dependabot[bot] opened a new pull request, #37889: URL: https://github.com/apache/beam/pull/37889
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.78.0 to 1.79.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc-go/releases";>google.golang.org/grpc's releases</a>.</em></p> <blockquote> <h2>Release 1.79.3</h2> <h1>Security</h1> <ul> <li>server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like <code>grpc/authz</code>. Any request with a non-canonical path is now immediately rejected with an <code>Unimplemented</code> error. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8981";>#8981</a>)</li> </ul> <h2>Release 1.79.2</h2> <h1>Bug Fixes</h1> <ul> <li>stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (<a href="https://redirect.github.com/grpc/grpc-go/pull/8874";>grpc/grpc-go#8874</a>)</li> </ul> <h2>Release 1.79.1</h2> <h1>Bug Fixes</h1> <ul> <li>grpc: Remove the <code>-dev</code> suffix from the User-Agent header. (<a href="https://redirect.github.com/grpc/grpc-go/pull/8902";>grpc/grpc-go#8902</a>)</li> </ul> <h2>Release 1.79.0</h2> <h1>API Changes</h1> <ul> <li>mem: Add experimental API <code>SetDefaultBufferPool</code> to change the default buffer pool. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8806";>#8806</a>) <ul> <li>Special Thanks: <a href="https://github.com/vanja-p";><code>@vanja-p</code></a></li> </ul> </li> <li>experimental/stats: Update <code>MetricsRecorder</code> to require embedding the new <code>UnimplementedMetricsRecorder</code> (a no-op struct) in all implementations for forward compatibility. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8780";>#8780</a>)</li> </ul> <h1>Behavior Changes</h1> <ul> <li>balancer/weightedtarget: Remove handling of <code>Addresses</code> and only handle <code>Endpoints</code> in resolver updates. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8841";>#8841</a>)</li> </ul> <h1>New Features</h1> <ul> <li>experimental/stats: Add support for asynchronous gauge metrics through the new <code>AsyncMetricReporter</code> and <code>RegisterAsyncReporter</code> APIs. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8780";>#8780</a>)</li> <li>pickfirst: Add support for weighted random shuffling of endpoints, as described in <a href="https://redirect.github.com/grpc/proposal/pull/535";>gRFC A113</a>. <ul> <li>This is enabled by default, and can be turned off using the environment variable <code>GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING</code>. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8864";>#8864</a>)</li> </ul> </li> <li>xds: Implement <code>:authority</code> rewriting, as specified in <a href="https://github.com/grpc/proposal/blob/master/A81-xds-authority-rewriting.md";>gRFC A81</a>. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8779";>#8779</a>)</li> <li>balancer/randomsubsetting: Implement the <code>random_subsetting</code> LB policy, as specified in <a href="https://github.com/grpc/proposal/blob/master/A68-random-subsetting.md";>gRFC A68</a>. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8650";>#8650</a>) <ul> <li>Special Thanks: <a href="https://github.com/marek-szews";><code>@marek-szews</code></a></li> </ul> </li> </ul> <h1>Bug Fixes</h1> <ul> <li>credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8726";>#8726</a>) <ul> <li>Special Thanks: <a href="https://github.com/Atul1710";><code>@Atul1710</code></a></li> </ul> </li> <li>xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in <code>CONNECTING</code> state. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8813";>#8813</a>)</li> <li>health: Fix a bug where health checks failed for clients using legacy compression options (<code>WithDecompressor</code> or <code>RPCDecompressor</code>). (<a href="https://redirect.github.com/grpc/grpc-go/issues/8765";>#8765</a>) <ul> <li>Special Thanks: <a href="https://github.com/sanki92";><code>@sanki92</code></a></li> </ul> </li> <li>transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8769";>#8769</a>) <ul> <li>Special Thanks: <a href="https://github.com/joybestourous";><code>@joybestourous</code></a></li> </ul> </li> <li>server: Propagate status detail headers, if available, when terminating a stream during request header processing. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8754";>#8754</a>) <ul> <li>Special Thanks: <a href="https://github.com/joybestourous";><code>@joybestourous</code></a></li> </ul> </li> </ul> <h1>Performance Improvements</h1> <ul> <li>credentials/alts: Optimize read buffer alignment to reduce copies. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8791";>#8791</a>)</li> <li>mem: Optimize pooling and creation of <code>buffer</code> objects. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8784";>#8784</a>)</li> <li>transport: Reduce slice re-allocations by reserving slice capacity. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8797";>#8797</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc-go/commit/dda86dbd9cecb8b35b58c73d507d81d67761205f";><code>dda86db</code></a> Change version to 1.79.3 (<a href="https://redirect.github.com/grpc/grpc-go/issues/8983";>#8983</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/72186f163e75a065c39e6f7df9b6dea07fbdeff5";><code>72186f1</code></a> grpc: enforce strict path checking for incoming requests on the server (<a href="https://redirect.github.com/grpc/grpc-go/issues/8981";>#8981</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/97ca3522b239edf6813e2b1106924e9d55e89d43";><code>97ca352</code></a> Changing version to 1.79.3-dev (<a href="https://redirect.github.com/grpc/grpc-go/issues/8954";>#8954</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/8902ab6efea590f5b3861126559eaa26fa9783b2";><code>8902ab6</code></a> Change the version to release 1.79.2 (<a href="https://redirect.github.com/grpc/grpc-go/issues/8947";>#8947</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/a9286705aa689bee321ec674323b6896284f3e02";><code>a928670</code></a> Cherry-pick <a href="https://redirect.github.com/grpc/grpc-go/issues/8874";>#8874</a> to v1.79.x (<a href="https://redirect.github.com/grpc/grpc-go/issues/8904";>#8904</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/06df3638c0bcee88197b1033b3ba83e1eb8bc010";><code>06df363</code></a> Change version to 1.79.2-dev (<a href="https://redirect.github.com/grpc/grpc-go/issues/8903";>#8903</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/782f2de44f597af18a120527e7682a6670d84289";><code>782f2de</code></a> Change version to 1.79.1 (<a href="https://redirect.github.com/grpc/grpc-go/issues/8902";>#8902</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/850eccbb2257bd2de6ac28ee88a7172ab6175629";><code>850eccb</code></a> Change version to 1.79.1-dev (<a href="https://redirect.github.com/grpc/grpc-go/issues/8851";>#8851</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/765ff056b6890f6c8341894df4e9668e9bfc18ef";><code>765ff05</code></a> Change version to 1.79.0 (<a href="https://redirect.github.com/grpc/grpc-go/issues/8850";>#8850</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/68804be0e78ed0365bb5a576dedc12e2168ed63e";><code>68804be</code></a> Cherry pick <a href="https://redirect.github.com/grpc/grpc-go/issues/8864";>#8864</a> to v1.79.x (<a href="https://redirect.github.com/grpc/grpc-go/issues/8896";>#8896</a>)</li> <li>Additional commits viewable in <a href="https://github.com/grpc/grpc-go/compare/v1.78.0...v1.79.3";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/beam/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
