chore(deps): bump tailscale.com from 1.68.0 to 1.90.2

[dependabot]

Bumps tailscale.com from 1.68.0 to 1.90.2.

Release notes

Sourced from tailscale.com's releases.

v1.90.2

Please refer to the changelog available at https://tailscale.com/changelog

v1.90.1

Please refer to the changelog available at https://tailscale.com/changelog

v1.88.3

Please refer to the changelog available at https://tailscale.com/changelog

v1.88.1

Please refer to the changelog available at https://tailscale.com/changelog

v1.86.2

Please refer to the changelog available at https://tailscale.com/changelog

v1.86.0

Please refer to the changelog available at https://tailscale.com/changelog

v1.84.2

Please refer to the changelog available at https://tailscale.com/changelog

v1.84.1

Please refer to the changelog available at https://tailscale.com/changelog

v1.84.0

Please refer to the changelog available at https://tailscale.com/changelog.

v1.82.5

Please refer to the changelog available at https://tailscale.com/changelog.

v1.82.0

Please refer to the changelog available at https://tailscale.com/changelog.

v1.80.3

Please refer to the changelog available at https://tailscale.com/changelog.

v1.80.2

Please refer to the changelog available at https://tailscale.com/changelog.

v1.80.1

Please refer to the changelog available at https://tailscale.com/changelog.

v1.80.0

Please refer to the changelog available at https://tailscale.com/changelog.

v1.78.1

Please refer to the changelog available at https://tailscale.com/changelog.

v1.78.0

Please refer to the changelog available at https://tailscale.com/changelog.

... (truncated)

Commits

• 8bcd44e VERSION.txt: this is v1.90.2
• b0f0bce health: compare warnable codes to avoid errors on release branch (#17637)
• c81ef90 util/linuxfw: fix 32-bit arm regression with iptables
• 9fe44b3 feature/tpm: use withSRK to probe TPM availability (#17627)
• a8ae316 feature/tpm: check TPM family data for compatibility (#17624)
• 75b0c6f VERSION.txt: this is v1.90.1
• 3c78146 VERSION.txt: this is v1.90.0
• 4e1c270 licenses: update license notices
• 4673992 tka: created a shared testing library for Chonk
• c961d58 cmd/tailscale: improve the error message for lock log with no lock
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Greptile Overview

Updated On: 2025-10-27 16:44:08 UTC

Greptile Summary

This PR upgrades the Tailscale dependency from v1.68.0 to v1.90.2, spanning 22 minor versions. Tailscale provides the networking layer for Keep's zero-trust platform, handling secure mesh connectivity between services. The upgrade brings significant transitive dependency changes including updates to eBPF libraries (cilium/ebpf), networking stacks (mdlayher/netlink, gaissmai/bart), cryptography (tailscale/golang-x-crypto), and WireGuard implementations. Several deprecated packages were removed (e.g., nhooyr/websocket replaced with coder/websocket, gorilla/csrf removed). The Go version requirement bumped from 1.24.0 to 1.25.3, with the explicit toolchain directive removed. This is a standard automated Dependabot update to keep the networking foundation current with security patches and feature improvements.

Important Files Changed

Filename	Score	Overview
go.mod	3/5	Bumps Tailscale from v1.68.0 to v1.90.2, increases Go requirement to 1.25.3, adds/removes several transitive dependencies
go.sum	3/5	Updates cryptographic checksums for 22 versions of Tailscale updates and hundreds of transitive dependency changes

Confidence score: 3/5

• This PR requires careful review due to the significant version jump (22 minor versions) in a critical networking dependency and the Go toolchain upgrade.
• Score reflects the inherent risk of upgrading core networking infrastructure (Tailscale, eBPF, WireGuard, crypto libraries) across many versions without incremental testing, plus the Go version bump to 1.25.3 which may affect build environments. The removal of multiple networking packages (iptables, netlink variants, DNS libraries) indicates architectural changes in Tailscale that could subtly affect Keep's mTLS communication, device attestation agent, and inter-service connectivity.
• Both files require attention: verify that the CI pipeline passes all tests (especially integration/smoke tests), confirm Docker builds work with Go 1.25.3, and test mTLS handshakes between services, agent posture reporting, and the Envoy/Authz/Inventory service mesh under the new Tailscale networking stack.

[greptile-apps]

_{2 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[dependabot]

Superseded by #19.