Bumps [rustls](https://github.com/rustls/rustls) from 0.23.21 to 0.23.22.
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](rustls/rustls@v/0.23.21...v/0.23.22)

---
updated-dependencies:
- dependency-name: rustls
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This environment variable is definted by the OpenTelemetry conventions as a way of specifying additional resource attributes to be included in traces: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/#general-sdk-configuration

Note that this is parallel to LINKERD2_PROXY_TRACE_EXTRA_ATTRIBUTES, which is meant for common attributes that should always be provided by the proxy (pod UID, contianer name, etc.). We do not expect users to override that one, as OTEL_RESOURCE_ATTRIBUTES is the conventional way of specifying custom attributes.

Signed-off-by: Scott Fleener <scott@buoyant.io>

Bumps [cc](https://github.com/rust-lang/cc-rs) from 1.2.10 to 1.2.11.
- [Release notes](https://github.com/rust-lang/cc-rs/releases)
- [Changelog](https://github.com/rust-lang/cc-rs/blob/main/CHANGELOG.md)
- [Commits](rust-lang/cc-rs@cc-v1.2.10...cc-v1.2.11)

---
updated-dependencies:
- dependency-name: cc
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [pin-project](https://github.com/taiki-e/pin-project) from 1.1.8 to 1.1.9.
- [Release notes](https://github.com/taiki-e/pin-project/releases)
- [Changelog](https://github.com/taiki-e/pin-project/blob/main/CHANGELOG.md)
- [Commits](taiki-e/pin-project@v1.1.8...v1.1.9)

---
updated-dependencies:
- dependency-name: pin-project
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [async-trait](https://github.com/dtolnay/async-trait) from 0.1.85 to 0.1.86.
- [Release notes](https://github.com/dtolnay/async-trait/releases)
- [Commits](dtolnay/async-trait@0.1.85...0.1.86)

---
updated-dependencies:
- dependency-name: async-trait
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [syn](https://github.com/dtolnay/syn) from 2.0.96 to 2.0.98.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](dtolnay/syn@2.0.96...2.0.98)

---
updated-dependencies:
- dependency-name: syn
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [bytes](https://github.com/tokio-rs/bytes) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/tokio-rs/bytes/releases)
- [Changelog](https://github.com/tokio-rs/bytes/blob/master/CHANGELOG.md)
- [Commits](tokio-rs/bytes@v1.9.0...v1.10.0)

---
updated-dependencies:
- dependency-name: bytes
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

`ReplayBody<B>` is slightly inconsistent about how it represents the
exhaustion of the inner `B`-typed body.

first, in `poll_data()` we poll the inner body, and note that we
consider a `None` value for `BodyState::rest` to mean that there is no
more work to do.

```rust
// Poll the inner body for more data. If the body has ended, remember
// that so that future clones will not try polling it again (as
// described above).
let mut data = {
    // Get access to the initial body. If we don't have access to the
    // inner body, there's no more work to do.
    let rest = match state.rest.as_mut() {
	Some(rest) => rest,
	None => return Poll::Ready(None),
    };
    // ...
};
```

then, in `Body::is_end_stream()`, we write the following to check that
the stream is done:

```rust
let is_inner_eos = self
    .state
    .as_ref()
    .and_then(|state| state.rest.as_ref().map(Body::is_end_stream))
    .unwrap_or(false);
```

note in particular the call to `Option::and_then(..)`.

this means that, should the inner body be `None`, we will begin
reporting the stream as **not** finished. this is backwards!

this commit makes a change to the definition of `BodyState<B>`. it no
longer treats its inner body as optional. we never drop the inner body
`B`, to facilitate gracefully replaying bodies that were interrupted
when initially being polled.

a bare `B` means that various bits of control are now simpler, without
having to account for the `Option<T>` state.

Signed-off-by: katelyn martin <kate@buoyant.io>

this commit makes some small, admittedly subjective tweaks to
`ReplayBody::poll_trailers(..)`.

we can make use of the `map_ok` and `map_err` methods that exist to map
`Poll::Ready<Result<T, E>>`'s inner `T` to some `U` (in our case, to
record the trailers for later replay), and to map the error type into a
boxed `Error`.

this is a minor tweak, front-running other work to port the
`ReplayBody<B>` to http-body 1.0. see
linkerd/linkerd2#8733.

Signed-off-by: katelyn martin <kate@buoyant.io>

Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.12.1 to 1.13.1.
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](uuid-rs/uuid@1.12.1...1.13.1)

---
updated-dependencies:
- dependency-name: uuid
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…3595)

Bumps [symbolic-demangle](https://github.com/getsentry/symbolic) from 12.13.3 to 12.13.4.
- [Release notes](https://github.com/getsentry/symbolic/releases)
- [Changelog](https://github.com/getsentry/symbolic/blob/master/CHANGELOG.md)
- [Commits](getsentry/symbolic@12.13.3...12.13.4)

---
updated-dependencies:
- dependency-name: symbolic-demangle
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…kerd#3594)

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 45.0.6 to 45.0.7.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@d6e91a2...dcc7a0c)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [symbolic-common](https://github.com/getsentry/symbolic) from 12.13.3 to 12.13.4.
- [Release notes](https://github.com/getsentry/symbolic/releases)
- [Changelog](https://github.com/getsentry/symbolic/blob/master/CHANGELOG.md)
- [Commits](getsentry/symbolic@12.13.3...12.13.4)

---
updated-dependencies:
- dependency-name: symbolic-common
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [cc](https://github.com/rust-lang/cc-rs) from 1.2.11 to 1.2.12.
- [Release notes](https://github.com/rust-lang/cc-rs/releases)
- [Changelog](https://github.com/rust-lang/cc-rs/blob/main/CHANGELOG.md)
- [Commits](rust-lang/cc-rs@cc-v1.2.11...cc-v1.2.12)

---
updated-dependencies:
- dependency-name: cc
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

the `ReplayBody<B>` middleware makes use of a `BufList` type to hold a
reference to bytes yielded by the inner body `B`. a `Data` enum is
composed on top to this, to allow bodies to either return (a) a replay
of a previous body, or (b) the iniial bytes yielded by the original
body.

this branch also takes the step of moving some code out of the
`ReplayBody::poll_data(..)` trait method along with inlining
`BufList::push_chunk(..)` , a small helper function that is only used
once.

this is intended to consolidate code related to buffering data yielded
by the underlying `B`-typed body, and extricate logic concerning the
bounding of this buffer from the now defunct `Body::poll_data()` trait
method.

see linkerd/linkerd2#8733 for more information
about upgrading the proxy to hyper 1.0.

this will help make subsequent changes to the model of `ReplayBody<B>`
its corresponding `Body` implementation more reviewable, by proactively
reorganizing things in advance.

---

* refactor(http/retry): outline replay buffer

the replay body uses this `BufList` type to hold a reference to bytes
yielded by the inner body `B`.

the `Data` enum is composed on top to this, to allow bodies to either
return a replay of a previous body, or the iniial bytes yielded by the
original body.

this is all relatively self-contained, so we can move this into a small
submodule.

Signed-off-by: katelyn martin <kate@buoyant.io>

* refactor(http/retry): outline replay body buffering

this commit moves some code out of the `ReplayBody::poll_data(..)` trait
method.

this bit of code is where we take a chunk of a data yielded by the inner
body, and push it into our replay buffer. if the capacity is exceeded,
we flush the buffer. in either case, the code copies the chunk into a
cheaply cloneable, contiguous `Bytes`.

this is all related to the buffer, so we move it there.

Signed-off-by: katelyn martin <kate@buoyant.io>

* refactor(http/retry): inline `BufList::push_chunk`

`push_chunk` is a small helper function that is only used once. now that
we have moved our buffering code alongside this type, it's more
straightforward to inline this function.

Signed-off-by: katelyn martin <kate@buoyant.io>

* refactor(http/retry): rename `BufList` to `Replay`

this structure is responsible for acting as the `bytes::Buf` buffer for
the replay of the initial body.

this commit renames this to articulate that relationship more directly.

Signed-off-by: katelyn martin <kate@buoyant.io>

* docs(http/retry): polish `Replay` documentation

Signed-off-by: katelyn martin <kate@buoyant.io>

---------

Signed-off-by: katelyn martin <kate@buoyant.io>

pr linkerd#3559 (dd4fbcd) refactored our trailer peeking body middleware to
model its buffering in terms of the `Frame<T>` type used in
`http-body`'s 1.0 release.

this branch performs a similar change for the other piece of body
middleware that super linkerd's retry facilities: `ReplayBody<B>`. the
inner body `B` is now wrapped in the `ForwardCompatibleBody<B>` adapter,
and we now poll it in terms of frames.

NB: polling the underlying in terms of frames has a subtle knock-on
effect regarding when we observe the trailers, in the liminal period
between this refactor and the subsequent upgrade to hyper 1.0, whilst we
must still implement the existing 0.4 interface for `Body` that includes
`poll_trailers()`.

see the comment above `replay_trailers` for more on this, describing why
we now initialize this to `true`. relatedly, this is why we no longer
delegate down to `B::poll_trailers` ourselves. it will have already been
called by our adapter.

`ReplayBody::is_end_stream()` now behaves identically when initially
polling a body compared to subsequent replays. this is fine, as
`is_end_stream()` is a hint that facilitates optimizations
(hyperium/http-body#143). we do still report the end properly, we just
won't be quite as prescient on the initial playthrough.

in the same manner as the existing `frame()` method mimics
`http_body_util::BodyExt::frame()`, this branch introduces
a new `ForwardCompatibleBody::poll_frame()` method.

this allows us to poll the compatibility layer for a `Frame<T>`.

see:
- linkerd/linkerd2#8733.
- linkerd#3559

---

* nit(http/retry): install tracing subscriber in tests

some tests do not set up a tracing subscriber, because they do not use
the shared `Test::new()` helper function used elsewhere in this test
suite.

to provide a trace of the test's execution in the event of a failure,
initialize a tracing subscriber in some additional unit tests.

Signed-off-by: katelyn martin <kate@buoyant.io>

* feat(http/retry): `ForwardCompatibleBody<B>` exposes hints

this commit removes the `cfg(test)` gate on the method exposing
`B::is_end_stream()`, and introduces another method also exposing the
`size_hint()` method.

we will want these in order to implement these methods for
`ReplayBody<B>`.

Signed-off-by: katelyn martin <kate@buoyant.io>

* refactor(http/retry): `ForwardCompatibleBody::poll_frame()`

in the same manner as the existing `frame()` method mimics
`http_body_util::BodyExt::frame()`, this commit introduces
a new `ForwardCompatibleBody::poll_frame()` method.

this allows us to poll the compatibility layer for a `Frame<T>`.

Signed-off-by: katelyn martin <kate@buoyant.io>

* feat(http/retry): `ReplayBody<B>` polls for frames

pr linkerd#3559 (dd4fbcd) refactored our trailer peeking body middleware to
model its buffering in terms of the `Frame<T>` type used in
`http-body`'s 1.0 release.

this commit performs a similar change for the other piece of body
middleware that super linkerd's retry facilities: `ReplayBody<B>`. the
inner body `B` is now wrapped in the `ForwardCompatibleBody<B>` adapter,
and we now poll it in terms of frames.

NB: polling the underlying in terms of frames has a subtle knock-on
effect regarding when we observe the trailers, in the liminal period
between this refactor and the subsequent upgrade to hyper 1.0, whilst we
must still implement the existing 0.4 interface for `Body` that includes
`poll_trailers()`.

see the comment above `replay_trailers` for more on this, describing why
we now initialize this to `true`. relatedly, this is why we now longer
delegate down to `B::poll_trailers` ourselves. it will have already been
called by our adapter.

`ReplayBody::is_end_stream()` now behaves identically when initially
polling a body compared to subsequent replays. this is fine, as
`is_end_stream()` is a hint that facilitates optimizations
(hyperium/http-body#143). we do still report the end properly, we just
won't be quite as prescient on the initial playthrough.

see:
- linkerd/linkerd2#8733.
- linkerd#3559

Signed-off-by: katelyn martin <kate@buoyant.io>

* feat(http/retry): `is_end_stream()` traces

this commit introduces some trace-level diagnostics tracking how the
replay body has determined whether or not it has reached the end of the
stream.

Signed-off-by: katelyn martin <kate@buoyant.io>

* nit(http/retry): capitalize trace event messages

Signed-off-by: katelyn martin <kate@buoyant.io>

---------

Signed-off-by: katelyn martin <kate@buoyant.io>

Bumps [once_cell](https://github.com/matklad/once_cell) from 1.20.2 to 1.20.3.
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](matklad/once_cell@v1.20.2...v1.20.3)

---
updated-dependencies:
- dependency-name: once_cell
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [hickory-resolver](https://github.com/hickory-dns/hickory-dns) from 0.24.2 to 0.24.3.
- [Release notes](https://github.com/hickory-dns/hickory-dns/releases)
- [Changelog](https://github.com/hickory-dns/hickory-dns/blob/v0.24.3/CHANGELOG.md)
- [Commits](hickory-dns/hickory-dns@v0.24.2...v0.24.3)

---
updated-dependencies:
- dependency-name: hickory-resolver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [data-encoding](https://github.com/ia0/data-encoding) from 2.7.0 to 2.8.0.
- [Commits](ia0/data-encoding@v2.7.0...v2.8.0)

---
updated-dependencies:
- dependency-name: data-encoding
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [hickory-proto](https://github.com/hickory-dns/hickory-dns) from 0.24.2 to 0.24.3.
- [Release notes](https://github.com/hickory-dns/hickory-dns/releases)
- [Changelog](https://github.com/hickory-dns/hickory-dns/blob/v0.24.3/CHANGELOG.md)
- [Commits](hickory-dns/hickory-dns@v0.24.2...v0.24.3)

---
updated-dependencies:
- dependency-name: hickory-proto
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [cmake](https://github.com/rust-lang/cmake-rs) from 0.1.53 to 0.1.54.
- [Release notes](https://github.com/rust-lang/cmake-rs/releases)
- [Changelog](https://github.com/rust-lang/cmake-rs/blob/master/CHANGELOG.md)
- [Commits](rust-lang/cmake-rs@v0.1.53...v0.1.54)

---
updated-dependencies:
- dependency-name: cmake
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

The outbound HTTP route labels use multiple ExtractParam implementations to
convert a matched route target to set of labels (using an HTTP request).

This change removes the RouteLabelExtract type, in favor of implementing label
extraction on the route target type directly.

A previous change enabling OpenTelmetry forgot to include attributes from the span itself, in addition to the request level spans as we do in the old OpenCensus exporter. This adds those attributes back in.

Signed-off-by: Scott Fleener <scott@buoyant.io>

Bumps [oid-registry](https://github.com/rusticata/oid-registry) from 0.8.0 to 0.8.1.
- [Commits](rusticata/oid-registry@oid-registry-0.8.0...oid-registry-0.8.1)

---
updated-dependencies:
- dependency-name: oid-registry
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: katelyn martin <kate@buoyant.io>

The 'hostname' label value is derived from the request URI and can be influenced
by applications. If a client uses a high cardinality of hostname values, this
leads to the proxy exporting many metrics and ultimately exhausting resources.

This change disables the 'hostname' label by default. A new field is outed to
the HTTP and TLS route parameters, `export_hostname_labels`, which can be used
to enable the 'hostname' label; however, this type is not yet configurable.
Changes are required to the proxy API and, ultimately, the policy controller, to
make this field configurable.

When the hostname is not exported, an empty label value is used.

BREAKING: The 'hostname' label is now disabled by default.

`MockBody` is a type that we use to implement tests for our
`peek_trailers::PeekTrailersBody<B>` body middleware. this is a useful
tool for mocking the polling outcomes of the inner body we wrap, which
would be useful for testing other `http_body::Body` middleware.

this commit moves `MockBody` out of `linkerd-http-retry`, and into a new
`linkerd-mock-http-body` crate. this is added as a test dependency for
the retry crate, and can now be used (rather than vendored) by other
bodies.

Signed-off-by: katelyn martin <kate@buoyant.io>

Bumps [rustls](https://github.com/rustls/rustls) from 0.23.22 to 0.23.23.
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](rustls/rustls@v/0.23.22...v/0.23.23)

---
updated-dependencies:
- dependency-name: rustls
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [once_cell](https://github.com/matklad/once_cell) from 1.21.2 to 1.21.3.
- [Changelog](https://github.com/matklad/once_cell/blob/master/CHANGELOG.md)
- [Commits](matklad/once_cell@v1.21.2...v1.21.3)

---
updated-dependencies:
- dependency-name: once_cell
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [governor](https://github.com/boinkor-net/governor) from 0.8.0 to 0.10.0.
- [Release notes](https://github.com/boinkor-net/governor/releases)
- [Changelog](https://github.com/boinkor-net/governor/blob/master/release.toml)
- [Commits](boinkor-net/governor@v0.8.0...v0.10.0)

---
updated-dependencies:
- dependency-name: governor
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [hyper-util](https://github.com/hyperium/hyper-util) from 0.1.10 to 0.1.11.
- [Release notes](https://github.com/hyperium/hyper-util/releases)
- [Changelog](https://github.com/hyperium/hyper-util/blob/master/CHANGELOG.md)
- [Commits](hyperium/hyper-util@v0.1.10...v0.1.11)

---
updated-dependencies:
- dependency-name: hyper-util
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 27ae6b33eaed7bf87272fdeb9f1c54f9facc9d99 to b74df86ccb65173a8e33ba5492ac1a2ca6b216fd.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@27ae6b3...b74df86)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…kerd#3830)

In linkerd#3547, we removed unsafe authority labels. This was a
breaking change, since the behavior was considered unsafe.

To support a graceful migration, this change adds an environment configuration,
`LINKERD2_PROXY_INBOUND_AUTHORITY_LABELS=unsafe`, that reverts to the prior
behavior.

It may be configured in linkerd2 via the proxy.additionalEnv helm value.

this commit introduces a new metric family tracking the rate and outcome
of dns lookups made by the linkerd2 proxy. this metric family has three
labels, counting the number of DNS resolutions for each distinct
control plane client, by record type (A/AAAA or SRV), and by outcome
(success or failure).

this metric is named `control_dns_resolutions_total`.

this commit generally does this via the addition of some new interfaces
to `linkerd-dns`'s `Resolver` structure. the `resolve_addrs()` method is
extended to increment particular counters if they have been installed.

the `linkerd-app` crate's `Dns` type now encapsulates its resolver, and
callers acquire a new resolver by providing a client name to its
`resolver()` method. this uses the client name to construct label sets
and create the corresponding time series for each client.

once proxies with this patch are running, and the viz extension has been
installed, one can query this metric like so:

**nb:** this screenshot shows an early prototype, this metric has since
been renamed.

![linkerd-dns-prometheus-metrics](https://github.com/user-attachments/assets/3138dcfc-6800-4c0f-8215-61d84085032b)

this promQL query...

```
sum(rate(control_dns_resolutions_total[1m])) by (app,client,result) > 0
```

...will show the per-minute rate of dns lookups/failures across each
application workload, for each control-plane client, for each possible
outcome.

Signed-off-by: katelyn martin <kate@buoyant.io>
Co-authored-by: Oliver Gould <ver@buoyant.io>

…d#3833)

this commit removes the `linkerd-http-executor` crate, and replaces all
usage of its `TracingExecutor` type with the `TokioExecutor` type
provided by `hyper-util`.

this work is based upon hyperium/hyper-util#166. that change, included
in the 0.1.11 release, altered the `TokioExecutor` type so that it
propagates tracing context when the `tracing` feature is enabled.

with that change made, our `TracingExecutor` type is now redundant.

* hyperium/hyper-util#166
* https://github.com/hyperium/hyper-util/blob/master/CHANGELOG.md#0111-2025-03-31

Signed-off-by: katelyn martin <kate@buoyant.io>

Bumps [flate2](https://github.com/rust-lang/flate2-rs) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/rust-lang/flate2-rs/releases)
- [Commits](rust-lang/flate2-rs@1.1.0...1.1.1)

---
updated-dependencies:
- dependency-name: flate2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from b74df86ccb65173a8e33ba5492ac1a2ca6b216fd to 6cb76d07bee4c9772c6882c06c37837bf82a04d3.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@b74df86...6cb76d0)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-version: 6cb76d07bee4c9772c6882c06c37837bf82a04d3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [miniz_oxide](https://github.com/Frommi/miniz_oxide) from 0.8.5 to 0.8.7.
- [Changelog](https://github.com/Frommi/miniz_oxide/blob/master/CHANGELOG.md)
- [Commits](Frommi/miniz_oxide@0.8.5...0.8.7)

---
updated-dependencies:
- dependency-name: miniz_oxide
  dependency-version: 0.8.7
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

)

Bumps the opentelemetry group with 1 update: [opentelemetry](https://github.com/open-telemetry/opentelemetry-rust).


Updates `opentelemetry` from 0.29.0 to 0.29.1
- [Release notes](https://github.com/open-telemetry/opentelemetry-rust/releases)
- [Commits](open-telemetry/opentelemetry-rust@opentelemetry-0.29.0...opentelemetry-0.29.1)

---
updated-dependencies:
- dependency-name: opentelemetry
  dependency-version: 0.29.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: opentelemetry
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [tokio-boring](https://github.com/cloudflare/boring) from 4.15.0 to 4.16.0.
- [Release notes](https://github.com/cloudflare/boring/releases)
- [Changelog](https://github.com/cloudflare/boring/blob/master/RELEASE_NOTES)
- [Commits](cloudflare/boring@v4.15.0...v4.16.0)

---
updated-dependencies:
- dependency-name: tokio-boring
  dependency-version: 4.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

this adds `tokio-boring` to the `boring` group.

this will group these crates together and bump them in lockstep.

see, for example:
* linkerd#3838
* linkerd#3840

Signed-off-by: katelyn martin <kate@buoyant.io>

Bumps [cc](https://github.com/rust-lang/cc-rs) from 1.2.17 to 1.2.18.
- [Release notes](https://github.com/rust-lang/cc-rs/releases)
- [Changelog](https://github.com/rust-lang/cc-rs/blob/main/CHANGELOG.md)
- [Commits](rust-lang/cc-rs@cc-v1.2.17...cc-v1.2.18)

---
updated-dependencies:
- dependency-name: cc
  dependency-version: 1.2.18
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [errno](https://github.com/lambda-fairy/rust-errno) from 0.3.10 to 0.3.11.
- [Release notes](https://github.com/lambda-fairy/rust-errno/releases)
- [Changelog](https://github.com/lambda-fairy/rust-errno/blob/main/CHANGELOG.md)
- [Commits](lambda-fairy/rust-errno@v0.3.10...v0.3.11)

---
updated-dependencies:
- dependency-name: errno
  dependency-version: 0.3.11
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [prettyplease](https://github.com/dtolnay/prettyplease) from 0.2.31 to 0.2.32.
- [Release notes](https://github.com/dtolnay/prettyplease/releases)
- [Commits](dtolnay/prettyplease@0.2.31...0.2.32)

---
updated-dependencies:
- dependency-name: prettyplease
  dependency-version: 0.2.32
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [smallvec](https://github.com/servo/rust-smallvec) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/servo/rust-smallvec/releases)
- [Commits](servo/rust-smallvec@v1.14.0...v1.15.0)

---
updated-dependencies:
- dependency-name: smallvec
  dependency-version: 1.15.0
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.44.1 to 1.44.2.
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](tokio-rs/tokio@tokio-1.44.1...tokio-1.44.2)

---
updated-dependencies:
- dependency-name: tokio
  dependency-version: 1.44.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.8.0 to 2.9.0.
- [Changelog](https://github.com/indexmap-rs/indexmap/blob/main/RELEASES.md)
- [Commits](indexmap-rs/indexmap@2.8.0...2.9.0)

---
updated-dependencies:
- dependency-name: indexmap
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [hostname](https://github.com/svartalf/hostname) from 0.4.0 to 0.4.1.
- [Release notes](https://github.com/svartalf/hostname/releases)
- [Changelog](https://github.com/djc/hostname/blob/main/CHANGELOG.md)
- [Commits](https://github.com/svartalf/hostname/commits)

---
updated-dependencies:
- dependency-name: hostname
  dependency-version: 0.4.1
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [jiff](https://github.com/BurntSushi/jiff) from 0.2.5 to 0.2.6.
- [Release notes](https://github.com/BurntSushi/jiff/releases)
- [Changelog](https://github.com/BurntSushi/jiff/blob/master/CHANGELOG.md)
- [Commits](BurntSushi/jiff@jiff-static-0.2.5...jiff-static-0.2.6)

---
updated-dependencies:
- dependency-name: jiff
  dependency-version: 0.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…kerd#3851)

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 46.0.4 to 46.0.5.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@6cb76d0...ed68ef8)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-version: 46.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…3852)

Bumps [symbolic-demangle](https://github.com/getsentry/symbolic) from 12.14.1 to 12.15.0.
- [Release notes](https://github.com/getsentry/symbolic/releases)
- [Changelog](https://github.com/getsentry/symbolic/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/symbolic/commits)

---
updated-dependencies:
- dependency-name: symbolic-demangle
  dependency-version: 12.15.0
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [symbolic-common](https://github.com/getsentry/symbolic) from 12.14.1 to 12.15.0.
- [Release notes](https://github.com/getsentry/symbolic/releases)
- [Changelog](https://github.com/getsentry/symbolic/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/symbolic/commits)

---
updated-dependencies:
- dependency-name: symbolic-common
  dependency-version: 12.15.0
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [crossbeam-channel](https://github.com/crossbeam-rs/crossbeam) from 0.5.14 to 0.5.15.
- [Release notes](https://github.com/crossbeam-rs/crossbeam/releases)
- [Changelog](https://github.com/crossbeam-rs/crossbeam/blob/master/CHANGELOG.md)
- [Commits](crossbeam-rs/crossbeam@crossbeam-channel-0.5.14...crossbeam-channel-0.5.15)

---
updated-dependencies:
- dependency-name: crossbeam-channel
  dependency-version: 0.5.15
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [miniz_oxide](https://github.com/Frommi/miniz_oxide) from 0.8.7 to 0.8.8.
- [Changelog](https://github.com/Frommi/miniz_oxide/blob/master/CHANGELOG.md)
- [Commits](Frommi/miniz_oxide@0.8.7...0.8.8)

---
updated-dependencies:
- dependency-name: miniz_oxide
  dependency-version: 0.8.8
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(app/outbound): `linkerd-mock-http-body` test dependency

this adds a development dependency, so we can use this mock body type in
the outbound proxy's unit tests.

Signed-off-by: katelyn martin <kate@buoyant.io>

* chore(app/outbound): additional http route metrics tests

Signed-off-by: katelyn martin <kate@buoyant.io>

* chore(app/outbound): additional grpc route metrics tests

Signed-off-by: katelyn martin <kate@buoyant.io>

* fix(http/prom): record bodies when eos reached

this commit fixes a bug discovered by @alpeb, which was introduced in
proxy v2.288.0.

> The associated metric is `outbound_http_route_request_statuses_total`:
>
> ```
> $ linkerd dg proxy-metrics -n booksapp deploy/webapp|rg outbound_http_route_request_statuses_total.*authors
> outbound_http_route_request_statuses_total{parent_group="core",parent_kind="Service",parent_namespace="booksapp",parent_name="authors",parent_port="7001",parent_section_name="",route_group="",route_kind="default",route_namespace="",route_name="http",hostname="",http_status="204",error=""} 5
> outbound_http_route_request_statuses_total{parent_group="core",parent_kind="Service",parent_namespace="booksapp",parent_name="authors",parent_port="7001",parent_section_name="",route_group="",route_kind="default",route_namespace="",route_name="http",hostname="",http_status="201",error="UNKNOWN"} 5
> outbound_http_route_request_statuses_total{parent_group="core",parent_kind="Service",parent_namespace="booksapp",parent_name="authors",parent_port="7001",parent_section_name="",route_group="",route_kind="default",route_namespace="",route_name="http",hostname="",http_status="200",error="UNKNOWN"} 10
> ```
>
> The problem was introduced in `edge-25.3.4`, with the proxy `v2.288.0`.
> Before that the metrics looked like:
>
> ```
> $ linkerd dg proxy-metrics -n booksapp deploy/webapp|rg outbound_http_route_request_statuses_total.*authors
> outbound_http_route_request_statuses_total{parent_group="core",parent_kind="Service",parent_namespace="booksapp",parent_name="authors",parent_port="7001",parent_section_name="",route_group="",route_kind="default",route_namespace="",route_name="http",hostname="",http_status="200",error=""} 193
> outbound_http_route_request_statuses_total{parent_group="core",parent_kind="Service",parent_namespace="booksapp",parent_name="authors",parent_port="7001",parent_section_name="",route_group="",route_kind="default",route_namespace="",route_name="http",hostname="",http_status="204",error=""} 96
> outbound_http_route_request_statuses_total{parent_group="core",parent_kind="Service",parent_namespace="booksapp",parent_name="authors",parent_port="7001",parent_section_name="",route_group="",route_kind="default",route_namespace="",route_name="http",hostname="",http_status="201",error=""} 96
> ```
>
> So the difference is the non-empty value for `error=UNKNOWN` even
> when `https_status` is 2xx, which `linkerd viz stat-outbound`
> interprets as failed requests.

in linkerd#3086 we introduced a suite of route- and backend-level metrics. that
subsystem contains a body middleware that will report itself as having
reached the end-of-stream by delegating directly down to its inner
body's `is_end_stream()` hint.

this is roughly correct, but is slightly distinct from the actual
invariant: a `linkerd_http_prom::record_response::ResponseBody<B>` must
call its `end_stream` helper to classify the outcome and increment the
corresponding time series in the
`outbound_http_route_request_statuses_total` metric family.

in linkerd#3504 we upgraded our hyper dependency. while doing so, we neglected
to include a call to `end_stream` if a data frame is yielded and the
inner body reports itself as having reached the end-of-stream.

this meant that instrumented bodies would be polled until the end is
reached, but were being dropped before a `None` was encountered.

this commit fixes this issue in two ways, to be defensive:

* invoke `end_stream()` if a non-trailers frame is yielded, and the
  inner body now reports itself as having ended. this restores the
  behavior in place prior to linkerd#3504. see the relevant component of that
  diff, here:
  <https://github.com/linkerd/linkerd2-proxy/pull/3504/files#diff-45d0bc344f76c111551a8eaf5d3f0e0c22ee6e6836a626e46402a6ae3cbc0035L262-R274>

* rather than delegating to the inner `<B as Body>::is_end_stream()`
  method, report the end-of-stream being reached by inspecting whether
  or not the inner response state has been taken. this is the state that
  directly indicates whether or not the `ResponseBody<B>` middleware is
  finished.

X-ref: linkerd#3504
X-ref: linkerd#3086
X-ref: linkerd/linkerd2#8733
Signed-off-by: katelyn martin <kate@buoyant.io>

---------

Signed-off-by: katelyn martin <kate@buoyant.io>