deps: bump github.com/cilium/cilium from 1.15.16 to 1.16.17

[dependabot]

Bumps github.com/cilium/cilium from 1.15.16 to 1.16.17.

Release notes

Sourced from github.com/cilium/cilium's releases.

1.16.17

Security Advisories

This release addresses GHSA-38pp-6gcp-rqvm.

Summary of Changes

Bugfixes:

• cilium-operator: ciliumendpoints are not garbage collected until a minimum age is reached (5m by default) (Backport PR cilium/cilium#42565, Upstream PR cilium/cilium#42413, @​zhouhaibing089)
• encrypt status: also check tcx attachment on interfaces (Backport PR cilium/cilium#42451, Upstream PR cilium/cilium#42328, @​bersoare)
• Fix cilium_operator_lbipam_conflicting_pools metric to report correct value. (Backport PR cilium/cilium#42321, Upstream PR cilium/cilium#41999, @​hanapedia)

CI Changes:

• .github/actions/e2e: define static job names (Backport PR cilium/cilium#42438, Upstream PR cilium/cilium#42332, @​aanm)
• cilium/cilium#42195@​dylandreimerink)
• ariane: don't run full test suite for BPF test changes (Backport PR cilium/cilium#41846, Upstream PR cilium/cilium#34931, @​julianwiedmann)
• ariane: manage workflow exclusions for changes to CODEOWNERS and USERS.md (Backport PR cilium/cilium#41846, Upstream PR cilium/cilium#34894, @​julianwiedmann)
• Ariane: skip E2E tests when changing unit tests only (Backport PR cilium/cilium#41846, Upstream PR cilium/cilium#35334, @​giorio94)
• conformance-aws-cni: disable l7 proxy with aws-cni (Backport PR cilium/cilium#42634, Upstream PR cilium/cilium#42578, @​aanm)
• gh: ginkgo: fix focus for service hairpin test (Backport PR cilium/cilium#42650, Upstream PR cilium/cilium#42633, @​julianwiedmann)
• gha: allow configuring runner for workflows building Cilium binaries (Backport PR cilium/cilium#42634, Upstream PR cilium/cilium#42582, @​giorio94)
• Testing for RHEL8 compatibility now uses a RHEL8.10-compatible kernel (previously this was a RHEL8.6-compatible kernel). (Backport PR cilium/cilium#42628, Upstream PR cilium/cilium#41639, @​julianwiedmann)

Misc Changes:

• cilium/cilium#42445@​ferozsalam)
• cilium/cilium#42406@​cilium-renovate[bot])
• cilium/cilium#42546@​cilium-renovate[bot])
• cilium/cilium#42347@​cilium-renovate[bot])
• cilium/cilium#42544@​cilium-renovate[bot])
• cilium/cilium#42686@​cilium-renovate[bot])
• cilium/cilium#42410@​cilium-renovate[bot])
• cilium/cilium#42404@​cilium-renovate[bot])
• cilium/cilium#42407@​cilium-renovate[bot])
• cilium/cilium#42623@​cilium-renovate[bot])
• cilium/cilium#42639@​cilium-renovate[bot])
• cilium/cilium#42422@​cilium-renovate[bot])
• cilium/cilium#42405@​cilium-renovate[bot])
• cilium/cilium#42687@​cilium-renovate[bot])
• cilium/cilium#42545@​cilium-renovate[bot])
• cilium/cilium#42688@​cilium-renovate[bot])
• ci: Add workflow permissions for auto-approve and renovate (Backport PR cilium/cilium#42321, Upstream PR cilium/cilium#42281, @​kyle-c-simmons)
• ci: Fix call-backport-label-updater permissions (Backport PR cilium/cilium#42634, Upstream PR cilium/cilium#42510, @​kyle-c-simmons)
• ci: Skip full CI for USERS.md file (Backport PR cilium/cilium#41846, Upstream PR cilium/cilium#34605, @​sayboras)
• fix: run post-release and publish-helm workflows on cilium org (Backport PR cilium/cilium#42321, Upstream PR cilium/cilium#42279, @​sekhar-isovalent)

Other Changes:

• cilium/cilium#42464@​julianwiedmann)
• cilium/cilium#42342@​cilium-release-bot[bot])

... (truncated)

Changelog

Sourced from github.com/cilium/cilium's changelog.

v1.16.17

Summary of Changes

Bugfixes:

