build(deps): bump github.com/cilium/cilium from 1.19.2 to 1.19.3 in /backend by dependabot[bot] · Pull Request #1079 · cilium/hubble-ui

dependabot · 2026-04-25T23:49:53Z

Bumps github.com/cilium/cilium from 1.19.2 to 1.19.3.

Release notes

Sourced from github.com/cilium/cilium's releases.

1.19.3

Summary of Changes

Minor Changes:

Fix performance bug in L7 policy proxy redirect handling (Backport PR cilium/cilium#44828, Upstream PR cilium/cilium#44613, @fristonio)

Fixes issue where the Cilium agent fails to initialise when using KVStore identity mode with etcd behind a K8s Service (Backport PR cilium/cilium#44828, Upstream PR cilium/cilium#44653, @41ks)

helm,docs: add configDriftDetection Helm values and documentation (Backport PR cilium/cilium#44974, Upstream PR cilium/cilium#44703, @PhilipSchmid)

Bugfixes:

cilium/cilium#44888@fristonio)

bgp: Fix potential race in service advertisements upon error retry (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45049, @rastislavs)

clustermesh: fix a bug in the MCS-API CRD installl that could attempt a CRD downgrade when the version label is higher (Backport PR cilium/cilium#44828, Upstream PR cilium/cilium#44738, @MrFreezeex)

ctmap: Change order of active maps (Backport PR cilium/cilium#44828, Upstream PR cilium/cilium#44729, @brb)

Ensure completion.WaitGroup always has a timeout (Backport PR cilium/cilium#45217, Upstream PR cilium/cilium#44731, @jrajahalme)

envoy: Fix xds server npds listeners accounting (Backport PR cilium/cilium#45217, Upstream PR cilium/cilium#44830, @fristonio)

Fix a slow memory leak triggered by incremental policy updates (Backport PR cilium/cilium#44994, Upstream PR cilium/cilium#44328, @odinuge)

Fix endpoints for static pods stuck in init identity (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45016, @aaroniscode)

Fix in-cluster NodePort connectivity failure in DSR mode when SocketLB is disabled. When a pod accesses a NodePort service via a remote node's IP (instead of the ClusterIP) and the selected backend resides on the same node as the client, the connection fails due to missing reverse NAT on the reply path. (Backport PR cilium/cilium#44968, Upstream PR cilium/cilium#41963, @gyutaeb)

Fix memory leak triggered by policies being created and deleted (Backport PR cilium/cilium#44828, Upstream PR cilium/cilium#44724, @odinuge)

Fix panic in Hubble Relay when new peer address is unresolvable (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45021, @pesarkhobeee)

fix(datapath): ignore link-local IPv6 addresses for NodePort binding (Backport PR cilium/cilium#44974, Upstream PR cilium/cilium#44778, @Bigdelle)

Fixed a bug in dual-stack cluster-pool IPAM where an operator restart with a pre-existing duplicate IPv6 PodCIDR could cause the affected node's IPv4 PodCIDR to be incorrectly freed and reassigned to another node. (Backport PR cilium/cilium#44866, Upstream PR cilium/cilium#44832, @christarazi)

Fixed an issue where policy update ack is never completed after endpoint deletion. (Backport PR cilium/cilium#44818, Upstream PR cilium/cilium#44754, @jrajahalme)

Fixed ipcache identity update hang when last proxy listener is removed. (Backport PR cilium/cilium#45217, Upstream PR cilium/cilium#44597, @jrajahalme)

Fixes GRPCRoute being silently excluded from Envoy config when a Gateway listener explicitly sets allowedRoutes.kinds. (Backport PR cilium/cilium#44974, Upstream PR cilium/cilium#44826, @eufriction)

Fixes increased CPU usage in hubble observe caused by log coloring feature, even when coloring was disabled (Backport PR cilium/cilium#44828, Upstream PR cilium/cilium#44119, @tporeba)

lb: fix panic in orphan backend cleanup when addr is zero-value (Backport PR cilium/cilium#44994, Upstream PR cilium/cilium#44853, @vipul-21)

lb: Skip nil slots during BPF map restore to prevent panic (Backport PR cilium/cilium#44974, Upstream PR cilium/cilium#44895, @vipul-21)

operator/identitygc: fix nil pointer dereference on shutdown (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45091, @tsotne95)

wal: Do not truncate in NewWriter (Backport PR cilium/cilium#44974, Upstream PR cilium/cilium#44886, @joamaki)

WireGuard now respects the underlay-protocol=ipv6 setting when selecting peer endpoints in dual-stack clusters with IPv6 underlay, fixing connectivity issues where IPv4 was incorrectly used despite being unreachable across nodes. (Backport PR cilium/cilium#45247, Upstream PR cilium/cilium#44629, @tibrezus)

CI Changes:

.github/workflows: disable cache for go steps (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45073, @aanm)

.github/workflows: replace external set-commit-status action (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45078, @aanm)

.github: cleanup disk before ci-verifier tests (Backport PR cilium/cilium#44994, Upstream PR cilium/cilium#44971, @aanm)

allocator: handle unlikely goroutine leak (Backport PR cilium/cilium#44828, Upstream PR cilium/cilium#44589, @asauber)

ci: add fail-fast false to ci image builds (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45079, @Artyop)

ci: fix is-workflow-call check to handle empty input (Backport PR cilium/cilium#45052, Upstream PR cilium/cilium#45020, @aanm)

ci: fix PR branch pull step on stable pushes (Backport PR cilium/cilium#45052, Upstream PR cilium/cilium#45019, @Artyop)

ci: fix pr number check for base branch retrieval (Backport PR cilium/cilium#45052, Upstream PR cilium/cilium#45024, @Artyop)

ci: set TMPDIR=/host/tmp in datapath verifier tests (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45047, @aanm)

cilium/cilium#45219@YutaroHayakawa)

Fix some test-e2e-upgrade issues (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45075, @aanm)

fix: escape $ character in regex to prevent injection (Backport PR cilium/cilium#44828, Upstream PR cilium/cilium#44638, @peoyekunle)

fix: harden k8s apiserver endpoint access (Backport PR cilium/cilium#44994, Upstream PR cilium/cilium#44863, @sekhar-isovalent)

sockets: Ensure bpffs is mounted in TestPrivilegedSocketDestroyers (Backport PR cilium/cilium#45052, Upstream PR cilium/cilium#44979, @christarazi)

Misc Changes:

... (truncated)

Changelog

Sourced from github.com/cilium/cilium's changelog.

v1.19.3

Summary of Changes

Minor Changes:

Fix performance bug in L7 policy proxy redirect handling (Backport PR cilium/cilium#44828, Upstream PR cilium/cilium#44613, @fristonio)

Fixes issue where the Cilium agent fails to initialise when using KVStore identity mode with etcd behind a K8s Service (Backport PR cilium/cilium#44828, Upstream PR cilium/cilium#44653, @41ks)

helm,docs: add configDriftDetection Helm values and documentation (Backport PR cilium/cilium#44974, Upstream PR cilium/cilium#44703, @PhilipSchmid)

Bugfixes:

cilium/cilium#44888@fristonio)

bgp: Fix potential race in service advertisements upon error retry (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45049, @rastislavs)

clustermesh: fix a bug in the MCS-API CRD installl that could attempt a CRD downgrade when the version label is higher (Backport PR cilium/cilium#44828, Upstream PR cilium/cilium#44738, @MrFreezeex)

ctmap: Change order of active maps (Backport PR cilium/cilium#44828, Upstream PR cilium/cilium#44729, @brb)

Ensure completion.WaitGroup always has a timeout (Backport PR cilium/cilium#45217, Upstream PR cilium/cilium#44731, @jrajahalme)

envoy: Fix xds server npds listeners accounting (Backport PR cilium/cilium#45217, Upstream PR cilium/cilium#44830, @fristonio)

Fix a slow memory leak triggered by incremental policy updates (Backport PR cilium/cilium#44994, Upstream PR cilium/cilium#44328, @odinuge)

Fix endpoints for static pods stuck in init identity (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45016, @aaroniscode)

Fix in-cluster NodePort connectivity failure in DSR mode when SocketLB is disabled. When a pod accesses a NodePort service via a remote node's IP (instead of the ClusterIP) and the selected backend resides on the same node as the client, the connection fails due to missing reverse NAT on the reply path. (Backport PR cilium/cilium#44968, Upstream PR cilium/cilium#41963, @gyutaeb)

Fix memory leak triggered by policies being created and deleted (Backport PR cilium/cilium#44828, Upstream PR cilium/cilium#44724, @odinuge)

Fix panic in Hubble Relay when new peer address is unresolvable (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45021, @pesarkhobeee)

fix(datapath): ignore link-local IPv6 addresses for NodePort binding (Backport PR cilium/cilium#44974, Upstream PR cilium/cilium#44778, @Bigdelle)

Fixed a bug in dual-stack cluster-pool IPAM where an operator restart with a pre-existing duplicate IPv6 PodCIDR could cause the affected node's IPv4 PodCIDR to be incorrectly freed and reassigned to another node. (Backport PR cilium/cilium#44866, Upstream PR cilium/cilium#44832, @christarazi)

Fixed an issue where policy update ack is never completed after endpoint deletion. (Backport PR cilium/cilium#44818, Upstream PR cilium/cilium#44754, @jrajahalme)

Fixed ipcache identity update hang when last proxy listener is removed. (Backport PR cilium/cilium#45217, Upstream PR cilium/cilium#44597, @jrajahalme)

