chore(plugins/k8saudit): bump to v0.16.1

[IdeoG]

Includes panic recovery for fastjson on large payloads (commit 3a2616d). Fixes crash when parsing truncated CloudWatch audit events.

Ref: #1098

What type of PR is this?

/kind bug

Any specific area of the project related to this PR?

/area plugins

What this PR does / why we need it:

Bump k8saudit to v0.17.0. This version includes panic recovery (commit 3a2616d) around fastjson parsing, which prevents Falco from crashing when processing truncated or oversized CloudWatch audit events (~1MB). Without this, the k8saudit-eks plugin panics and restarts on every truncated event.

Which issue(s) this PR fixes:

Fixes #1098

Special notes for your reviewer:

This is a version bump only. The panic recovery logic was merged in commit 3a2616d (Jan 23, 2026). k8saudit-eks will need a follow-up PR to bump its go.mod to v0.17.0 and release v0.11.0.

[poiana]

Welcome @IdeoG! It looks like this is your first PR to falcosecurity/plugins 🎉

[ekoops]

Hey, thank you for this contribution!
Could you also please update the changelog for k8saudit, so it ready to be released?
You can do it by just issuing make changelog/k8saudit in the project root folder and replacing the ## dev build (unreleased) at the top of the generated changelog with ## v0.17.0.
Thank you in advance 🙏

[ekoops]

For to bother you again with this, but we should replace ## dev build (unreleased) with ## v0.17.0. Moreover, the second commit is not DCO-signed. I suggest to replace the aforementioned heading and squash the two commits into a single signed commit.

[poiana]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: IdeoG
Once this PR has been reviewed and has the lgtm label, please ask for approval from ekoops. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[IdeoG]

Thanks for the good catch! I've replaced the heading with ## v0.17.0 and squashed both commits into a single DCO-signed one. Force-pushed the update.

[ekoops]

Oh sorry, I've just notice that the only change we made was adding a backward-compatible fix. Unfortunately we must bump the version to 0.16.1, not 0.17.0. I'm so sorry for this. Could you please take another look? 😔

[IdeoG]

Thank you for your quick review. Valid point.
I downgraded the changed plugin version from 0.17.0 to 0.16.1, squashed commits and force-pushed.