Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump google.golang.org/grpc from 1.64.0 to 1.67.0 #283

Closed
wants to merge 1 commit into from
Closed

Bump google.golang.org/grpc from 1.64.0 to 1.67.0 #283

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 23, 2024
edited
Loading

Bumps google.golang.org/grpc from 1.64.0 to 1.67.0.

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.67.0

Bug Fixes

  • ringhash: when used with multiple EDS priorities, fix bug that could prevent a higher priority from recovering from transient failure. (#7364)

Behavior Changes

  • In accordance with RFC 7540, clients and servers will now reject TLS connections that don't support ALPN. This can be disabled by setting the environment variable GRPC_ENFORCE_ALPN_ENABLED to false (case insensitive). Please file a bug if you encounter any issues with this behavior. The environment variable to revert this behavior will be removed in an upcoming release. (#7535)

Release 1.66.2

Dependencies

  • Remove unintentional dependency on the testing package (#7579)
  • Remove unintentional dependency on the flate package (#7595)

Bug Fixes

  • client: fix a bug that prevented memory reuse after handling unary RPCs (#7571)

Release 1.66.0

New Features

  • metadata: stabilize ValueFromIncomingContext (#7368)
  • client: stabilize the WaitForStateChange and GetState methods, which were previously experimental. (#7425)
  • xds: Implement ADS flow control mechanism (#7458)
  • balancer/rls: Add metrics for data cache and picker internals (#7484, #7495)
  • xds: LRS load reports now include the total_issued_requests field. (#7544)

Bug Fixes

  • grpc: Clients now return status code INTERNAL instead of UNIMPLEMENTED when the server uses an unsupported compressor. This is consistent with the gRPC compression spec. (#7461)
  • transport: Fix a bug which could result in writes busy looping when the underlying conn.Write returns errors (#7394)
  • client: fix race that could lead to orphaned connections and associated resources. (#7390)
  • xds: use locality from the connected address for load reporting with pick_first (#7378)
    • without this fix, if a priority contains multiple localities with pick_first, load was reported for the wrong locality
  • client: prevent hanging during ClientConn.Close() when the network is unreachable (#7540)

Performance Improvements

  • transport: double buffering is avoided when using an http connect proxy and the target server waits for client to send the first message. (#7424)
  • codec: Implement a new Codec which uses buffer recycling for encoded message (#7356)
    • introduce a mem package to facilitate buffer reuse (#7432)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump google.golang.org/grpc from 1.64.0 to 1.67.0
68c5df2 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.64.0 to 1.67.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.64.0...v1.67.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 23, 2024
@dependabot dependabot bot mentioned this pull request Sep 23, 2024
Closed
@github-actions GitHub Actions
Copy link

Temporary image available at ghcr.io/zapier/kubechecks:0.0.0-pr283.

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 30, 2024

Looks like google.golang.org/grpc is up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Sep 30, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/google.golang.org/grpc-1.67.0 branch September 30, 2024 20:02
@zapier-sre-bot
Copy link
Collaborator

Mergecat's Review

Click to read mergecats review!

😼 Mergecat review of go.mod

@@ -51,9 +51,9 @@ require (
 	go.opentelemetry.io/otel/sdk/metric v1.28.0
 	go.opentelemetry.io/otel/trace v1.28.0
 	golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3
-	golang.org/x/net v0.26.0
-	golang.org/x/oauth2 v0.20.0
-	google.golang.org/grpc v1.64.0
+	golang.org/x/net v0.28.0
+	golang.org/x/oauth2 v0.22.0
+	google.golang.org/grpc v1.67.0
 	gopkg.in/dealancer/validate.v2 v2.1.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.26.15
@@ -66,7 +66,7 @@ require (
 
 require (
 	cloud.google.com/go v0.112.1 // indirect
-	cloud.google.com/go/compute/metadata v0.3.0 // indirect
+	cloud.google.com/go/compute/metadata v0.5.0 // indirect
 	cloud.google.com/go/iam v1.1.6 // indirect
 	cloud.google.com/go/storage v1.38.0 // indirect
 	cuelang.org/go v0.7.0 // indirect
@@ -269,18 +269,18 @@ require (
 	go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.9.0 // indirect
-	golang.org/x/crypto v0.24.0 // indirect
+	golang.org/x/crypto v0.26.0 // indirect
 	golang.org/x/mod v0.17.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.21.0 // indirect
-	golang.org/x/term v0.21.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.24.0 // indirect
+	golang.org/x/term v0.23.0 // indirect
+	golang.org/x/text v0.17.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	google.golang.org/api v0.169.0 // indirect
 	google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/DATA-DOG/go-sqlmock.v1 v1.3.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect

Feedback & Suggestions:

  1. Dependency Updates: The updates to the dependencies (golang.org/x/net, golang.org/x/oauth2, google.golang.org/grpc, etc.) are generally good for keeping the project up-to-date with the latest features and security patches. However, ensure that these updates are compatible with your existing codebase and do not introduce breaking changes.
  2. Indirect Dependencies: The updates to indirect dependencies (cloud.google.com/go/compute/metadata, golang.org/x/crypto, etc.) should also be tested thoroughly. Indirect dependencies can sometimes introduce subtle changes that might affect your project.
  3. Testing: After updating dependencies, run your full test suite to ensure that nothing breaks. Pay special attention to integration tests that might be affected by changes in external libraries.
  4. Changelog Review: Review the changelogs of the updated dependencies to understand what changes have been introduced. This can help in identifying any new features or deprecations that might affect your project.

Dependency Review

Click to read mergecats review!

No suggestions found

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@zapier-sre-bot