chore: upgrade azidentity package to fix the CVE-2025-29923

[zhiying-lin]

What type of PR is this?

/kind bug

What this PR does / why we need it:

Fix the CVE introduced by the redis package,

go mod why github.com/redis/go-redis/v9
go: downloading github.com/bsm/gomega v1.27.10
go: downloading github.com/bsm/ginkgo/v2 v2.12.0
# github.com/redis/go-redis/v9
go.goms.io/fleet-networking/cmd/hub-net-controller-manager
sigs.k8s.io/cloud-provider-azure/pkg/azclient
github.com/Azure/azure-sdk-for-go/sdk/azidentity
github.com/Azure/azure-sdk-for-go/sdk/azidentity.test
github.com/redis/go-redis/v9

Which issue(s) this PR fixes:

Upgrade github.com/redis/go-redis/v9 to fix the vulnerability.

Requirements:

• run make reviewable for basic local test
• Read and followed fleet-networking's Code of conduct.
• uses conventional commit messages
• includes documentation
• adds unit tests

How has this code been tested

Special notes for your reviewer

[kaito-pr-agent]

Title

(Describe updated until commit 605c407)

Upgrade dependencies to fix security vulnerabilities

---

Description

• Upgrade azidentity to v1.9.0 to fix CVE-2025-29923

• Update azcore to v1.18.0 for compatibility

• Upgrade microsoft-authentication-library-for-go to v1.4.2

• Update go-redis to v9.7.3 to address vulnerabilities

---

Changes walkthrough 📝

Relevant files

Dependencies

go.mod Dependency version updates                                                              go.mod Updated azcore version to v1.18.0 Updated azidentity version to v1.9.0 Updated microsoft-authentication-library-for-go version to v1.4.2 Updated go-redis version to v9.7.3 +4/-4      go.sum Dependency checksum updates                                                            go.sum Updated checksums for azcore v1.18.0 Updated checksums for azidentity v1.9.0 Updated checksums for microsoft-authentication-library-for-go v1.4.2 Updated checksums for go-redis v9.7.3 +14/-14

---

Need help?

Type /help how to ... in the comments thread for any questions about PR-Agent usage.

Check out the documentation for more information.

[kaito-pr-agent]

PR Reviewer Guide 🔍

(Review updated until commit 605c407)

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Version Update Ensure that the updated versions of azcore, azidentity, and other dependencies do not introduce breaking changes or compatibility issues. github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.9.0 github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 // indirect New Dependency Verify the necessity and security of the newly added github.com/keybase/go-keychain dependency.

[kaito-pr-agent]

PR Code Suggestions ✨

No code suggestions found for the PR.

[kaito-pr-agent]

PR Code Suggestions ✨

No code suggestions found for the PR.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 80.19%. Comparing base (419be6b) to head (605c407).
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #294      +/-   ##
==========================================
- Coverage   80.38%   80.19%   -0.20%     
==========================================
  Files          29       29              
  Lines        4099     4099              
==========================================
- Hits         3295     3287       -8     
- Misses        640      646       +6     
- Partials      164      166       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.