Fixes GRPCRoute being silently excluded from Envoy config when a Gateway listener explicitly sets allowedRoutes.kinds. (Backport PR cilium/cilium#44974, Upstream PR cilium/cilium#44826, @eufriction)

Fixes increased CPU usage in hubble observe caused by log coloring feature, even when coloring was disabled (Backport PR cilium/cilium#44828, Upstream PR cilium/cilium#44119, @tporeba)

lb: fix panic in orphan backend cleanup when addr is zero-value (Backport PR cilium/cilium#44994, Upstream PR cilium/cilium#44853, @vipul-21)

lb: Skip nil slots during BPF map restore to prevent panic (Backport PR cilium/cilium#44974, Upstream PR cilium/cilium#44895, @vipul-21)

operator/identitygc: fix nil pointer dereference on shutdown (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45091, @tsotne95)

wal: Do not truncate in NewWriter (Backport PR cilium/cilium#44974, Upstream PR cilium/cilium#44886, @joamaki)

WireGuard now respects the underlay-protocol=ipv6 setting when selecting peer endpoints in dual-stack clusters with IPv6 underlay, fixing connectivity issues where IPv4 was incorrectly used despite being unreachable across nodes. (Backport PR cilium/cilium#45247, Upstream PR cilium/cilium#44629, @tibrezus)

CI Changes:

.github/workflows: disable cache for go steps (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45073, @aanm)

.github/workflows: replace external set-commit-status action (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45078, @aanm)

.github: cleanup disk before ci-verifier tests (Backport PR cilium/cilium#44994, Upstream PR cilium/cilium#44971, @aanm)

allocator: handle unlikely goroutine leak (Backport PR cilium/cilium#44828, Upstream PR cilium/cilium#44589, @asauber)

ci: add fail-fast false to ci image builds (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45079, @Artyop)

ci: fix is-workflow-call check to handle empty input (Backport PR cilium/cilium#45052, Upstream PR cilium/cilium#45020, @aanm)

ci: fix PR branch pull step on stable pushes (Backport PR cilium/cilium#45052, Upstream PR cilium/cilium#45019, @Artyop)

ci: fix pr number check for base branch retrieval (Backport PR cilium/cilium#45052, Upstream PR cilium/cilium#45024, @Artyop)

ci: set TMPDIR=/host/tmp in datapath verifier tests (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45047, @aanm)

cilium/cilium#45219@YutaroHayakawa)

Fix some test-e2e-upgrade issues (Backport PR cilium/cilium#45211, Upstream PR cilium/cilium#45075, @aanm)

fix: escape $ character in regex to prevent injection (Backport PR cilium/cilium#44828, Upstream PR cilium/cilium#44638, @peoyekunle)

fix: harden k8s apiserver endpoint access (Backport PR cilium/cilium#44994, Upstream PR cilium/cilium#44863, @sekhar-isovalent)

sockets: Ensure bpffs is mounted in TestPrivilegedSocketDestroyers (Backport PR cilium/cilium#45052, Upstream PR cilium/cilium#44979, @christarazi)

... (truncated)

Commits

f5eb641 Prepare for release v1.19.3
7cb76c6 vendor: update google.golang.org/grpc to v1.79.3
14fbed0 chore(deps): update all github action dependencies
28de3ac ci: update docs-builder
02aa87a docs: Update sphinx theme to v3.1.0
68a9986 docs: Fix conflicting references
a39d6cd ci: Switch catchpoint/workflow-telemetry-action to our fork
c09abb2 chore(deps): update stable lvh-images
a4d834a images: update cilium-{runtime,builder}
d29c802 chore(deps): update docker.io/library/golang:1.25.9 docker digest to a95d3d1
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [github.com/cilium/cilium](https://github.com/cilium/cilium) from 1.19.2 to 1.19.3. - [Release notes](https://github.com/cilium/cilium/releases) - [Changelog](https://github.com/cilium/cilium/blob/1.19.3/CHANGELOG.md) - [Commits](cilium/cilium@1.19.2...1.19.3) --- updated-dependencies: - dependency-name: github.com/cilium/cilium dependency-version: 1.19.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file go PRs that update Go code labels Apr 25, 2026

dependabot Bot requested a review from a team as a code owner April 25, 2026 23:49

dependabot Bot requested review from yannikmesserli and removed request for a team April 25, 2026 23:49

yannikmesserli approved these changes May 5, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump github.com/cilium/cilium from 1.19.2 to 1.19.3 in /backend#1079

build(deps): bump github.com/cilium/cilium from 1.19.2 to 1.19.3 in /backend#1079
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/backend/github.com/cilium/cilium-1.19.3

dependabot Bot commented on behalf of github Apr 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Apr 25, 2026

1.19.3

Summary of Changes

v1.19.3

Summary of Changes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant