build(deps): bump github.com/cilium/cilium from 1.14.1 to 1.14.12

[dependabot[bot]]

Bumps github.com/cilium/cilium from 1.14.1 to 1.14.12.

Release notes

Sourced from github.com/cilium/cilium's releases.

1.14.12

We are pleased to release Cilium v1.14.12 that improves background resynchronization of nodes, improves the CLI to troubleshoot connectivity issues, lowers CPU consumption with IPsec for large clusters, and brings a number of additional fixes. Thanks to all contributors, reviewers, testers, and users! :heart:

Summary of Changes

Minor Changes:

• cilium/cilium#32750@​ferozsalam)
• Improved background resynchronization of nodes. Before all nodes were being updated at the same time, now we spread updates over time to average out CPU usage. (Backport PR #32874, Upstream PR #32577, @​marseel)
• Introduce CLI commands to troubleshoot connectivity issues to the etcd kvstore and clustermesh control plane (Backport PR #32571, Upstream PR #32336, @​giorio94)
• ipsec: Improve CPU usage of cilum-agent in large clusters (Backport PR #32883, Upstream PR #32588, @​marseel)
• pkg/labels: print all leaf CIDRs, not just the last one. (Backport PR #32511, Upstream PR #28224, @​squeed)

Bugfixes:

• .github/workflows: fix digests file creation (Backport PR #32888, Upstream PR #32860, @​aanm)
• cilium/cilium#32650@​pippolo84)
• cni: Reserve local ports for DNS proxy even if IPv6 is disabled (Backport PR #32787, Upstream PR #32725, @​gandro)
• Fix PromQL query in Cilium Metrics dashboard (Backport PR #32695, Upstream PR #32017, @​mikemykhaylov)
• Fix rare race condition afflicting clustermesh when disconnecting from a remote cluster, possibly causing the agent to panic (Backport PR #32695, Upstream PR #32513, @​giorio94)
• cilium/cilium#32447@​jaredledvina)
• Fixes accidentally ignoring the preflight.nodeSelector Helm value. (Backport PR #32695, Upstream PR #32548, @​squeed)
• ipsec: Safely delete Xfrm state (Backport PR #32704, Upstream PR #32450, @​jschwinger233)
• proxy: Re-enable proxy rule installation in native-routing mode for CEC (Backport PR #32483, Upstream PR #32367, @​sayboras)
• Remove deprecated hubble.ui.securityContext.enabled from hubble-ui deployment template (Backport PR #32888, Upstream PR #32338, @​stelucz)

CI Changes:

• ci: Filter supported versions of EKS (Backport PR #32888, Upstream PR #32304, @​marseel)
• ci: Filter supported versions of GKE (Backport PR #32695, Upstream PR #32302, @​marseel)
• ci: l4lb: Don't hang on gathering logs forever (Backport PR #32968, Upstream PR #32947, @​joestringer)
• ci: l4lb: gather more infos about docker-in-docker issues (Backport PR #32695, Upstream PR #32570, @​mhofstetter)
• ci: l4lb: restart docker-in-docker container on failure (Backport PR #32695, Upstream PR #32600, @​mhofstetter)
• eks: Don't use spot instances (Backport PR #32695, Upstream PR #32553, @​michi-covalent)
• GCP OIDC instead of SA creds. (Backport PR #32708, Upstream PR #30809, @​viktor-kurchenko)
• gha: test certificate generation methods in conformance clustermesh (Backport PR #32787, Upstream PR #32654, @​giorio94)
• Modify GitHub Actions Workflows to echo the inputs they are given when triggered by a workflow_dispatch event. (Backport PR #32503, Upstream PR #31424, @​learnitall)
• Use GH_RUNNER_EXTRA_POWER for CI image workflow (Backport PR #32503, Upstream PR #32402, @​michi-covalent)
• workflows: ignore "No egress gateway found" drops (Backport PR #32695, Upstream PR #32564, @​jibi)
• workflows: Remove stale CodeQL workflow (Backport PR #32695, Upstream PR #32084, @​pchaigno)

Misc Changes:

• cilium/cilium#32792@​ferozsalam)
• background-sync: fix bootstrap issue and edge-case with 1 node (Backport PR #32874, Upstream PR #32630, @​marseel)
• bump cni plugins to v1.5.0 (Backport PR #32695, Upstream PR #32629, @​antonipp)
• Bump timeout of lint-build-commits.yaml (Backport PR #32787, Upstream PR #32746, @​YutaroHayakawa)
• cilium/cilium#32495@​renovate[bot])
• cilium/cilium#32637@​renovate[bot])
• cilium/cilium#32720@​renovate[bot])
• cilium/cilium#32741@​renovate[bot])
• cilium/cilium#32842@​renovate[bot])
• cilium/cilium#32925@​renovate[bot])

... (truncated)

Changelog

Sourced from github.com/cilium/cilium's changelog.

Commits

• f1de64c Prepare for release v1.14.12
• 5ea546a ci: l4lb: Don't hang on gathering logs forever
• ce7d61e remove release scripts
• 38e243b remove unused files
• 9eb25ba bugtool: Add post-processing masking function for Envoy
• 224e288 bugtool: Add json masking function
• 1862ab4 docs: ipsec: remove limitation for native-routing with L7 egress policy
• 6e88475 chore(deps): update dependency cilium/hubble to v0.13.5
• cfdfcf8 proxy/routes: Also routes egress proxy's return traffic to 2005
• ef2986d iptables: Ensure iptables masquerading works for proxy traffic
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/spidernet-io/spiderpool/network/alerts).

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.