build(deps): bump github.com/cilium/cilium from 1.18.4 to 1.18.5 by dependabot[bot] · Pull Request #64 · encodeous/nylon

dependabot · 2026-02-20T14:47:18Z

Bumps github.com/cilium/cilium from 1.18.4 to 1.18.5.

Release notes

Sourced from github.com/cilium/cilium's releases.

1.18.5

Summary of Changes

Minor Changes:

cilium/cilium#43143@sayboras)

Change the sidecar etcd instance of the Cluster Mesh API Server listen on all IP addresses (Backport PR cilium/cilium#42948, Upstream PR cilium/cilium#42818, @giorio94)

Bugfixes:

allow missing verbs for cilium-agent cluster role when readSecretsOnlyFromSecretsNamespace is false (Backport PR cilium/cilium#42948, Upstream PR cilium/cilium#42790, @kraashen)

AWS EC2: Fix ENI attachment on multi-network card instances with high-performance networking (EFA) setups (Backport PR cilium/cilium#42745, Upstream PR cilium/cilium#42512, @41ks)

CiliumEnvoyConfig proxy ports are now restored on agent restarts. (Backport PR cilium/cilium#43117, Upstream PR cilium/cilium#43108, @jrajahalme)

Cleanup FQDNs that have leaked into the global FQDN cache (Backport PR cilium/cilium#42864, Upstream PR cilium/cilium#42485, @sjohnsonpal)

Do not opt-out Endpoint ID 1 from dnsproxy transparent mode. (Backport PR cilium/cilium#42948, Upstream PR cilium/cilium#42887, @jrajahalme)

ENI: Fix panic on nil subnet (Backport PR cilium/cilium#43117, Upstream PR cilium/cilium#43023, @HadrienPatte)

Ensure cilium-agent gracefully does fallbacks when etcd is in a bad state. (Backport PR cilium/cilium#43059, Upstream PR cilium/cilium#42977, @odinuge)

Fix a bug that would cause Cilium to not report L4 checksum update errors when the length attribute is missing in ICMP Error messages with TCP inner packets. (Backport PR cilium/cilium#42828, Upstream PR cilium/cilium#42426, @yushoyamaguchi)

Fix a bug that would cause IPsec logs to incorrectly report the XFRM rules being processed as "Ingress" rules. (Backport PR cilium/cilium#42828, Upstream PR cilium/cilium#42640, @sjohnsonpal)

Fix agent local identity leak (Backport PR cilium/cilium#43117, Upstream PR cilium/cilium#42662, @odinuge)

Fix bug that could cause the agent to fail to add XFRM states when IPsec is enabled, thus preventing a proper startup. (Backport PR cilium/cilium#42948, Upstream PR cilium/cilium#42666, @pchaigno)

Fix GC of per-cluster ctmap entries (Backport PR cilium/cilium#43294, Upstream PR cilium/cilium#43160, @giorio94)

Fix ipcache issues causing severe issues with the fqdn subsystem (Backport PR cilium/cilium#42864, Upstream PR cilium/cilium#42815, @odinuge)

Fix issue where endpoints got stuck in "waiting-to-regenerate" (Backport PR cilium/cilium#42948, Upstream PR cilium/cilium#42856, @odinuge)

Fix leak in the policy subsystem (Backport PR cilium/cilium#43117, Upstream PR cilium/cilium#42661, @odinuge)

Fix rare kvstore issue where cilium continues to use an expired lease causing kvstore operations to fail consistently (Backport PR cilium/cilium#42745, Upstream PR cilium/cilium#42709, @odinuge)

fqdn: Fix fqdn subsystem correctness issues causing packet drops and inconsistent ipcache (Backport PR cilium/cilium#43117, Upstream PR cilium/cilium#42500, @odinuge)

In rare cases, the cilium-operator losing the lead of the HA deployment could continue acting as if leading for at most a minute, leading to split-brain problems such as double allocation of pod CIDRs. (Backport PR cilium/cilium#43059, Upstream PR cilium/cilium#42920, @bimmlerd)

KVStoreMesh now correctly respects the CA bundle setting when validating remote cluster certificates (Backport PR cilium/cilium#42828, Upstream PR cilium/cilium#42726, @giorio94)

policy: Fix rare Endpoint Selector Policy Deadlock causing policies to not be updated with new identities (Backport PR cilium/cilium#42864, Upstream PR cilium/cilium#42306, @odinuge)

Recreate CiliumEndpoints (k8s resource) if they are accidentally deleted. (Backport PR cilium/cilium#43117, Upstream PR cilium/cilium#42877, @aanm)

redirectpolicy: Avoid recomputing on pod changes that do not change resulting redirect backends (Backport PR cilium/cilium#42948, Upstream PR cilium/cilium#42814, @joamaki)

