
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32778">#32778</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32679">#32679</a>,
<a
href="https://github.com/ysksuzuki"><code>@​ysksuzuki</code></a>)</li>
<li>Fix DNS proxy regression from Cilium 1.15 on IPv4 only nodes
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/31671">#31671</a>,
<a
href="https://github.com/foyerunix"><code>@​foyerunix</code></a>)</li>
<li>Fix indexing bug in the logic for picking NodePort addresses. In
rare cases this may have caused wrong address to be selected for
NodePort use, or an out-of-bounds access. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32506">#32506</a>,
<a href="https://github.com/joamaki"><code>@​joamaki</code></a>)</li>
<li>Fix PromQL query in Cilium Metrics dashboard (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32017">#32017</a>,
<a
href="https://github.com/mikemykhaylov"><code>@​mikemykhaylov</code></a>)</li>
<li>Fix rare race condition afflicting clustermesh when disconnecting
from a remote cluster, possibly causing the agent to panic (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32513">#32513</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>Fixes accidentally ignoring the preflight.nodeSelector Helm value.
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32548">#32548</a>,
<a href="https://github.com/squeed"><code>@​squeed</code></a>)</li>
<li>Fixes unencrypted traffic among nodes when IPsec is used with L7
egress proxy. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32932">#32932</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32683">#32683</a>,
<a
href="https://github.com/jschwinger233"><code>@​jschwinger233</code></a>)</li>
<li>ingress: Set the default value for max_stream_timeout (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/31514">#31514</a>,
<a href="https://github.com/tskinn"><code>@​tskinn</code></a>)</li>
<li>Introduce timeout when waiting for the initial synchronization from
remote clusters, to avoid blocking forever necessary GC operations in
case of clustermesh misconfigurations. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32802">#32802</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32671">#32671</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>ipsec: Safely delete Xfrm state (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32450">#32450</a>,
<a
href="https://github.com/jschwinger233"><code>@​jschwinger233</code></a>)</li>
<li>proxy: Re-enable proxy rule installation in native-routing mode for
CEC (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32481">#32481</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32367">#32367</a>,
<a href="https://github.com/sayboras"><code>@​sayboras</code></a>)</li>
<li>Remove deprecated <code>hubble.ui.securityContext.enabled</code>
from hubble-ui deployment template (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32338">#32338</a>,
<a href="https://github.com/stelucz"><code>@​stelucz</code></a>)</li>
</ul>
<p><strong>CI Changes:</strong></p>
<ul>
<li>CI: Add job name validation (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32462">#32462</a>,
<a href="https://github.com/brlbil"><code>@​brlbil</code></a>)</li>
<li>ci: Filter supported versions of EKS (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32304">#32304</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>ci: Filter supported versions of GKE (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32302">#32302</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>ci: l4lb: gather more infos about docker-in-docker issues (Backport
PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32570">#32570</a>,
<a
href="https://github.com/mhofstetter"><code>@​mhofstetter</code></a>)</li>
<li>ci: l4lb: restart docker-in-docker container on failure (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32600">#32600</a>,
<a
href="https://github.com/mhofstetter"><code>@​mhofstetter</code></a>)</li>
<li>eks: Don't use spot instances (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32553">#32553</a>,
<a
href="https://github.com/michi-covalent"><code>@​michi-covalent</code></a>)</li>
<li>GCP OIDC instead of SA creds. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32707">#32707</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/30809">#30809</a>,
<a
href="https://github.com/viktor-kurchenko"><code>@​viktor-kurchenko</code></a>)</li>
<li>gha: cover TLS auth mode in clustermesh upgrade/downgrade tests
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32684">#32684</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>gha: test certificate generation methods in conformance clustermesh
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32654">#32654</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>Modify GitHub Actions Workflows to echo the inputs they are given
when triggered by a <code>workflow_dispatch</code> event. (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/31424">#31424</a>,
<a
href="https://github.com/learnitall"><code>@​learnitall</code></a>)</li>
<li>Use GH_RUNNER_EXTRA_POWER for CI image workflow (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32402">#32402</a>,
<a
href="https://github.com/michi-covalent"><code>@​michi-covalent</code></a>)</li>
<li>workflows: ignore &quot;No egress gateway found&quot; drops
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32564">#32564</a>,
<a href="https://github.com/jibi"><code>@​jibi</code></a>)</li>
<li>workflows: Remove stale CodeQL workflow (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32084">#32084</a>,
<a href="https://github.com/pchaigno"><code>@​pchaigno</code></a>)</li>
</ul>
<p><strong>Misc Changes:</strong></p>
<ul>
<li><code>cilium/cilium#32869</code><a
href="https://github.com/ferozsalam"><code>@​ferozsalam</code></a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cilium/cilium/commit/a09e05e6b63d82dbc3a1b0de1721a3407c340e7c"><code>a09e05e</code></a>
Prepare for release v1.15.6</li>
<li><a
href="https://github.com/cilium/cilium/commit/9299c0fd0024e33397cffc666ff851e82af28741"><code>9299c0f</code></a>
bugtool: Add post-processing masking function for Envoy</li>
<li><a
href="https://github.com/cilium/cilium/commit/0191b1ebcfdd61cefd06da0315a0e7d504167407"><code>0191b1e</code></a>
bugtool: Add json masking function</li>
<li><a
href="https://github.com/cilium/cilium/commit/b6483461d5ce56f8abab9a2faefc5c0d984eda48"><code>b648346</code></a>
docs: ipsec: remove limitation for native-routing with L7 egress
policy</li>
<li><a
href="https://github.com/cilium/cilium/commit/5197d4ce2b953acc14c2879983948171dceb4934"><code>5197d4c</code></a>
proxy/routes: Also routes egress proxy's return traffic to 2005</li>
<li><a
href="https://github.com/cilium/cilium/commit/7f3e1b7992cfb4070dce4b13dc8e0a49e8f42f5a"><code>7f3e1b7</code></a>
iptables: Ensure iptables masquerading works for proxy traffic</li>
<li><a
href="https://github.com/cilium/cilium/commit/8dadbce310fc04dbf8488afa5599ee3130162b7a"><code>8dadbce</code></a>
Don't set 0x200 mark for proxy to world traffic in iptables
PREROUTING</li>
<li><a
href="https://github.com/cilium/cilium/commit/2091036619539ec546a0f525c1323ee258d45bc8"><code>2091036</code></a>
chore(deps): update dependency cilium/hubble to v0.13.5</li>
<li><a
href="https://github.com/cilium/cilium/commit/8a6f25ff602da8be9417667cea04c41759408713"><code>8a6f25f</code></a>
fqdn: Forward-compatibility with Cilium 1.16 fqdn identities</li>
<li><a
href="https://github.com/cilium/cilium/commit/6eb495d8a905dd88a471f06ceb7d4c785f5a1f09"><code>6eb495d</code></a>
images: update cilium-{runtime,builder}</li>
<li>Additional commits viewable in <a
href="https://github.com/cilium/cilium/compare/1.15.5...1.15.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cilium/cilium&package-manager=go_modules&previous-version=1.15.5&new-version=1.15.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-merge-queue bot pushed a commit to microsoft/retina that referenced this pull request Jun 12, 2024
@dependabot
deps: bump github.com/cilium/cilium from 1.15.5 to 1.15.6 (#464)
e2d5f99 
Bumps [github.com/cilium/cilium](https://github.com/cilium/cilium) from
1.15.5 to 1.15.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cilium/cilium/blob/1.15.6/CHANGELOG.md">github.com/cilium/cilium's
changelog</a>.</em></p>
<blockquote>
<h2>v1.15.6</h2>
<h2>Summary of Changes</h2>
<p><strong>Minor Changes:</strong></p>
<ul>
<li><code>cilium/cilium#32872</code><a
href="https://github.com/gandro"><code>@​gandro</code></a>)</li>
<li>Generate SBOMs using Syft instead of bom (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32307">#32307</a>,
<a
href="https://github.com/ferozsalam"><code>@​ferozsalam</code></a>)</li>
<li>Improved background resynchronization of nodes. Before all nodes
were being updated at the same time, now we spread updates over time to
average out CPU usage. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32748">#32748</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32577">#32577</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>Introduce CLI commands to troubleshoot connectivity issues to the
etcd kvstore and clustermesh control plane (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32568">#32568</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32336">#32336</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>ipsec: Improve CPU usage of cilum-agent in large clusters (Backport
PR <a
href="https://redirect.github.com/cilium/cilium/issues/32882">#32882</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32588">#32588</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>KVStoreMesh: expose remote clusters information and introduce
dedicated CLI command (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32568">#32568</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32156">#32156</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
</ul>
<p><strong>Bugfixes:</strong></p>
<ul>
<li>.github/workflows: fix digests file creation (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32860">#32860</a>,
<a href="https://github.com/aanm"><code>@​aanm</code></a>)</li>
<li><code>cilium/cilium#32649</code><a
href="https://github.com/pippolo84"><code>@​pippolo84</code></a>)</li>
<li>Add missing kvstore-max-consecutive-quorum-errors option to
clustermesh-apiserver/kvstoremesh binaries (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32117">#32117</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>bgp: service eTP=local, withdraw route when last backend on the node
goes in terminating state (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32536">#32536</a>,
<a
href="https://github.com/harsimran-pabla"><code>@​harsimran-pabla</code></a>)</li>
<li>Cilium BGPv1 Reconciler - Handle updated and deprecated Cidr fields
for CiliumLoadBalancerIPPool (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32694">#32694</a>,
<a
href="https://github.com/dswaffordcw"><code>@​dswaffordcw</code></a>)</li>
<li>cni: Reserve local ports for DNS proxy even if IPv6 is disabled
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32725">#32725</a>,
<a href="https://github.com/gandro"><code>@​gandro</code></a>)</li>
<li>egressgw: Let the EGW manager relax rp_filter on egress device
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32778">#32778</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32679">#32679</a>,
<a
href="https://github.com/ysksuzuki"><code>@​ysksuzuki</code></a>)</li>
<li>Fix DNS proxy regression from Cilium 1.15 on IPv4 only nodes
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/31671">#31671</a>,
<a
href="https://github.com/foyerunix"><code>@​foyerunix</code></a>)</li>
<li>Fix indexing bug in the logic for picking NodePort addresses. In
rare cases this may have caused wrong address to be selected for
NodePort use, or an out-of-bounds access. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32506">#32506</a>,
<a href="https://github.com/joamaki"><code>@​joamaki</code></a>)</li>
<li>Fix PromQL query in Cilium Metrics dashboard (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32017">#32017</a>,
<a
href="https://github.com/mikemykhaylov"><code>@​mikemykhaylov</code></a>)</li>
<li>Fix rare race condition afflicting clustermesh when disconnecting
from a remote cluster, possibly causing the agent to panic (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32513">#32513</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>Fixes accidentally ignoring the preflight.nodeSelector Helm value.
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32548">#32548</a>,
<a href="https://github.com/squeed"><code>@​squeed</code></a>)</li>
<li>Fixes unencrypted traffic among nodes when IPsec is used with L7
egress proxy. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32932">#32932</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32683">#32683</a>,
<a
href="https://github.com/jschwinger233"><code>@​jschwinger233</code></a>)</li>
<li>ingress: Set the default value for max_stream_timeout (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/31514">#31514</a>,
<a href="https://github.com/tskinn"><code>@​tskinn</code></a>)</li>
<li>Introduce timeout when waiting for the initial synchronization from
remote clusters, to avoid blocking forever necessary GC operations in
case of clustermesh misconfigurations. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32802">#32802</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32671">#32671</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>ipsec: Safely delete Xfrm state (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32450">#32450</a>,
<a
href="https://github.com/jschwinger233"><code>@​jschwinger233</code></a>)</li>
<li>proxy: Re-enable proxy rule installation in native-routing mode for
CEC (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32481">#32481</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32367">#32367</a>,
<a href="https://github.com/sayboras"><code>@​sayboras</code></a>)</li>
<li>Remove deprecated <code>hubble.ui.securityContext.enabled</code>
from hubble-ui deployment template (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32338">#32338</a>,
<a href="https://github.com/stelucz"><code>@​stelucz</code></a>)</li>
</ul>
<p><strong>CI Changes:</strong></p>
<ul>
<li>CI: Add job name validation (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32462">#32462</a>,
<a href="https://github.com/brlbil"><code>@​brlbil</code></a>)</li>
<li>ci: Filter supported versions of EKS (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32304">#32304</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>ci: Filter supported versions of GKE (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32302">#32302</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>ci: l4lb: gather more infos about docker-in-docker issues (Backport
PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32570">#32570</a>,
<a
href="https://github.com/mhofstetter"><code>@​mhofstetter</code></a>)</li>
<li>ci: l4lb: restart docker-in-docker container on failure (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32600">#32600</a>,
<a
href="https://github.com/mhofstetter"><code>@​mhofstetter</code></a>)</li>
<li>eks: Don't use spot instances (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32553">#32553</a>,
<a
href="https://github.com/michi-covalent"><code>@​michi-covalent</code></a>)</li>
<li>GCP OIDC instead of SA creds. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32707">#32707</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/30809">#30809</a>,
<a
href="https://github.com/viktor-kurchenko"><code>@​viktor-kurchenko</code></a>)</li>
<li>gha: cover TLS auth mode in clustermesh upgrade/downgrade tests
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32684">#32684</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>gha: test certificate generation methods in conformance clustermesh
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32654">#32654</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>Modify GitHub Actions Workflows to echo the inputs they are given
when triggered by a <code>workflow_dispatch</code> event. (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/31424">#31424</a>,
<a
href="https://github.com/learnitall"><code>@​learnitall</code></a>)</li>
<li>Use GH_RUNNER_EXTRA_POWER for CI image workflow (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32402">#32402</a>,
<a
href="https://github.com/michi-covalent"><code>@​michi-covalent</code></a>)</li>
<li>workflows: ignore &quot;No egress gateway found&quot; drops
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32564">#32564</a>,
<a href="https://github.com/jibi"><code>@​jibi</code></a>)</li>
<li>workflows: Remove stale CodeQL workflow (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32084">#32084</a>,
<a href="https://github.com/pchaigno"><code>@​pchaigno</code></a>)</li>
</ul>
<p><strong>Misc Changes:</strong></p>
<ul>
<li><code>cilium/cilium#32869</code><a
href="https://github.com/ferozsalam"><code>@​ferozsalam</code></a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cilium/cilium/commit/a09e05e6b63d82dbc3a1b0de1721a3407c340e7c"><code>a09e05e</code></a>
Prepare for release v1.15.6</li>
<li><a
href="https://github.com/cilium/cilium/commit/9299c0fd0024e33397cffc666ff851e82af28741"><code>9299c0f</code></a>
bugtool: Add post-processing masking function for Envoy</li>
<li><a
href="https://github.com/cilium/cilium/commit/0191b1ebcfdd61cefd06da0315a0e7d504167407"><code>0191b1e</code></a>
bugtool: Add json masking function</li>
<li><a
href="https://github.com/cilium/cilium/commit/b6483461d5ce56f8abab9a2faefc5c0d984eda48"><code>b648346</code></a>
docs: ipsec: remove limitation for native-routing with L7 egress
policy</li>
<li><a
href="https://github.com/cilium/cilium/commit/5197d4ce2b953acc14c2879983948171dceb4934"><code>5197d4c</code></a>
proxy/routes: Also routes egress proxy's return traffic to 2005</li>
<li><a
href="https://github.com/cilium/cilium/commit/7f3e1b7992cfb4070dce4b13dc8e0a49e8f42f5a"><code>7f3e1b7</code></a>
iptables: Ensure iptables masquerading works for proxy traffic</li>
