Assigning to @junr03 to potentially help sort out the c-ares issues.

From the ASAN failure in https://dev.azure.com/cncf/4684fb3d-0389-4e0b-8251-221942316e06/_apis/build/builds/35151/logs/68

It looks to me that this is a bug in c-ares:

  else if (status == ARES_EDESTRUCTION)
    {
      end_hquery(hquery, status);
    }

  if (!hquery->remaining)

end_query frees hquery but the code then proceeds to keep using hquery. Which is exactly what the ASAN run is catching.

Some failing macos tests from the previous bump PR (see: this build) and this one (see: this build)

test/common/network/connection_impl_test.cc fails in the former and IpVersions/ActiveQuicListenerTest.ReceiveFullQuicCHLO/IPv6 in the latter 🤔

@mattklein123 this patch makes no changes to affecting quiche or the ActiveQuicListenerTest, as OS/X reports. We should move ahead with this patch to unblock the curl update.

This PR didn't end up updating c-ares from the looks of it @wrowe :

    com_github_c_ares_c_ares = dict(
        sha256 = "de058ad7c128156e2db6dc98b8a359924d6f210a1b99dd36ba15c8f839a83a89",
        strip_prefix = "c-ares-1.16.0",
        urls = ["https://github.com/c-ares/c-ares/releases/download/cares-1_16_0/c-ares-1.16.0.tar.gz"],
    ),

and change to c-ares patch as per #10433 (comment)

You are correct. We began by updating c-ares in the same lot as curl. However, as noted above, c-ares 1.16 introduced new regressions that must be addressed before it is ready for master.

(From the comments above, it appears c-ares regressions are upstream code defects, not envoy's use of the library.)