CI Changes:

bpf: test: add BPF Masq tests for unknown / handled protocols (Backport PR cilium/cilium#42711, Upstream PR cilium/cilium#42144, @julianwiedmann)

bpf: test: egressgw: fix up ENABLE_MASQUERADE (Backport PR cilium/cilium#42966, Upstream PR cilium/cilium#42912, @julianwiedmann)

bpf: tests: add BPF MASQ test for ICMP ECHOs (Backport PR cilium/cilium#42711, Upstream PR cilium/cilium#42656, @julianwiedmann)

bpf: tests: set ENABLE_MASQUERADE_IPV6 for EGW XDP test (Backport PR cilium/cilium#43059, Upstream PR cilium/cilium#42962, @julianwiedmann)

bpf:test: cover host endpoint case in tc_nodeport_l3_dev.h (Backport PR cilium/cilium#43059, Upstream PR cilium/cilium#42983, @smagnani96)

Delete .github/workflows/build-images-hotfixes.yaml (Backport PR cilium/cilium#42966, Upstream PR cilium/cilium#42958, @sekhar-isovalent)

gh: conn-disrupt: fix XFRM error checks (Backport PR cilium/cilium#42764, Upstream PR cilium/cilium#42724, @julianwiedmann)

gh: ipsec-e2e: fix flaky connection disruptivity test (Backport PR cilium/cilium#42823, Upstream PR cilium/cilium#42780, @julianwiedmann)

gha: additionally cleanup disk space in clustermesh upgrade workflow (Backport PR cilium/cilium#42948, Upstream PR cilium/cilium#42862, @giorio94)

gha: don't filter lint-build-commits steps when workflow is modified (Backport PR cilium/cilium#42948, Upstream PR cilium/cilium#42844, @giorio94)

gha: wait for cert-manager CRDs to be ready in conformance clustermesh (Backport PR cilium/cilium#42966, Upstream PR cilium/cilium#42947, @giorio94)

makefile: More reliable update-helm-values (Backport PR cilium/cilium#42828, Upstream PR cilium/cilium#42736, @devodev)

Misc Changes:

cilium/cilium#43219@aanm)

cilium/cilium#43114@ferozsalam)

cilium/cilium#42953@joamaki)

... (truncated)

Changelog

Sourced from github.com/cilium/cilium's changelog.

v1.18.5

Summary of Changes

Minor Changes:

cilium/cilium#43143@sayboras)

Change the sidecar etcd instance of the Cluster Mesh API Server listen on all IP addresses (Backport PR cilium/cilium#42948, Upstream PR cilium/cilium#42818, @giorio94)

Bugfixes:

allow missing verbs for cilium-agent cluster role when readSecretsOnlyFromSecretsNamespace is false (Backport PR cilium/cilium#42948, Upstream PR cilium/cilium#42790, @kraashen)

AWS EC2: Fix ENI attachment on multi-network card instances with high-performance networking (EFA) setups (Backport PR cilium/cilium#42745, Upstream PR cilium/cilium#42512, @41ks)

CiliumEnvoyConfig proxy ports are now restored on agent restarts. (Backport PR cilium/cilium#43117, Upstream PR cilium/cilium#43108, @jrajahalme)

Cleanup FQDNs that have leaked into the global FQDN cache (Backport PR cilium/cilium#42864, Upstream PR cilium/cilium#42485, @sjohnsonpal)

Do not opt-out Endpoint ID 1 from dnsproxy transparent mode. (Backport PR cilium/cilium#42948, Upstream PR cilium/cilium#42887, @jrajahalme)

ENI: Fix panic on nil subnet (Backport PR cilium/cilium#43117, Upstream PR cilium/cilium#43023, @HadrienPatte)

Ensure cilium-agent gracefully does fallbacks when etcd is in a bad state. (Backport PR cilium/cilium#43059, Upstream PR cilium/cilium#42977, @odinuge)

Fix a bug that would cause Cilium to not report L4 checksum update errors when the length attribute is missing in ICMP Error messages with TCP inner packets. (Backport PR cilium/cilium#42828, Upstream PR cilium/cilium#42426, @yushoyamaguchi)

Fix a bug that would cause IPsec logs to incorrectly report the XFRM rules being processed as "Ingress" rules. (Backport PR cilium/cilium#42828, Upstream PR cilium/cilium#42640, @sjohnsonpal)

Fix agent local identity leak (Backport PR cilium/cilium#43117, Upstream PR cilium/cilium#42662, @odinuge)

Fix bug that could cause the agent to fail to add XFRM states when IPsec is enabled, thus preventing a proper startup. (Backport PR cilium/cilium#42948, Upstream PR cilium/cilium#42666, @pchaigno)

Fix GC of per-cluster ctmap entries (Backport PR cilium/cilium#43294, Upstream PR cilium/cilium#43160, @giorio94)

Fix ipcache issues causing severe issues with the fqdn subsystem (Backport PR cilium/cilium#42864, Upstream PR cilium/cilium#42815, @odinuge)

Fix issue where endpoints got stuck in "waiting-to-regenerate" (Backport PR cilium/cilium#42948, Upstream PR cilium/cilium#42856, @odinuge)

Fix leak in the policy subsystem (Backport PR cilium/cilium#43117, Upstream PR cilium/cilium#42661, @odinuge)