<li><a
href="https://github.com/cilium/cilium/commit/8dadbce310fc04dbf8488afa5599ee3130162b7a"><code>8dadbce</code></a>
Don't set 0x200 mark for proxy to world traffic in iptables
PREROUTING</li>
<li><a
href="https://github.com/cilium/cilium/commit/2091036619539ec546a0f525c1323ee258d45bc8"><code>2091036</code></a>
chore(deps): update dependency cilium/hubble to v0.13.5</li>
<li><a
href="https://github.com/cilium/cilium/commit/8a6f25ff602da8be9417667cea04c41759408713"><code>8a6f25f</code></a>
fqdn: Forward-compatibility with Cilium 1.16 fqdn identities</li>
<li><a
href="https://github.com/cilium/cilium/commit/6eb495d8a905dd88a471f06ceb7d4c785f5a1f09"><code>6eb495d</code></a>
images: update cilium-{runtime,builder}</li>
<li>Additional commits viewable in <a
href="https://github.com/cilium/cilium/compare/1.15.5...1.15.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cilium/cilium&package-manager=go_modules&previous-version=1.15.5&new-version=1.15.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
matmerr pushed a commit to matmerr/retina that referenced this pull request Jul 3, 2024
@dependabot @matmerr
deps: bump github.com/cilium/cilium from 1.15.5 to 1.15.6 (microsoft#464
e0e815f 
)

Bumps [github.com/cilium/cilium](https://github.com/cilium/cilium) from
1.15.5 to 1.15.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cilium/cilium/blob/1.15.6/CHANGELOG.md">github.com/cilium/cilium's
changelog</a>.</em></p>
<blockquote>
<h2>v1.15.6</h2>
<h2>Summary of Changes</h2>
<p><strong>Minor Changes:</strong></p>
<ul>
<li><code>cilium/cilium#32872</code><a
href="https://github.com/gandro"><code>@​gandro</code></a>)</li>
<li>Generate SBOMs using Syft instead of bom (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32307">#32307</a>,
<a
href="https://github.com/ferozsalam"><code>@​ferozsalam</code></a>)</li>
<li>Improved background resynchronization of nodes. Before all nodes
were being updated at the same time, now we spread updates over time to
average out CPU usage. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32748">#32748</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32577">#32577</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>Introduce CLI commands to troubleshoot connectivity issues to the
etcd kvstore and clustermesh control plane (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32568">#32568</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32336">#32336</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>ipsec: Improve CPU usage of cilum-agent in large clusters (Backport
PR <a
href="https://redirect.github.com/cilium/cilium/issues/32882">#32882</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32588">#32588</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>KVStoreMesh: expose remote clusters information and introduce
dedicated CLI command (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32568">#32568</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32156">#32156</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
</ul>
<p><strong>Bugfixes:</strong></p>
<ul>
<li>.github/workflows: fix digests file creation (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32860">#32860</a>,
<a href="https://github.com/aanm"><code>@​aanm</code></a>)</li>
<li><code>cilium/cilium#32649</code><a
href="https://github.com/pippolo84"><code>@​pippolo84</code></a>)</li>
<li>Add missing kvstore-max-consecutive-quorum-errors option to
clustermesh-apiserver/kvstoremesh binaries (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32117">#32117</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>bgp: service eTP=local, withdraw route when last backend on the node
goes in terminating state (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32536">#32536</a>,
<a
href="https://github.com/harsimran-pabla"><code>@​harsimran-pabla</code></a>)</li>
<li>Cilium BGPv1 Reconciler - Handle updated and deprecated Cidr fields
for CiliumLoadBalancerIPPool (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32694">#32694</a>,
<a
href="https://github.com/dswaffordcw"><code>@​dswaffordcw</code></a>)</li>
<li>cni: Reserve local ports for DNS proxy even if IPv6 is disabled
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32725">#32725</a>,
<a href="https://github.com/gandro"><code>@​gandro</code></a>)</li>
<li>egressgw: Let the EGW manager relax rp_filter on egress device
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32778">#32778</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32679">#32679</a>,
<a
href="https://github.com/ysksuzuki"><code>@​ysksuzuki</code></a>)</li>
<li>Fix DNS proxy regression from Cilium 1.15 on IPv4 only nodes
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/31671">#31671</a>,
<a
href="https://github.com/foyerunix"><code>@​foyerunix</code></a>)</li>
<li>Fix indexing bug in the logic for picking NodePort addresses. In
rare cases this may have caused wrong address to be selected for
NodePort use, or an out-of-bounds access. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32506">#32506</a>,
<a href="https://github.com/joamaki"><code>@​joamaki</code></a>)</li>
<li>Fix PromQL query in Cilium Metrics dashboard (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32017">#32017</a>,
<a
href="https://github.com/mikemykhaylov"><code>@​mikemykhaylov</code></a>)</li>
<li>Fix rare race condition afflicting clustermesh when disconnecting
from a remote cluster, possibly causing the agent to panic (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32513">#32513</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>Fixes accidentally ignoring the preflight.nodeSelector Helm value.
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32548">#32548</a>,
<a href="https://github.com/squeed"><code>@​squeed</code></a>)</li>
<li>Fixes unencrypted traffic among nodes when IPsec is used with L7
egress proxy. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32932">#32932</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32683">#32683</a>,
<a
href="https://github.com/jschwinger233"><code>@​jschwinger233</code></a>)</li>
<li>ingress: Set the default value for max_stream_timeout (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/31514">#31514</a>,
<a href="https://github.com/tskinn"><code>@​tskinn</code></a>)</li>
<li>Introduce timeout when waiting for the initial synchronization from
remote clusters, to avoid blocking forever necessary GC operations in
case of clustermesh misconfigurations. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32802">#32802</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32671">#32671</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>ipsec: Safely delete Xfrm state (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32450">#32450</a>,
<a
href="https://github.com/jschwinger233"><code>@​jschwinger233</code></a>)</li>
<li>proxy: Re-enable proxy rule installation in native-routing mode for
CEC (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32481">#32481</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32367">#32367</a>,
<a href="https://github.com/sayboras"><code>@​sayboras</code></a>)</li>
<li>Remove deprecated <code>hubble.ui.securityContext.enabled</code>
from hubble-ui deployment template (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32338">#32338</a>,
<a href="https://github.com/stelucz"><code>@​stelucz</code></a>)</li>
</ul>
<p><strong>CI Changes:</strong></p>
<ul>
<li>CI: Add job name validation (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32462">#32462</a>,
<a href="https://github.com/brlbil"><code>@​brlbil</code></a>)</li>
<li>ci: Filter supported versions of EKS (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32889">#32889</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32304">#32304</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>ci: Filter supported versions of GKE (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32302">#32302</a>,
<a href="https://github.com/marseel"><code>@​marseel</code></a>)</li>
<li>ci: l4lb: gather more infos about docker-in-docker issues (Backport
PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32570">#32570</a>,
<a
href="https://github.com/mhofstetter"><code>@​mhofstetter</code></a>)</li>
<li>ci: l4lb: restart docker-in-docker container on failure (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32600">#32600</a>,
<a
href="https://github.com/mhofstetter"><code>@​mhofstetter</code></a>)</li>
<li>eks: Don't use spot instances (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32553">#32553</a>,
<a
href="https://github.com/michi-covalent"><code>@​michi-covalent</code></a>)</li>
<li>GCP OIDC instead of SA creds. (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32707">#32707</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/30809">#30809</a>,
<a
href="https://github.com/viktor-kurchenko"><code>@​viktor-kurchenko</code></a>)</li>
<li>gha: cover TLS auth mode in clustermesh upgrade/downgrade tests
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32684">#32684</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>gha: test certificate generation methods in conformance clustermesh
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32789">#32789</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32654">#32654</a>,
<a href="https://github.com/giorio94"><code>@​giorio94</code></a>)</li>
<li>Modify GitHub Actions Workflows to echo the inputs they are given
when triggered by a <code>workflow_dispatch</code> event. (Backport PR
<a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/31424">#31424</a>,
<a
href="https://github.com/learnitall"><code>@​learnitall</code></a>)</li>
<li>Use GH_RUNNER_EXTRA_POWER for CI image workflow (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32500">#32500</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32402">#32402</a>,
<a
href="https://github.com/michi-covalent"><code>@​michi-covalent</code></a>)</li>
<li>workflows: ignore &quot;No egress gateway found&quot; drops
(Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32564">#32564</a>,
<a href="https://github.com/jibi"><code>@​jibi</code></a>)</li>
<li>workflows: Remove stale CodeQL workflow (Backport PR <a
href="https://redirect.github.com/cilium/cilium/issues/32691">#32691</a>,
Upstream PR <a
href="https://redirect.github.com/cilium/cilium/issues/32084">#32084</a>,
<a href="https://github.com/pchaigno"><code>@​pchaigno</code></a>)</li>
</ul>
<p><strong>Misc Changes:</strong></p>
<ul>
<li><code>cilium/cilium#32869</code><a
href="https://github.com/ferozsalam"><code>@​ferozsalam</code></a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cilium/cilium/commit/a09e05e6b63d82dbc3a1b0de1721a3407c340e7c"><code>a09e05e</code></a>
Prepare for release v1.15.6</li>
<li><a
href="https://github.com/cilium/cilium/commit/9299c0fd0024e33397cffc666ff851e82af28741"><code>9299c0f</code></a>
bugtool: Add post-processing masking function for Envoy</li>
<li><a
href="https://github.com/cilium/cilium/commit/0191b1ebcfdd61cefd06da0315a0e7d504167407"><code>0191b1e</code></a>
bugtool: Add json masking function</li>
<li><a
href="https://github.com/cilium/cilium/commit/b6483461d5ce56f8abab9a2faefc5c0d984eda48"><code>b648346</code></a>
docs: ipsec: remove limitation for native-routing with L7 egress
policy</li>
<li><a
href="https://github.com/cilium/cilium/commit/5197d4ce2b953acc14c2879983948171dceb4934"><code>5197d4c</code></a>
proxy/routes: Also routes egress proxy's return traffic to 2005</li>
<li><a
href="https://github.com/cilium/cilium/commit/7f3e1b7992cfb4070dce4b13dc8e0a49e8f42f5a"><code>7f3e1b7</code></a>
iptables: Ensure iptables masquerading works for proxy traffic</li>
<li><a
href="https://github.com/cilium/cilium/commit/8dadbce310fc04dbf8488afa5599ee3130162b7a"><code>8dadbce</code></a>
Don't set 0x200 mark for proxy to world traffic in iptables
PREROUTING</li>
<li><a
href="https://github.com/cilium/cilium/commit/2091036619539ec546a0f525c1323ee258d45bc8"><code>2091036</code></a>
chore(deps): update dependency cilium/hubble to v0.13.5</li>
<li><a
href="https://github.com/cilium/cilium/commit/8a6f25ff602da8be9417667cea04c41759408713"><code>8a6f25f</code></a>
fqdn: Forward-compatibility with Cilium 1.16 fqdn identities</li>
<li><a
href="https://github.com/cilium/cilium/commit/6eb495d8a905dd88a471f06ceb7d4c785f5a1f09"><code>6eb495d</code></a>
images: update cilium-{runtime,builder}</li>
<li>Additional commits viewable in <a
href="https://github.com/cilium/cilium/compare/1.15.5...1.15.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cilium/cilium&package-manager=go_modules&previous-version=1.15.5&new-version=1.15.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marseel marseel marseel approved these changes

@julianwiedmann julianwiedmann julianwiedmann approved these changes

Assignees
No one assigned
Labels
backport/1.15 This PR represents a backport for Cilium 1.15.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact.
Projects
No open projects
cilium v1.15.6
Status: Released
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ferozsalam @marseel @julianwiedmann @qmonnet