chore: merge upstream main, keep both new tests in filter_test.cc

Resolved conflict between local ModeOverrideBufferedToFullDuplexChunkedEmptyBody
test and upstream HttpEventTrafficStatsTest, both added at the end of
the file. Kept both tests.

Author: renuka-fernando

.bazelci/presubmit.yml

@@ -17,10 +17,6 @@ tasks:
     platform: ubuntu2004
     shell_commands:
     - "sudo apt -y update && sudo apt -y install automake autotools-dev cmake libtool m4 ninja-build"
-    - "wget https://apt.llvm.org/llvm.sh && sudo bash llvm.sh 14"
-    - "bazel/setup_clang.sh /usr/lib/llvm-14"
-    # TODO(keith): Remove once we use clang 15+ on CI
-    - "sudo apt-get install -y libclang-rt-14-dev"
     test_targets:
     - "//test/common/common/..."
     - "//test/integration/..."

.bazelrc

@@ -208,7 +208,6 @@ build:compile-time-options --config=boringssl-fips
 build:compile-time-options --define=log_debug_assert_in_release=enabled
 build:compile-time-options --define=path_normalization_by_default=true
 build:compile-time-options --define=deprecated_features=disabled
-build:compile-time-options --define=tcmalloc=gperftools
 build:compile-time-options --define=uhv=enabled
 # gRPC has a lot of deprecated-enum-enum-conversion warnings with C++20
 build:compile-time-options --copt=-Wno-error=deprecated-enum-enum-conversion
@@ -223,18 +222,18 @@ build:compile-time-options --@envoy//source/extensions/filters/http/kill_request
 
 common:fips-common --test_tag_filters=-nofips
 common:fips-common --build_tag_filters=-nofips
-common:fips-common --//bazel:fips=True
+common:fips-common --@envoy//bazel:fips=True
 
 # BoringSSL FIPS
 common:boringssl-fips --config=fips-common
-common:boringssl-fips --//bazel:ssl=@boringssl_fips//:ssl
-common:boringssl-fips --//bazel:crypto=@boringssl_fips//:crypto
+common:boringssl-fips --@envoy//bazel:ssl=@boringssl_fips//:ssl
+common:boringssl-fips --@envoy//bazel:crypto=@boringssl_fips//:crypto
 
 # AWS-LC FIPS
 common:aws-lc-fips --config=fips-common
-common:aws-lc-fips --//bazel:ssl=@aws_lc//:ssl
-common:aws-lc-fips --//bazel:crypto=@aws_lc//:crypto
-common:aws-lc-fips --//bazel:http3=False
+common:aws-lc-fips --@envoy//bazel:ssl=@aws_lc//:ssl
+common:aws-lc-fips --@envoy//bazel:crypto=@aws_lc//:crypto
+common:aws-lc-fips --@envoy//bazel:http3=False
 
 
 #############################################################################
@@ -266,7 +265,7 @@ build:asan-common --build_tag_filters=-no_san
 build:asan-common --test_tag_filters=-no_san
 build:asan-common --copt -fsanitize=address,undefined
 build:asan-common --linkopt -fsanitize=address,undefined
-# vptr and function sanitizer are enabled in asan if it is set up via bazel/setup_clang.sh.
+# vptr and function sanitizer are enabled in asan when using --config=clang.
 build:asan-common --copt -fno-sanitize=vptr,function
 build:asan-common --linkopt -fno-sanitize=vptr,function
 build:asan-common --copt -DADDRESS_SANITIZER=1

.gemini/config.yaml

@@ -0,0 +1,7 @@
+code_review:
+  disable: false
+  pull_request_opened:
+    help: false
+    summary: false
+    code_review: false
+    include_drafts: false

.github/config.yml

@@ -94,6 +94,11 @@ checks:
     required: true
     on-run:
     - mobile-perf
+  mobile-python:
+    name: Mobile/Python
+    required: true
+    on-run:
+    - mobile-python
   mobile-release-validation:
     name: Mobile/Release validation
     required: true
@@ -320,6 +325,18 @@ run:
     - mobile/.bazelrc
     - mobile/**/*
     - tools/code_format/check_format.py
+  mobile-python:
+    paths:
+    - .bazelrc
+    - .bazelversion
+    - .github/config.yml
+    - .github/workflows/mobile-python.yml
+    - bazel/external/quiche.BUILD
+    - bazel/repositories.bzl
+    - bazel/repository_locations.bzl
+    - mobile/.bazelrc
+    - mobile/**/*
+    - tools/code_format/check_format.py
   mobile-release-validation:
     paths:
     - .bazelrc

.github/dependabot.yml

@@ -23,6 +23,13 @@ updates:
     interval: "daily"
     time: "06:00"
 
+- package-ecosystem: "pip"
+  directory: "/mobile/third_party/python"
+  open-pull-requests-limit: 20
+  schedule:
+    interval: "daily"
+    time: "06:00"
+
 - package-ecosystem: "docker"
   directory: "/.devcontainer"
   schedule:

.github/workflows/_precheck_deps.yml

@@ -57,4 +57,4 @@ jobs:
         ref: ${{ fromJSON(inputs.request).request.sha }}
         persist-credentials: false
     - name: Dependency Review
-      uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261  # v4.8.2
+      uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48  # v4.9.0

.github/workflows/_request.yml

@@ -176,14 +176,14 @@ jobs:
     # TODO(phlax): shift this to ci/request action above
     - name: Check Docker cache (x64)
       id: cache-exists-docker-x64
-      uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7  # v5.0.2
+      uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306  # v5.0.3
       with:
         lookup-only: true
         path: /tmp/cache
         key: ${{ fromJSON(steps.data.outputs.value).request.build-image.default }}
     - name: Check Docker cache (arm64)
       id: cache-exists-docker-arm64
-      uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7  # v5.0.2
+      uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306  # v5.0.3
       with:
         lookup-only: true
         path: /tmp/cache

.github/workflows/_run.yml

@@ -318,7 +318,7 @@ jobs:
     # HACK/WORKAROUND for cache scope issue (https://github.com/envoyproxy/envoy/issues/37603)
     - if: ${{ inputs.cache-build-image }}
       id: cache-lookup
-      uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7  # v5.0.2
+      uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306  # v5.0.3
       with:
         lookup-only: true
         path: /tmp/cache

.github/workflows/_upload_gcs.yml

@@ -25,7 +25,7 @@ jobs:
       matrix:
         artifact: ${{ fromJSON(inputs.artifacts) }}
     steps:
-    - uses: actions/download-artifact@v4.1.3
+    - uses: actions/download-artifact@v8.0.0
       with:
         name: ${{ matrix.artifact }}
         path: ${{ matrix.artifact }}

.github/workflows/codeql-daily.yml

@@ -52,7 +52,7 @@ jobs:
       uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@b20883b0cd1f46c72ae0ba6d1090936928f9fa30  # codeql-bundle-v4.32.0
+      uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13  # codeql-bundle-v4.35.1
       with:
         languages: cpp
         trap-caching: false
@@ -91,4 +91,4 @@ jobs:
         git clean -xdf
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@b20883b0cd1f46c72ae0ba6d1090936928f9fa30  # codeql-bundle-v4.32.0
+      uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13  # codeql-bundle-v4.35.1