build(deps): bump github.com/envoyproxy/envoy from 1.36.4 to 1.37.0 in /golang-network/simple in the examples-golang-network group

[dependabot]

Bumps the examples-golang-network group in /golang-network/simple with 1 update: github.com/envoyproxy/envoy.

Updates github.com/envoyproxy/envoy from 1.36.4 to 1.37.0

Release notes

Sourced from github.com/envoyproxy/envoy's releases.

v1.37.0

Summary of changes

Dynamic modules expansion

• Added support for network, listener, UDP listener, and access logger filters
• Introduced streaming HTTP callouts to HTTP filters
• Enhanced ABI for streaming body manipulation and header operations
• Added global module loading and improved module search path handling

HTTP and protocol enhancements

• Container-aware CPU detection for improved resource utilization in containerized environments
• HTTP/2 performance optimizations including reduced allocations for well-known headers
• Enhanced cookie matching in route configuration
• Added vhost header customization and forward client cert matching via xDS matcher

Filter ecosystem growth

• New transform filter for request/response body modification
• New MCP (Model Context Protocol) filter and router for agentic network
• Network-layer geoip filter for non-HTTP geolocation
• Postgres Inspector listener filter for PostgreSQL traffic routing

Security and authorization

• Proto API Scrubber filter now production-ready with comprehensive metrics
• Enhanced ext_authz with error response support and improved header handling
• Better TLS certificate validation failure messages in access logs
• On-demand certificate fetching via SDS

Composite filter improvements

• Support for filter chains and named filter chains
• Improved scalability through filter chain reuse across match actions

Observability

• New stats-based access logger
• Process-level rate limiting for access logs
• Enhanced OTLP stats sink with metric dropping support
• Added execution counters and improved tracing support across filters

Router and traffic management

• Cluster-level retry policies, hash policies, and request mirroring
• Composite cluster extension for retry-aware cluster selection
• Substitution formatting for direct response bodies and descriptor values

Other notable changes

• Fixed multiple memory leaks and crashes in HTTP/2, Lua, and connection handling
• Improved QUIC path migration using QUICHE logic
• Enhanced TCP proxy with upstream connect mode and early data buffering
• Added MaxMind Country database support for geoip

Breaking changes

... (truncated)

Changelog

Sourced from github.com/envoyproxy/envoy's changelog.

Release Process

Active development

Active development is happening on the main branch, and a new version is released from it.

Stable releases

Stable releases of Envoy include:

• Major releases in which a new version a created directly from the main branch.
• Minor releases for versions covered by the extended maintenance window (any version released in the last 12 months).
  • Security fixes backported from the main branch (including those deemed not worthy of creating a CVE).
  • Stability fixes backported from the main branch (anything that can result in a crash, including crashes triggered by a trusted control plane).
  • Bugfixes, deemed worthwhile by the maintainers of stable releases.

Major releases happen quartely and follow the schedule below. Security fixes typically happen quarterly as well, but this depends on the number and severity of security bugs. Other releases are ad-hoc and best-effort.

Security releases

Critical security fixes are owned by the Envoy security team, which provides fixes for the main branch. Once those fixes are ready, the maintainers of stable releases backport them to the remaining supported stable releases.

Backports

All other security and reliability fixes can be nominated for backporting to stable releases by Envoy maintainers, Envoy security team, the change author, or members of the Envoy community by adding the backport/review or backport/approved label (this can be done using [repokitteh]'s /backport command). Changes nominated by the change author and/or members of the Envoy community are evaluated for backporting on a case-by-case basis, and require approval from either the release manager of stable release, Envoy maintainers, or Envoy security team. Once approved, those fixes are backported from the main branch to all supported stable branches by the maintainers of stable releases. New stable versions from non-critical security fixes are released on a regular schedule, initially aiming for the bi-weekly releases.

Release management

Major releases are handled by the maintainer on-call and do not involve any backports. The details are outlined in the "Cutting a major release" section below. Security releases are handled by a Release Manager and a Fix Lead. The Release Manager is responsible for approving and merging backports, with responsibilties outlined in https://github.com/envoyproxy/envoy/blob/main/BACKPORTS.md. The Fix Lead is a member of the security team and is responsible for coordinating the overall release. This includes identifying issues to be fixed in the release, communications with the Envoy community, and the

... (truncated)

Commits

• 6d9bb7d repo: Release v1.37.0
• b6cc69c docker/release: Bump distroless -> 16b3bc2 (#42971)
• c71d09b docker/release: Fix for contrib-distroless publishing (#42972)
• b7c1735 Add release summary for Envoy 1.37.0 (#42952)
• 7224944 [contrib][vcl] bump to vpp 26.02rc0 (#42959)
• c203296 build(deps): bump protobuf from 6.33.2 to 6.33.4 in /tools/base (#42963)
• 1cbd0e6 build(deps): bump sphinx-rtd-theme from 3.0.2 to 3.1.0 in /tools/base (#42962)
• 244f8d6 build(deps): bump github/codeql-action from 4.31.9 to 4.31.10 (#42961)
• ff8eee2 dynamic_modules: add dynamic modules support for bootstrap extensions (#42903)
• 48252e8 mcp: encode mcp router subject (#42950)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions