build(deps): bump github.com/envoyproxy/envoy from 1.37.0 to 1.37.1 in /golang-network/simple in the examples-golang-network group

[dependabot]

Bumps the examples-golang-network group in /golang-network/simple with 1 update: github.com/envoyproxy/envoy.

Updates github.com/envoyproxy/envoy from 1.37.0 to 1.37.1

Release notes

Sourced from github.com/envoyproxy/envoy's releases.

v1.37.1

Summary of changes:

• Security fixes:

  • CVE-2026-26330: ratelimit: fix a bug where response phase limit may result in crash
  • CVE-2026-26308: fix multivalue header bypass in rbac
  • CVE-2026-26310: network: fix crash in getAddressWithPort() when called with a scoped IPv6 address
  • CVE-2026-26309: json: fixed an off-by-one write that could corrupted the string null terminator
  • CVE-2026-26311: http: ensure decode* methods are blocked after a downstream reset

• Bug fixes:

  • oauth2: Fixed OAuth2 refresh requests so host rewriting no longer overrides the original Host header value.
  • ext_proc: Fixed a bug to support two ext_proc filters configured in the chain.
  • ext_proc: Fixed message-valued CEL attribute serialization to use protobuf text format instead of debug string output, restoring compatibility with protobuf 30+.
  • ext_authz: Fixed headers from denied authorization responses (non-200) not being properly propagated to the client.
  • ext_authz: Fixed the HTTP ext_authz client to respect status_on_error configuration when the authorization server returns a 5xx error or when HTTP call failures occur.
  • access_log: Fixed a crash on listener removal with a process-level access log rate limiter.

• Other changes:

  • release: Published contrib binaries now include the -contrib suffix in their version string and fixed distroless-contrib images.
  • dynamic modules: Introduced extended ABI forward compatibility mechanism for dynamic modules.

• Dependency updates:

  • Migrated googleurl source to GitHub (google/gurl).
  • Updated Kafka test binary to 3.9.2.
  • Updated Docker base images.

Docker images: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.37.1 Docs: https://www.envoyproxy.io/docs/envoy/v1.37.1/ Release notes: https://www.envoyproxy.io/docs/envoy/v1.37.1/version_history/v1.37/v1.37.1 Full changelog: envoyproxy/envoy@v1.37.0...v1.37.1

Signed-off-by: Ryan Northey ryan@synca.io Signed-off-by: Boteng Yao boteng@google.com

Commits

• 5ef4e4c repo: Release v1.37.1
• 986ef94 bazel/grpc: Fix go imports (#43842)
• c0cf6bc changelogs: Add release summary 1.37.1
• 7b24fff ratelimit: fix a bug where response phase limit may result in crash
• 7a9373c fix multivalue header bypass in rbac
• 84a7af1 network: fix crash in getAddressWithPort() when called with a scoped IPv6 add...
• 5508210 json: fixed an off-by-one write that could corrupted the string null terminator
• 9b314db http: ensure decode* methods are blocked after a downstream reset
• 515ce0d dym sdk: refactor the cpp sdk to use std (#43791)
• 84f75f7 dym sdk: add the config scheduler support to go sdk and cpp sdk (#43748)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions