auto-merge envoyproxy/envoy[main] into envoyproxy/envoy-openssl[main] #263

Risk Level: low Testing: n/a Docs Changes: n/a Release Notes: n/a Platform Specific Features: n/a Signed-off-by: Fredy Wijaya <fredyw@google.com>

Commit Message: Handle encode metadata after recreated stream Risk Level: Low Testing: Integration test Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A --------- Signed-off-by: tyxia <tyxia@google.com>

The filter state reflection provides a great feature to access the inner status/property of filter state. However, it has two limitations: 1. It requires the object key be same with the factory key. This limitation make we cannot set multiple objects that with same type. 2. It is a little complex to enable the Field support. We need to define additional reflection class and a factory class. This PR make things much simpler. Risk Level: low. Testing: n/a. Docs Changes: n/a. Release Notes: n/a. Platform Specific Features: n/a. --------- Signed-off-by: wangbaiping <wangbaiping@bytedance.com>

Without this, when building in the envoy docker without RBE, I see gcc trying to use `lld` instead, and it's (a) not in `$PATH` and (b) counter to what we had set in `--linkopt` for the gcc config. Risk Level: low Testing: local build in envoy docker Signed-off-by: Alejandro R. Sedeño <asedeno@google.com>

Update QUICHE from 171f6f89a to eaeaa74b2 https://github.com/google/quiche/compare/171f6f89a..eaeaa74b2 ``` $ git log 171f6f89a..eaeaa74b2 --date=short --no-merges --format="%ad %al %s" 2024-10-02 wub Deprecate --gfe2_reloadable_flag_quic_new_error_code_when_packets_buffered_too_long. 2024-10-02 fayang No public description 2024-10-02 fayang No public description 2024-10-01 birenroy Adds test cases exercising response-complete-before-request for nghttp2 and oghttp2. 2024-10-01 martinduke Add parser/framer support for SUBSCRIBE_NAMESPACE, SUBSCRIBE_NAMESPACE_OK, SUBSCRIBE_NAMESPACE_ERROR, UNSUBSCRIBE_NAMESPACE. 2024-10-01 birenroy Removes the last library in //third_party/spdy/core, and deletes the package. 2024-10-01 wub Add QUIC connection options for testing: - CHP1: Add 1-packet padding to CHLO. - CHP2: Add 2-packet padding to CHLO. 2024-09-30 asedeno Don't set IPv4 socket options on dual-stack sockets on `__APPLE__` platforms. 2024-09-30 vasilvv Update WebTransport header names. 2024-09-30 vasilvv Simplify some of the framing code. 2024-09-30 vasilvv Record QUIC traces in moqt_simulator. 2024-09-30 martinduke Implement MoQT Peeps and Object message changes for draft-06. This is the minimum for interoperability; this code always sends subgroup_id = 0 and ignores the incoming subgroup_id. 2024-09-30 martinduke Update existing messages for draft-06. This is mostly turning track_namespace into a tuple. Also generalizes Subscribe parameters. ``` Risk Level: low, Testing: existing tests passed Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A --------- Signed-off-by: Dan Zhang <danzh@google.com> Co-authored-by: Dan Zhang <danzh@google.com>

Commit Message: xds: make certificate provider instance name required Additional Description: The comment saying that there is a default value for this field is misleading. All existing gRPC implementations have this as a required field. Note that this change does not affect Envoy, since Envoy does not yet support this field. However, I've added a PGV annotation (used by Envoy but not by gRPC) to avoid confusion when Envoy eventually adds support for this field. Risk Level: Low Testing: N/A Docs Changes: Included in PR Release Notes: N/A Platform Specific Features: N/A Signed-off-by: Mark D. Roth <roth@google.com>

…#36439) Also, update docs and tests for similar runtime overrides that already existed This is a followup to #36231 Risk Level: Low Testing: New tests, plus more tests for existing untested code Docs Changes: Updated proto docs, including adding docs for existing feature Release Notes: updated Signed-off-by: Greg Greenway <ggreenway@apple.com>

The false positive warnings have been resolved in current versions of gcc. Risk Level: low Testing: CI Signed-off-by: Alejandro R. Sedeño <asedeno@google.com>

Add `ENVOY_EXECUTION_SCOPE` to mark the start and end of a Envoy::Tracing::Span or Http::FilterContext, which is active in the current thread. This macro only takes effect when `ENVOY_ENABLE_EXECUTION_SCOPE` is defined. Commit Message: Add `ENVOY_EXECUTION_SCOPE`. Additional Description: Risk Level: No. It is no-op unless `ENVOY_ENABLE_EXECUTION_SCOPE` is defined. Testing: Unit test in test/common/common/execution_context_test.cc. Docs Changes: N/A Release Notes: N/A Platform Specific Features: [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] --------- Signed-off-by: Bin Wu <wub@google.com>

@efimki

Commit Message: Add support for multiple formats of ORCA headers. Additional Description: Add support for multiple formats of ORCA headers. ORCA parsing introduced in envoyproxy/envoy#35422 [Original Design Proposal](envoyproxy/envoy#6614) [Using ORCA load reports in Envoy](https://docs.google.com/document/d/1gb_2pcNnEzTgo1EJ6w1Ol7O-EH-O_Ysu5o215N9MTAg/edit#heading=h.bi4e79pb39fe) Risk Level: Low Testing: See included unit tests. Docs Changes: N/A Release Notes: N/A Platform Specific Features: JSON format unsupported on Mobile. CC @efimki @adisuissa @wbpcode --------- Signed-off-by: blake-snyder <blakesnyder@google.com>

Commit Message: local rate limit: add new rate_limits api to the filter's api Additional Description: In the previous local rate limit, the [rate_limits](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-virtualhost-rate-limits) field of route is used to generate the descriptor entries. Then the generated entries will be used to match a token bucket which is configured in the filter configs (route level, vhost level, etc). However, it make the configuration very complex, and cannot cover some common scenarios easily. For example, give a specific virtual host X and a special route Y that under this virtual host X. We want to provides a virtual host level rate limit for the specific virtual host X, and a route level rate limit for the specific route Y. We hope the configuration of virtual host could works for all routes except the Y. For most filters, this requirement could be achieved by getting the most specific filter config and applying it. But for the local rate limit, thing become very complex. Because the rate limit configuration is split into `rate_limits` field of route and the filter config. The local rate limit need to handle these relationship carefully. This PR try to simplify it. Risk Level: low. Testing: n/a. Docs Changes: n/a. Release Notes: n/a. Platform Specific Features: n/a. --------- Signed-off-by: wangbaiping <wangbaiping@bytedance.com> Signed-off-by: code <wbphub@gmail.com> Co-authored-by: Matt Klein <mattklein123@gmail.com>

Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…(#36429) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

//test/extensions/load_balancing_policies/client_side_weighted_round_robin:integration_test Risk Level: low Testing: CI Signed-off-by: Alejandro R. Sedeño <asedeno@google.com>

Commit Message: utility: new utility method to convert proto value to string Additional Description: New utility method to convert the proto value to json. This could work even the `ENVOY_ENABLE_YAML` is not set and is exception free. Risk Level: low. Testing: unit test. Docs Changes: n/a. Release Notes: n/a. Platform Specific Features: n/a. --------- Signed-off-by: wangbaiping <wangbaiping@bytedance.com>

…" (#36437) Commit Message: removed the static_assert as it is expected that some platform, especially some iOS versions supports neither of the socket options. In this case, Envoy wont' set DF bit. Additional Description: reland #36341 Risk Level: low Testing: new unit tests Docs Changes: N/A Release Notes: Yes Platform Specific Features: N/A Runtime guard: envoy.reloadable_features.udp_set_do_not_fragment --------- Signed-off-by: Dan Zhang <danzh@google.com> Co-authored-by: Dan Zhang <danzh@google.com>

…r (#36454) This will be used by a subsequent change to test the Apple PAC proxy resolver. Signed-off-by: Ali Beyad <abeyad@google.com>

Also add one additional patch to CEL to handle `absl::StrCat` and friends moving to `absl/string/str_cat.h`. Signed-off-by: Alejandro R. Sedeño <asedeno@google.com>

Change-Id: I2065f5ed863ca4b6b439f00dc39de0dcdbe2eb4c Commit Message: add missing serializer for bool object. I discovered this gap while using Wasm `get_property`. Risk Level: low Testing: yes Signed-off-by: Kuat Yessenov <kuat@google.com>

https://github.com/google/quiche/compare/eaeaa74b2..de8f411c1 ``` $ git log eaeaa74b2..de8f411c1 --date=short --no-merges --format="%ad %al %s" 2024-10-07 quiche-dev Replace deprecated HexStringToBytes API 2024-10-07 quiche-dev Enabling rolled out flags. 2024-10-07 martinduke Add length field to MoQT control messages. 2024-10-03 quiche-dev Add missing "override" specifier in mock methods. 2024-10-03 quiche-dev Add a new OnParsedClientHelloReceived method to QuicConnection and QuicConnectionDebugVisitor. ``` Signed-off-by: Fredy Wijaya <fredyw@google.com>

