fix(deps): update module github.com/cilium/cilium to v1.18.6 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/cilium/cilium	v1.18.4 → v1.18.6

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2026-26963

Impact

Host Policies will incorrectly permit traffic from Pods on other nodes when all of the following configurations are enabled:

• Native Routing
• WireGuard
• Node Encryption (beta)

These options are disabled by default in Cilium.

Patches

This issue was fixed by #​42892.

This issue affects:

• Cilium v1.18 between v1.18.0 and v1.18.5 inclusive

This issue is fixed in:

• Cilium v1.18.6

Workarounds

There is currently no officially verified or comprehensive workaround for this issue. The following procedure has been validated strictly within a local 'Kind' environment and has not undergone exhaustive testing across diverse production architectures. Proceed with caution.

To mitigate the identified traffic bypass, ensure all ingress traffic from the cilium_wg0 interface is explicitly routed to cilium_host for policy enforcement. This ensures that host-level security policies are applied to decrypted WireGuard traffic. Execute the following configuration on each CiliumNode:

# IPv4 Traffic
ip rule add iif cilium_wg0 table 300
ip route add default dev cilium_host table 300

# IPv6 Traffic
ip -6 rule add iif cilium_wg0 table 300
ip -6 route add default dev cilium_net table 300

Acknowledgements

Special thanks to @​julianwiedmann for reporting the issue and helping with the resolution.

For more information

If you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at security@cilium.io. This is a private mailing list for the Cilium security team, and your report will be treated as top priority. Please also address any comments or questions on this advisory to the same mailing list.

---

Release Notes

cilium/cilium (github.com/cilium/cilium)

v1.18.6: 1.18.6

Compare Source

Summary of Changes

Major Changes:

• Publish Helm charts to OCI registries (Backport PR #​43689, Upstream PR #​43624, @​aanm)

Minor Changes:

• Cilium Preflight check no longer includes Envoy Configmaps, making it easier to correctly run. (Backport PR #​43290, Upstream PR #​43153, @​youngnick)
• runtime: Add libatomic1 for cilium-envoy dependency (Backport PR #​43642, Upstream PR #​43292, @​sayboras)

Bugfixes:

• bpf:wireguard: delivery host packets to bpf_host for ingress policies (Backport PR #​43690, Upstream PR #​42892, @​smagnani96)
• cgroup: don't start watch if KPRConfig.EnableSocketLB is disabled (Backport PR #​43290, Upstream PR #​43256, @​mhofstetter)
• Fix a bug with local redirect service entries being created when backend pods weren't ready. (Backport PR #​43425, Upstream PR #​43095, @​aditighag)
• Fix an issue in proxy NOTRACK iptables rule for aws-cni chaining mode which causes proxy->upstream(outside cluster) traffic not being SNAT'd. (Backport PR #​43676, Upstream PR #​43566, @​fristonio)
• Fix GC of possible duplicated identities in kvstore mode (Backport PR #​43425, Upstream PR #​43287, @​giorio94)
• Fixes a deadlock that was causing endpoint to be stuck without progressing with any updates. (Backport PR #​43290, Upstream PR #​43242, @​marseel)
• gateway-api: correctly handle CiliumGatewayClassConfig as a namespaced resource. (Backport PR #​43290, Upstream PR #​43254, @​youngnick)
• xds: fix nil-pointer in processRequestStream (Backport PR #​43612, Upstream PR #​43609, @​mhofstetter)

CI Changes:

• bpf: tests: egressgw: enable HostFW (Backport PR #​43337, Upstream PR #​42955, @​julianwiedmann)
• bpf: tests: egressgw: install ipcache_v6_add_world_entry() (Backport PR #​43337, Upstream PR #​42988, @​julianwiedmann)
• chore: comment job to use generated token instead of PAT (Backport PR #​43612, Upstream PR #​43148, @​sekhar-isovalent)
• ci: Use newer lvh image for privileged tests (Backport PR #​43490, Upstream PR #​41082, @​rastislavs)

Misc Changes:

• .github/workflows: remove auto-requested reviewers (Backport PR #​43425, Upstream PR #​42952, @​aanm)
• Add documentation and examples for using the egressDeny field in CiliumNetworkPolicy (Backport PR #​43425, Upstream PR #​40272, @​syedazeez337)
• bpf: clear mark content before storing the cluster ID (Backport PR #​43290, Upstream PR #​43159, @​giorio94)
• bpf: prevent cluster ID from being incorrectly retrieved from mark when aliased (Backport PR #​43290, Upstream PR #​43258, @​giorio94)
• chore(deps): update all github action dependencies (v1.18) (#​43467, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.18) (#​43665, @​cilium-renovate[bot])
• chore(deps): update anchore/sbom-action action to v0.21.0 (v1.18) (#​43512, @​cilium-renovate[bot])
• chore(deps): update base-images (v1.18) (#​43543, @​cilium-renovate[bot])
• chore(deps): update base-images (v1.18) (#​43664, @​cilium-renovate[bot])
• chore(deps): update docker.io/library/busybox:1.37.0 docker digest to 2383baa (v1.18) (#​43662, @​cilium-renovate[bot])
• chore(deps): update docker.io/library/golang:1.24.11 docker digest to 54528d1 (v1.18) (#​43464, @​cilium-renovate[bot])
• chore(deps): update gcr.io/etcd-development/etcd docker tag to v3.6.7 (v1.18) (#​43465, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.34.12-1767177245-7935d4d711cb6f8020385a50c996b90896e16a71 (v1.18) (#​43539, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.35.9-1767794330-db497dd19e346b39d81d7b5c0dedf6c812bcc5c9 (v1.18) (#​43638, @​cilium-renovate[bot])
• chore(deps): update rhysd/actionlint docker tag to v1.7.10 (v1.18) (#​43541, @​cilium-renovate[bot])
• chore(deps): update stable lvh-images (v1.18) (patch) (#​43466, @​cilium-renovate[bot])
• chore(deps): update stable lvh-images (v1.18) (patch) (#​43542, @​cilium-renovate[bot])
• chore(deps): update stable lvh-images (v1.18) (patch) (#​43571, @​cilium-renovate[bot])
• chore(deps): update stable lvh-images (v1.18) (patch) (#​43663, @​cilium-renovate[bot])
• cmapisrv/test: miscellaneous fixes to the ciliumidentities script test (Backport PR #​43425, Upstream PR #​43372, @​giorio94)
• docs: Add missing IPv6 fragmentation BPF map reference (Backport PR #​43290, Upstream PR #​43161, @​doniacld)
• Fix a regression in the new services control plane where loadBalancerSourceRanges was applied by default to all service types. (Backport PR #​43575, Upstream PR #​42351, @​borkmann)
• operator: the K8s Secret synchronization process now resynchronizes after an hour for synced Secrets. (Backport PR #​43425, Upstream PR #​42414, @​youngnick)
• release: change OCI registry (Backport PR #​43689, Upstream PR #​43646, @​aanm)
• route: install ingress proxy routes with WireGuard and L7Proxy (Backport PR #​43434, Upstream PR #​42835, @​smagnani96)

Other Changes:

• [v1.18] bpf:hubble: support policy verdict from L3 devices (#​43381, @​smagnani96)
• [v1.18] deps: bump CNI plugins version to v1.9.0 (#​43593, @​diyi0926)
• install: Update image digests for v1.18.5 (#​43400, @​cilium-release-bot[bot])

Docker Manifests

cilium

quay.io/cilium/cilium:v1.18.6@​sha256:42ec562a5ff6c8a860c0639f5a7611685e253fd9eb2d2fcdade693724c9166a4
quay.io/cilium/cilium:stable@sha256:42ec562a5ff6c8a860c0639f5a7611685e253fd9eb2d2fcdade693724c9166a4

