Merge remote-tracking branch 'upstream/main' into fix-ip-san

.github/workflows/codeql-daily.yml

@@ -34,7 +34,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b  # codeql-bundle-v3.26.13
+      uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd  # codeql-bundle-v3.27.0
       # Override language selection by uncommenting this and choosing your languages
       with:
         languages: cpp
@@ -74,4 +74,4 @@ jobs:
         git clean -xdf
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b  # codeql-bundle-v3.26.13
+      uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd  # codeql-bundle-v3.27.0

.github/workflows/codeql-push.yml

@@ -65,7 +65,7 @@ jobs:
 
     - name: Initialize CodeQL
       if: ${{ env.BUILD_TARGETS != '' }}
-      uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b  # codeql-bundle-v3.26.13
+      uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd  # codeql-bundle-v3.27.0
       with:
         languages: cpp
 
@@ -109,4 +109,4 @@ jobs:
 
     - name: Perform CodeQL Analysis
       if: ${{ env.BUILD_TARGETS != '' }}
-      uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b  # codeql-bundle-v3.26.13
+      uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd  # codeql-bundle-v3.27.0

.github/workflows/scorecard.yml

@@ -40,6 +40,6 @@ jobs:
         retention-days: 5
 
     - name: "Upload to code-scanning"
-      uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b  # v3.26.13
+      uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd  # v3.27.0
       with:
         sarif_file: results.sarif

bazel/repositories.bzl

@@ -489,8 +489,6 @@ def _com_github_facebook_zstd():
 def _com_google_cel_cpp():
     external_http_archive(
         "com_google_cel_cpp",
-        patches = ["@envoy//bazel:cel-cpp.patch"],
-        patch_args = ["-p1"],
     )
 
 def _com_github_google_perfetto():

bazel/repository_locations.bzl

@@ -1254,8 +1254,8 @@ REPOSITORY_LOCATIONS_SPEC = dict(
         project_name = "Common Expression Language (CEL) C++ library",
         project_desc = "Common Expression Language (CEL) C++ library",
         project_url = "https://opensource.google/projects/cel",
-        version = "0abd738f9f54388452e6ebb0955eb039f9162b3d",
-        sha256 = "d163805320a782c5194b7496cdd5e8c9d9604eeffc1e531770cf6b130bc182fd",
+        version = "b03438ae95cac305d672b56c35472894a09fba19",
+        sha256 = "0c5778861e427c704e0c07287269d8a490af623284c50b017132e77638c7bdfb",
         strip_prefix = "cel-cpp-{version}",
         urls = ["https://github.com/google/cel-cpp/archive/{version}.tar.gz"],
         use_category = ["dataplane_ext"],
@@ -1276,7 +1276,7 @@ REPOSITORY_LOCATIONS_SPEC = dict(
             "envoy.matching.inputs.cel_data_input",
             "envoy.matching.matchers.cel_matcher",
         ],
-        release_date = "2023-12-20",
+        release_date = "2024-10-22",
         cpe = "N/A",
     ),
     com_github_google_flatbuffers = dict(

mobile/library/cc/engine_builder.cc

@@ -227,11 +227,6 @@ EngineBuilder& EngineBuilder::setNumTimeoutsToTriggerPortMigration(int num_timeo
   return *this;
 }
 
-EngineBuilder& EngineBuilder::setForceAlwaysUsev6(bool value) {
-  always_use_v6_ = value;
-  return *this;
-}
-
 EngineBuilder& EngineBuilder::enableInterfaceBinding(bool interface_binding_on) {
   enable_interface_binding_ = interface_binding_on;
   return *this;
@@ -862,7 +857,6 @@ std::unique_ptr<envoy::config::bootstrap::v3::Bootstrap> EngineBuilder::generate
     (*reloadable_features.mutable_fields())[guard_and_value.first].set_bool_value(
         guard_and_value.second);
   }
-  (*reloadable_features.mutable_fields())["always_use_v6"].set_bool_value(always_use_v6_);
   (*reloadable_features.mutable_fields())["prefer_quic_client_udp_gro"].set_bool_value(
       use_gro_if_available_);
   ProtobufWkt::Struct& restart_features =

mobile/library/cc/engine_builder.h

@@ -75,7 +75,6 @@ class EngineBuilder {
   EngineBuilder& enablePlatformCertificatesValidation(bool platform_certificates_validation_on);
 
   EngineBuilder& enableDnsCache(bool dns_cache_on, int save_interval_seconds = 1);
-  EngineBuilder& setForceAlwaysUsev6(bool value);
   // Adds the hostnames that should be pre-resolved by DNS prior to the first request issued for
   // that host. When invoked, any previous preresolve hostname entries get cleared and only the ones
   // provided in the hostnames argument get set.
@@ -184,7 +183,6 @@ class EngineBuilder {
   std::vector<std::pair<std::string, int>> quic_hints_;
   std::vector<std::string> quic_suffixes_;
   int num_timeouts_to_trigger_port_migration_ = 0;
-  bool always_use_v6_ = false;
 #if defined(__APPLE__)
   // TODO(abeyad): once stable, consider setting the default to true.
   bool respect_system_proxy_settings_ = false;

mobile/library/java/io/envoyproxy/envoymobile/engine/EnvoyConfiguration.java

@@ -38,7 +38,6 @@ public enum TrustChainVerification {
   public final boolean enableHttp3;
   public final boolean useCares;
   public final List<Pair<String, String>> caresFallbackResolvers;
-  public final boolean forceV6;
   public final boolean useGro;
   public final String http3ConnectionOptions;
   public final String http3ClientConnectionOptions;
@@ -93,7 +92,6 @@ public enum TrustChainVerification {
    * @param enableHttp3                                   whether to enable experimental support for
    *     HTTP/3 (QUIC).
    * @param useCares                                      whether to use the c_ares library for DNS
-   * @param forceV6                                       whether to map v4 address to v6
    * @param useGro                                        whether to use UDP GRO on upstream QUIC
    *     connections, if available.
    * @param http3ConnectionOptions                        connection options to be used in HTTP/3.
@@ -140,14 +138,14 @@ public EnvoyConfiguration(
       int dnsFailureRefreshSecondsMax, int dnsQueryTimeoutSeconds, int dnsMinRefreshSeconds,
       List<String> dnsPreresolveHostnames, boolean enableDNSCache, int dnsCacheSaveIntervalSeconds,
       int dnsNumRetries, boolean enableDrainPostDnsRefresh, boolean enableHttp3, boolean useCares,
-      boolean forceV6, boolean useGro, String http3ConnectionOptions,
-      String http3ClientConnectionOptions, Map<String, Integer> quicHints,
-      List<String> quicCanonicalSuffixes, boolean enableGzipDecompression,
-      boolean enableBrotliDecompression, int numTimeoutsToTriggerPortMigration,
-      boolean enableSocketTagging, boolean enableInterfaceBinding,
-      int h2ConnectionKeepaliveIdleIntervalMilliseconds, int h2ConnectionKeepaliveTimeoutSeconds,
-      int maxConnectionsPerHost, int streamIdleTimeoutSeconds, int perTryIdleTimeoutSeconds,
-      String appVersion, String appId, TrustChainVerification trustChainVerification,
+      boolean useGro, String http3ConnectionOptions, String http3ClientConnectionOptions,
+      Map<String, Integer> quicHints, List<String> quicCanonicalSuffixes,
+      boolean enableGzipDecompression, boolean enableBrotliDecompression,
+      int numTimeoutsToTriggerPortMigration, boolean enableSocketTagging,
+      boolean enableInterfaceBinding, int h2ConnectionKeepaliveIdleIntervalMilliseconds,
+      int h2ConnectionKeepaliveTimeoutSeconds, int maxConnectionsPerHost,
+      int streamIdleTimeoutSeconds, int perTryIdleTimeoutSeconds, String appVersion, String appId,
+      TrustChainVerification trustChainVerification,
       List<EnvoyNativeFilterConfig> nativeFilterChain,
       List<EnvoyHTTPFilterFactory> httpPlatformFilterFactories,
       Map<String, EnvoyStringAccessor> stringAccessors,
@@ -174,7 +172,6 @@ public EnvoyConfiguration(
       this.caresFallbackResolvers.add(
           new Pair<String, String>(hostAndPort.first, String.valueOf(hostAndPort.second)));
     }
-    this.forceV6 = forceV6;
     this.useGro = useGro;
     this.http3ConnectionOptions = http3ConnectionOptions;
     this.http3ClientConnectionOptions = http3ClientConnectionOptions;
@@ -239,13 +236,13 @@ public long createBootstrap() {
         connectTimeoutSeconds, dnsRefreshSeconds, dnsFailureRefreshSecondsBase,
         dnsFailureRefreshSecondsMax, dnsQueryTimeoutSeconds, dnsMinRefreshSeconds, dnsPreresolve,
         enableDNSCache, dnsCacheSaveIntervalSeconds, dnsNumRetries, enableDrainPostDnsRefresh,
-        enableHttp3, useCares, forceV6, useGro, http3ConnectionOptions,
-        http3ClientConnectionOptions, quicHints, quicSuffixes, enableGzipDecompression,
-        enableBrotliDecompression, numTimeoutsToTriggerPortMigration, enableSocketTagging,
-        enableInterfaceBinding, h2ConnectionKeepaliveIdleIntervalMilliseconds,
-        h2ConnectionKeepaliveTimeoutSeconds, maxConnectionsPerHost, streamIdleTimeoutSeconds,
-        perTryIdleTimeoutSeconds, appVersion, appId, enforceTrustChainVerification, filterChain,
-        enablePlatformCertificatesValidation, upstreamTlsSni, runtimeGuards, caresFallbackResolvers,
+        enableHttp3, useCares, useGro, http3ConnectionOptions, http3ClientConnectionOptions,
+        quicHints, quicSuffixes, enableGzipDecompression, enableBrotliDecompression,
+        numTimeoutsToTriggerPortMigration, enableSocketTagging, enableInterfaceBinding,
+        h2ConnectionKeepaliveIdleIntervalMilliseconds, h2ConnectionKeepaliveTimeoutSeconds,
+        maxConnectionsPerHost, streamIdleTimeoutSeconds, perTryIdleTimeoutSeconds, appVersion,
+        appId, enforceTrustChainVerification, filterChain, enablePlatformCertificatesValidation,
+        upstreamTlsSni, runtimeGuards, caresFallbackResolvers,
         h3ConnectionKeepaliveInitialIntervalMilliseconds);
   }
 }