Commit Message: Make DownstreamTiming a struct, instead of a class Additional Description:This makes it consistent with UpstreamTiming, and makes it easier to dependency inject timing info for testing. Risk Level: WCPGW Testing: None Docs Changes: None Release Notes: None Platform Specific Features: None Signed-off-by: Thomas Habets <habets@google.com>

Commit Message: This PR adds trace info in the DNS resolution details by setting the `envoy.enable_dfp_dns_trace` runtime flag to true. This can be useful for debugging issues, such as debugging resolve timeout issue. Additional Description: - `PendingQuery::cancel` holds per-query lock instead of a lock for the whole `GetAddrInfoDnsResolver`. - The `getaddrinfo` implementation has been updated to use `std::unique_ptr` instead of `std::shared_ptr` to store the `PendingQuery` given that the `PostCb` now uses `absl::AnyInvocable` instead of `std::function`. Risk Level: low Testing: unit and integration tests Docs Changes: inline Release Notes: inline Platform Specific Features: dynamic forward proxy, mobile --------- Signed-off-by: Fredy Wijaya <fredyw@google.com>

Commit Message: fix typo in log Signed-off-by: tyxia <tyxia@google.com>

Commit Message: Add getter for last downstream header byte received Additional Description: Used for latency measurements Risk Level: n/a Testing: None Docs Changes: None Release Notes: None Platform Specific Features: None Signed-off-by: Thomas Habets <habets@google.com>

Occasionally we do a third resolution --------- Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Fixing two bugs in the send window code. One where the callback could be called late, after stream completion. One where the callback was per-client not per-stream so streams could overwrite each others upcalls. Risk Level: low Testing: first is tested by existing tests no longer flaking. second TBTested Docs Changes: n/a Release Notes: n/a Fixes envoyproxy/envoy#36493 Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Risk Level: low Testing: updated tests Docs Changes: n/a Release Notes: n/a envoyproxy/envoy-mobile#176 Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

It doesn't work without sandboxing, and this build uses `--spawn_strategy=local`. bazelbuild/bazel#21592 Once we upgrade to a bazel 7.3.0+, this should no longer be needed. Risk Level: Low; only affects CI CodeQL build Signed-off-by: Alejandro R. Sedeño <asedeno@google.com>

fips build: fixed an issue when tar is running as root causing 'Cannot change ownership to uid 1000, gid 1000: Invalid argument' error See this thread for issue and solution: https://superuser.com/questions/1435437/how-to-get-around-this-error-when-untarring-an-archive-tar-cannot-change-owner Signed-off-by: Renana Yacobi <renana.yacobi@greymatter.io>

…#36478) Commit Message: When an RLQS response comes in that would create a duplicate TokenBucket (because the underlying config hasn't changed), treat this as a refresh to the TTL but don't reset the TokenBucket's state by recreating it. Additional Description: Risk Level: Low Testing: Unit testing Docs Changes: Release Notes: Platform Specific Features: --------- Signed-off-by: Brian Surber <bsurber@google.com>

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Commit Message: expose onNetworkTypeChanged API to Engine Additional Description: This prevents applications from directly depending on InternalEngine. Risk Level: low Testing: n/a Docs Changes: n/a Release Notes: n/a Platform Specific Features: mobile only Signed-off-by: Renjie Tang <renjietang@google.com>

Risk Level: low Testing: updated tests Docs Changes: n/a Release Notes: n/a envoyproxy/envoy-mobile#176 Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

…PtrField (#36316) Signed-off-by: Adi Suissa-Peleg <adip@google.com>

http_11_proxy: Make inner transport_socket config optional Given that the top-level [Cluster.transport_socket](https://github.com/envoyproxy/envoy/blob/1a153166a6d1e9336ee8982d1a00ba98655c9d39/api/envoy/config/cluster/v3/cluster.proto#L1099) field is optional and defaults to plaintext, this should also be optional. gRPC is adding support for this transport socket, but they do not have a `raw_buffer` to explicitly configure. See grpc/proposal#455 (comment) for additional context. Risk Level: Low. Testing: Existing tests. Docs Changes: n/a Release Notes: Done. --------- Signed-off-by: Tony Allen <txallen@google.com>

`createSslClientContext` used to throw on error. Refactor to explictly check success on the StatusOr. Signed-off-by: Greg Greenway <ggreenway@apple.com>

Risk Level: low Testing: updated tests Docs Changes: n/a Release Notes: n/a envoyproxy/envoy-mobile#176 Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Commit Message: `StopIterationAndWatermark` will raise the watermark when buffered data exceeds the limits, the `requestWatermark` here is redundant and it will also introduce unnecessary stall of Envoy processing and overhead of raise and clear watermark possibly for small bodies Risk Level: LOW Testing: 1.Passed all functional tests (unit test and integration test) 2.This PR performs slightly better in load test. ``` 4KB request body: Without this PR: Memory 183.29MB; Latency P99 : 2716 With this PR: Memory: 160.17MB; Latency P99: 2624 64KB request body: Without this PR: Memory 178.49MB; Latency P99 : 3512 With this PR: Memory: 172.70MB; Latency P99: 3505 ``` Signed-off-by: tyxia <tyxia@google.com>

xds-failover: disable moving to primary after fallback responds In #35591 Envoy's implementation was modified to allow Envoy move to the primary xDS source, even after the fallback successfully responded. This PR adds a runtime guard that reverts this behavior. This will be a temporary runtime guard that is introduced to allow testing of the new feature and will be later removed. Note that there's no change to the current Envoy behavior, unless the runtime guard `envoy.reloadable_features.xds_failover_to_primary_enabled` is explicitly set to `false`. Risk Level: low - behind a runtime guard. Testing: Added unit and integration tests. Docs Changes: N/A Release Notes: Added an entry. Platform Specific Features: N/A Runtime guard: `envoy.reloadable_features.xds_failover_to_primary_enabled` was introduced that is set to `true` by default, and keeps the current behavior. --------- Signed-off-by: Adi Suissa-Peleg <adip@google.com>

backing file temporarily deleted and re-updated (with a new hash) Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Commit Message: Fixes envoyproxy/envoy#36499 Additional Description: Doing `std::transform` on a shared `std::vector<Trace>` reference without proper locking isn't thread safe and can cause a UB, especially for the `getaddrinfo` resolver where adding traces is done in a separate thread. This PR fixes by introducing a new `getTraces` API that builds the string traces in an atomic way. Risk Level: low (only enabled with `enable_dfp_dns_trace` runtime flag) Testing: existing tests Docs Changes: n/a Release Notes: n/a Platform Specific Features: getaddrinfo, mobile --------- Signed-off-by: Fredy Wijaya <fredyw@google.com>

Commit Message: proto util: change the input string ref to string view Additional Description: `absl::string_view` is better than`const string&` in most cases to avoid unnecessary copy. Risk Level: low. Testing: n/a. Docs Changes: n/a. Release Notes: n/a. Platform Specific Features: n/a. --------- Signed-off-by: wangbaiping <wangbaiping@bytedance.com>

Commit Message: Like header and body, timer/timeout should be skipped on trailer as well in async. It is because there is no response/ or response is ignored. Risk Level: Low Testing: Integration test Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A --------- Signed-off-by: tyxia <tyxia@google.com>

Signed-off-by: Ryan Northey <ryan@synca.io>

This is the same value that Cronet uses: https://source.chromium.org/chromium/chromium/src/+/main:net/proxy_resolution/proxy_config_service_ios.cc;l=23;drc=0ddf755aab1e6d0f9c21fa09cd098c4ff6d1cac0. Signed-off-by: Ali Beyad <abeyad@google.com>

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Signed-off-by: Ryan Northey <ryan@synca.io>

Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

a step towards fixing #36326 Signed-off-by: Ryan Northey <ryan@synca.io>

Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

… /contrib/golang/filters/http/test/test_data/access_log in the contrib-golang group (#36479) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

… /contrib/golang/filters/http/test/test_data/echo in the contrib-golang group (#36481) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

… /contrib/golang/filters/http/test/test_data/metric in the contrib-golang group (#36485) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…36487) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

… /contrib/golang/filters/http/test/test_data/routeconfig in the contrib-golang group (#36488) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

… /contrib/golang/router/cluster_specifier/test/test_data/simple in the contrib-golang group (#36480) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…se (#36558) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…o DFPCluster removed (#35848) Commit Message: - Add an optional argument called `ignore_removal` to `ClusterManagerImpl::addOrUpdateCluster` and `ClusterManagerImpl::loadCluster`. This argument defaults to `false`, so it won't affect any existing flows. We'll be setting this in Cluster Data. - If the `ignore_removal` value is `true`, then the cluster won't be removed when `ClusterManagerImpl::removeCluster` is called. - To remove a cluster that has been added with `ignore_removal` set to `true`, the `remove_ignored` argument must be set to `true` when `ClusterManagerImpl::removeCluster` is called. This helps to manage clusters whose lifecycle is managed by custom implementations similar to DFP clusters. Additional Description: - Currently clusters that are dynamically added with custom implementations from filters, etc. are removed when a CDS event is triggered. This is because these dynamically created clusters will come in diff of CDS and will be removed by the cluster manager. Risk Level: low Testing: unit test Docs Changes: no Release Notes: no

Risk Level: low Testing: updated tests Docs Changes: n/a Release Notes: n/a envoyproxy/envoy-mobile#176 Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Commit Message: minor opt: minor optimization to the orca parser Additional Description: By this way, the parser needn't to scan the whole header value if the header value has invalid format. And the we needn't create a copy of the header value for json format now. Risk Level: low. Testing: n/a. Docs Changes: n/a. Release Notes: n/a. Platform Specific Features: n/a. --------- Signed-off-by: wangbaiping <wangbaiping@bytedance.com>

This patch adds around 160 test cases based on the aws signer test corpus from https://github.com/awslabs/aws-c-auth/tree/main/tests/aws-signing-test-suite Adding these test cases uncovered the following bugs, which have also been fixed in this patch: - Incorrect handling of UTF8 encoded parameters - Incorrect path canonicalisation of paths containing /./ - Incorrect date calculation (missing seconds from the date formatter) - Invalid handling of tilde within query parameters (also reported by Animal Logic leading to this patch) - Invalid handling of other query parameter encodings Commit Message: aws: add sigv4/a test corpuses and test cases Additional Description: Risk Level: Low Testing: Unit Docs Changes: Release Notes: Platform Specific Features: [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] --------- Signed-off-by: Nigel Brittain <nbaws@amazon.com>

--------- Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: alyssawilk <alyssar@google.com> Co-authored-by: phlax <phlax@users.noreply.github.com>

…36553)  Commit Message: lua: mention that body should be consumed before fetching trailers Additional Description: Risk Level: Zero Testing: N/A Docs Changes: lua_filter.rst Release Notes: Platform Specific Features: [Optional Runtime guard:] Fixes envoyproxy/envoy#36507 [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] Signed-off-by: spacewander <spacewanderlzx@gmail.com>

Risk Level: n/a Testing: yes Docs Changes: n/a Release Notes: n/a Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

Signed-off-by: Alyssa Wilk <alyssar@chromium.org> Signed-off-by: alyssawilk <alyssar@google.com> Co-authored-by: phlax <phlax@users.noreply.github.com>

This PR updates the DNS resolution details from `apple_dns_success` to `apple_dns_immediate_success` for an immediate success and from `not_set` to `apple_dns_success` for a successful case. This PR also adds missing test cases for the Apple DNS resolution details. Risk Level: low Testing: unit tests Docs Changes: n/a Release Notes: n/a Platform Specific Features: apple_dns --------- Signed-off-by: Fredy Wijaya <fredyw@google.com>