• cilium-operator: ciliumendpoints are not garbage collected until a minimum age is reached (5m by default) (Backport PR cilium/cilium#42565, Upstream PR cilium/cilium#42413, @​zhouhaibing089)
• encrypt status: also check tcx attachment on interfaces (Backport PR cilium/cilium#42451, Upstream PR cilium/cilium#42328, @​bersoare)
• Fix cilium_operator_lbipam_conflicting_pools metric to report correct value. (Backport PR cilium/cilium#42321, Upstream PR cilium/cilium#41999, @​hanapedia)

CI Changes:

• .github/actions/e2e: define static job names (Backport PR cilium/cilium#42438, Upstream PR cilium/cilium#42332, @​aanm)
• cilium/cilium#42195@​dylandreimerink)
• ariane: don't run full test suite for BPF test changes (Backport PR cilium/cilium#41846, Upstream PR cilium/cilium#34931, @​julianwiedmann)
• ariane: manage workflow exclusions for changes to CODEOWNERS and USERS.md (Backport PR cilium/cilium#41846, Upstream PR cilium/cilium#34894, @​julianwiedmann)
• Ariane: skip E2E tests when changing unit tests only (Backport PR cilium/cilium#41846, Upstream PR cilium/cilium#35334, @​giorio94)
• conformance-aws-cni: disable l7 proxy with aws-cni (Backport PR cilium/cilium#42634, Upstream PR cilium/cilium#42578, @​aanm)
• gh: ginkgo: fix focus for service hairpin test (Backport PR cilium/cilium#42650, Upstream PR cilium/cilium#42633, @​julianwiedmann)
• gha: allow configuring runner for workflows building Cilium binaries (Backport PR cilium/cilium#42634, Upstream PR cilium/cilium#42582, @​giorio94)
• Testing for RHEL8 compatibility now uses a RHEL8.10-compatible kernel (previously this was a RHEL8.6-compatible kernel). (Backport PR cilium/cilium#42628, Upstream PR cilium/cilium#41639, @​julianwiedmann)

Misc Changes:

• cilium/cilium#42445@​ferozsalam)
• cilium/cilium#42406@​cilium-renovate[bot])
• cilium/cilium#42546@​cilium-renovate[bot])
• cilium/cilium#42347@​cilium-renovate[bot])
• cilium/cilium#42544@​cilium-renovate[bot])
• cilium/cilium#42686@​cilium-renovate[bot])
• cilium/cilium#42410@​cilium-renovate[bot])
• cilium/cilium#42404@​cilium-renovate[bot])
• cilium/cilium#42407@​cilium-renovate[bot])
• cilium/cilium#42623@​cilium-renovate[bot])
• cilium/cilium#42639@​cilium-renovate[bot])
• cilium/cilium#42422@​cilium-renovate[bot])
• cilium/cilium#42405@​cilium-renovate[bot])
• cilium/cilium#42687@​cilium-renovate[bot])
• cilium/cilium#42545@​cilium-renovate[bot])
• cilium/cilium#42688@​cilium-renovate[bot])
• ci: Add workflow permissions for auto-approve and renovate (Backport PR cilium/cilium#42321, Upstream PR cilium/cilium#42281, @​kyle-c-simmons)
• ci: Fix call-backport-label-updater permissions (Backport PR cilium/cilium#42634, Upstream PR cilium/cilium#42510, @​kyle-c-simmons)
• ci: Skip full CI for USERS.md file (Backport PR cilium/cilium#41846, Upstream PR cilium/cilium#34605, @​sayboras)
• fix: run post-release and publish-helm workflows on cilium org (Backport PR cilium/cilium#42321, Upstream PR cilium/cilium#42279, @​sekhar-isovalent)

Other Changes:

• cilium/cilium#42464@​julianwiedmann)
• cilium/cilium#42342@​cilium-release-bot[bot])
• cilium/cilium#42418@​odinuge)

v1.16.16

... (truncated)

Commits

• 46dd18e Prepare for release v1.16.17
• 8d14b8b policy: fix {to,from}-groups derived policy creation for empty cidr sets
• 98b8453 go.mod: use private fork of k8s.io/apimachinery
• 6d55daf images: update cilium-{runtime,builder}
• ecb7811 chore(deps): update docker.io/library/golang:1.24.10 docker digest to c3ea417
• a1ef2eb chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.34.10-176259...
• 49a181f chore(deps): update stable lvh-images
• b497508 gh: ginkgo: don't run f15 on non-KPR configs
• 99df73d gh: ginkgo: fix focus for service hairpin test
• bd803d2 chore(deps): update module github.com/containerd/containerd to v1.7.29 [secur...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Labels

The following labels could not be found: grouped. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.