This is an automated email from the ASF dual-hosted git repository.
zeroshade pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-go.git
The following commit(s) were added to refs/heads/main by this push:
new d10e1ab1 chore: Bump google.golang.org/grpc from 1.81.0 to 1.81.1
(#818)
d10e1ab1 is described below
commit d10e1ab111a0be5d6bfa900b341340e5dc644079
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Tue May 19 16:15:19 2026 -0400
chore: Bump google.golang.org/grpc from 1.81.0 to 1.81.1 (#818)
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from
1.81.0 to 1.81.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/grpc/grpc-go/releases";>google.golang.org/grpc's
releases</a>.</em></p>
<blockquote>
<h2>Release 1.81.1</h2>
<h1>Security</h1>
<ul>
<li>xds/rbac: Fix a potential authorization bypass caused by incorrectly
falling through URI/DNS SANs to Subject Distinguished Name (DN) when
matching the authenticated principal name. With this fix, only the first
non-empty identity source will be used, as per <a
href="https://github.com/grpc/proposal/blob/master/A41-xds-rbac.md";>gRFC
A41</a>. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9111";>#9111</a>)
<ul>
<li>Special Thanks: <a
href="https://github.com/al4an444";><code>@al4an444</code></a></li>
</ul>
</li>
</ul>
<h1>Bug Fixes</h1>
<ul>
<li>otel: Segregate client and server RPC information used for metrics
and traces, to avoid one overwriting the other. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9081";>#9081</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/grpc/grpc-go/commit/caf0772c2bcb8bc15d43eb53448e921f34f0b7e8";><code>caf0772</code></a>
Change version from 1.81.1-dev to 1.81.1 (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9122";>#9122</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/6ccbeebf058ede71e43a5ac28fada2a736573215";><code>6ccbeeb</code></a>
Cherry-pick <a
href="https://redirect.github.com/grpc/grpc-go/issues/9111";>#9111</a>
into v1.81.x (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9121";>#9121</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/b33c29e41b438e371c8504de9bdf64a80098cc29";><code>b33c29e</code></a>
Cherry-pick <a
href="https://redirect.github.com/grpc/grpc-go/issues/9081";>#9081</a>
into v1.81.x (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9102";>#9102</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/c45fae6d06a5c192b7b96418a2bc26a96b856834";><code>c45fae6</code></a>
Change version to 1.81.1-dev (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9063";>#9063</a>)</li>
<li>See full diff in <a
href="https://github.com/grpc/grpc-go/compare/v1.81.0...v1.81.1";>compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
---
go.mod | 2 +-
go.sum | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/go.mod b/go.mod
index 12b52ca3..9c9d3647 100644
--- a/go.mod
+++ b/go.mod
@@ -48,7 +48,7 @@ require (
golang.org/x/sync v0.20.0
golang.org/x/sys v0.44.0
gonum.org/v1/gonum v0.17.0
- google.golang.org/grpc v1.81.0
+ google.golang.org/grpc v1.81.1
google.golang.org/protobuf v1.36.11
modernc.org/sqlite v1.50.1
)
diff --git a/go.sum b/go.sum
index 3732628f..79d4379f 100644
--- a/go.sum
+++ b/go.sum
@@ -246,8 +246,8 @@ gonum.org/v1/gonum v0.17.0
h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4=
gonum.org/v1/gonum v0.17.0/go.mod
h1:El3tOrEuMpv2UdMrbNlKEh9vd86bmQ6vqIcDwxEOc1E=
google.golang.org/genproto/googleapis/rpc v0.0.0-20260226221140-a57be14db171
h1:ggcbiqK8WWh6l1dnltU4BgWGIGo+EVYxCaAPih/zQXQ=
google.golang.org/genproto/googleapis/rpc
v0.0.0-20260226221140-a57be14db171/go.mod
h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8=
-google.golang.org/grpc v1.81.0 h1:W3G9N3KQf3BU+YuCtGKJk0CmxQNbAISICD/9AORxLIw=
-google.golang.org/grpc v1.81.0/go.mod
h1:xGH9GfzOyMTGIOXBJmXt+BX/V0kcdQbdcuwQ/zNw42I=
+google.golang.org/grpc v1.81.1 h1:VnnIIZ88UzOOKLukQi+ImGz8O1Wdp8nAGGnvOfEIWQQ=
+google.golang.org/grpc v1.81.1/go.mod
h1:xGH9GfzOyMTGIOXBJmXt+BX/V0kcdQbdcuwQ/zNw42I=
google.golang.org/protobuf v1.36.11
h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
google.golang.org/protobuf v1.36.11/go.mod
h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod
h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
