chore: bump deps

[sergelogvinov]

Updated dependencies

Pull Request

What? (description)

Why? (reasoning)

Acceptance

Please use the following checklist:

• you linked an issue (if applicable)
• you included tests (if applicable)
• you linted your code (make lint)
• you linted your code (make unit)

See make help for a description of the available targets.

Summary by CodeRabbit

• Chores

  • Upgraded CI workflows (signing, Go setup, stale bot) for improved reliability.
  • Updated Docker base images to latest patch releases for stability and security.
  • Bumped Go toolchain to 1.25.1.

• Dependencies

  • Refreshed key libraries (Kubernetes, gRPC, Prometheus, protobuf, golang.org/x) to recent patch/minor versions for compatibility and performance.

• Build

  • Added make targets for tooling and license checks to streamline compliance and contributor workflows.

[coderabbitai]

Walkthrough

Version bumps across CI workflows (Cosign installer, Go setup, stale action), Docker base images updated to 1.25.1 variants, Makefile adds tooling and license-check targets, and go.mod updates Go toolchain to 1.25.1 with broad dependency upgrades. No control-flow changes introduced.

Changes

Cohort / File(s)	Summary
CI workflows: Cosign installer updates .github/workflows/build-edge.yaml, .github/workflows/release-charts.yaml, .github/workflows/release.yaml	Bump sigstore/cosign-installer from v3.9.2 to v3.10.0.
CI workflows: Go setup .github/workflows/build-test.yaml	Bump actions/setup-go from v5 to v6.
CI workflows: Stale bot .github/workflows/stale.yaml	Bump actions/stale from v9 to v10.
Container images Dockerfile	Update Golang base images: 1.25 → 1.25.1 variants (bookworm, alpine3.22).
Build tooling and licensing Makefile	Add .PHONY targets: tools (installs google/go-licenses) and licenses (runs go-licenses check with disallowed_types).
Dependencies and toolchain go.mod	Update Go toolchain to 1.25.1 and bump multiple direct/indirect deps (grpc, Prometheus, k8s.io modules, golang.org/x/*, protobuf, etc.). No code changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

Thump-thump go my paws in glee,
New tags, fresh deps—so tidily! 🐰
I sniff the builds, they smell just right,
Tools and licenses—checked in light.
Hop, upgrade, hop—CI’s in tune,
Ship the carrots, merging soon! 🥕✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title “chore: bump deps” concisely captures the main change of the pull request by indicating that various dependencies are being upgraded without adding unnecessary detail or noise.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch deps

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

Makefile (1)

60-63: Pin the go-licenses install for reproducible tooling.

Using go install github.com/google/go-licenses@latest makes make tools pick up future upstream changes automatically, which can break CI reproducibly. Please pin this to a known tag or commit (and refresh intentionally during upgrades) so the toolchain stays stable.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9506b09 and c7fec44.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (8)

• .github/workflows/build-edge.yaml (1 hunks)
• .github/workflows/build-test.yaml (1 hunks)
• .github/workflows/release-charts.yaml (1 hunks)
• .github/workflows/release.yaml (1 hunks)
• .github/workflows/stale.yaml (1 hunks)
• Dockerfile (1 hunks)
• Makefile (2 hunks)
• go.mod (2 hunks)

🧰 Additional context used

🪛 Hadolint (2.14.0)

Dockerfile

[error] 7-7: COPY with more than 2 arguments requires the last argument to end with /

(DL3021)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Fix invalid go directive.

Line 3 sets go 1.25.1, but the go directive only accepts major.minor. As-is, go commands fail with “malformed go version ‘1.25.1’”. Set go 1.25, and if you need to mandate 1.25.1 specifically, add a separate toolchain go1.25.1 line. Example fix:

-go 1.25.1
+go 1.25
+toolchain go1.25.1

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	go 1.25.1
	go 1.25
	toolchain go1.25.1

🤖 Prompt for AI Agents

In go.mod around line 3, the go directive is invalid because it uses a patch
version ("go 1.25.1"); change it to the supported major.minor form "go 1.25". If
you must require the exact toolchain 1.25.1, add a separate "toolchain go1.25.1"
line instead of putting the patch version in the go directive.