build(deps): bump github.com/cilium/cilium from 1.12.14 to 1.14.7

[dependabot[bot]]

Bumps github.com/cilium/cilium from 1.12.14 to 1.14.7.

Release notes

Sourced from github.com/cilium/cilium's releases.

1.14.7

We are pleased to release Cilium v1.14.7. This release contains various bug fixes and performance / usability improvements, including a fix for performance regression for pod-to-pod traffic WireGuard and tunneling (cilium/cilium#30329).

Summary of Changes

Minor Changes:

• api/cli: Encryption status now includes rendering IPsec status in JSON. (Backport PR #30554, Upstream PR #30167, @​viktor-kurchenko)
• Envoy running inside the Cilium Agent may now be scraped by Prometheus when using Prometheus' ServiceMonitor objects. (Backport PR #30355, Upstream PR #30126, @​youngnick)
• helm: Add extraVolumeMounts to cilium config init container (Backport PR #30355, Upstream PR #30131, @​ayuspin)
• ui: release v0.13.0 (Backport PR #30724, Upstream PR #30711, @​geakstr)

Bugfixes:

• envoy: Change socket option from 'STATE_LISTENING' to 'STATE_PREBIND' (Backport PR #30680, Upstream PR #30543, @​chaunceyjiang)
• Fix all packet drops due to missed tail calls, enable zero tolerance for these errors in CI (Backport PR #30323, Upstream PR #30248, @​ti-mo)
• Fix cilium-envoy ServiceMonitor port name (Backport PR #30554, Upstream PR #27207, @​pixiono)
• Fix error when using multiple allowRoutes namespaces in gateway (#30551, @​mhofstetter)
• Fix error when using multiple allowRoutes namespaces in gateway (Backport PR #30554, Upstream PR #30100, @​chaunceyjiang)
• Fix issue where agent attempting to restore local node information (such as cilium_host ip) would fail on k8s fallback method. (Backport PR #30355, Upstream PR #29460, @​tommyp1ckles)
• Fix nodeinit issue causing NotReady state in Kubernetes nodes when laying down an incorrect CNI config (Backport PR #30554, Upstream PR #30399, @​tlcowling)
• Fix performance regression for pod-to-pod traffic WireGuard and tunneling. (Backport PR #30554, Upstream PR #30329, @​3u13r)
• Fix rare bug possibly causing connection disruption and/or agent panic due to node events processing before full initialization. (Backport PR #30554, Upstream PR #30282, @​giorio94)
• hive: Fix start hook log output (Backport PR #30724, Upstream PR #30712, @​joamaki)
• init well-known identity before new policy repository to fix the fqdn policy issue when enable well-known identity. (Backport PR #30554, Upstream PR #30052, @​yingnanzhang666)
• L2 announcements retry getting lease after losing it (Backport PR #30355, Upstream PR #30340, @​dylandreimerink)
• node/wireguard: Fix node-to-node encryption inconsistencies in kvstore mode (Backport PR #30534, Upstream PR #30423, @​gandro)
• Updating ENI prefix delegation fallback to use dedicated error codes (Backport PR #30680, Upstream PR #30536, @​hemanthmalla)

CI Changes:

• ci datapath-verifier: add connectivity test (Backport PR #30371, Upstream PR #29633, @​mhofstetter)
• ci/ipsec: Fix version retrieval for downgrades to closest patch release (Backport PR #30554, Upstream PR #30503, @​qmonnet)
• ci: add trigger phrase to Gateway API conformance test workflow name (Backport PR #30680, Upstream PR #30525, @​tklauser)
• ci: Bump timeout of ci-runtime (Backport PR #30554, Upstream PR #29317, @​YutaroHayakawa)
• ci: bypass proxy.golang.org in Go toolchain installation (Backport PR #30371, Upstream PR #29549, @​tklauser)
• CI: Change cloud regions (Backport PR #30680, Upstream PR #30378, @​brlbil)
• ci: disable cgo when installing Go toolchain (Backport PR #30371, Upstream PR #27869, @​tklauser)
• ci: run verifier tests with proper Go toolchain version (Backport PR #30371, Upstream PR #27857, @​tklauser)
• Extend the clustermesh workflows to additionally cover the external kvstore case (Backport PR #30355, Upstream PR #29983, @​giorio94)
• gh: ci-verifier: use lvh-images/complexity-test as renovate dependency (Backport PR #30680, Upstream PR #30520, @​julianwiedmann)
• gha: additionally cover BPF masquerade in clustermesh E2E tests (Backport PR #30680, Upstream PR #30321, @​giorio94)
• gha: explicilty specify beefier runner type for clustermesh workflows (Backport PR #30355, Upstream PR #30335, @​giorio94)
• gha: make runner type for clustermesh workflows configurable (Backport PR #30680, Upstream PR #30496, @​giorio94)
• Improve Conformance Cluster Mesh workflow coverage (Backport PR #30355, Upstream PR #29926, @​giorio94)
• Network performance (Backport PR #30554, Upstream PR #30247, @​marseel)
• Rework GHA workflows to checkout the untrusted context in a separate directory for increased separation (Backport PR #30355, Upstream PR #30207, @​giorio94)
• Update GitHub upload-artifact action (Backport PR #30554, Upstream PR #30443, @​brlbil)

Misc Changes:

• Added Last page Edit on Documentation (Backport PR #30680, Upstream PR #30612, @​gailsuccess)
• bpf: fib: fix issues with L2 resolution (Backport PR #30372, Upstream PR #30128, @​julianwiedmann)

... (truncated)

Changelog

Sourced from github.com/cilium/cilium's changelog.

v1.14.7

Summary of Changes

Minor Changes:

• api/cli: Encryption status now includes rendering IPsec status in JSON. (Backport PR #30554, Upstream PR #30167, @​viktor-kurchenko)
• Envoy running inside the Cilium Agent may now be scraped by Prometheus when using Prometheus' ServiceMonitor objects. (Backport PR #30355, Upstream PR #30126, @​youngnick)
• helm: Add extraVolumeMounts to cilium config init container (Backport PR #30355, Upstream PR #30131, @​ayuspin)
• ui: release v0.13.0 (Backport PR #30724, Upstream PR #30711, @​geakstr)

Bugfixes:

• envoy: Change socket option from 'STATE_LISTENING' to 'STATE_PREBIND' (Backport PR #30680, Upstream PR #30543, @​chaunceyjiang)
• Fix all packet drops due to missed tail calls, enable zero tolerance for these errors in CI (Backport PR #30323, Upstream PR #30248, @​ti-mo)
• Fix cilium-envoy ServiceMonitor port name (Backport PR #30554, Upstream PR #27207, @​pixiono)
• Fix error when using multiple allowRoutes namespaces in gateway (#30551, @​mhofstetter)
• Fix error when using multiple allowRoutes namespaces in gateway (Backport PR #30554, Upstream PR #30100, @​chaunceyjiang)
• Fix issue where agent attempting to restore local node information (such as cilium_host ip) would fail on k8s fallback method. (Backport PR #30355, Upstream PR #29460, @​tommyp1ckles)
• Fix nodeinit issue causing NotReady state in Kubernetes nodes when laying down an incorrect CNI config (Backport PR #30554, Upstream PR #30399, @​tlcowling)
• Fix performance regression for pod-to-pod traffic WireGuard and tunneling. (Backport PR #30554, Upstream PR #30329, @​3u13r)
• Fix rare bug possibly causing connection disruption and/or agent panic due to node events processing before full initialization. (Backport PR #30554, Upstream PR #30282, @​giorio94)
• hive: Fix start hook log output (Backport PR #30724, Upstream PR #30712, @​joamaki)
• init well-known identity before new policy repository to fix the fqdn policy issue when enable well-known identity. (Backport PR #30554, Upstream PR #30052, @​yingnanzhang666)
• L2 announcements retry getting lease after losing it (Backport PR #30355, Upstream PR #30340, @​dylandreimerink)
• node/wireguard: Fix node-to-node encryption inconsistencies in kvstore mode (Backport PR #30534, Upstream PR #30423, @​gandro)
• Updating ENI prefix delegation fallback to use dedicated error codes (Backport PR #30680, Upstream PR #30536, @​hemanthmalla)

CI Changes:

• ci datapath-verifier: add connectivity test (Backport PR #30371, Upstream PR #29633, @​mhofstetter)
• ci/ipsec: Fix version retrieval for downgrades to closest patch release (Backport PR #30554, Upstream PR #30503, @​qmonnet)
• ci: add trigger phrase to Gateway API conformance test workflow name (Backport PR #30680, Upstream PR #30525, @​tklauser)
• ci: Bump timeout of ci-runtime (Backport PR #30554, Upstream PR #29317, @​YutaroHayakawa)
• ci: bypass proxy.golang.org in Go toolchain installation (Backport PR #30371, Upstream PR #29549, @​tklauser)
• CI: Change cloud regions (Backport PR #30680, Upstream PR #30378, @​brlbil)
• ci: disable cgo when installing Go toolchain (Backport PR #30371, Upstream PR #27869, @​tklauser)
• ci: run verifier tests with proper Go toolchain version (Backport PR #30371, Upstream PR #27857, @​tklauser)
• Extend the clustermesh workflows to additionally cover the external kvstore case (Backport PR #30355, Upstream PR #29983, @​giorio94)
• gh: ci-verifier: use lvh-images/complexity-test as renovate dependency (Backport PR #30680, Upstream PR #30520, @​julianwiedmann)
• gha: additionally cover BPF masquerade in clustermesh E2E tests (Backport PR #30680, Upstream PR #30321, @​giorio94)
• gha: explicilty specify beefier runner type for clustermesh workflows (Backport PR #30355, Upstream PR #30335, @​giorio94)
• gha: make runner type for clustermesh workflows configurable (Backport PR #30680, Upstream PR #30496, @​giorio94)
• Improve Conformance Cluster Mesh workflow coverage (Backport PR #30355, Upstream PR #29926, @​giorio94)
• Network performance (Backport PR #30554, Upstream PR #30247, @​marseel)
• Rework GHA workflows to checkout the untrusted context in a separate directory for increased separation (Backport PR #30355, Upstream PR #30207, @​giorio94)
• Update GitHub upload-artifact action (Backport PR #30554, Upstream PR #30443, @​brlbil)

Misc Changes:

• Added Last page Edit on Documentation (Backport PR #30680, Upstream PR #30612, @​gailsuccess)
• bpf: fib: fix issues with L2 resolution (Backport PR #30372, Upstream PR #30128, @​julianwiedmann)
• bpf: lb: return drop reasons from __lb4_rev_nat() (Backport PR #30554, Upstream PR #30410, @​julianwiedmann)

... (truncated)

Commits

• 91b461c Prepare for release v1.14.7
• fc85758 ui: release v0.13.0
• 3f95050 hive: Fix start hook log output
• 7af86d0 ci/ipsec: Fix downgrade version for release preparation commits
• 70f6855 contrib/scripts: Remove special handling for patch release number 90
• ca6a82e envoy: Bump envoy version to v1.26.6
• 3bcf008 Added Last page Edit on Documentation
• 0fa179c gha: additionally cover BPF masquerade in clustermesh E2E tests
• 62f2d16 socket options - change from 'STATE_LISTENING' to 'STATE_PREBIND'
• 685bba1 ci: change schedule cloud regions
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/neondatabase/autoscaling/network/alerts).

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[Omrigan]

@dependabot rebase

[dependabot[bot]]

Superseded by #901.