[PR #49] [CLOSED] Bump google.golang.org/grpc from 1.21.1 to 1.23.0 #177

New issue

Closed

opened 2026-02-25 22:31:19 +03:00 by kerem · 0 comments

kerem commented 2026-02-25 22:31:19 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/evenh/intercert/pull/49
Author: @dependabot-preview[bot]
Created: 8/14/2019
Status: ❌ Closed

Base: master ← Head: dependabot/go_modules/google.golang.org/grpc-1.23.0

---

📝 Commits (1)

• bdc9d61 Bump google.golang.org/grpc from 1.21.1 to 1.23.0

📊 Changes

2 files changed (+6 additions, -1 deletions)

View changed files

📝 go.mod (+1 -1)
📝 go.sum (+5 -0)

📄 Description

Bumps google.golang.org/grpc from 1.21.1 to 1.23.0.

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.23.0

Security

• transport: block reading frames when too many transport control frames are queued (#2970)
  • Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood).

API Changes

• xds: move code to a root level xds directory (#2950)

Behavior Changes

• client: remove option to send RPCs before HTTP/2 handshake is completed (#2904)

New Features

• grpclb: enable keepalive (#2918)
• balancer: start populating weight by edsbalancer for weighted_round_robin (#2945)
  • Special Thanks: @​alazarev
• wrr: add EDF implementation of weighted round robin. (#2957)
  • Special Thanks: @​alazarev
• status: Implement *statusError.Is (#2868)
  • Special Thanks: @​jsm

Performance Improvements

• server: avoid an unnecessary allocation per-RPC for OK status (#2920)
  • Special Thanks: @​dzbarsky
• server: avoid call to trace.FromContext and resulting allocations when tracing is disabled (#2926)
  • Special Thanks: @​dzbarsky
• http2client: remove unnecessary allocations for header fields (#2925)
  • Special Thanks: @​dzbarsky
• status: avoid allocations when returning an OK status (#2929)
  • Special Thanks: @​dzbarsky
• server: avoid allocations related to tracking excessive pings (#2923)
  • Special Thanks: @​dzbarsky

Bug Fixes

• transport: call Unlock in defer to avoid data race (#2953)
  • Special Thanks: @​lzhfromustc
• client: fix canceled vs deadline exceeded double-check logic (#2906)
• grpclb: recreate SubConns when switching fallback in case credentials change (#2899)
• server: populate WireLength on stats.InPayload for unary RPCs (#2932)
  • Special Thanks: @​ajwerner
• client: fix race between transport draining and new RPCs (#2919)
• balancer: filter out grpclb addresses if balancer is not grpclb (#2907)

Documentation

... (truncated)

Commits

• 6eaf6f4 Change version to 1.23.0 (#2972)
• ee21c92 transport: block reading frames when too many transport control frames are qu...
• ee87494 transport: fix race between header and RPC cancellation (#2947)
• b8d2675 wrr: add EDF implementation of weighted round robin. (#2957)
• a074ab2 internal: fix a typo. (#2964)
• 36ddecc Move code out of balancer/xds. (#2950)
• fde0cae stream: call stats handler if the attempt failed to get transport (#2962)
• cd5357d Change Unlock to defer Unlock, to avoid data race (#2953)
• 1f154c6 stream: fix panic caused by failing to get a transport for a retry attempt (#...
• a2bdfb4 balancer: populate endpoint weight by edsbalancer for weighted_round_robin (#...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/evenh/intercert/pull/49 **Author:** [@dependabot-preview[bot]](https://github.com/apps/dependabot-preview) **Created:** 8/14/2019 **Status:** ❌ Closed **Base:** `master` ← **Head:** `dependabot/go_modules/google.golang.org/grpc-1.23.0` --- ### 📝 Commits (1) - [`bdc9d61`](https://github.com/evenh/intercert/commit/bdc9d6180fee6d6315dd7f0f28678623312d14db) Bump google.golang.org/grpc from 1.21.1 to 1.23.0 ### 📊 Changes **2 files changed** (+6 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `go.mod` (+1 -1) 📝 `go.sum` (+5 -0) </details> ### 📄 Description Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.21.1 to 1.23.0. <details> <summary>Release notes</summary> *Sourced from [google.golang.org/grpc's releases](https://github.com/grpc/grpc-go/releases).* > ## Release 1.23.0 > # Security > > * transport: block reading frames when too many transport control frames are queued ([#2970](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2970)) > * Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). > > > # API Changes > > * xds: move code to a root level xds directory ([#2950](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2950)) > > # Behavior Changes > > * client: remove option to send RPCs before HTTP/2 handshake is completed ([#2904](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2904)) > > # New Features > > * grpclb: enable keepalive ([#2918](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2918)) > * balancer: start populating weight by edsbalancer for weighted_round_robin ([#2945](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2945)) > - Special Thanks: [@&#8203;alazarev](https://github.com/alazarev) > * wrr: add EDF implementation of weighted round robin. ([#2957](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2957)) > - Special Thanks: [@&#8203;alazarev](https://github.com/alazarev) > * status: Implement *statusError.Is ([#2868](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2868)) > - Special Thanks: [@&#8203;jsm](https://github.com/jsm) > > # Performance Improvements > > * server: avoid an unnecessary allocation per-RPC for OK status ([#2920](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2920)) > - Special Thanks: [@&#8203;dzbarsky](https://github.com/dzbarsky) > * server: avoid call to trace.FromContext and resulting allocations when tracing is disabled ([#2926](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2926)) > - Special Thanks: [@&#8203;dzbarsky](https://github.com/dzbarsky) > * http2client: remove unnecessary allocations for header fields ([#2925](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2925)) > - Special Thanks: [@&#8203;dzbarsky](https://github.com/dzbarsky) > * status: avoid allocations when returning an OK status ([#2929](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2929)) > - Special Thanks: [@&#8203;dzbarsky](https://github.com/dzbarsky) > * server: avoid allocations related to tracking excessive pings ([#2923](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2923)) > - Special Thanks: [@&#8203;dzbarsky](https://github.com/dzbarsky) > > # Bug Fixes > > * transport: call Unlock in defer to avoid data race ([#2953](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2953)) > - Special Thanks: [@&#8203;lzhfromustc](https://github.com/lzhfromustc) > * client: fix canceled vs deadline exceeded double-check logic ([#2906](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2906)) > * grpclb: recreate SubConns when switching fallback in case credentials change ([#2899](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2899)) > * server: populate WireLength on stats.InPayload for unary RPCs ([#2932](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2932)) > - Special Thanks: [@&#8203;ajwerner](https://github.com/ajwerner) > * client: fix race between transport draining and new RPCs ([#2919](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2919)) > * balancer: filter out grpclb addresses if balancer is not grpclb ([#2907](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2907)) > > # Documentation ></tr></table> ... (truncated) </details> <details> <summary>Commits</summary> - [`6eaf6f4`](https://github.com/grpc/grpc-go/commit/6eaf6f47437a6b4e2153a190160ef39a92c7eceb) Change version to 1.23.0 ([#2972](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2972)) - [`ee21c92`](https://github.com/grpc/grpc-go/commit/ee21c923a2d1b8c5aa62dea4ce93c2fecac5e687) transport: block reading frames when too many transport control frames are qu... - [`ee87494`](https://github.com/grpc/grpc-go/commit/ee87494b1f58190a421bb41cce5ccbe8e833c04b) transport: fix race between header and RPC cancellation ([#2947](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2947)) - [`b8d2675`](https://github.com/grpc/grpc-go/commit/b8d26754469b77393f71617c2430e7890cd52ccf) wrr: add EDF implementation of weighted round robin. ([#2957](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2957)) - [`a074ab2`](https://github.com/grpc/grpc-go/commit/a074ab2dcfb5a5f7204e997060da4c2799de3e95) internal: fix a typo. ([#2964](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2964)) - [`36ddecc`](https://github.com/grpc/grpc-go/commit/36ddeccf18604a5cb0fb17ceea9c24dffeb5b034) Move code out of balancer/xds. ([#2950](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2950)) - [`fde0cae`](https://github.com/grpc/grpc-go/commit/fde0cae1c4042d90d749f11d334dd1d122c5c25b) stream: call stats handler if the attempt failed to get transport ([#2962](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2962)) - [`cd5357d`](https://github.com/grpc/grpc-go/commit/cd5357d62e198155c00317414044a5cdba7c05aa) Change Unlock to defer Unlock, to avoid data race ([#2953](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2953)) - [`1f154c6`](https://github.com/grpc/grpc-go/commit/1f154c6e184f50fdc4dd8a81442944d130e1abe8) stream: fix panic caused by failing to get a transport for a retry attempt (#... - [`a2bdfb4`](https://github.com/grpc/grpc-go/commit/a2bdfb40ff25abb984d5e9a637cc01014504b750) balancer: populate endpoint weight by edsbalancer for weighted_round_robin (#... - Additional commits viewable in [compare view](https://github.com/grpc/grpc-go/compare/v1.21.1...v1.23.0) </details> <br /> [](https://dependabot.com/compatibility-score.html?dependency-name=google.golang.org/grpc&package-manager=go_modules&previous-version=1.21.1&new-version=1.23.0) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot. </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-25 22:31:19 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

2025

dependabot/docker/golang-1.22-alpine

dependabot/go_modules/github.com/spf13/viper-1.18.2

dependabot/go_modules/github.com/spf13/cobra-1.8.0

dependabot/go_modules/github.com/stretchr/testify-1.8.4

dependabot/go_modules/github.com/golang/protobuf-1.5.3

dependabot/docker/golang-1.16.6-alpine

dependabot/go_modules/google.golang.org/grpc-1.36.0

dependabot/go_modules/github.com/stretchr/testify-1.7.0

dependabot/go_modules/github.com/golang/protobuf-1.4.3

dependabot/go_modules/github.com/go-acme/lego/v3-3.9.0

dependabot/go_modules/github.com/spf13/viper-1.7.1

dependabot/go_modules/github.com/spf13/cobra-0.0.7

dependabot/go_modules/github.com/mholt/certmagic-0.9.3

dependabot/go_modules/github.com/pkg/errors-0.9.1

v0.0.2

v0.0.1

Labels

Clear labels   

enhancement

  

good first issue

  

hacktoberfest

  

pull-request

Mirrored from GitHub Pull Request

  

security

  

security

No labels

enhancement

good first issue

hacktoberfest

pull-request

security

security

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/intercert#177

No description provided.