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.18.6@​sha256:8ee142912a0e261850c0802d9256ddbe3729e1cd35c6bea2d93077f334c3cf3b
quay.io/cilium/clustermesh-apiserver:stable@sha256:8ee142912a0e261850c0802d9256ddbe3729e1cd35c6bea2d93077f334c3cf3b

docker-plugin

quay.io/cilium/docker-plugin:v1.18.6@​sha256:7931555ad713a48a28e4bf097402e0e398461dbf51b81cb8192558c5cb0dc48f
quay.io/cilium/docker-plugin:stable@sha256:7931555ad713a48a28e4bf097402e0e398461dbf51b81cb8192558c5cb0dc48f

hubble-relay

quay.io/cilium/hubble-relay:v1.18.6@​sha256:fb6135e34c31e5f175cb5e75f86cea52ef2ff12b49bcefb7088ed93f5009eb8e
quay.io/cilium/hubble-relay:stable@sha256:fb6135e34c31e5f175cb5e75f86cea52ef2ff12b49bcefb7088ed93f5009eb8e

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.18.6@​sha256:212c4cbe27da3772bcb952b8f8cbaa0b0eef72488b52edf90ad2b32072a3ca4c
quay.io/cilium/operator-alibabacloud:stable@sha256:212c4cbe27da3772bcb952b8f8cbaa0b0eef72488b52edf90ad2b32072a3ca4c

operator-aws

quay.io/cilium/operator-aws:v1.18.6@​sha256:47dbc1a5bd483fec170dab7fb0bf2cca3585a4893675b0324d41d97bac8be5eb
quay.io/cilium/operator-aws:stable@sha256:47dbc1a5bd483fec170dab7fb0bf2cca3585a4893675b0324d41d97bac8be5eb

operator-azure

quay.io/cilium/operator-azure:v1.18.6@​sha256:a57aff47aeb32eccfedaa2a49d1af984d996d6d6de79609c232e0c4cf9ce97a1
quay.io/cilium/operator-azure:stable@sha256:a57aff47aeb32eccfedaa2a49d1af984d996d6d6de79609c232e0c4cf9ce97a1

operator-generic

quay.io/cilium/operator-generic:v1.18.6@​sha256:34a827ce9ed021c8adf8f0feca131f53b3c54a3ef529053d871d0347ec4d69af
quay.io/cilium/operator-generic:stable@sha256:34a827ce9ed021c8adf8f0feca131f53b3c54a3ef529053d871d0347ec4d69af

operator

quay.io/cilium/operator:v1.18.6@​sha256:0e8903aa092025918761d24ae9a91af35baa5b6910b5d0e3feac91ab8a2bc65b
quay.io/cilium/operator:stable@sha256:0e8903aa092025918761d24ae9a91af35baa5b6910b5d0e3feac91ab8a2bc65b

v1.18.5: 1.18.5

Compare Source

Summary of Changes

Minor Changes:

• [v1.18] proxy: Bump envoy version to v1.34.11 (#​43143, @​sayboras)
• Change the sidecar etcd instance of the Cluster Mesh API Server listen on all IP addresses (Backport PR #​42948, Upstream PR #​42818, @​giorio94)

Bugfixes:

• allow missing verbs for cilium-agent cluster role when readSecretsOnlyFromSecretsNamespace is false (Backport PR #​42948, Upstream PR #​42790, @​kraashen)
• AWS EC2: Fix ENI attachment on multi-network card instances with high-performance networking (EFA) setups (Backport PR #​42745, Upstream PR #​42512, @​41ks)
• CiliumEnvoyConfig proxy ports are now restored on agent restarts. (Backport PR #​43117, Upstream PR #​43108, @​jrajahalme)
• Cleanup FQDNs that have leaked into the global FQDN cache (Backport PR #​42864, Upstream PR #​42485, @​sjohnsonpal)
• Do not opt-out Endpoint ID 1 from dnsproxy transparent mode. (Backport PR #​42948, Upstream PR #​42887, @​jrajahalme)
• ENI: Fix panic on nil subnet (Backport PR #​43117, Upstream PR #​43023, @​HadrienPatte)
• Ensure cilium-agent gracefully does fallbacks when etcd is in a bad state. (Backport PR #​43059, Upstream PR #​42977, @​odinuge)
• Fix a bug that would cause Cilium to not report L4 checksum update errors when the length attribute is missing in ICMP Error messages with TCP inner packets. (Backport PR #​42828, Upstream PR #​42426, @​yushoyamaguchi)
• Fix a bug that would cause IPsec logs to incorrectly report the XFRM rules being processed as "Ingress" rules. (Backport PR #​42828, Upstream PR #​42640, @​sjohnsonpal)
• Fix agent local identity leak (Backport PR #​43117, Upstream PR #​42662, @​odinuge)
• Fix bug that could cause the agent to fail to add XFRM states when IPsec is enabled, thus preventing a proper startup. (Backport PR #​42948, Upstream PR #​42666, @​pchaigno)
• Fix GC of per-cluster ctmap entries (Backport PR #​43294, Upstream PR #​43160, @​giorio94)
• Fix ipcache issues causing severe issues with the fqdn subsystem (Backport PR #​42864, Upstream PR #​42815, @​odinuge)
• Fix issue where endpoints got stuck in "waiting-to-regenerate" (Backport PR #​42948, Upstream PR #​42856, @​odinuge)
• Fix leak in the policy subsystem (Backport PR #​43117, Upstream PR #​42661, @​odinuge)
• Fix rare kvstore issue where cilium continues to use an expired lease causing kvstore operations to fail consistently (Backport PR #​42745, Upstream PR #​42709, @​odinuge)
• fqdn: Fix fqdn subsystem correctness issues causing packet drops and inconsistent ipcache (Backport PR #​43117, Upstream PR #​42500, @​odinuge)
• In rare cases, the cilium-operator losing the lead of the HA deployment could continue acting as if leading for at most a minute, leading to split-brain problems such as double allocation of pod CIDRs. (Backport PR #​43059, Upstream PR #​42920, @​bimmlerd)
• KVStoreMesh now correctly respects the CA bundle setting when validating remote cluster certificates (Backport PR #​42828, Upstream PR #​42726, @​giorio94)
• policy: Fix rare Endpoint Selector Policy Deadlock causing policies to not be updated with new identities (Backport PR #​42864, Upstream PR #​42306, @​odinuge)
• Recreate CiliumEndpoints (k8s resource) if they are accidentally deleted. (Backport PR #​43117, Upstream PR #​42877, @​aanm)
• redirectpolicy: Avoid recomputing on pod changes that do not change resulting redirect backends (Backport PR #​42948, Upstream PR #​42814, @​joamaki)

CI Changes:

• bpf: test: add BPF Masq tests for unknown / handled protocols (Backport PR #​42711, Upstream PR #​42144, @​julianwiedmann)
• bpf: test: egressgw: fix up ENABLE_MASQUERADE (Backport PR #​42966, Upstream PR #​42912, @​julianwiedmann)
• bpf: tests: add BPF MASQ test for ICMP ECHOs (Backport PR #​42711, Upstream PR #​42656, @​julianwiedmann)
• bpf: tests: set ENABLE_MASQUERADE_IPV6 for EGW XDP test (Backport PR #​43059, Upstream PR #​42962, @​julianwiedmann)
• bpf:test: cover host endpoint case in tc_nodeport_l3_dev.h (Backport PR #​43059, Upstream PR #​42983, @​smagnani96)
• Delete .github/workflows/build-images-hotfixes.yaml (Backport PR #​42966, Upstream PR #​42958, @​sekhar-isovalent)
• gh: conn-disrupt: fix XFRM error checks (Backport PR #​42764, Upstream PR #​42724, @​julianwiedmann)
• gh: ipsec-e2e: fix flaky connection disruptivity test (Backport PR #​42823, Upstream PR #​42780, @​julianwiedmann)
• gha: additionally cleanup disk space in clustermesh upgrade workflow (Backport PR #​42948, Upstream PR #​42862, @​giorio94)
• gha: don't filter lint-build-commits steps when workflow is modified (Backport PR #​42948, Upstream PR #​42844, @​giorio94)
• gha: wait for cert-manager CRDs to be ready in conformance clustermesh (Backport PR #​42966, Upstream PR #​42947, @​giorio94)
• makefile: More reliable update-helm-values (Backport PR #​42828, Upstream PR #​42736, @​devodev)

Misc Changes:

• .github/workflows: make adjustments for new GitHub workflow behavior (#​43219, @​aanm)
• [v1.18] deps: bump x/crypto to v0.45.0 (#​43114, @​ferozsalam)
• [v1.18] vendor: Bump to StateDB v0.4.6 (#​42953, @​joamaki)
• chore(deps): update all github action dependencies (v1.18) (#​42783, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.18) (#​42937, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.18) (#​43036, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.18) (#​43181, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.18) (#​43268, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.18) (#​43317, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.18) (patch) (#​43314, @​cilium-renovate[bot])
• chore(deps): update all-dependencies (v1.18) (#​42804, @​cilium-renovate[bot])
• chore(deps): update all-dependencies (v1.18) (#​43037, @​cilium-renovate[bot])
• chore(deps): update dependency cilium/cilium-cli to v0.18.9 (v1.18) (#​43182, @​cilium-renovate[bot])
• chore(deps): update dependency cilium/little-vm-helper to v0.0.28 (v1.18) (#​42771, @​cilium-renovate[bot])
• chore(deps): update dependency protocolbuffers/protobuf to v33.1 (v1.18) (#​42805, @​cilium-renovate[bot])
• chore(deps): update dependency protocolbuffers/protobuf to v33.2 (v1.18) (#​43184, @​cilium-renovate[bot])
• chore(deps): update dependency protocolbuffers/protobuf-go to v1.36.11 (v1.18) (#​43315, @​cilium-renovate[bot])
• chore(deps): update docker.io/library/busybox:1.37.0 docker digest to d80cd69 (v1.18) (#​43312, @​cilium-renovate[bot])
• chore(deps): update docker.io/library/golang:1.24.10 docker digest to 7b13449 (v1.18) (#​42935, @​cilium-renovate[bot])
• chore(deps): update docker.io/library/golang:1.24.10 docker digest to 83d7392 (v1.18) (#​42802, @​cilium-renovate[bot])
• chore(deps): update docker.io/library/golang:1.24.11 docker digest to e3fb71a (v1.18) (#​43313, @​cilium-renovate[bot])
• chore(deps): update gcr.io/distroless/static:nonroot docker digest to 2b7c93f (v1.18) (#​43135, @​cilium-renovate[bot])
• chore(deps): update gcr.io/etcd-development/etcd docker tag to v3.6.6 (v1.18) (#​42936, @​cilium-renovate[bot])
• chore(deps): update github artifact actions (v1.18) (#​43318, @​cilium-renovate[bot])
• chore(deps): update go to v1.24.11 (v1.18) (#​43183, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/certgen docker tag to v0.3.1 (v1.18) (#​43052, @​cilium-renovate[bot])
• chore(deps): update stable lvh-images (v1.18) (patch) (#​42803, @​cilium-renovate[bot])
• chore(deps): update stable lvh-images (v1.18) (patch) (#​43316, @​cilium-renovate[bot])
• docs: Add limitation about LB to same backend via multiple VIPs (Backport PR #​42745, Upstream PR #​42632, @​brb)
• Documentation: host firewall: document emergency recovery (Backport PR #​42948, Upstream PR #​42776, @​squeed)
• fqdn: rewrite name manager test to use real ipcache (Backport PR #​42948, Upstream PR #​42820, @​odinuge)
• Minor improvements around certificate validation in etcd/clustermesh troubleshoot commands (Backport PR #​42948, Upstream PR #​42782, @​giorio94)
• node/manager: TestNodesStartupPruning poll state (Backport PR #​42948, Upstream PR #​41648, @​0xch4z)
• policy: Marshal L4Filter marshalling errors into json (Backport PR #​42948, Upstream PR #​42834, @​joestringer)
• xds: Do not log an error on a done context (Backport PR #​43117, Upstream PR #​42990, @​jrajahalme)

Other Changes:

• [v1.18] Add periodic resync for secret-sync controller (#​43356, @​youngnick)
• [v1.18] bpf: lxc: transfer source identity for lxc-to-host policy (#​42821, @​julianwiedmann)
• [v1.18] ipcache: Fix leak in CIDR metadata consolidation logic (#​43354, @​christarazi)
• [v1.18] lb: Implement Hybrid-DSR via annotation infrastructure (#​43056, @​julianwiedmann)
• [v1.18] proxy: Bump envoy version to v1.34.12 (#​43259, @​sayboras)
• install: Update image digests for v1.18.4 (#​42735, @​cilium-release-bot[bot])
• Kubernetes endpoints that are terminating are retained in the backends BPF state regardless of the "serving" condition to avoid connection disruptions when a pod no longer signals readiness to process new connections. (#​42708, @​joamaki)

Docker Manifests

cilium

quay.io/cilium/cilium:v1.18.5@​sha256:2c92fb05962a346eaf0ce11b912ba434dc10bd54b9989e970416681f4a069628
quay.io/cilium/cilium:stable@sha256:2c92fb05962a346eaf0ce11b912ba434dc10bd54b9989e970416681f4a069628

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.18.5@​sha256:952f07c30390847e4d9dfaa19a76c4eca946251ffbc4f6459946570f93ee72f1
quay.io/cilium/clustermesh-apiserver:stable@sha256:952f07c30390847e4d9dfaa19a76c4eca946251ffbc4f6459946570f93ee72f1

docker-plugin

quay.io/cilium/docker-plugin:v1.18.5@​sha256:db81fda86653d96ea40687dc314985f5f23d5b57719dd1cb0d151be2c7c8789f
quay.io/cilium/docker-plugin:stable@sha256:db81fda86653d96ea40687dc314985f5f23d5b57719dd1cb0d151be2c7c8789f

hubble-relay

quay.io/cilium/hubble-relay:v1.18.5@​sha256:17212962c92ff52384f94e407ffe3698714fcbd35c7575f67f24032d6224e446
quay.io/cilium/hubble-relay:stable@sha256:17212962c92ff52384f94e407ffe3698714fcbd35c7575f67f24032d6224e446

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.18.5@​sha256:2e60f635495eb2837296ced5475875c281a05765d5ddd644a05e126bbb080b3c
quay.io/cilium/operator-alibabacloud:stable@sha256:2e60f635495eb2837296ced5475875c281a05765d5ddd644a05e126bbb080b3c

operator-aws

quay.io/cilium/operator-aws:v1.18.5@​sha256:7608025d8b727a10f21d924d8e4f40beb176cefd690320433452816ad8776f52
quay.io/cilium/operator-aws:stable@sha256:7608025d8b727a10f21d924d8e4f40beb176cefd690320433452816ad8776f52

operator-azure

quay.io/cilium/operator-azure:v1.18.5@​sha256:126667e000267f893cb81042bf8a710ad2f219619eb9ce06e8949333bd325ac6
quay.io/cilium/operator-azure:stable@sha256:126667e000267f893cb81042bf8a710ad2f219619eb9ce06e8949333bd325ac6

operator-generic

quay.io/cilium/operator-generic:v1.18.5@​sha256:36c3f6f14c8ced7f45b40b0a927639894b44269dd653f9528e7a0dc363a4eb99
quay.io/cilium/operator-generic:stable@sha256:36c3f6f14c8ced7f45b40b0a927639894b44269dd653f9528e7a0dc363a4eb99

operator

quay.io/cilium/operator:v1.18.5@​sha256:c6806ee97ef35a79aa72d411bc7f12745a1ea684208853e7d13c8e7f84cbb606
quay.io/cilium/operator:stable@sha256:c6806ee97ef35a79aa72d411bc7f12745a1ea684208853e7d13c8e7f84cbb606

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: KubeArmor/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 6 additional dependencies were updated

Details:

Package	Change
golang.org/x/sys	v0.37.0 -> v0.38.0
golang.org/x/crypto	v0.43.0 -> v0.45.0
golang.org/x/net	v0.46.0 -> v0.47.0
golang.org/x/sync	v0.17.0 -> v0.18.0
golang.org/x/term	v0.36.0 -> v0.37.0
golang.org/x/text	v0.30.0 -> v0.31.0