* upstream/main: apple_dns: Update the Apple DNS resolution details (#36536) docs: clarifying security posture (#36570) tools: renaming deprecate version (#36572) coverage: adding cache test and updating coverage (#36569) lua: mention that body should be consumed before fetching trailers (#36553) docs: cleanups for release (#36535) aws: add sigv4/a test corpuses (#36463) minor opt: minor optimization to the orca parser (#36492) map matcher: removing exceptions (#36514) dynamic_forward_proxy: fix sub_cluster_confg stuck with warm up due to DFPCluster removed (#35848) build(deps): bump envoy-code-check from 0.5.13 to 0.5.14 in /tools/base (#36558) build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 in /contrib/golang/router/cluster_specifier/test/test_data/simple in the contrib-golang group (#36480) build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 in /contrib/golang/filters/http/test/test_data/routeconfig in the contrib-golang group (#36488) build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (#36487) build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#36483) build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 (#36484) build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 in /contrib/golang/filters/http/test/test_data/metric in the contrib-golang group (#36485) build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 in /contrib/golang/filters/http/test/test_data/echo in the contrib-golang group (#36481) build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 in /contrib/golang/filters/http/test/test_data/access_log in the contrib-golang group (#36479) build(deps): bump icalendar from 6.0.0 to 6.0.1 in /tools/base (#36560) build(deps): bump yarl from 1.13.1 to 1.15.2 in /tools/base (#36559) build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.3 (#36528) build(deps): bump frozendict from 2.4.5 to 2.4.6 in /tools/base (#36561) ci/bazel: Add CI reporting tool (#36539) build(deps): bump aiohttp from 3.10.9 to 3.10.10 in /tools/base (#36544) ci: Remove redundant AZP gc (#36541) coverage: ratcheting (#36518) mobile: Update the Apple proxy settings polling to 10s (#36538) deps: Fix (renamed) ipp-crypto repo hash (#36540) ext_proc: skip timeout timer on trailer in async mode. (#36524) proto util: change the input string ref to string view (#36525) getaddrinfo: Fix TSAN issue when trace is enabled (#36503) ci: change googleurl dep (#36515) xds-failover: disable moving to primary after fallback responds (#36386) ext_proc: remove unnecessary watermark (#36468) upstream: reducing exceptions (#36497) Upstream: removing exceptions from hostimp (#35499) tls: improve validation that context is successfully created (#36512) http_11_proxy: Make inner transport_socket config optional (#36414) xds: internal refactor using absl::span instead of Protobuf::RepeatedPtrField (#36316) substitution formatter: reducing exceptions (#36407) [mobile]expose onNetworkTypeChanged API to Engine (#36504) docs: updating governance (#36498) rlqs: Updated RLQS Response handling to not reset TokenBucket state (#36478) fips build: fixed an issue when tar is running as root (#36476) Disable bazel's layering_check feature during CodeQL build. (#36500) listener manager: removing exceptions (#36314) mobile: fixing a flow control bug for multiple large uploads (#36474) test: fixing a Flake (#36475) Add getter for last downstream header byte received (#36472) ext_proc: fix typo in log (#36449) getaddrinfo: Add trace info in the DNS resolution details (#36312) Make DownstreamTiming a struct, instead of a class (#36473) Update QUICHE from eaeaa74b2 to de8f411c1 (#36470) stream info: add bool string serlalizer (#36451) Bump abseil to LTS 20240722.0. (#36317) mobile: Enable integration tests to run both a HTTP and a proxy server (#36454) Reapply "udp: set Don't Fragment(DF) bit in IP packet header (#36341)" (#36437) utility: new utility method to convert proto value to string (#36334) Adjust RBE resources for a memory-hungry test (#36453) build(deps): bump kafka-python-ng from 2.2.2 to 2.2.3 in /tools/base (#36429) build(deps): bump frozendict from 2.4.4 to 2.4.5 in /tools/base (#36460) build(deps): bump icalendar from 5.0.13 to 6.0.0 in /tools/base (#36378) build(deps): bump aiohttp from 3.10.6 to 3.10.9 in /tools/base (#36461) build(deps): bump github/codeql-action from 3.26.9 to 3.26.11 (#36443) build(deps): bump yarl from 1.13.0 to 1.13.1 in /tools/base (#36376) local rate limit: add new rate_limits support to the filter (#36099) Add support for multiple formats of ORCA headers. (#35894) Add `ENVOY_EXECUTION_SCOPE`. (#36056) gcc: remove -Wdangling-reference workaround (#36452) http: allow runtime override of default for max response headers kb (#36439) xds: make certificate provider instance name required (#36441) Update QUICHE from 171f6f89a to eaeaa74b2 (#36440) gcc: add a `--host_linkopt` to use `gold` too (#36438) refactoring: refactored the FilterState object field support (#36399) Handle encode metadata after recreated stream (#36427) mobile: Fix broken link (#36436) Signed-off-by: tedjpoole <97459248+tedjpoole@users.noreply.github.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

auto-merge envoyproxy/envoy[main] into envoyproxy/envoy-openssl[main] #263

auto-merge envoyproxy/envoy[main] into envoyproxy/envoy-openssl[main] #263

Commits on Oct 3, 2024

Commits on Oct 4, 2024

Commits on Oct 5, 2024

Commits on Oct 7, 2024

Commits on Oct 8, 2024

Commits on Oct 9, 2024

Commits on Oct 10, 2024

Commits on Oct 11, 2024

Commits on Oct 14, 2024

Commits on Oct 15, 2024