Fix rare kvstore issue where cilium continues to use an expired lease causing kvstore operations to fail consistently (Backport PR cilium/cilium#42745, Upstream PR cilium/cilium#42709, @odinuge)

fqdn: Fix fqdn subsystem correctness issues causing packet drops and inconsistent ipcache (Backport PR cilium/cilium#43117, Upstream PR cilium/cilium#42500, @odinuge)

In rare cases, the cilium-operator losing the lead of the HA deployment could continue acting as if leading for at most a minute, leading to split-brain problems such as double allocation of pod CIDRs. (Backport PR cilium/cilium#43059, Upstream PR cilium/cilium#42920, @bimmlerd)

KVStoreMesh now correctly respects the CA bundle setting when validating remote cluster certificates (Backport PR cilium/cilium#42828, Upstream PR cilium/cilium#42726, @giorio94)

policy: Fix rare Endpoint Selector Policy Deadlock causing policies to not be updated with new identities (Backport PR cilium/cilium#42864, Upstream PR cilium/cilium#42306, @odinuge)

Recreate CiliumEndpoints (k8s resource) if they are accidentally deleted. (Backport PR cilium/cilium#43117, Upstream PR cilium/cilium#42877, @aanm)

redirectpolicy: Avoid recomputing on pod changes that do not change resulting redirect backends (Backport PR cilium/cilium#42948, Upstream PR cilium/cilium#42814, @joamaki)

CI Changes:

bpf: test: add BPF Masq tests for unknown / handled protocols (Backport PR cilium/cilium#42711, Upstream PR cilium/cilium#42144, @julianwiedmann)

bpf: test: egressgw: fix up ENABLE_MASQUERADE (Backport PR cilium/cilium#42966, Upstream PR cilium/cilium#42912, @julianwiedmann)

bpf: tests: add BPF MASQ test for ICMP ECHOs (Backport PR cilium/cilium#42711, Upstream PR cilium/cilium#42656, @julianwiedmann)

bpf: tests: set ENABLE_MASQUERADE_IPV6 for EGW XDP test (Backport PR cilium/cilium#43059, Upstream PR cilium/cilium#42962, @julianwiedmann)

bpf:test: cover host endpoint case in tc_nodeport_l3_dev.h (Backport PR cilium/cilium#43059, Upstream PR cilium/cilium#42983, @smagnani96)

Delete .github/workflows/build-images-hotfixes.yaml (Backport PR cilium/cilium#42966, Upstream PR cilium/cilium#42958, @sekhar-isovalent)

gh: conn-disrupt: fix XFRM error checks (Backport PR cilium/cilium#42764, Upstream PR cilium/cilium#42724, @julianwiedmann)

gh: ipsec-e2e: fix flaky connection disruptivity test (Backport PR cilium/cilium#42823, Upstream PR cilium/cilium#42780, @julianwiedmann)

gha: additionally cleanup disk space in clustermesh upgrade workflow (Backport PR cilium/cilium#42948, Upstream PR cilium/cilium#42862, @giorio94)

gha: don't filter lint-build-commits steps when workflow is modified (Backport PR cilium/cilium#42948, Upstream PR cilium/cilium#42844, @giorio94)

gha: wait for cert-manager CRDs to be ready in conformance clustermesh (Backport PR cilium/cilium#42966, Upstream PR cilium/cilium#42947, @giorio94)

makefile: More reliable update-helm-values (Backport PR cilium/cilium#42828, Upstream PR cilium/cilium#42736, @devodev)

Misc Changes:

cilium/cilium#43219@aanm)

cilium/cilium#43114@ferozsalam)

... (truncated)

Commits

7d4d893 Prepare for release v1.18.5
67bdda0 Add periodic resync for secret-sync controller
a18eea2 ipcache: Fix leak in CIDR metadata consolidation logic
a8a2429 chore(deps): update github artifact actions
982ebef ctmaps: explicitly open NAT map in PurgeOrphanNATEntries
238e0da ctmaps: fix orphan NAT entries GC with per-cluster maps
7370199 ctmaps: correctly hook GC of per-cluster ctmaps
80d3cd3 images: update cilium-{runtime,builder}
a529e57 chore(deps): update dependency protocolbuffers/protobuf-go to v1.36.11
abf94c8 chore(deps): update docker.io/library/busybox:1.37.0 docker digest to d80cd69
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [github.com/cilium/cilium](https://github.com/cilium/cilium) from 1.18.4 to 1.18.5. - [Release notes](https://github.com/cilium/cilium/releases) - [Changelog](https://github.com/cilium/cilium/blob/1.18.5/CHANGELOG.md) - [Commits](cilium/cilium@1.18.4...1.18.5) --- updated-dependencies: - dependency-name: github.com/cilium/cilium dependency-version: 1.18.5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Feb 20, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

build(deps): bump github.com/cilium/cilium from 1.18.4 to 1.18.5#64

build(deps): bump github.com/cilium/cilium from 1.18.4 to 1.18.5#64
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/cilium/cilium-1.18.5

dependabot bot commented on behalf of github Feb 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Comments

Conversation

dependabot bot commented on behalf of github Feb 20, 2026

1.18.5

Summary of Changes

v1.18.5

Summary of Changes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants