auto-merge envoyproxy/envoy[main] into envoyproxy/envoy-openssl[main] #273
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![update-openssl-envoy[bot]](https://avatars.githubusercontent.com/u/30125649?s=60&v=4){kind=small}
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
6 times, most recently
from
bac3d40
to
cbb98a4
Compare
…824) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Fix #36800 Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Fix #36704 Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com> Signed-off-by: Ryan Northey <[email protected]>
Fix #36799 Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Signed-off-by: Ryan Northey <[email protected]>
96.5% for source/common was a bit too high to consistently pass. Let's try 96.4%, which is still better than the 96.2% it was earlier. Signed-off-by: Alejandro R. Sedeño <[email protected]>
Backport several changes from protobuf upstream to reduce warnings during the build. protoc warnings: protocolbuffers/protobuf@923ee76 hide clang pragmas from not-clang: protocolbuffers/protobuf@7d3e80c explicit `this` capture in some lambdas: protocolbuffers/protobuf@f8bf5ed explicit `inline` when `PROTOBUF_ALWAYS_INLINE`: protocolbuffers/protobuf@a7d47b3 Finally, submitted for consideration upstream: Do not inline a couple of functions when using gcc. When these functions are inlined by gcc, the pragmas ignoring some warnings are not honored at the inline site, and so it gets very noisy. --------- Signed-off-by: Alejandro R. Sedeño <[email protected]>
Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Signed-off-by: Ryan Northey <[email protected]>
Risk Level: low Testing: n/a Docs Changes: n/a Release Notes: inline Fixes envoyproxy/envoy#31985 Signed-off-by: Alyssa Wilk <[email protected]>
Signed-off-by: Yury Kats <[email protected]>
This is failing on a bunch of unrelated PRs Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
https://github.com/google/quiche/compare/408e786de..0d1ce7087 ``` $ git log 408e786de..0d1ce7087 --date=short --no-merges --format="%ad %al %s" 2024-10-24 martinduke Two Subscriptions to the same MoQT Track in a session is an error. 2024-10-24 birenroy Adds the ability to make annotations on quiche::LifetimeTrackable objects. 2024-10-24 martinduke MoQT SUBSCRIBE to a prior group is an error. 2024-10-24 martinduke Framer and Parser for MoQT FETCH family messages in draft-07. 2024-10-24 vasilvv Implement a publisher API for fetch. 2024-10-23 wub Deprecate --gfe2_restart_flag_quic_dispatcher_ack_buffered_initial_packets. 2024-10-23 wub Avoid nested CloseConnection calls in QuicConnection. 2024-10-22 martinduke Allow client to activate PragueCubic congestion control via connection option for experiment purposes. 2024-10-22 vasilvv Fix standalone QUICHE build 2024-10-21 wub No public description 2024-10-21 vasilvv Add MoqtProbeManager 2024-10-21 martinduke Update MoqtLiveRelayQueue for Peeps. Places incoming objects in subgroup queues and delivers them in subgroup order. 2024-10-21 martinduke Rename SUBSCRIBE_NAMESPACE as SUBSCRIBE_ANNOUNCES in MoQT. 2024-10-21 quiche-dev Enabling rolled out flags. 2024-10-17 rch Make Hyperloop client and server enable flow label changes to avoid black holes. 2024-10-17 martinduke Update SimpleSessionNotifier for RESET_STREAM_AT frames. 2024-10-17 martinduke Don't track support for RESET_STREAM_AT in QuicConnection. Instead, rely on state in QuicFramer. 2024-10-17 rch Remove an unnecessary setsockopt of IPV6_FLOWINFO_SEND. Enabling IPV6_FLOWINFO_SEND causes the kernel to send a randomly generated flow label unless a flow label is explicitly provided in a CMSG. Since we already wired up support to set the label in CMSG, this call is redundant and it has the unintended side effect of causing random flow labels to be sent, even for sockets where no flow labels are intended. For QuicUdpSocket users that do not intend to send flow labels, this would be a behavior change. 2024-10-17 rch Make QuicConnection generate a new flow label when flow label based black hole avoidance is enabled, and added CODE_COUNTS for when the flow label changes 2024-10-17 martinduke Update QuicControlFrameManager to support RESET_STREAM_AT frames. 2024-10-17 quiche-dev Automated g4 rollback of changelist 685776850. 2024-10-17 rch Only check for flow label functionality in the QUIC end-to-end test if the connection is actually using IPv6. 2024-10-16 rch Change IPv6 flow labels when QUIC connections have a retransmission timeout or when a new packet that creates a gap is received with a new flow lable. 2024-10-16 dschinazi Clean up a few QuicConnectionTests 2024-10-15 wub Deprecate --gfe2_reloadable_flag_quic_new_error_code_for_invalid_hostname. 2024-10-15 quiche-dev Enable stack protector to prevent stack buffer overflows. 2024-10-15 quiche-dev Enabling rolled out flags. 2024-10-14 rch Allow QUIC connections to send and receive IPv6 flow labels. 2024-10-14 danzh Always support SPAD on the client side. 2024-10-14 fayang Change HeaderBlock members to be const. 2024-10-14 danzh Fix goolgeurl tarball link. 2024-10-14 quiche-dev Automated g4 rollback of changelist 685757306. 2024-10-14 fayang Optimize QpackBlockingManager for CPU efficiency. 2024-10-14 quiche-dev Automated g4 rollback of changelist 685481728. ``` --------- Signed-off-by: Renjie Tang <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
from
cbb98a4
to
6fecd89
Compare
<!-- !!!ATTENTION!!! If you are fixing *any* crash or *any* potential security issue, *do not* open a pull request in this repo. Please report the issue via emailing [email protected] where the issue will be triaged appropriately. Thank you in advance for helping to keep Envoy secure. !!!ATTENTION!!! For an explanation of how to fill out the fields, please see the relevant section in [PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md) --> Commit Message: enable `use_refresh_token` by default in oauth2 filter. Additional Description: Almost all oauth provider give you an option to enable or disable sending refresh_token in response. If someone is sending refresh_token, the intent is generally to use it. If not, the same is not used and the behavior stays the same. This feature is now pretty stable and can be enabled by default. Risk Level: Low Testing: UTs Docs Changes: Present in the PR. Release Notes: Need to mention about enabling `use_refresh_token` by default. Fixes #36045 --------- Signed-off-by: Anurag Aggarwal <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
2 times, most recently
from
1e0c46e
to
1e086a4
Compare
…a91f01` in /ci (#36847) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Also sort the contrib-golang gomods to make it tidy. Signed-off-by: spacewander <[email protected]>
Fix #36844 Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Fix #36840 Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
This allows per-repo configuration/customization of the bazel (eg rbe) settings Signed-off-by: Ryan Northey <[email protected]>
…ers (#37097) If 1xx informational headers have been fully sent to the codec, and primary response headers have not yet arrived, it is safe to send a local reply through the filter chain. Risk Level: Low Testing: Integration tests Docs Changes: None Release Notes: None --------- Signed-off-by: Paul Ogilby <[email protected]>
Risk Level: low Testing: updated tests Docs Changes: n/a Release Notes: n/a envoyproxy/envoy-mobile#176 Signed-off-by: Alyssa Wilk <[email protected]>
Ensure that calculated sampling exponent stays below a certain limit Risk Level: Low Testing: Unit test, manual Docs Changes: N/A Release Notes: N/A Platform Specific Features: Fixes #37199 Signed-off-by: thomas.ebner <[email protected]>
…(#37076) Currently, we treat all remote grpc stream closes as errors, and log warnings and increment failure metrics for every instance. A remote grpc stream close with a 0 code is not a failure, but instead a graceful termination, so it should be a lower log level and should not increment failure metrics. Risk Level: Low --------- Signed-off-by: Brian Sonnenberg <[email protected]>
…s (#37253) The current SAN-matcher has a specific matching behavior when the matching general-type is DNS and the matcher-type is Exact. This PR refactors that behavior into a different class `DnsStringSanMatcher` and ensures that when the code creates a SAN-Matcher the correct class is used. Signed-off-by: Adi Suissa-Peleg <[email protected]>
Risk Level: low Testing: updated tests Docs Changes: n/a Release Notes: n/a envoyproxy/envoy-mobile#176 Signed-off-by: Alyssa Wilk <[email protected]>
…de (#37216) ## Description This PR refactors the exception throwing logic in the **ext_proc** filter to use `absl::Status` returns instead of throwing exceptions. Fixes #37046 --- **Commit Message:** ext_proc: remove exception throw in ext_proc configuration parsing code **Additional Description:** This change makes the error handling in ext_proc more consistent with other parts of the codebase by using Status returns instead of exceptions. The validation logic remains unchanged. **Risk Level:** Low **Testing:** - Added new Unit Tests around config validation - Existing unit tests modified to verify status returns - Integration tests remain unchanged as external behavior is the same **Docs Changes:** N/A **Release Notes:** N/A --------- Signed-off-by: Rohit Agrawal <[email protected]>
Signed-off-by: Greg Greenway <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
from
993ad98
to
82ac806
Compare
…#37099) Commit Message: Save resolved upstream address in filter state in SNI dynamic forward proxy Additional Description: Risk Level: Low Testing: Added unit tests and am also consuming this change from filter state in a subsequent filter Docs Changes: Fixed a typo in doc and added new field to proto Release Notes: Added a description in change log Platform Specific Features: Signed-off-by: Santosh Rao <[email protected]>
…(#37069) Make `ScopedExecutionContext` no-op if `!ExecutionContext::isEnabled()`. This saves a call to `ScopeTrackedObject::trackedStream()` when execution context is disabled. Commit Message: Make ScopedExecutionContext no-op if !ExecutionContext::isEnabled(). Additional Description: Risk Level: None. Testing: Existing execution_context_test.cc. Docs Changes: N/A Release Notes: N/A Platform Specific Features: [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] Signed-off-by: Bin Wu <[email protected]>
followup of envoyproxy/envoy#36920 Signed-off-by: Florent Lecoultre <[email protected]>
…276) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…7277) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…0 (#37278) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Risk Level: low Testing: updated tests Docs Changes: n/a Release Notes: n/a envoyproxy/envoy-mobile#176 Signed-off-by: Alyssa Wilk <[email protected]>
…y. (#37127) Signed-off-by: Misha Efimov <[email protected]>
…#37177) Commit Message: Add `ConnectionPoolSettings` in proxy_protocol upstream transport socket. It customizes the behavior of connection pool. Additional Description: Risk Level: LOW Testing: CI Docs Changes: Release Notes: Platform Specific Features: [Optional Runtime guard:] Fixes #37126 [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] --------- Signed-off-by: Yuchen Dai <[email protected]>
Commit Message: http: make streaming shadows on by default. Additional Description: Flips `envoy_reloadable_features_streaming_shadow` to default-true. Risk Level: low Testing: integration, unit Docs Changes: none Release Notes: none Optional Runtime guard: still `envoy_reloadable_features_streaming_shadow`. --------- Signed-off-by: Paul Ogilby <[email protected]>
Commit Message: dynamic_modules: HTTP filter config implementation Additional Description: This expands the ABI for HTTP filter configurations. Especially this adds two even hooks coupled with the life cycle of HTTP filter config handled in the main thread. The key idea is to do the direct pointer (context) passing between the boundary; This allows us to avoid maintaining IDs and global mapping state, which makes it easier to test as well as it has benefit in terms of performance. E.g. there's no need to look up "contexts" on each event hook entry. The next follow-up PR will add per-stream event hooks (filter implementation). After the event hooks are done, module->Envoy functions will be added (e.g. accessing headers, etc.) Risk Level: low Testing: done Docs Changes: n/a Release Notes: n/a Platform Specific Features: [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] --------- Signed-off-by: Takeshi Yoneda <[email protected]>
…n error (#37267) Commit Message: json: replacing IS_ENVOY_BUG when a large number value is used with an error Additional Description: Followup to #36919. In #36919, there was a behavior change when the JSON library parsed a large number. Prior to #36919 Envoy would have thrown an exception which ended up rejecting the value or erroring out. After that an ENVOY_BUG was introduced, but probably shouldn't have had, as Envoy may receive a value that is large and should handle it correctly (e.g., when ingesting a config). This was detected due to fuzz bug [379811166](https://g-issues.oss-fuzz.com/issues/379811166). Risk Level: low Testing: Added fuzz test case, and updated the unit-tests. Docs Changes: N/A (no docs were updated in the original PR). Release Notes: N/A (no release notes were introduced in the original PR). Platform Specific Features: N/A Signed-off-by: Adi Suissa-Peleg <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
Risk Level: n/a (mobile only) Testing: new e2e test Docs Changes: n/a Release Notes: n/a Signed-off-by: Alyssa Wilk <[email protected]>
Risk Level: low Testing: updated tests Docs Changes: n/a Release Notes: n/a envoyproxy/envoy-mobile#176 Signed-off-by: Alyssa Wilk <[email protected]>
Risk Level: low Testing: updated tests Docs Changes: n/a Release Notes: n/a envoyproxy/envoy-mobile#176 Signed-off-by: Alyssa Wilk <[email protected]>
Risk Level: low Testing: updated tests Docs Changes: n/a Release Notes: n/a envoyproxy/envoy-mobile#176 Signed-off-by: Alyssa Wilk <[email protected]>
Commit Message: dynamic_modules: enables rustfmt.toml Additional Description: This enables the root configuration for rustfmt as a follow up on envoyproxy/envoy#37070 (comment). Only formatting is done in this commit. There's no change in its code. Risk Level: low Testing: n/a Docs Changes: n/a Release Notes: n/a Platform Specific Features: n/a [Optional Runtime guard:] [Optional Fixes #Issue] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] Signed-off-by: Takeshi Yoneda <[email protected]>
* upstream/main:
dynamic_modules: enables rustfmt.toml (#37295)
logger: remove exceptions (#37265)
regex: removing exceptions (#37264)
secret provider: removing exceptions (#37221)
mobile: allowing for immediate pool drain on network change (#37290)
ci: Boost cpu for flakey on_demand integration test (#37294)
json: replacing IS_ENVOY_BUG when a large number value is used with an error (#37267)
dynamic_modules: HTTP filter config implementation (#37070)
http: make streaming shadows on by default (#37227)
api: add ConnectionPoolSettings into ProxyProtocolUpstreamTransport (#37177)
client-side-WRR-LB: Improve Client Side Weighted Round Robin lb policy. (#37127)
outlier: removing exceptions (#37262)
build(deps): bump actions/dependency-review-action from 4.4.0 to 4.5.0 (#37278)
build(deps): bump setuptools from 75.5.0 to 75.6.0 in /tools/base (#37277)
build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 (#37279)
build(deps): bump aiodocker from 0.23.0 to 0.24.0 in /tools/base (#37276)
add docs for lua filter and change log (#37246)
Make ScopedExecutionContext no-op if !ExecutionContext::isEnabled(). (#37069)
SNI dynamic forward proxy: Support saving resolved upstream address (#37099)
fix spelling in a comment (#37272)
ext_proc: remove exception throw in ext_proc configuration parsing code (#37216)
hds: not including for E-M (#37043)
SAN-matcher: refactoring DNS exact SAN matcher out of regular matchers (#37253)
Change handling of graceful case of LoadStatsReporting onRemoteClose (#37076)
limit calculated sampling exponent (#37240)
health check: remove exceptions (#37263)
http: allow local replies to traverse the filter chain after 1xx headers (#37097)
validator: add in removed extension (#37261)
deps: Bump `com_github_gabime_spdlog` -> 1.15.0 (#37204)
deps/python: Manually bump yarl to resolve dependabot issues (#37245)
repo: Sync version histories (#37260)
stream_info_formatter.cc format file (#37244)
Update rate_limit_quota CODEOWNERS (#37255)
rlqs: Shared, global RLQS client & buckets cache (#34009)
perf: Optimize HedgePolicyImpl class layout (#37211)
maintainers: promoting Boteng! (#37231)
validation context: removing exceptions (#37220)
deps: Bump `envoy_examples` -> 0.0.7 (#37248)
proxy-protocol-filter: add version to filter state (#36934)
build(deps): bump envoy-distribution-distrotest from 0.0.11 to 0.0.12 in /tools/base (#37247)
python/tools: Update distrotest to retry apt failures (#37243)
proto: moving a utility to the one call location (#36990)
build(deps): bump slack-sdk from 3.33.3 to 3.33.4 in /tools/base (#37241)
build(deps): bump aiohttp from 3.10.10 to 3.10.11 in /tools/base in the pip group (#37234)
original_ip_detection: revert unintended XFF header appending behavior in CustomHeaderIPDetection (#37194)
test: extend waitForInexactRawData (#37179)
ci: Boost cpu for flakey grpc integration test (#37223)
Update QUICHE from 3c9db14bb to dbc5afc11 (#37235)
utility: remove exceptions for translation (#37042)
ext_authz: expose fields latency, bytesSent and bytesReceived for CEL and logging (#37074)
feature: make always accessible the original downstream local address (#36920)
refactor: Optimize HeadersToAddEntry class layout (#37215)
refactor: Optimize UpstreamCodecFilter class layout (#37213)
deps/api: Bump `envoy_toolshed` -> 0.1.16 (#37219)
build fix (#37149)
quic: Use MaybeSendRstStreamFrame instead of ResetWriteSide in a quic test (#37182)
runtime: deprecating envoy.reloadable_features.exclude_host_in_eds_status_draining (#37185)
deps: Bump `aspect_bazel_lib` -> 2.9.4 (#37203)
deps: Bump `build_bazel_rules_apple` -> 3.13.0 (#37202)
deps/api: Bump `com_github_bufbuild_buf` -> 1.47.2 (#37206)
deps/api: Bump `rules_proto` -> 7.0.2 (#37205)
Resolve performance-inefficient-vector-operation clang-tidy warning (#37189)
udp_proxy: support coexistence of dynamic and static clusters (#37016)
doc: update inotify assertion to provide more accurate feedback (#37111)
router: pre-reserve header_parser vectors by their sizes (#37130)
[contrib] Disable GCC warnings and broken features (#37131)
sub-formatter: store a bool instead of a string (#37141)
filters: revert to original behavior for invalid content-length handling in CEL Size extractor (#37168)
mobile: Make the Apple proxy settings monitor refresh interval configurable (#37175)
mac: set `-Wno-deprecated-declarations` (#37148)
Add CEL test using typed_filter_config (#37174)
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in /contrib/golang/filters/http/test/test_data/add_data in the contrib-golang group (#37161)
build(deps): bump yapf from 0.40.2 to 0.43.0 in /tools/base (#37132)
build(deps): bump setuptools from 75.4.0 to 75.5.0 in /tools/base (#37133)
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in /contrib/golang/filters/http/test/test_data/metric in the contrib-golang group (#37159)
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in /contrib/golang/filters/http/test/test_data/buffer in the contrib-golang group (#37160)
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in /contrib/golang/filters/http/test/test_data/echo in the contrib-golang group (#37162)
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in /contrib/golang/filters/http/test/test_data/access_log in the contrib-golang group (#37163)
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 (#37164)
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in /contrib/golang/router/cluster_specifier/test/test_data/simple in the contrib-golang group (#37165)
build(deps): bump github/codeql-action from 3.27.3 to 3.27.4 (#37166)
build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.2 in /contrib/golang/filters/http/test/test_data/property in the contrib-golang group (#37167)
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in /contrib/golang/filters/http/test/test_data/routeconfig in the contrib-golang group (#37169)
access_log: add UPSTREAM_HOST_NAME_WITHOUT_PORT variable (#37114)
filters: optimize cel expression context with constant-time lookups (#37057)
replace access log list to access log vector (#37103)
feat: prepare for breaking change in Protobuf C++ API (#37066)
iouring: compiling out for E-M linux (#37035)
bump proto_processing_lib to 11d825fb33f92eefcbacbd7b0db9eea8df6e8acb (#37125)
Update QUICHE from aaf48d2e5 to 3c9db14bb (#37128)
[quic]Check canonical suffix when checking checking QUIC brokenness (#36981)
bump protobuf to 28.3 (#37113)
build(deps): bump github/codeql-action from 3.27.0 to 3.27.3 (#37118)
build(deps): bump gsutil from 5.30 to 5.31 in /tools/base (#36545)
build(deps): bump setuptools from 75.3.0 to 75.4.0 in /tools/base (#37105)
build(deps): bump distroless/base-nossl-debian12 from `aa91f01` to `174f326` in /ci (#37119)
Fix a bug where DNS jitter can cause milliseconds duration to be interpreted as negative triggering envoy bug. (#36953)
dns: add round-robin nameserver rotation option to c-ares resolver (#37108)
Remove race between closing upstream connection and downstream request (#37101)
ci: Add bazel client caching (#37096)
tests: use makeOptRef to create an OptRef object (#37110)
http2: removes the false path for an old runtime feature (#37067)
benchmark: add route matcher benchmarks for exact and prefix match (#37086)
lua cluster_specifier: fix lua reference for multiple clusters (#37100)
odcds: only including if needed (#37034)
ext_proc: Ext proc half close on destroy and defer reset till trailers received. (#37083)
exceptions: Make THROW_OR_RETURN_VALUE work outside the "Envoy" namespace (#37058)
access log: support upstream connect timing in COMMON_DURATION (#37077)
build(deps): bump aio-api-bazel from 0.0.2 to 0.0.3 in /tools/base (#37094)
build(deps): update envoyproxy/toolshed requirement to actions-v0.3.5 (#37093)
[contrib][vcl] Fix VCL builds with GCC (#37075)
rbac: add unit tests for matchers to increase coverage (#37080)
changelog: fix a small typo in rbac deprecation line (#37082)
Add `arch` to APT repository configuration (#37068)
rbac: add support for matching on route metadata (#36957)
tls: add options to validate SANs and send SNI for upstream hostname (#36903)
lua cluster_specifier: fix crash in getCluster() (#37073)
deps: Bump `rules_rust` -> 0.54.1 (#37056)
Enhance ext_proc filter to support MXN streaming (#34942)
[contrib][postgres] Remove <> after constructor in the PG proxy code (#37038)
socket: removing some exceptions (#36991)
ci: Shift (Docker) cache priming to request workflow (#37028)
quic: Don't delay TCP attempt when HTTP/3 status is unknown (#37040)
kafka: split protocol generation into .h and .cc files (#37017)
bazel/ci: Add pre/post repository shas to report (#37062)
ci: Rename request/checks workflow (#37033)
bazel: Make `ci` config common (#37027)
build(deps): bump envoyproxy/toolshed from actions-v0.3.1 to 0.3.2 (#37061)
[contrib][http language filter] Change position of libstdc++ library when linking ICU tools (#37060)
docs/proto: Adding comments to fields/enums that have no comments (#37018)
bazel/ci: Remove old fetch setup (#37014)
router: removing unused files (#37019)
Remove extraneous target source/common/common:xds_manager_lib (#37041)
dns_cache: add more unit tests (#37032)
dns resolver: add options to initialize c-ares with custom timeout an… (#36947)
docs: add and fix license URLs (#37029)
deps: Bump `envoy_examples` -> 0.0.6 (#37023)
build(deps): bump pygithub from 2.4.0 to 2.5.0 in /tools/base (#37022)
ext_proc: refactoring onData() to make it modularized (#36999)
proto: removing some exceptions (#36965)
ip-tagging filter: add support for an optional ip-tag-header field (#36434)
S390x - Fix typo for envoy test (#37015)
boringssl: update to latest chromium stable version (#36899)
lua cluster_specifier: give access to cluster connection/request counts (#36998)
golang: expose add{Decoded,Encoded}Data (#36959)
ci/codeql: Disable "trap" caching (#36985)
ci: Boost mem for integration test (#37009)
build(deps): bump envoyproxy/toolshed from actions-v0.2.38 to 0.3.1 (#37013)
docs/bazel: Fix target visibility (#37008)
ci/coverage: Fix duplicate flag warning (#36987)
Add release note for "Relax recent SNI restrictions" (#37000)
Make CancelWrapper enforce thread constraint (#36993)
stats: add tag extraction rules for google_grpc client (#36673)
attributes: add new attribute upstream.request_attempt_count (#36939)
Relax recent SNI restrictions (#36950)
build(deps): bump envoyproxy/toolshed from actions-v0.2.37 to 0.2.38 (#36994)
flow_control: downstream push back sidestream (#35827)
wasm: remove the shutdown callback in lifetime_notifier (#36688)
tools: Remove `envoy_package` (#36948)
deps: Bump `com_google_cel_cpp` -> 0.10.0 (#36940)
ext_proc: clean up (#36956)
kafka: close connection when rejectable request appears (#36979)
github/ci: Fix workflow concurrency (#36952)
bazel/distribution: Cleanups to fix aquery (#36977)
docs: update envoy build location (#36986)
Update QUICHE from 5621f6366 to aaf48d2e5 (#36976)
mobile: Fix HTTPRequestUsingProxyTest.swift (#36980)
Added envoy test missing options for s390x (#36915)
Add cancelWrapper helper function in /common. (#36938)
router: use template method to avoid unused memory allocations in HeaderData (#36878)
xds: delta-xDS avoid copying resources (#36832)
deps/api: Bump `envoy_toolshed` -> 0.1.15 (#36969)
github/ci: Workaround `macos-12` brownout by boosting images (#36972)
sds: relax backing cluster check to allow dynamic clusters (#36694)
json: reduce exceptions (#36919)
headers/geoip: Fix macro (#36964)
ads-replacement: adding hook and cluster-manager support (#36768)
srds: remove a redundant if block (#36944)
ci: Quieten GCS artifact uploads (#36949)
matchers: remove unneeded ListMatcher data member (#36902)
Partial revert of "mobile: resolving how forcev6 works on mobile plat… (#36922)
build(deps): bump orjson from 3.10.10 to 3.10.11 in /tools/base (#36960)
address: removing some exceptions (#36754)
api: HTTP APIKey Auth Filter (#36709)
golang: provide method to refresh route cache (#36863)
wasm: remove unused public interfaces (#36941)
tools: updating oncall test triage location (#36937)
ci/rbe: Boost cpus for more flakey tests (#36942)
wasm: prevent stuck connections in case of multiple local replies (#36809)
udp_proxy: Support dynamic cluster selection per session (#36868)
srds: permit dynamic SRDS resources to contain inline RDS configuration (#36703)
http: removing the default trusted address list (#36643)
proto: reducing exceptions (#36872)
ci/rbe: Boost cpus for some more integration tests (#36930)
build(deps): bump envoy-base-utils from 0.5.6 to 0.5.7 in /tools/base (#36935)
deps/api: Bump `com_github_bufbuild_buf` -> 1.46.0 (#36933)
deps: Bump `build_bazel_rules_apple` -> 3.11.2 (#36932)
build(deps): bump setuptools from 75.2.0 to 75.3.0 in /tools/base (#36906)
build(deps): bump slack-sdk from 3.33.2 to 3.33.3 in /tools/base (#36905)
tests: add integration test to quic_stats for long certificate chain (#36926)
add OLM scaling for max_connection_duration (#36816)
config: removing unpackToOrThrow in favor of unpackTo (#36821)
srds: remove scope from scope_name_by_hash_ in case the scope key changes (#36702)
test: fix os_sys_calls_test in some less common environments (#36923)
tools/python: Fix macro format issue (#36916)
router: converting internal_only_headers from list to vector (#36898)
Remove unused listener FilterChain on_demand_configuration field (#36786)
tools/python: Fix namespacing in entry_point macros (#36914)
route: remove redundant loader reference in weighted cluster entries (#36836)
wasm: removed automatical route refreshment and add a foreign function to clear the route cache (#36671)
deps/api: Bump `envoy_toolshed` -> 0.1.13 (#36892)
ci/rbe: Boost cpu for another integration test (#36901)
tls: Expose well-known certificate subject fields in Lua filter (#35994)
bazel/deps: Fix `rules_license` setup (#36900)
[mobile]fix jni parameter type (#36896)
quic: add debug visitor to export various quic stats from quiche (#36813)
context: use server factory context as lb context (#36874)
runtime: removed defer processing flag and legacy codepaths. (#36731)
http2: protects client against stream not found (#36573)
ci/rbe: Boost cpu for another integration test (#36885)
build(deps): bump actions/dependency-review-action from 4.3.5 to 4.4.0 (#36883)
fix typo in the code comment (#36875)
Update QUICHE from 0d1ce7087 to 5621f6366 (#36869)
mobile: Fix a PAC proxy error check bug (#36876)
runtime: Enable UDP GRO by default (#36811)
Deprecating and removing envoy.reloadable_features.edf_lb_locality_scheduler_init_fix (#36835)
ci: Use repo settings for upload buckets (#36870)
flow_control: Refactor setWatermark (#36738)
bazel/ci: Add repo customizations (#36831)
deps: Bump `bazel_features` -> 1.20.0 (#36855)
deps: Bump `rules_python` -> 0.37.2 (#36854)
dependabot: add missing contrib-golang group to some gomod (#36849)
build(deps): bump distroless/base-nossl-debian12 from `e130c09` to `aa91f01` in /ci (#36847)
ci/coverage: Fix accidental ws (#36839)
oauth2: enable `use_refresh_token` by default (#36065)
Update QUICHE from 408e786de to 0d1ce7087 (#36822)
ci/rbe: Boost cpus for more integration tests (#36837)
ci/coverage: Fix coverage flake in `source/extensions/common` (#36838)
route: Downgrade advisory log message (#36797)
runtime: deprecate validate_grpc_header (#36757)
rbe/ci: Bump cpus for kv/store integration test (#36834)
deps: Bump `build_bazel_rules_apple` -> 3.10.0 (#36833)
protobuf.patch: a bunch of updates, mostly backports (#36823)
coverage: loosen (#36830)
ci/rbe: Boost cpu/mem for more integration tests (#36825)
deps: Bump `com_github_awslabs_aws_c_auth` -> 0.8.0 (#36827)
deps: Bump `aspect_bazel_lib` -> 2.9.3 (#36726)
deps/api: Bump `dev_cel` -> 0.18.0 (#36826)
build(deps): bump slack-sdk from 3.33.1 to 3.33.2 in /tools/base (#36824)
router: clean up unnecessary field (#36814)
request id: minor optimization or fix to the request id logic (#36773)
deps: Bump `com_github_nghttp2_nghttp2` -> 1.64.0 (#36743)
Set resource `telemetry.sdk.*` and scope `otel.scope.name|version` attributes for the OpenTelemetry tracer (#36787)
Backport grpc change to fix some protoc warnings (#36795)
wasm: restart wasm vm if it's failed because runtime error (#36456)
deps: Bump `rules_python` -> 0.37.1 (#36817)
proxy_protocol: use no-throw addresses to remove exception handling (#36815)
tools/python: Remove unused loading of old py macro (#36820)
tools/python: Use newer `entry_point` rule (#36803)
ci/codeql: Only run on main branch (#36806)
ci/rbe: Adjust keepalives for cache (envoy and mobile) (#36810)
ci/rbe: Boost cpus for a couple more integration tests (#36807)
tls: support IP SANs for IP versions not supported by host OS (#36770)
dynamic_modules: scaffolds config API & HTTP Filter (#36448)
Refactor UDP proxy to support deferred cluster selection (#36700)
coverage: ratcheting (#36762)
quic: remove runtime guard and code for legacy cert handling (#36772)
Deprecating and removing envoy.reloadable_features.edf_lb_host_scheduler_init_fix (#36794)
build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#36798)
[balsa] Add runtime flag for http_inspector parser (#36672)
tls: reduce memory use per connection by 712 bytes (#36767)
ci/tests: Boost more worker cores for flakey integration tests (#36793)
bump cel-cpp (#36661)
ci/tests: Revert some integration tests to `2core` (#36784)
mobile: resolving how forcev6 works on mobile platforms (#36732)
build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 (#36774)
build(deps): bump protobuf from 5.28.2 to 5.28.3 in /tools/base (#36775)
build(deps): bump orjson from 3.10.9 to 3.10.10 in /tools/base (#36776)
ci/macos: Increase timeout to 120m (#36719)
ci/coverage: Remove more cruft in diskspace hack (#36720)
aws: async bugfix for multiple credential handlers in upstream mode (#36707)
Allow empty resolver list for cares dns (#36735)
runtime: removing dns_reresolve_on_eai_again (#36656)
mobile: Adds proxy.pac to test PAC file URL (#36765)
ci/rbe: Switch rbe pools `2core` -> `6gig` (#36761)
ocsp/formatting: Fix format issue in generated cert (#36763)
deps: Switch hosting server for kafka server binary download (#36748)
test/ocsp: Renew certificates (#36755)
upstream: removing exceptions from hostimpl (#36582)
deps: Bump `rules_rust` -> 0.53.0 (#36727)
deps: Bump `rules_jvm_external` -> 6.4 (#36721)
build(deps): bump actions/dependency-review-action from 4.3.4 to 4.3.5 (#36740)
Add support for OtherName, Email SAN substitution formatters (#36502)
wasm: remove redundant xds attributes (#36619)
apple_dns: Add DNS query trace (#36678)
mobile: Fixes for the Apple PAC proxy resolver (#36698)
mobile: change to being more aggressive about HTTP/3 retries (#36734)
ci/rbe: Switch backend RBE cluster (#36730)
deps/release: Bump Ubuntu -> 0e5e4a5 (#36723)
Fix documentation for TcpProxy.metadata_match (#36683)
build: fix compile commands generation (#36693)
add test suites for classes in hash_policy.cc file (#36708)
router: remove send_local_reply_when_no_buffer_and_upstream_request guard (#36620)
mobile: add knob for h3 keepalive (#36646)
test: Add a knob to disable admin server in IntegrationTestServer (#36684)
build(deps): bump orjson from 3.10.7 to 3.10.9 in /tools/base (#36714)
build(deps): bump envoy-base-utils from 0.5.5 to 0.5.6 in /tools/base (#36690)
build(deps): bump cryptography from 43.0.1 to 43.0.3 in /tools/base (#36715)
aws_signing: support for dynamically configurable credential (#36217)
http: initializes a field of ConnectionManagerImpl::ActiveStream::State. (#36642)
test: deflake an integration test (#36674)
ci/rbe: Use engflow for non-coverage checks (#36687)
xds-failover: fixing runtime feature flag in tests (#36659)
security-release: update the q3 release record (#36689)
Signed-off-by: tedjpoole <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-main
branch
from
82ac806
to
e93f14b
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Generated by envoy-sync-receive.sh