solo-io
diff --git a/‎changelog/v1.19.0-beta9/bump-deps.yaml
+107 b/‎changelog/v1.19.0-beta9/bump-deps.yaml
+107
diff --git a/‎docs/content/reference/api/github.com/solo-io/gloo/projects/gateway2/api/v1alpha1/gateway_parameters.md
+7 b/‎docs/content/reference/api/github.com/solo-io/gloo/projects/gateway2/api/v1alpha1/gateway_parameters.md
+7
diff --git a/‎docs/content/reference/values.txt
+3 b/‎docs/content/reference/values.txt
+3
diff --git a/‎docs/content/static/content/osa_provided.md
+32-30 b/‎docs/content/static/content/osa_provided.md
+32-30
@@ -0,0 +1,107 @@
+changelog:
+
+- type: NON_USER_FACING
+  description: >
+    To support the Istio dependency being bumped,
+    add a workaround that prevents sending xDS for Kubernetes Gateways until
+    their per-client clusters are ready.
+
+    This works around the fact that the latest krt behavior is now async; we
+    previously relied on events to have a specific order but because they're
+    processed in parallel there is no guarantee clusters are ready before we
+    process the xds snapshot for the unique connected client on the first
+    iteration.
+
+    In the future we seek to add guarantees to the krt framework upstream to
+    avoid the need to be careful with situations like these.
+
+- type: NON_USER_FACING
+  description: >
+    Bump dependencies to support latest Envoy (1.33).
+  issueLink: https://github.com/kgateway-dev/kgateway/issues/10487
+  resolvesIssue: false
+
+- type: DEPENDENCY_BUMP
+  dependencyOwner: github.com/envoyproxy
+  dependencyRepo: go-control-plane/contrib
+  dependencyTag: v1.32.5-0.20250207140015-90270e3c85fd
+- type: DEPENDENCY_BUMP
+  dependencyOwner: github.com/envoyproxy
+  dependencyRepo: go-control-plane/envoy
+  dependencyTag: v1.32.5-0.20250211152746-ef139ef8ea6b
+- type: DEPENDENCY_BUMP
+  dependencyOwner: golang.org
+  dependencyRepo: x/crypto
+  dependencyTag: v0.32.0
+- type: DEPENDENCY_BUMP
+  dependencyOwner: golang.org
+  dependencyRepo: x/tools
+  dependencyTag: v0.29.0
+- type: DEPENDENCY_BUMP
+  dependencyOwner: google.golang.org
+  dependencyRepo: grpc
+  dependencyTag: v1.70.0
+- type: DEPENDENCY_BUMP
+  dependencyOwner: google.golang.org
+  dependencyRepo: protobuf
+  dependencyTag: v1.36.5
+- type: DEPENDENCY_BUMP
+  dependencyOwner: github.com/fsnotify
+  dependencyRepo: fsnotify
+  dependencyTag: v1.8.0
+- type: DEPENDENCY_BUMP
+  dependencyOwner: k8s.io
+  dependencyRepo: api
+  dependencyTag: v0.32.1
+- type: DEPENDENCY_BUMP
+  dependencyOwner: k8s.io
+  dependencyRepo: apiextensions-apiserver
+  dependencyTag: v0.32.1
+- type: DEPENDENCY_BUMP
+  dependencyOwner: k8s.io
+  dependencyRepo: apimachinery
+  dependencyTag: v0.32.1
+- type: DEPENDENCY_BUMP
+  dependencyOwner: k8s.io
+  dependencyRepo: apiserver
+  dependencyTag: v0.32.1
+- type: DEPENDENCY_BUMP
+  dependencyOwner: k8s.io
+  dependencyRepo: cli-runtime
+  dependencyTag: v0.32.1
+- type: DEPENDENCY_BUMP
+  dependencyOwner: k8s.io
+  dependencyRepo: client-go
+  dependencyTag: v0.32.1
+- type: DEPENDENCY_BUMP
+  dependencyOwner: sigs.k8s.io
+  dependencyRepo: code-generator
+  dependencyTag: v0.32.1
+- type: DEPENDENCY_BUMP
+  dependencyOwner: sigs.k8s.io
+  dependencyRepo: component-base
+  dependencyTag: v0.32.1
+- type: DEPENDENCY_BUMP
+  dependencyOwner: sigs.k8s.io
+  dependencyRepo: component-helpers
+  dependencyTag: v0.32.1
+- type: DEPENDENCY_BUMP
+  dependencyOwner: sigs.k8s.io
+  dependencyRepo: kubectl
+  dependencyTag: v0.32.1
+- type: DEPENDENCY_BUMP
+  dependencyOwner: sigs.k8s.io
+  dependencyRepo: metrics
+  dependencyTag: v0.32.1
+- type: DEPENDENCY_BUMP
+  dependencyOwner: sigs.k8s.io
+  dependencyRepo: controller-runtime
+  dependencyTag: v0.20.1
+- type: DEPENDENCY_BUMP
+  dependencyOwner: onsi
+  dependencyRepo: ginkgo/v2
+  dependencyTag: v2.22.1
+- type: DEPENDENCY_BUMP
+  dependencyOwner: onsi
+  dependencyRepo: gomega
+  dependencyTag: v1.36.2
@@ -6900,6 +6900,13 @@ Resource Types:
             <i>Format</i>: int64<br/>
         </td>
         <td>false</td>
+      </tr><tr>
+        <td><b>seLinuxChangePolicy</b></td>
+        <td>string</td>
+        <td>
+          <br/>
+        </td>
+        <td>false</td>
       </tr><tr>
         <td><b><a href="#gatewayparametersspeckubepodtemplatesecuritycontextselinuxoptions">seLinuxOptions</a></b></td>
         <td>object</td>
 
@@ -434,6 +434,7 @@
 |gloo.deployment.podSecurityContext.seccompProfile.localhostProfile|string|||
 |gloo.deployment.podSecurityContext.appArmorProfile.type|string|||
 |gloo.deployment.podSecurityContext.appArmorProfile.localhostProfile|string|||
+|gloo.deployment.podSecurityContext.seLinuxChangePolicy|string|||
 |gloo.deployment.podSecurityContext.mergePolicy|string||How to combine the defined security policy with the default security policy. Valid values are "", "no-merge", and "helm-merge". If defined as an empty string or "no-merge", use the defined security context as is.  If "helm-merge", merge this security context with the default security context according to the logic of [the helm 'merge' function](https://helm.sh/docs/chart_template_guide/function_list/#merge-mustmerge). This is intended to be used to modify a field in a security context, while using all other default values. Please note that due to how helm's 'merge' function works, you can not override a 'true' value with a 'false' value, and for that case you will need to define the entire security context and set this value to false. Default value is "".|
 |gloo.deployment.replicas|int|1|number of instances to deploy|
 |gloo.deployment.customEnv[].name|string|||
@@ -960,6 +961,7 @@
 |gatewayProxies.NAME.podTemplate.podSecurityContext.seccompProfile.localhostProfile|string|||
 |gatewayProxies.NAME.podTemplate.podSecurityContext.appArmorProfile.type|string|||
 |gatewayProxies.NAME.podTemplate.podSecurityContext.appArmorProfile.localhostProfile|string|||
+|gatewayProxies.NAME.podTemplate.podSecurityContext.seLinuxChangePolicy|string|||
 |gatewayProxies.NAME.podTemplate.podSecurityContext.mergePolicy|string||How to combine the defined security policy with the default security policy. Valid values are "", "no-merge", and "helm-merge". If defined as an empty string or "no-merge", use the defined security context as is.  If "helm-merge", merge this security context with the default security context according to the logic of [the helm 'merge' function](https://helm.sh/docs/chart_template_guide/function_list/#merge-mustmerge). This is intended to be used to modify a field in a security context, while using all other default values. Please note that due to how helm's 'merge' function works, you can not override a 'true' value with a 'false' value, and for that case you will need to define the entire security context and set this value to false. Default value is "".|
 |gatewayProxies.NAME.podTemplate.image.tag|string||The image tag for the container.|
 |gatewayProxies.NAME.podTemplate.image.repository|string||The image repository (name) for the container.|
@@ -1213,6 +1215,7 @@
 |gatewayProxies.gatewayProxy.podTemplate.podSecurityContext.seccompProfile.localhostProfile|string|||
 |gatewayProxies.gatewayProxy.podTemplate.podSecurityContext.appArmorProfile.type|string|||
 |gatewayProxies.gatewayProxy.podTemplate.podSecurityContext.appArmorProfile.localhostProfile|string|||
+|gatewayProxies.gatewayProxy.podTemplate.podSecurityContext.seLinuxChangePolicy|string|||
 |gatewayProxies.gatewayProxy.podTemplate.podSecurityContext.mergePolicy|string||How to combine the defined security policy with the default security policy. Valid values are "", "no-merge", and "helm-merge". If defined as an empty string or "no-merge", use the defined security context as is.  If "helm-merge", merge this security context with the default security context according to the logic of [the helm 'merge' function](https://helm.sh/docs/chart_template_guide/function_list/#merge-mustmerge). This is intended to be used to modify a field in a security context, while using all other default values. Please note that due to how helm's 'merge' function works, you can not override a 'true' value with a 'false' value, and for that case you will need to define the entire security context and set this value to false. Default value is "".|
 |gatewayProxies.gatewayProxy.podTemplate.image.tag|string|<release_version, ex: 1.2.3>|The image tag for the container.|
 |gatewayProxies.gatewayProxy.podTemplate.image.repository|string|gloo-envoy-wrapper|The image repository (name) for the container.|
 
@@ -1,16 +1,18 @@
 Name|Version|License
 ---|---|---
-[semver/v3](https://github.com/Masterminds/semver)|v3.3.0|MIT License
+[semver/v3](https://github.com/Masterminds/semver)|v3.3.1|MIT License
 [Netflix/go-expect](https://github.com/Netflix/go-expect)|v0.0.0-20180928190340-9d1f4485533b|Apache License 2.0
 [ahmetb/gen-crd-api-reference-docs](https://github.com/ahmetb/gen-crd-api-reference-docs)|v0.3.1-0.20240214155107-6cf1ede4da61|Apache License 2.0
 [avast/retry-go](https://github.com/avast/retry-go)|v2.4.3+incompatible|MIT License
 [retry-go/v4](https://github.com/avast/retry-go)|v4.3.3|MIT License
 [aws/aws-sdk-go](https://github.com/aws/aws-sdk-go)|v1.34.9|Apache License 2.0
-[census-instrumentation/opencensus-proto](https://github.com/census-instrumentation/opencensus-proto)|v0.2.0|Apache License 2.0
-[xds/go](https://github.com/cncf/xds)|v0.0.0-20240905190251-b4127c9b8d78|Apache License 2.0
+[xds/go](https://github.com/cncf/xds)|v0.0.0-20250121191232-2f005788dc42|Apache License 2.0
 [cratonica/2goarray](https://github.com/cratonica/2goarray)|v0.0.0-20190331194516-514510793eaa|MIT License
-[envoyproxy/go-control-plane](https://github.com/envoyproxy/go-control-plane)|v0.13.2-0.20241022220226-23b7e55d7f65|Apache License 2.0
-[envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate)|v1.1.0|Apache License 2.0
+[envoyproxy/go-control-plane](https://github.com/envoyproxy/go-control-plane)|v0.13.5-0.20250123154839-2a6715911fec|Apache License 2.0
+[go-control-plane/contrib](https://github.com/envoyproxy/go-control-plane)|v1.32.5-0.20250207140015-90270e3c85fd|Apache License 2.0
+[go-control-plane/envoy](https://github.com/envoyproxy/go-control-plane)|v1.32.5-0.20250211152746-ef139ef8ea6b|Apache License 2.0
+[go-control-plane/ratelimit](https://github.com/envoyproxy/go-control-plane)|v0.1.0|Apache License 2.0
+[envoyproxy/protoc-gen-validate](https://github.com/envoyproxy/protoc-gen-validate)|v1.2.1|Apache License 2.0
 [form3tech-oss/jwt-go](https://github.com/form3tech-oss/jwt-go)|v3.2.5+incompatible|MIT License
 [fsnotify/fsnotify](https://github.com/fsnotify/fsnotify)|v1.7.0|BSD 3-clause "New" or "Revised" License
 [ghodss/yaml](https://github.com/ghodss/yaml)|v1.0.1-0.20190212211648-25d852aebe32|MIT License
@@ -36,12 +38,12 @@ Name|Version|License
 [kelseyhightower/envconfig](https://github.com/kelseyhightower/envconfig)|v1.4.0|MIT License
 [go-httpbin/v2](https://github.com/mccutchen/go-httpbin)|v2.15.0|MIT License
 [olekukonko/tablewriter](https://github.com/olekukonko/tablewriter)|v0.0.5|MIT License
-[ginkgo/v2](https://github.com/onsi/ginkgo)|v2.20.2|MIT License
-[onsi/gomega](https://github.com/onsi/gomega)|v1.35.0|MIT License
+[ginkgo/v2](https://github.com/onsi/ginkgo)|v2.22.1|MIT License
+[onsi/gomega](https://github.com/onsi/gomega)|v1.36.2|MIT License
 [pkg/browser](https://github.com/pkg/browser)|v0.0.0-20180916011732-0a3d74bf9ce4|BSD 2-clause "Simplified" License
 [pkg/errors](https://github.com/pkg/errors)|v0.9.1|BSD 2-clause "Simplified" License
 [prometheus/client_model](https://github.com/prometheus/client_model)|v0.6.1|Apache License 2.0
-[prometheus/common](https://github.com/prometheus/common)|v0.60.1|Apache License 2.0
+[prometheus/common](https://github.com/prometheus/common)|v0.62.0|Apache License 2.0
 [go-ruleguard/dsl](https://github.com/quasilyte/go-ruleguard)|v0.3.22|BSD 3-clause "New" or "Revised" License
 [rotisserie/eris](https://github.com/rotisserie/eris)|v0.5.4|MIT License
 [saiskee/gettercheck](https://github.com/saiskee/gettercheck)|v0.0.0-20210820204958-38443d06ebe0|MIT License
@@ -51,39 +53,39 @@ Name|Version|License
 [spf13/pflag](https://github.com/spf13/pflag)|v1.0.5|BSD 3-clause "New" or "Revised" License
 [spf13/viper](https://github.com/spf13/viper)|v1.19.0|MIT License
 [stoewer/go-strcase](https://github.com/stoewer/go-strcase)|v1.3.0|MIT License
-[stretchr/testify](https://github.com/stretchr/testify)|v1.9.0|MIT License
+[stretchr/testify](https://github.com/stretchr/testify)|v1.10.0|MIT License
 [go.opencensus.io](https://go.opencensus.io)|v0.24.0|Apache License 2.0
 [go.uber.org/goleak](https://go.uber.org/goleak)|v1.3.0|MIT License
 [go.uber.org/multierr](https://go.uber.org/multierr)|v1.11.0|MIT License
 [go.uber.org/zap](https://go.uber.org/zap)|v1.27.0|MIT License
-[x/crypto](https://golang.org/x/crypto)|v0.31.0|BSD 3-clause "New" or "Revised" License
-[x/exp](https://golang.org/x/exp)|v0.0.0-20240719175910-8a7402abbf56|BSD 3-clause "New" or "Revised" License
-[x/mod](https://golang.org/x/mod)|v0.21.0|BSD 3-clause "New" or "Revised" License
+[x/crypto](https://golang.org/x/crypto)|v0.32.0|BSD 3-clause "New" or "Revised" License
+[x/exp](https://golang.org/x/exp)|v0.0.0-20241215155358-4a5509556b9e|BSD 3-clause "New" or "Revised" License
+[x/mod](https://golang.org/x/mod)|v0.22.0|BSD 3-clause "New" or "Revised" License
 [x/sync](https://golang.org/x/sync)|v0.10.0|BSD 3-clause "New" or "Revised" License
-[x/tools](https://golang.org/x/tools)|v0.24.0|BSD 3-clause "New" or "Revised" License
-[googleapis/api](https://google.golang.org/genproto/googleapis/api)|v0.0.0-20241021214115-324edc3d5d38|Apache License 2.0
-[googleapis/rpc](https://google.golang.org/genproto/googleapis/rpc)|v0.0.0-20241021214115-324edc3d5d38|Apache License 2.0
-[google.golang.org/grpc](https://google.golang.org/grpc)|v1.67.1|Apache License 2.0
-[google.golang.org/protobuf](https://google.golang.org/protobuf)|v1.35.1|BSD 3-clause "New" or "Revised" License
+[x/tools](https://golang.org/x/tools)|v0.29.0|BSD 3-clause "New" or "Revised" License
+[googleapis/api](https://google.golang.org/genproto/googleapis/api)|v0.0.0-20250122153221-138b5a5a4fd4|Apache License 2.0
+[googleapis/rpc](https://google.golang.org/genproto/googleapis/rpc)|v0.0.0-20250122153221-138b5a5a4fd4|Apache License 2.0
+[google.golang.org/grpc](https://google.golang.org/grpc)|v1.70.0|Apache License 2.0
+[google.golang.org/protobuf](https://google.golang.org/protobuf)|v1.36.5|BSD 3-clause "New" or "Revised" License
 [AlecAivazis/survey.v1](https://gopkg.in/AlecAivazis/survey.v1)|v1.8.7|MIT License
-[helm/v3](https://helm.sh/helm/v3)|v3.16.2|Apache License 2.0
-[istio.io/api](https://istio.io/api)|v1.24.0-alpha.0.0.20241106042855-9e26cdd3450a|Apache License 2.0
-[istio.io/client-go](https://istio.io/client-go)|v1.24.0-alpha.0.0.20241106043554-b5828356941f|Apache License 2.0
-[istio.io/istio](https://istio.io/istio)|v0.0.0-20241107203726-094b9e700412|Apache License 2.0
-[k8s.io/api](https://k8s.io/api)|v0.31.1|Apache License 2.0
-[k8s.io/apiextensions-apiserver](https://k8s.io/apiextensions-apiserver)|v0.31.1|Apache License 2.0
-[k8s.io/apimachinery](https://k8s.io/apimachinery)|v0.31.1|Apache License 2.0
-[k8s.io/client-go](https://k8s.io/client-go)|v0.31.1|Apache License 2.0
-[k8s.io/code-generator](https://k8s.io/code-generator)|v0.31.1|Apache License 2.0
-[k8s.io/component-base](https://k8s.io/component-base)|v0.31.1|Apache License 2.0
-[k8s.io/kubectl](https://k8s.io/kubectl)|v0.31.1|Apache License 2.0
+[helm/v3](https://helm.sh/helm/v3)|v3.17.0|Apache License 2.0
+[istio.io/api](https://istio.io/api)|v1.25.0-alpha.0.0.20250210220544-0b64afd2de85|Apache License 2.0
+[istio.io/client-go](https://istio.io/client-go)|v1.25.0-alpha.0.0.20250210220843-5a4065fded65|Apache License 2.0
+[istio.io/istio](https://istio.io/istio)|v0.0.0-20250212203644-c2ac935c5888|Apache License 2.0
+[k8s.io/api](https://k8s.io/api)|v0.32.1|Apache License 2.0
+[k8s.io/apiextensions-apiserver](https://k8s.io/apiextensions-apiserver)|v0.32.1|Apache License 2.0
+[k8s.io/apimachinery](https://k8s.io/apimachinery)|v0.32.1|Apache License 2.0
+[k8s.io/client-go](https://k8s.io/client-go)|v0.32.1|Apache License 2.0
+[k8s.io/code-generator](https://k8s.io/code-generator)|v0.32.1|Apache License 2.0
+[k8s.io/component-base](https://k8s.io/component-base)|v0.32.1|Apache License 2.0
+[k8s.io/kubectl](https://k8s.io/kubectl)|v0.32.1|Apache License 2.0
 [k8s.io/utils](https://k8s.io/utils)|v0.0.0-20240711033017-18e509b52bc8|Apache License 2.0
 [knative.dev/networking](https://knative.dev/networking)|v0.0.0-20211210083629-bace06e98aee|Apache License 2.0
 [knative.dev/pkg](https://knative.dev/pkg)|v0.0.0-20211206113427-18589ac7627e|Apache License 2.0
-[sigs.k8s.io/controller-runtime](https://sigs.k8s.io/controller-runtime)|v0.19.1|Apache License 2.0
+[sigs.k8s.io/controller-runtime](https://sigs.k8s.io/controller-runtime)|v0.20.1|Apache License 2.0
 [sigs.k8s.io/controller-tools](https://sigs.k8s.io/controller-tools)|v0.16.3|Apache License 2.0
 [sigs.k8s.io/gateway-api](https://sigs.k8s.io/gateway-api)|v1.2.1|Apache License 2.0
-[structured-merge-diff/v4](https://sigs.k8s.io/structured-merge-diff/v4)|v4.4.1|Apache License 2.0
+[structured-merge-diff/v4](https://sigs.k8s.io/structured-merge-diff/v4)|v4.5.0|Apache License 2.0
 [sigs.k8s.io/yaml](https://sigs.k8s.io/yaml)|v1.4.0|MIT License
 [cmd/goimports](https://golang.org/x/tools/cmd/goimports)|latest|MIT License
 [gogo/protobuf](https://github.com/gogo/protobuf)|latest|MIT License