auto-merge envoyproxy/envoy[main] into envoyproxy/envoy-openssl[main] #273
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![update-openssl-envoy[bot]](https://avatars.githubusercontent.com/u/30125649?s=60&v=4){kind=small}
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
8 times, most recently
from
6fecd89 to
1e0c46e
Compare
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
8 times, most recently
from
a5306b5 to
3d72608
Compare
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
8 times, most recently
from
3cf2c0c to
c0469ae
Compare
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
6 times, most recently
from
12aae1a to
4e62c06
Compare
Fix #37658 Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Fix #37759 Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Signed-off-by: Rohit Agrawal <[email protected]>
Signed-off-by: Mark D. Roth <[email protected]>
Additional Description: Allow skipping of ``check_file_contents`` part of the code format using a flag, in cases where it's only required to run ``clang_format``. Risk Level: low Testing: none Docs Changes: none Release Notes: none Platform Specific Features: none --------- Signed-off-by: ohadvano <[email protected]> Co-authored-by: phlax <[email protected]>
Commit Message: dynamic_modules: adds a lifetime param on EnvoyBuffer
Additional Description:
This adds a lifetime parameter to `EnvoyBuffer` as well as
to getter methods that return it. Since the data structure only holds
a raw pointer and length, if a mutable setter method of EnvoyHttpFilter
is used, it can be invalid. Previously it was relatively easy to write
unsound logic
as there was no compile-time enforcement of invalidation.
This fixes the problem via life parameter and avoids making the
EnvoyBuffer
variables outliving the next setter methods. For example, using the
results returned
by `get_request_trailers` _after_ `set_request_trailer` results in
compilation
error:
```
Use --sandbox_debug to see verbose messages from the sandbox and retain the sandbox build root for debugging
error[E0502]: cannot borrow `envoy_filter` as mutable because it is also borrowed as immutable
--> test/extensions/dynamic_modules/test_data/rust/http.rs:118:5
|
115 | let all_trailers = envoy_filter.get_request_trailers();
| ------------ immutable borrow occurs here
...
118 | envoy_filter.set_request_trailer("new", b"value");
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ mutable borrow occurs here
...
125 | assert_eq!(all_trailers.len(), 4);
| ------------ immutable borrow later used here
```
Risk Level: low
Testing: existing tests
Docs Changes: n/a
Release Notes: n/a
Platform Specific Features: n/a
---------
Signed-off-by: Takeshi Yoneda <[email protected]>
Commit Message: dynamic_modules: adds dynamic metadata callbakcs Additional Description: This adds the following callbacks * envoy_dynamic_module_callback_http_set_dynamic_metadata_number * envoy_dynamic_module_callback_http_get_dynamic_metadata_number * envoy_dynamic_module_callback_http_set_dynamic_metadata_string * envoy_dynamic_module_callback_http_get_dynamic_metadata_string for getting and setting basic dynamic metadata types from dynamic modules. These callbacks are "typed" rather than accepting opaque "protobuf value". The reason is that we discussed earlier that we shouldn't expose the protobuf implementation detail at the ABI layer in order to avoid forcing all modules to understand and bring in protobuf dependencies into their shared library. More complex types can be added later, but I doubt that the majority of users would need types beyond string and number types. We can revisit this later if necessary. Risk Level: low Testing: done Docs Changes: n/a Release Notes: n/a Platform Specific Features: n/a --------- Signed-off-by: Takeshi Yoneda <[email protected]>
Commit Message: - Nit 1: Lambda capture for the RLQS filter factory callback should move shared_ptrs instead of copying. This only saves a shared_ptr copy op per var but is still good practice. - Nit 2: Replace instances of if-conditions `(!ptr)` / `(ptr)` with `(ptr == nullptr)` / `(ptr != nullptr)` to conform to existing code. Risk Level: minimal Testing: unit testing Docs Changes: Release Notes: Platform Specific Features: Fixes commit #37797 Signed-off-by: Brian Surber <[email protected]>
…37896) This reverts commit 0e9be24. Signed-off-by: Ryan Northey <[email protected]>
Fix #37839 Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Fix #37812 Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Fix #37675 Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
An LRU cache was introduced to cache `Envoy::Network::Address` instances because they are expensive to create. These addresses are cached for reading source and destination addresses from `recvmsg` and `recvmmsg` calls on QUIC UDP sockets. The current size of the cache is 4 entries for each IoHandle (i.e. each socket). A locally run CPU profile of Envoy Mobile showed about 1.75% of CPU cycles going towards querying and inserting into the `quic::QuicLRUCache`. Given the small number of elements in the cache, this commit uses a `std::vector` data structure instead of `QuicLRUCache`. `QuicLRUCache`, `std::vector`, and `std::deque` were compared using newly added benchmark tests, and the following were the results: QuicLRUCache: ``` ------------------------------------------------------------------------------------------------------------------------- Benchmark Time CPU Iterations ------------------------------------------------------------------------------------------------------------------------- BM_GetOrCreateEnvoyAddressInstanceNoCache/iterations:1000 31595 ns 31494 ns 1000 BM_GetOrCreateEnvoyAddressInstanceConnectedSocket/iterations:1000 5538 ns 5538 ns 1000 BM_GetOrCreateEnvoyAddressInstanceUnconnectedSocket/iterations:1000 38918 ns 38814 ns 1000 BM_GetOrCreateEnvoyAddressInstanceUnconnectedSocketLargerCache/iterations:1000 52969 ns 52846 ns 1000 ``` std::deque: ``` ------------------------------------------------------------------------------------------------------------------------- Benchmark Time CPU Iterations ------------------------------------------------------------------------------------------------------------------------- BM_GetOrCreateEnvoyAddressInstanceNoCache/iterations:1000 31805 ns 31716 ns 1000 BM_GetOrCreateEnvoyAddressInstanceConnectedSocket/iterations:1000 1553 ns 1550 ns 1000 BM_GetOrCreateEnvoyAddressInstanceUnconnectedSocket/iterations:1000 27243 ns 27189 ns 1000 BM_GetOrCreateEnvoyAddressInstanceUnconnectedSocketLargerCache/iterations:1000 39335 ns 39235 ns 1000 ``` std::vector: ``` ------------------------------------------------------------------------------------------------------------------------- Benchmark Time CPU Iterations ------------------------------------------------------------------------------------------------------------------------- BM_GetOrCreateEnvoyAddressInstanceNoCache/iterations:1000 31960 ns 31892 ns 1000 BM_GetOrCreateEnvoyAddressInstanceConnectedSocket/iterations:1000 1514 ns 1514 ns 1000 BM_GetOrCreateEnvoyAddressInstanceUnconnectedSocket/iterations:1000 26361 ns 26261 ns 1000 BM_GetOrCreateEnvoyAddressInstanceUnconnectedSocketLargerCache/iterations:1000 43987 ns 43738 ns 1000 ``` `std::vector` uses 3.5x less CPU cycles than `quic::QuicLRUCache` and performs very slightly better than `std::deque` at small cache sizes. If considering creating a bigger cache size (e.g. >= 50 entries), `std::deque` may perform better and it's worth profiling, though in such a situation, no cache at all seems to perform better than a cache. Risk Level: low Testing: unit and benchmark tests Docs Changes: n/a Release Notes: n/a Platform Specific Features: n/a --------- Signed-off-by: Ali Beyad <[email protected]>
Commit Message: fix hcm fuzz test case Additional Description: This PR fixes a fuzzer issue caused by the fuzzer sending trailers to the HCM then calling continueDecoding (which then hits [this assertion](https://github.com/search?q=repo%3Aenvoyproxy%2Fenvoy%20ASSERT(!state_.decoder_filter_chain_complete_)%3B&type=code) in the HCM and fails). This PR adds a check to prevent this from happening. Risk Level: none, test only Testing: fuzz fix Docs Changes: none Release Notes: none Platform Specific Features: none Signed-off-by: antoniovleonti <[email protected]>
…7905) #37860 was reverted in #37896 because of the slight build fix after #37880. This fixes the original commit. --------- Signed-off-by: Takeshi Yoneda <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
from
bd1d357 to
5485ce6
Compare
## Description This PR rewords the [example](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/aggregate_cluster#load-balancing-example) we have in the aggregate cluster to explain how the cluster level load balancer selects the cluster. Signed-off-by: Rohit Agrawal <[email protected]>
https://github.com/google/quiche/compare/71111c723..e599ad25d ``` $ git log 71111c723..e599ad25d --date=short --no-merges --format="%ad %al %s" 2025-01-06 martinduke Refresh MoQT integration test for FETCH and fix detected errors. ``` Risk Level: low Testing: n/a Docs Changes: n.a Release Notes: n/ah Signed-off-by: Alyssa Wilk <[email protected]>
Signed-off-by: Ali Beyad <[email protected]>
Fix #36432 Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
…#37776) Reapply the RBAC change by reverting envoyproxy/envoy#35899. The original commit is reverted for flaky RBAC integration test. The fix is pretty simple by just removing the simulated time in the test ([diff](envoyproxy/envoy@d3297b4)), I'm not sure of the root cause but the test does not really need the simulated test. Before the fix, the flaky test can be reproduced easily with `--runs_per_test=1000`, After the test, I can no longer reproduce the failure. To be on the safer side, I ran the test with `--runs_per_test=10000` and still couldn't reproduce the test failure. Test output: ``` % bazel test //test/extensions/filters/network/rbac:integration_test --runs_per_test=10000 --test_timeout=60 --test_env=ENVOY_IP_TEST_VERSIONS=v4only INFO: Invocation ID: c1ebbc18-4887-4626-9d19-e257d42fe4cd INFO: Analyzed target //test/extensions/filters/network/rbac:integration_test (0 packages loaded, 19 targets configured). INFO: Found 1 test target... Target //test/extensions/filters/network/rbac:integration_test up-to-date: bazel-bin/test/extensions/filters/network/rbac/integration_test INFO: Elapsed time: 2486.472s, Critical Path: 24.73s INFO: 10001 processes: 1 internal, 10000 processwrapper-sandbox. INFO: Build completed successfully, 10001 total actions Executed 1 out of 1 test: 1 test passes. ``` --------- Signed-off-by: Yangmin Zhu <[email protected]>
…`wamr` -> 2.2.0 (#37868) Commit Message: deps: Update `proxy_wasm_cpp_host` -> c4d7bb0, `wasmtime` -> 24.0.2, `wamr` -> 2.2.0 Additional Description: proxy-wasm/proxy-wasm-cpp-host@f199214...c4d7bb0 Risk Level: low Testing: `bazel test test/...` passes, with `--define=wasm=v8`, `--define=wasm=wamr`, and `--define=wasm=wasmtime`. Docs Changes: None. Release Notes: Mentioned new support for [Go SDK](github.com/proxy-wasm/proxy-wasm-go-sdk) plugins. Supercedes #36880 and #36857 --------- Signed-off-by: Matt Leon <[email protected]> Signed-off-by: Keith Mattix II <[email protected]> Co-authored-by: Ryan Northey <[email protected]> Co-authored-by: Keith Mattix II <[email protected]>
Fix #37553 Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Currently this file is getting the includes transitively though Abseil, and I am trying to remove the includes from Abseil without breaking Envoy. Risk Level: low Testing: N/A Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A Signed-off-by: Derek Mauro <[email protected]>
Commit Message: [mobile] Report network subtype when on cellular Additional Description: Cellular networks will be further categorized as 2G/3G/4G/5G Risk Level: low Testing: unit tests Docs Changes: n/a Release Notes: n/a Platform Specific Features: android only Signed-off-by: Renjie Tang <[email protected]>
…894) Signed-off-by: Alyssa Wilk <[email protected]>
The ability to truncate a file is a prerequisite for the next round of file-based cache. --------- Signed-off-by: Raven Black <[email protected]>
* upstream/main:
Add truncate to capabilities of AsyncFileHandle (#37870)
tools/notifier: making it clear when the ical code isn't working (#37894)
[mobile] Report network subtype when on cellular (#37903)
backtrace: Add missing includes for std::cerr and std::ostream (#37897)
deps: Bump `rules_foreign_cc` -> 0.13.0 (#37569)
deps: Update `proxy_wasm_cpp_host` -> c4d7bb0, `wasmtime` -> 24.0.2, `wamr` -> 2.2.0 (#37868)
Reapply "rbac: add delay_deny implementation in RBAC network filter (#37776)
orca: refactored the lbPolicyData and orca report callbacks (#37556)
deps: Bump `bazel_gazelle` -> 0.39.1 (#36638)
network: Clarify comments on received addresses cache (#37902)
Update QUICHE from 71111c723 to e599ad25d (#37895)
docs: reword the example in the aggregate cluster docs (#37872)
Revert "Revert "dynamic_modules: adds dynamic metadata callbakcs" (#37905)
fix hcm fuzz test case (#37901)
network: More efficient caching for Envoy socket addresses (#37832)
deps: Bump `io_bazel_rules_go` -> 0.51.0 (#37898)
deps: Bump `com_github_google_flatbuffers` -> 24.12.23 (#37889)
deps: Bump `com_github_cyan4973_xxhash` -> 0.8.3 (#37886)
Revert "dynamic_modules: adds dynamic metadata callbakcs (#37860)" (#37896)
rlqs: address nits from PR #37797 (#37851)
dynamic_modules: adds dynamic metadata callbakcs (#37860)
dynamic_modules: adds a lifetime param on EnvoyBuffer (#37880)
code_format: allow skipping 'check_file_contents' (#37795)
api: add TIMEOUT value to CSDS status enum (#37871)
docs: fix small typo in RBAC docs (#37878)
deps: Bump `bazel_features` -> 1.23.0 (#37892)
deps: Bump `build_bazel_rules_apple` -> 3.16.1 (#37893)
deps/api: Bump `rules_proto` -> 7.1.0 (#37891)
deps/api: Bump `com_github_bufbuild_buf` -> 1.48.0 (#37890)
docs: fix typos in the current changelogs (#37879)
code_format: allow skipping build fixer (#37811)
code_format: fix newline trim (#37809)
Use the `do_ci.sh` script for refreshing the compilation database (#37668)
opentelemetrytracer: Log (debug) the number of exported spans (#37828)
docs: add some missing info to aggregated cluster docs (#37845)
xDS: add enum specified in xRFC TP3 in the right place (#37858)
build(deps): bump gitpython from 3.1.43 to 3.1.44 in /tools/base
build(deps): bump google.golang.org/protobuf
build(deps): bump google.golang.org/protobuf
build(deps): bump google.golang.org/protobuf
build(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.1
build(deps): bump google.golang.org/protobuf
build(deps): bump google.golang.org/protobuf
build(deps): bump google.golang.org/protobuf
build(deps): bump google.golang.org/protobuf
build(deps): bump google.golang.org/protobuf
build(deps): bump jinja2 from 3.1.4 to 3.1.5 in /tools/base
build(deps): bump actions/cache from 4.1.2 to 4.2.0
build(deps): bump aiohttp from 3.11.10 to 3.11.11 in /tools/base
build(deps): bump slack-sdk from 3.33.5 to 3.34.0 in /tools/base
build(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0
ci/deps: Remove unused lockfile (#37866)
async-client: fix stream creation validation (#37854)
docs: fix some typos and use proper note annotations in access logs docs (#37850)
bazel: Bump version -> 7.4.0 (#37864)
xDS: add fields specified in xRFC TP3 (#37818)
xDS docs: clarify that nonce is per-resource-type in ADS (#37835)
Adding ext_proc MxN test with ext_proc server send out-of-order response (#37773)
build(deps): bump orjson from 3.10.12 to 3.10.13 in /tools/base (#37838)
ci: remove unused dependency from BUILD targets (#37843)
aws: update credential provider proto and support credential file reload (#37834)
bump protobuf to 29.2 (#37817)
dynamic_modules: adds header-related callbacks (#37753)
Update QUICHE from f18d52057 to 71111c723 (#37842)
docs: add a blurb on the JA3 to access_logs (#37830)
build(deps): bump protobuf from 5.29.1 to 5.29.2 in /tools/base (#37755)
Docs improvements on macOS development (#37829)
rlqs: Fix matcher-tree creation happening per filter instance (#37797)
docs: clarify the docs on runtime_filter (#37788)
dns_cache: fix a bug in the DNS refresh rate (#37750)
Fix OTel GRPC trace exporter dropping spans (#37692)
Adding an MxN integration test to test timeout mechanism works (#37719)
Ext_Proc : Adding integration test with MxN streaming enabled in both directions (#37771)
[redis_proxy] Add support for SELECT and KEYS (#37706)
Revert "ext_proc: Ext proc half close on destroy and defer reset till trailers received. (#37083)" (#37639)
http-ratelimit: add release note for apply_on_stream_done ratelimit API (#37775)
mobile: Allow default runtime guard values to be overridden (#37772)
header mutation: add query parameter mutation support (#37555)
test: adding logging for a flake (#37714)
wasm: change null_vm status to stable (#37716)
test: reducing flakes (#37767)
global rate limit: supported ratelimits in the typed per filter config (#37684)
udp_proxy: fix crash during buffer watermarks callbacks (#37689)
bazel: Bump -> 7.1.2 (#37578)
Refactor dns cluster api (#36353)
rate limit config: use warn and pow2 for invalid hits addend (#37756)
orca: fix the delimiter of the native http parser (#37724)
filter chain: prefer vector over list for filter chain (#37665)
Revert "jwt_authn: Add logic to refetch JWT on KID mismatch (#36458)" (#37763)
http ratelimit: option to reduce budget on stream done (#37548)
repo: Sync version histories (#37748)
codec: add stream_id to H2 logs (#37740)
setec: adding Yanjun (#37741)
[balsa] fix for 1xx response mixup
happy_eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting.
http/1: fix sending overload crash when request is reset
mobile/android: Remove `rules_android_ndk` patch (#37726)
Implement ScopeTrackedObjectStack::trackedStream() (#37686)
github/ci: Workaround release branch Docker cache issue (#37731)
ratelimit: new per descriptor hits-addend support and dynamic hits addend (#37567)
deps: Bump build images -> `d2be0c1` (ndk -> 26) (#37715)
Minor JWT Document space fix from #36458 (#37717)
[redis_proxy] Add support for UNWATCH (#37620)
deps: Bump build images -> `b3e896d` (#37680)
mobile: Rename `io_bazel_rules_kotlin` -> `rules_kotlin` (#37711)
jwt_authn: Add logic to refetch JWT on KID mismatch (#36458)
bandwidth_limit: make exception free (#37666)
ext_proc: generalize ext proc mock client for http service configs (#37691)
qat: stop qat device before qatzip process exit (#37472)
[ext_proc] Fix fuzz bug and simplify processor state API (#37547)
deps/api: Bump `opentelemetry_proto` -> 1.5.0 (#37707)
deps: Bump `rules_rust` -> 0.56.0 (#37708)
bazel: Update/fix platform constraints (#37664)
PME filter: Continue iteration instead of Stop in decodeHeaders() and encodeHeaders() (#37605)
mobile: Add `rules_android_ndk` (#37648)
github/ci: Use ubuntu-24.04 by default (#37579)
OAuth2 filter: improve the csrf token with "Signed Double-Submit Cookie" (#37646)
bump protobuf to 29.1 (#37524)
Update QUICHE from bf33a4a6f to f18d52057 (#37688)
