build(deps): bump tailscale.com from 1.64.2 to 1.66.4

[dependabot]

Bumps tailscale.com from 1.64.2 to 1.66.4.

Release notes

Sourced from tailscale.com's releases.

v1.66.4

All platforms

• Fixed: Restored UDP connectivity through Mullvad exit nodes.

Linux

• Changed: Stateful filtering is now off by default. Stateful filtering was introduced in 1.66.0 as a mitigation for a vulnerability described in TS-2024-005, and inadvertently broke DNS resolution from containers running on the host. Most vulnerable setups are protected by other mitigations already, except when autogroup:danger-all is used in ACLs.

v1.66.3

All platforms

• Fixed: Login URLs did not always appear in the console when running tailscale up.

Android

• Changed: Reintroduced the Quick Settings title that v1.66.0 temporarily removed.
• Changed: Improved the VPN service connection logic, especially when rebooting the device with Always-On VPN enabled.
• Changed: The persistent VPN status notification now informs the user with a muted icon when the VPN is disconnected. VPN status notifications can be disabled in the system notification settings.
• Fixed: The "Enable" button in the exit node selector banner now renders with the correct background color.

Kubernetes operator

• Breaking change: Starting with v1.66, the Kubernetes operator must always run the same or later version as the proxies it manages.
• New: Expose cloud services on cluster network to the tailnet, using Kubernetes ExternalName Services. This allows exposing cloud services, such as RDS instances, to tailnet by their DNS names.
• New: Expose tailnet services that use Tailscale HTTPS to cluster workloads. Refer to #11019gh-tailscale-pull-11019.
• New: Cluster workloads can now refer to Tailscale Ingress resources by their MagicDNS names. Refer to #11019gh-tailscale-pull-11019.
• New: Configure environment variables for Tailscale Kubernetes operator proxies using ProxyClass CRD. Refer to [ProxyClass API][gh-tailscale-proxy-class-api].
• New: Expose tailscaled metrics endpoint for Tailscale Kubernetes operator proxies through ProxyClass CRD. Note that the tailscaled metrics are unstable and will likely change in the future. Refer to [ProxyClass API][gh-tailscale-proxy-class-api].
• New: Configure labels for the Kubernetes operator Pods with Helm chart values. Refer to Helm chart values.
• New: Configure affinity rules for Kubernetes operator proxy Pods with ProxyClass. Refer to [ProxyClass API][gh-tailscale-proxy-class-api].
• Fixed: Kubernetes operator proxy init container no longer attempts to enable IPv6 forwarding on systems that don't have IPv6 module loaded. Refer to #11867gh-tailscale-pull-11867.

Containers

• Fixed: Tailscale containers running on Kubernetes no longer error if an empty Kubernetes Secret is pre-created for the tailscaled state. Refer to #11326gh-tailscale-pull-11326.
• Fixed: Improved the ambiguous error messages when Tailscale running on Kubernetes does not have the right permissions to perform actions against the tailscaled state Secret. Refer to #11326gh-tailscale-pull-11326.

... (truncated)

Commits

• e64efe4 VERSION.txt: this is v1.66.4
• 1d76a3e various: disable stateful filtering by default (#12197)
• c7a51ae net/tstun: do SNAT after filterPacketOutboundToWireGuard (#12140)
• eae73f8 VERSION.txt: this is v1.66.3
• 8ff13e9 version: fix macOS uploads by increasing build number prefix (#12134)
• 78566fd VERSION.txt: this is v1.66.2
• 9d2768a util/linuxfw: fix IPv6 availability check for nftables (#12009) (#12123)
• 32cb8a3 ipn/ipnlocal: simplify authURL vs authURLSticky, remove interact field
• c88abff cmd/k8s-operator,cmd/containerboot,ipn,k8s-operator: turn off stateful filter...
• 88e23b6 VERSION.txt: this is v1.66.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)