feat(container): update ghcr.io/home-operations/cni-plugins ( 1.8.0 → v1.9.0 )

[homebot-0]

This PR contains the following updates:

Package	Update	Change
ghcr.io/home-operations/cni-plugins (source)	minor	1.8.0 → 1.9.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

🔧 CNI/Networking: Critical cluster networking. Test pod-to-pod and multi-VLAN connectivity.

🐄 Talos CATTLE: Major/minor version requires manual approval. Full VM rebuild via Terraform.

---

Release Notes

containernetworking/plugins (ghcr.io/home-operations/cni-plugins)

v1.9.0: CNI plugins v1.9.0

Compare Source

What's Changed

This release fixes CVE-2025-67499, a bug in the nftables backend for the portmap plugin that can cause traffic to be unexpectedly intercepted.

Bugs

• portmap: ensure nftables backend only intercept local traffic by @​champtar in #​1210.

Other changes

• Fix file exists errro in dummy cni by @​liuyuan10 in #​1205
• Ignore settling with down state since it would never settle by @​bn222 in #​1207

Full Changelog: containernetworking/plugins@v1.8.0...v1.9.0

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch renovate/core-multus

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[homebot-0]

ℹ️ SOPS Encryption Check

No SOPS files detected in this pull request.

Check	Status
SOPS files in PR	✅ None detected

No encryption validation required for this PR.

[homebot-0]

✅ Gitleaks Secret Scan Passed

No secrets detected in this pull request.

Check	Status
Secret patterns	✅ Clean
Sensitive files	✅ None detected

[homebot-0]

--- kubernetes/apps/kube-system/multus/app Kustomization: kube-system/multus HelmRelease: kube-system/multus

+++ kubernetes/apps/kube-system/multus/app Kustomization: kube-system/multus HelmRelease: kube-system/multus

@@ -41,13 +41,13 @@

     cni:
       binPath: /opt/cni/bin
       netPath: /etc/cni/net.d
     cni-plugins:
       image:
         repository: ghcr.io/home-operations/cni-plugins
-        tag: 1.8.0
+        tag: 1.9.0
       resources:
         limits:
           memory: 100Mi
         requests:
           cpu: 10m
           memory: 50Mi

[homebot-0]

--- HelmRelease: kube-system/multus DaemonSet: kube-system/multus

+++ HelmRelease: kube-system/multus DaemonSet: kube-system/multus

@@ -33,13 +33,13 @@

       hostPID: false
       dnsPolicy: ClusterFirstWithHostNet
       tolerations:
       - key: CriticalAddonsOnly
         operator: Exists
       initContainers:
-      - image: ghcr.io/home-operations/cni-plugins:1.8.0
+      - image: ghcr.io/home-operations/cni-plugins:1.9.0
         name: cni-plugins
         resources:
           limits:
             memory: 100Mi
           requests:
             cpu: 10m