mobile: Don't set the `new` failure handler (#37655)
mobile/deps: Bump android (maven) test deps (#37683)
ci/github: Add `workflows:untested` label to PRs that change workflows (#37685)
mobile: Default QUIC connection idle timeout to 60s (#37633)
Align target names for opentelemetry-proto with BCR (#37662)
mobile: Prefer `rules_java` toolchain/s over `bazel_tools` (#37663)
mobile: Rename `build_bazel_rules_android` -> `rules_android` (#37660)
api key auth: remove exceptions (#37649)
deps: Bump `rules_jvm_external` -> 6.6 (#37630)
tests: Migrate from Add*() to Record*() set of methods in api-tests (#37659)
deps/api: Bump `envoy_toolshed` -> 0.2.2 (#37682)
build(deps): bump envoy-docs-sphinx-runner from 0.2.11 to 0.2.12 in /tools/base (#37681)
test: initialize creation_status (#37538)
deps: Bump build images -> `2460942` (#37671)
redis proxy: fix example in the proto comment (#37652)
quic: fix defer logging of request in Access log (#37643)
udp_proxy_filter: Fix crash when accepting dynamic cds for UDP. Fixes #34195. (#37151)
[stream info] [test] Fix broken StreamInfoImpl test (#37619)
Initialize rate_limit_quota token buckets with a partial fill (#37624)
expr: add new xds vhost attributes support (#37650)
deps: Bump `aspect_bazel_lib` -> 2.10.0 (#37653)
set_filter_state: enable per-route configuration override (#37507)
build(deps): bump github/codeql-action from 3.27.7 to 3.27.9 (#37645)
matchers: remove unused path pattern matcher (#37638)
dynamic_modules: adds `on_http_filter_*` event hooks (#37325)
build(deps): bump envoyproxy/toolshed from actions-v0.3.13 to 0.3.14 (#37640)
Patch rules_foreign_cc to not link bazel default libraries into GNUMake (#37632)
Update QUICHE from c4d62db87 to bf33a4a6f (#37622)
Doc: private_key_provider description update (#37304)
Minor cleanup in ext_proc_http_integration_test.cc (#37542)
aws_iam: deprecate extension and mark for future deletion (#37596)
http_filter: Add gRPC JSON reverse transcoder filter (#37418)
hcm: making exception free (#37521)
redis cluster: remove unnecessary validation to the lb type (#37559)
mobile/deps: Bump `rules_kotlin` -> 1.9.6 (#37594)
dns_filter: change dns filter to stable (#37618)
docs: refactor TLS Context docs to make it more reader friendly (#37604)
build(deps): bump github/codeql-action from 3.27.6 to 3.27.7 (#37610)
oauth2: removes exceptions (#37541)
Fix: oauth2 state encoding (#37473)
odcds: log abnormal message in higher level (#37529)
sub-formatter: change string data member to bool (#37587)
deps: Bump `com_github_luajit_luajit` -> 19878ec (#37608)
api key auth: fix broken test and use const for config (#37609)
upstream: allowing splitting out choosing host from choosing connecti… (#36537)
auth: new api auth implementation (#36968)
http: simplify the logic of upstream filter chain factory (#37518)
rds: normalize rds provider's config before calculating hash (#37180)
Add `rules_shell` in advance of Protobuf 29.0+ update. (#37595)
Update zlib to 1.3.1 (#37593)
[mobile]Convert network type from enum to bitmap so that compound network type can be represented (#37526)
Hoist `java_rules` into envoy (#37590)
deps: Bump `proxy_wasm_cpp_sdk` -> dc4f37e (#37592)
Disable sidestream flow control 3 (#37581)
runtime: deprecate sanitize_te (#37512)
docs: Fix search tool (#37589)
mobile/deps: update `rules_java` to 7.12.3 (#37586)
drain_manager: Unclean Revert of "HTTP2 Proactive GOAWAY on Drain - Preamble (#17026)" (#37465)
rate_limit: Add time unit week (#37494)
sync mobile's rules_jvm_external with core envoy (4.5 → 6.4) (#37585)
docs/deps: Bump `sphinx` -> 8.1.3 (#37584)
aws: removes exceptions from signing filter (#37558)
docs/theme: Update sphinx-rtd theme (#37583)
docs/search: Revert `innerHTML` changes (#37582)
lds: perf improvement - avoid listener resource copy (#37540)
cds: perf improvement - avoid cluster resource copy (#37539)
json-transcoder: Replace string addition with absl::StrCat (#37557)
Remove exceptions from stat_sinks (#37491)
deps: Bump `io_opentelemetry_cpp` -> 1.18.0 (#37574)
deps/api: Bump `opentelemetry_proto` -> 1.4.0 (#37575)
deps: Bump `bazel_features` -> 1.22.0 (#37572)
deps/api: Bump `dev_cel` -> 0.19.1 (#37570)
deps: Bump `com_github_google_benchmark` -> 1.9.1 (#37573)
build(deps): bump protobuf from 5.29.0 to 5.29.1 in /tools/base (#37515)
build(deps): bump actions/cache from 4.1.2 to 4.2.0 (#37528)
build(deps): bump aiohttp from 3.11.9 to 3.11.10 in /tools/base (#37527)
build(deps): bump slack-sdk from 3.33.4 to 3.33.5 in /tools/base (#37514)
clang-tidy: fixes errors in Lua filter (#37543)
repo: Sync version histories (#37566)
deps: Bump `rules_python` -> 1.0.0 (#37546)
Pin rules_cc to 0.17.0 (#37545)
ext_proc http bytes tracking support (#37297)
perf: router config_impl move a shared pointer (#37537)
csrf: Handle opaque origins correctly ("Origin: null") (#37460)
deps: Bump `envoy_examples` -> 0.0.9 (#37536)
health_check: add stats counters to monitor health check behavior (#37409)
coverage: ratcheting (#37522)
orca: support to parse utilization from raw text (#37487)
clang-tidy: fixes errors in common/tcp (#37502)
aws: Removed runtime flag `use_http_client_to_fetch_aws_credentials` (#37513)
watched: removing exceptions (#37461)
cluster: removing exceptions (#37500)
opencensus: delete opencensus tracer (#37508)
quic: fix parsing of UDP_GRO and ECN socket options to also work in big endian platforms (#37217)
Update QUICHE from dbc5afc11 to c4d62db87 (#37511)
dns_cache: removing exceptions (#37499)
Return StatusOr from createRouteSpecificFilterConfig for exception removal (#37498)
mobile/ci: Fix the mobile release validation job (#37509)
mobile/ci: Temporarily disable release_validation CI (#37506)
mobile/ci: Temporarily disable the mobile release validation job (#37504)
mobile/ci: Fix the release validation iOS version (#37503)
mobile/ci: Bump macos -> 14 (#37406)
Revert "github/ci: Workaround failing `gsutil` issue (#37480)" (#37483)
build: explicitly include absl/status/status.h in drain decision interface (#37488)
clang-tidy: Assorted source fixes (#37454)
validator: allowing creation failure (#37456)
upstream: removing header exceptions (#37466)
mobile: Delete unused Swift baseline app (#37493)
http: unified the filter chain creation in the FilterManager (#37112)
mobile/ci: Remove more unneeded iOS test apps (#37492)
mobile: Remove the Swift async await test app (#37489)
sds: moving code to cc file (#37486)
mobile/ci: Remove the Swift async app CI job (#37490)
wasm: fix wasm vm crash before the body too large (#37079)
router: making exception free (#37464)
build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 (#37481)
build(deps): update envoyproxy/toolshed requirement to actions-v0.3.13 (#37482)
github/ci: Workaround failing `gsutil` issue (#37480)
context_provider: exception free (#37457)
lua: support logging methods on all envoy lua objects (#37293)
ci: removes unused CircleCI config (#37433)
golang: avoid accessing deleted decoder_callbacks (#37405)
Include iosfwd instead of iostream in headers (#37436)
sec-release: add 25 Q1 release date (#37462)
mobile: removing a legacy extension (#37459)
ext_proc: refactoring handleBodyResponse() to make it more modularized (#37184)
dynamic_forward_proxy: bugfix for udp dynamic forward proxy filter when displaying buffer (#37391)
ext_proc: add unit tests for client_impl to increase coverage (#37390)
[PME filter] Clear any previously cached result in extractor (#37453)
docs: fix link (#37458)
ci: Add workflow for guards deprecation and update tool (#36571)
release: Update security release date (#37455)
local-rate-limit: add descriptor fill_interval lower bound (#37375)
do_ci: Remove unused clang_tidy target (#37451)
Revert "build(deps): bump cryptography from 43.0.3 to 44.0.0 in /tool… (#37452)
ci/clang-tidy: Fix for bazel config (#37392)
clang-tidy: Assorted test fixes (#37429)
bazel: Remove stray headers from srcs (#37441)
docs: correct some spelling mistakes and de-dupe words in ExtAuthZ (#37448)
deps/api: Bump `envoy_toolshed` -> 0.1.17 (#37447)
clang-tidy: fixes some errors (#37388)
build(deps): bump yarl from 1.18.0 to 1.18.3 in /tools/base (#37443)
build(deps): bump cryptography from 43.0.3 to 44.0.0 in /tools/base (#37444)
build(deps): bump aiohttp from 3.11.8 to 3.11.9 in /tools/base (#37445)
attributes: add upstream.cx_pool_ready_duration to get the duration of the upstream connection pool ready duration (#37318)
ext_proc: add more tests to increase coverage (#37389)
clang-tidy: fixes some errors (#37393)
fix unchecked statusor value access (#37394)
clang-tidy: fixes errors in extproc (#37395)
ci: Use default runners (#37439)
ci: removes unused zuul (#37434)
ci: removes docs/build.sh (#37435)
csrf: increase only one counter per request (#37289)
dynamic_modules: Move abi.h into hdrs (#37420)
ci/clang-tidy: make CLANG_TIDY_TARGETS configurable (#37428)
clang-tidy: ignore dynamic_modules/abi.h and test C programs (#37426)
build(deps): bump distroless/base-nossl-debian12 from `174f326` to `2a803cc` in /ci (#37410)
build(deps): bump protobuf from 5.28.3 to 5.29.0 in /tools/base (#37398)
build(deps): bump pyopenssl from 24.2.1 to 24.3.0 in /tools/base (#37400)
clang-tidy: respect '-Wno-builtin-macro-redefined' with c++20 (#37408)
build(deps): bump aiohttp from 3.11.7 to 3.11.8 in /tools/base (#37399)
build(deps): bump envoyproxy/toolshed from actions-v0.3.11 to 0.3.12 (#37404)
clang-tidy: fixes error in common::Cleanup class (#37377)
clang-tidy: fixes some uncaught errors (#37385)
fix: ouath2 filter id token and refresh token didn't adher to the `cookie_domain` setting (#37155)
dynamic_modules: use `size_t` for length of buffers (#37357)
clang-tidy: using instead of typedef in orca_load.h (#37387)
clang-tidy: default member error in cpu_utilization (#37386)
clang-tidy: ignore value_or used in optref helper (#37379)
clang-tidy: removes ExcludeHeaderFilterRegex not available in LLVM 14 (#37378)
http: allow trigger GOAWAY from l7 filters (#36306)
header-parser: fix return value check (#37371)
fuzz: fixing utility_fuzzer initialize_and_validate error handling (#37316)
cors: remove unnecessary code (#37274)
Removes setting `BAZEL_BUILD_EXTRA_OPTIONS` in .devcontainer/setup.sh (#37354)
docs: added more info for LUA filter's setUpstreamOverrideHost() (#37348)
changelog: Add entry for `schema_validation_tool` fix (#37335)
ci/bazel: Fix repo config (#37349)
Fix unchecked StatusOr dereference (#37337)
dynamic_modules: exclude abi.h from clang-tidy (#37317)
ci/publishing: Minor workflow fix (#37315)
github/ci: Only trigger pr-notifier ci on `main` PRs (#37336)
Patch c-ares CVE-2024-25629 (#37269)
Add details and example of sublinear route matching using Generic Matching API (#37158)
Adds logger id for dynamic_modules (#37296)
lua: add new function to set upstream host override (#37327)
build(deps): bump orjson from 3.10.11 to 3.10.12 in /tools/base (#37342)
docs: added more info for stateful_session filter params (#37345)
deps: Bump `envoy_examples` -> 0.0.8 (#37346)
build(deps): bump envoyproxy/toolshed from actions-v0.3.10 to 0.3.11 (#37344)
build(deps): bump icalendar from 6.0.1 to 6.1.0 in /tools/base (#37341)
ci: Remove unused gsutil tooling (#37332)
wasm: add basic docs (#37181)
build(deps): bump envoyproxy/toolshed from actions-v0.3.9 to 0.3.10 (#37333)
build(deps): bump envoyproxy/toolshed from actions-v0.3.8 to 0.3.9 (#37331)
build(deps): bump envoyproxy/toolshed from actions-v0.3.6 to 0.3.8 (#37330)
build(deps): bump envoyproxy/toolshed from actions-v0.3.5 to 0.3.6 (#37323)
Grant LB policies write access to connection stream info (#37298)
cors: refactor loop to if (#37257)
mobile: Support for multiple transport types on the Android network monitor (#37321)
Removes unused and unreferenced run_clang_tidy.sh (#37320)
mobile: moving hds prod factory out of E-M build (#37291)
build(deps): bump yarl from 1.17.2 to 1.18.0 in /tools/base (#37301)
build(deps): bump aiohttp from 3.11.6 to 3.11.7 in /tools/base (#37303)
dynamic_modules: enables rustfmt.toml (#37295)
logger: remove exceptions (#37265)
regex: removing exceptions (#37264)
secret provider: removing exceptions (#37221)
mobile: allowing for immediate pool drain on network change (#37290)
ci: Boost cpu for flakey on_demand integration test (#37294)
json: replacing IS_ENVOY_BUG when a large number value is used with an error (#37267)
dynamic_modules: HTTP filter config implementation (#37070)
http: make streaming shadows on by default (#37227)
api: add ConnectionPoolSettings into ProxyProtocolUpstreamTransport (#37177)
client-side-WRR-LB: Improve Client Side Weighted Round Robin lb policy. (#37127)
outlier: removing exceptions (#37262)
build(deps): bump actions/dependency-review-action from 4.4.0 to 4.5.0 (#37278)
build(deps): bump setuptools from 75.5.0 to 75.6.0 in /tools/base (#37277)
build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 (#37279)
build(deps): bump aiodocker from 0.23.0 to 0.24.0 in /tools/base (#37276)
add docs for lua filter and change log (#37246)
Make ScopedExecutionContext no-op if !ExecutionContext::isEnabled(). (#37069)
SNI dynamic forward proxy: Support saving resolved upstream address (#37099)
fix spelling in a comment (#37272)
ext_proc: remove exception throw in ext_proc configuration parsing code (#37216)
hds: not including for E-M (#37043)
SAN-matcher: refactoring DNS exact SAN matcher out of regular matchers (#37253)
Change handling of graceful case of LoadStatsReporting onRemoteClose (#37076)
limit calculated sampling exponent (#37240)
health check: remove exceptions (#37263)
http: allow local replies to traverse the filter chain after 1xx headers (#37097)
validator: add in removed extension (#37261)
deps: Bump `com_github_gabime_spdlog` -> 1.15.0 (#37204)
deps/python: Manually bump yarl to resolve dependabot issues (#37245)
repo: Sync version histories (#37260)
stream_info_formatter.cc format file (#37244)
Update rate_limit_quota CODEOWNERS (#37255)
rlqs: Shared, global RLQS client & buckets cache (#34009)
perf: Optimize HedgePolicyImpl class layout (#37211)
maintainers: promoting Boteng! (#37231)
validation context: removing exceptions (#37220)
deps: Bump `envoy_examples` -> 0.0.7 (#37248)
proxy-protocol-filter: add version to filter state (#36934)
build(deps): bump envoy-distribution-distrotest from 0.0.11 to 0.0.12 in /tools/base (#37247)
python/tools: Update distrotest to retry apt failures (#37243)
proto: moving a utility to the one call location (#36990)
build(deps): bump slack-sdk from 3.33.3 to 3.33.4 in /tools/base (#37241)
build(deps): bump aiohttp from 3.10.10 to 3.10.11 in /tools/base in the pip group (#37234)
original_ip_detection: revert unintended XFF header appending behavior in CustomHeaderIPDetection (#37194)
test: extend waitForInexactRawData (#37179)
ci: Boost cpu for flakey grpc integration test (#37223)
Update QUICHE from 3c9db14bb to dbc5afc11 (#37235)
utility: remove exceptions for translation (#37042)
ext_authz: expose fields latency, bytesSent and bytesReceived for CEL and logging (#37074)
feature: make always accessible the original downstream local address (#36920)
refactor: Optimize HeadersToAddEntry class layout (#37215)
refactor: Optimize UpstreamCodecFilter class layout (#37213)
deps/api: Bump `envoy_toolshed` -> 0.1.16 (#37219)
build fix (#37149)
quic: Use MaybeSendRstStreamFrame instead of ResetWriteSide in a quic test (#37182)
runtime: deprecating envoy.reloadable_features.exclude_host_in_eds_status_draining (#37185)
deps: Bump `aspect_bazel_lib` -> 2.9.4 (#37203)
deps: Bump `build_bazel_rules_apple` -> 3.13.0 (#37202)
deps/api: Bump `com_github_bufbuild_buf` -> 1.47.2 (#37206)
deps/api: Bump `rules_proto` -> 7.0.2 (#37205)
Resolve performance-inefficient-vector-operation clang-tidy warning (#37189)
udp_proxy: support coexistence of dynamic and static clusters (#37016)
doc: update inotify assertion to provide more accurate feedback (#37111)
router: pre-reserve header_parser vectors by their sizes (#37130)
[contrib] Disable GCC warnings and broken features (#37131)
sub-formatter: store a bool instead of a string (#37141)
filters: revert to original behavior for invalid content-length handling in CEL Size extractor (#37168)
mobile: Make the Apple proxy settings monitor refresh interval configurable (#37175)
mac: set `-Wno-deprecated-declarations` (#37148)
Add CEL test using typed_filter_config (#37174)
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in /contrib/golang/filters/http/test/test_data/add_data in the contrib-golang group (#37161)
build(deps): bump yapf from 0.40.2 to 0.43.0 in /tools/base (#37132)
build(deps): bump setuptools from 75.4.0 to 75.5.0 in /tools/base (#37133)
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in /contrib/golang/filters/http/test/test_data/metric in the contrib-golang group (#37159)
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in /contrib/golang/filters/http/test/test_data/buffer in the contrib-golang group (#37160)
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in /contrib/golang/filters/http/test/test_data/echo in the contrib-golang group (#37162)
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in /contrib/golang/filters/http/test/test_data/access_log in the contrib-golang group (#37163)
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 (#37164)
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in /contrib/golang/router/cluster_specifier/test/test_data/simple in the contrib-golang group (#37165)
build(deps): bump github/codeql-action from 3.27.3 to 3.27.4 (#37166)
build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.2 in /contrib/golang/filters/http/test/test_data/property in the contrib-golang group (#37167)
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in /contrib/golang/filters/http/test/test_data/routeconfig in the contrib-golang group (#37169)
access_log: add UPSTREAM_HOST_NAME_WITHOUT_PORT variable (#37114)
filters: optimize cel expression context with constant-time lookups (#37057)
replace access log list to access log vector (#37103)
feat: prepare for breaking change in Protobuf C++ API (#37066)
iouring: compiling out for E-M linux (#37035)
bump proto_processing_lib to 11d825fb33f92eefcbacbd7b0db9eea8df6e8acb (#37125)
Update QUICHE from aaf48d2e5 to 3c9db14bb (#37128)
[quic]Check canonical suffix when checking checking QUIC brokenness (#36981)
bump protobuf to 28.3 (#37113)
build(deps): bump github/codeql-action from 3.27.0 to 3.27.3 (#37118)
build(deps): bump gsutil from 5.30 to 5.31 in /tools/base (#36545)
build(deps): bump setuptools from 75.3.0 to 75.4.0 in /tools/base (#37105)
build(deps): bump distroless/base-nossl-debian12 from `aa91f01` to `174f326` in /ci (#37119)
Fix a bug where DNS jitter can cause milliseconds duration to be interpreted as negative triggering envoy bug. (#36953)
dns: add round-robin nameserver rotation option to c-ares resolver (#37108)
Remove race between closing upstream connection and downstream request (#37101)
ci: Add bazel client caching (#37096)
tests: use makeOptRef to create an OptRef object (#37110)
http2: removes the false path for an old runtime feature (#37067)
benchmark: add route matcher benchmarks for exact and prefix match (#37086)
lua cluster_specifier: fix lua reference for multiple clusters (#37100)
odcds: only including if needed (#37034)
ext_proc: Ext proc half close on destroy and defer reset till trailers received. (#37083)
exceptions: Make THROW_OR_RETURN_VALUE work outside the "Envoy" namespace (#37058)
access log: support upstream connect timing in COMMON_DURATION (#37077)
build(deps): bump aio-api-bazel from 0.0.2 to 0.0.3 in /tools/base (#37094)
build(deps): update envoyproxy/toolshed requirement to actions-v0.3.5 (#37093)
[contrib][vcl] Fix VCL builds with GCC (#37075)
rbac: add unit tests for matchers to increase coverage (#37080)
changelog: fix a small typo in rbac deprecation line (#37082)
Add `arch` to APT repository configuration (#37068)
rbac: add support for matching on route metadata (#36957)
tls: add options to validate SANs and send SNI for upstream hostname (#36903)
lua cluster_specifier: fix crash in getCluster() (#37073)
deps: Bump `rules_rust` -> 0.54.1 (#37056)
Enhance ext_proc filter to support MXN streaming (#34942)
[contrib][postgres] Remove <> after constructor in the PG proxy code (#37038)
socket: removing some exceptions (#36991)
ci: Shift (Docker) cache priming to request workflow (#37028)
quic: Don't delay TCP attempt when HTTP/3 status is unknown (#37040)
kafka: split protocol generation into .h and .cc files (#37017)
bazel/ci: Add pre/post repository shas to report (#37062)
ci: Rename request/checks workflow (#37033)
bazel: Make `ci` config common (#37027)
build(deps): bump envoyproxy/toolshed from actions-v0.3.1 to 0.3.2 (#37061)
[contrib][http language filter] Change position of libstdc++ library when linking ICU tools (#37060)
docs/proto: Adding comments to fields/enums that have no comments (#37018)
bazel/ci: Remove old fetch setup (#37014)
router: removing unused files (#37019)
Remove extraneous target source/common/common:xds_manager_lib (#37041)
dns_cache: add more unit tests (#37032)
dns resolver: add options to initialize c-ares with custom timeout an… (#36947)
docs: add and fix license URLs (#37029)
deps: Bump `envoy_examples` -> 0.0.6 (#37023)
build(deps): bump pygithub from 2.4.0 to 2.5.0 in /tools/base (#37022)
ext_proc: refactoring onData() to make it modularized (#36999)
proto: removing some exceptions (#36965)
ip-tagging filter: add support for an optional ip-tag-header field (#36434)
S390x - Fix typo for envoy test (#37015)
boringssl: update to latest chromium stable version (#36899)
lua cluster_specifier: give access to cluster connection/request counts (#36998)
golang: expose add{Decoded,Encoded}Data (#36959)
ci/codeql: Disable "trap" caching (#36985)
ci: Boost mem for integration test (#37009)
build(deps): bump envoyproxy/toolshed from actions-v0.2.38 to 0.3.1 (#37013)
docs/bazel: Fix target visibility (#37008)
ci/coverage: Fix duplicate flag warning (#36987)
Add release note for "Relax recent SNI restrictions" (#37000)
Make CancelWrapper enforce thread constraint (#36993)
stats: add tag extraction rules for google_grpc client (#36673)
attributes: add new attribute upstream.request_attempt_count (#36939)
Relax recent SNI restrictions (#36950)
build(deps): bump envoyproxy/toolshed from actions-v0.2.37 to 0.2.38 (#36994)
flow_control: downstream push back sidestream (#35827)
wasm: remove the shutdown callback in lifetime_notifier (#36688)
tools: Remove `envoy_package` (#36948)
deps: Bump `com_google_cel_cpp` -> 0.10.0 (#36940)
ext_proc: clean up (#36956)
kafka: close connection when rejectable request appears (#36979)
github/ci: Fix workflow concurrency (#36952)
bazel/distribution: Cleanups to fix aquery (#36977)
docs: update envoy build location (#36986)
Update QUICHE from 5621f6366 to aaf48d2e5 (#36976)
mobile: Fix HTTPRequestUsingProxyTest.swift (#36980)
Added envoy test missing options for s390x (#36915)
Add cancelWrapper helper function in /common. (#36938)
router: use template method to avoid unused memory allocations in HeaderData (#36878)
xds: delta-xDS avoid copying resources (#36832)
deps/api: Bump `envoy_toolshed` -> 0.1.15 (#36969)
github/ci: Workaround `macos-12` brownout by boosting images (#36972)
sds: relax backing cluster check to allow dynamic clusters (#36694)
json: reduce exceptions (#36919)
headers/geoip: Fix macro (#36964)
ads-replacement: adding hook and cluster-manager support (#36768)
srds: remove a redundant if block (#36944)
ci: Quieten GCS artifact uploads (#36949)
matchers: remove unneeded ListMatcher data member (#36902)
Partial revert of "mobile: resolving how forcev6 works on mobile plat… (#36922)
build(deps): bump orjson from 3.10.10 to 3.10.11 in /tools/base (#36960)
address: removing some exceptions (#36754)
api: HTTP APIKey Auth Filter (#36709)
golang: provide method to refresh route cache (#36863)
wasm: remove unused public interfaces (#36941)
tools: updating oncall test triage location (#36937)
ci/rbe: Boost cpus for more flakey tests (#36942)
wasm: prevent stuck connections in case of multiple local replies (#36809)
udp_proxy: Support dynamic cluster selection per session (#36868)
srds: permit dynamic SRDS resources to contain inline RDS configuration (#36703)
http: removing the default trusted address list (#36643)
proto: reducing exceptions (#36872)
ci/rbe: Boost cpus for some more integration tests (#36930)
build(deps): bump envoy-base-utils from 0.5.6 to 0.5.7 in /tools/base (#36935)
deps/api: Bump `com_github_bufbuild_buf` -> 1.46.0 (#36933)
deps: Bump `build_bazel_rules_apple` -> 3.11.2 (#36932)
build(deps): bump setuptools from 75.2.0 to 75.3.0 in /tools/base (#36906)
build(deps): bump slack-sdk from 3.33.2 to 3.33.3 in /tools/base (#36905)
tests: add integration test to quic_stats for long certificate chain (#36926)
add OLM scaling for max_connection_duration (#36816)
config: removing unpackToOrThrow in favor of unpackTo (#36821)
srds: remove scope from scope_name_by_hash_ in case the scope key changes (#36702)
test: fix os_sys_calls_test in some less common environments (#36923)
tools/python: Fix macro format issue (#36916)
router: converting internal_only_headers from list to vector (#36898)
Remove unused listener FilterChain on_demand_configuration field (#36786)
tools/python: Fix namespacing in entry_point macros (#36914)
route: remove redundant loader reference in weighted cluster entries (#36836)
wasm: removed automatical route refreshment and add a foreign function to clear the route cache (#36671)
deps/api: Bump `envoy_toolshed` -> 0.1.13 (#36892)
ci/rbe: Boost cpu for another integration test (#36901)
tls: Expose well-known certificate subject fields in Lua filter (#35994)
bazel/deps: Fix `rules_license` setup (#36900)
[mobile]fix jni parameter type (#36896)
quic: add debug visitor to export various quic stats from quiche (#36813)
context: use server factory context as lb context (#36874)
runtime: removed defer processing flag and legacy codepaths. (#36731)
http2: protects client against stream not found (#36573)
ci/rbe: Boost cpu for another integration test (#36885)
build(deps): bump actions/dependency-review-action from 4.3.5 to 4.4.0 (#36883)
fix typo in the code comment (#36875)
Update QUICHE from 0d1ce7087 to 5621f6366 (#36869)
mobile: Fix a PAC proxy error check bug (#36876)
runtime: Enable UDP GRO by default (#36811)
Deprecating and removing envoy.reloadable_features.edf_lb_locality_scheduler_init_fix (#36835)
ci: Use repo settings for upload buckets (#36870)
flow_control: Refactor setWatermark (#36738)
bazel/ci: Add repo customizations (#36831)
deps: Bump `bazel_features` -> 1.20.0 (#36855)
deps: Bump `rules_python` -> 0.37.2 (#36854)
dependabot: add missing contrib-golang group to some gomod (#36849)
build(deps): bump distroless/base-nossl-debian12 from `e130c09` to `aa91f01` in /ci (#36847)
ci/coverage: Fix accidental ws (#36839)
oauth2: enable `use_refresh_token` by default (#36065)
Update QUICHE from 408e786de to 0d1ce7087 (#36822)
ci/rbe: Boost cpus for more integration tests (#36837)
ci/coverage: Fix coverage flake in `source/extensions/common` (#36838)
route: Downgrade advisory log message (#36797)
runtime: deprecate validate_grpc_header (#36757)
rbe/ci: Bump cpus for kv/store integration test (#36834)
deps: Bump `build_bazel_rules_apple` -> 3.10.0 (#36833)
protobuf.patch: a bunch of updates, mostly backports (#36823)
coverage: loosen (#36830)
ci/rbe: Boost cpu/mem for more integration tests (#36825)
deps: Bump `com_github_awslabs_aws_c_auth` -> 0.8.0 (#36827)
deps: Bump `aspect_bazel_lib` -> 2.9.3 (#36726)
deps/api: Bump `dev_cel` -> 0.18.0 (#36826)
build(deps): bump slack-sdk from 3.33.1 to 3.33.2 in /tools/base (#36824)
router: clean up unnecessary field (#36814)
request id: minor optimization or fix to the request id logic (#36773)
deps: Bump `com_github_nghttp2_nghttp2` -> 1.64.0 (#36743)
Set resource `telemetry.sdk.*` and scope `otel.scope.name|version` attributes for the OpenTelemetry tracer (#36787)
Backport grpc change to fix some protoc warnings (#36795)
wasm: restart wasm vm if it's failed because runtime error (#36456)
deps: Bump `rules_python` -> 0.37.1 (#36817)
proxy_protocol: use no-throw addresses to remove exception handling (#36815)
tools/python: Remove unused loading of old py macro (#36820)
tools/python: Use newer `entry_point` rule (#36803)
ci/codeql: Only run on main branch (#36806)
ci/rbe: Adjust keepalives for cache (envoy and mobile) (#36810)
ci/rbe: Boost cpus for a couple more integration tests (#36807)
tls: support IP SANs for IP versions not supported by host OS (#36770)
dynamic_modules: scaffolds config API & HTTP Filter (#36448)
Refactor UDP proxy to support deferred cluster selection (#36700)
coverage: ratcheting (#36762)
quic: remove runtime guard and code for legacy cert handling (#36772)
Deprecating and removing envoy.reloadable_features.edf_lb_host_scheduler_init_fix (#36794)
build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#36798)
[balsa] Add runtime flag for http_inspector parser (#36672)
tls: reduce memory use per connection by 712 bytes (#36767)
ci/tests: Boost more worker cores for flakey integration tests (#36793)
bump cel-cpp (#36661)
ci/tests: Revert some integration tests to `2core` (#36784)
mobile: resolving how forcev6 works on mobile platforms (#36732)
build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 (#36774)
build(deps): bump protobuf from 5.28.2 to 5.28.3 in /tools/base (#36775)
build(deps): bump orjson from 3.10.9 to 3.10.10 in /tools/base (#36776)
ci/macos: Increase timeout to 120m (#36719)
ci/coverage: Remove more cruft in diskspace hack (#36720)
aws: async bugfix for multiple credential handlers in upstream mode (#36707)
Allow empty resolver list for cares dns (#36735)
runtime: removing dns_reresolve_on_eai_again (#36656)
mobile: Adds proxy.pac to test PAC file URL (#36765)
ci/rbe: Switch rbe pools `2core` -> `6gig` (#36761)
ocsp/formatting: Fix format issue in generated cert (#36763)
deps: Switch hosting server for kafka server binary download (#36748)
test/ocsp: Renew certificates (#36755)
upstream: removing exceptions from hostimpl (#36582)
deps: Bump `rules_rust` -> 0.53.0 (#36727)
deps: Bump `rules_jvm_external` -> 6.4 (#36721)
build(deps): bump actions/dependency-review-action from 4.3.4 to 4.3.5 (#36740)
Add support for OtherName, Email SAN substitution formatters (#36502)
wasm: remove redundant xds attributes (#36619)
apple_dns: Add DNS query trace (#36678)
mobile: Fixes for the Apple PAC proxy resolver (#36698)
mobile: change to being more aggressive about HTTP/3 retries (#36734)
ci/rbe: Switch backend RBE cluster (#36730)
deps/release: Bump Ubuntu -> 0e5e4a5 (#36723)
Fix documentation for TcpProxy.metadata_match (#36683)
build: fix compile commands generation (#36693)
add test suites for classes in hash_policy.cc file (#36708)
router: remove send_local_reply_when_no_buffer_and_upstream_request guard (#36620)
mobile: add knob for h3 keepalive (#36646)
test: Add a knob to disable admin server in IntegrationTestServer (#36684)
build(deps): bump orjson from 3.10.7 to 3.10.9 in /tools/base (#36714)
build(deps): bump envoy-base-utils from 0.5.5 to 0.5.6 in /tools/base (#36690)
build(deps): bump cryptography from 43.0.1 to 43.0.3 in /tools/base (#36715)
aws_signing: support for dynamically configurable credential (#36217)
http: initializes a field of ConnectionManagerImpl::ActiveStream::State. (#36642)
test: deflake an integration test (#36674)
ci/rbe: Use engflow for non-coverage checks (#36687)
xds-failover: fixing runtime feature flag in tests (#36659)
security-release: update the q3 release record (#36689)
Signed-off-by: tedjpoole <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
from
5485ce6 to
67e8204
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Generated by envoy-sync-receive.sh