[PR #56] [MERGED] Bump google.golang.org/grpc from 1.21.1 to 1.24.0 #180

New issue

Closed

opened 2026-02-25 22:31:20 +03:00 by kerem · 0 comments

kerem commented 2026-02-25 22:31:20 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/evenh/intercert/pull/56
Author: @dependabot-preview[bot]
Created: 10/25/2019
Status: ✅ Merged
Merged: 10/25/2019
Merged by: @evenh

Base: master ← Head: dependabot/go_modules/google.golang.org/grpc-1.24.0

---

📝 Commits (1)

• cf86589 Bump google.golang.org/grpc from 1.21.1 to 1.24.0

📊 Changes

2 files changed (+6 additions, -1 deletions)

View changed files

📝 go.mod (+1 -1)
📝 go.sum (+5 -0)

📄 Description

Bumps google.golang.org/grpc from 1.21.1 to 1.24.0.

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.24.0

Dependencies

• internal: update proto library version used to generate pb.go files (#3025)

New Features

• xds: add functionality to read bootstrap file. (#3000)

Performance Improvements

• transport: remove defer in http2Client.getStream (#2980)
  • Special Thanks: @​dzbarsky
• transport: derive transport context from context.Background (#2930)
  • Special Thanks: @​JNProtzman

Bug Fixes

• client: consider service config invalid if loadBalancingConfig contains no supported policy (#3034)
• credentials/alts: fix panic detecting GCP environment (#2996)
  • Special Thanks: @​mwhudson
• internal: fix context leak when stream is not created successfully (#2985)
• grpclb: fix deadlock in grpclb connection cache (#3017)
• server: set and advertise max frame size of 16KB (#3018)

Release 1.23.1

• server: set and advertise max frame size of 16KB (#3018)

• grpclb: fix deadlock in grpclb connection cache (#3017)

  Before the fix, if the timer to remove a SubConn fires at the same time
  NewSubConn cancels the timer, it caused a mutex leak and deadlock.

Release 1.23.0

Security

• transport: block reading frames when too many transport control frames are queued (#2970)
  • Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood).

API Changes

• xds: move code to a root level xds directory (#2950)

Behavior Changes

• client: remove option to send RPCs before HTTP/2 handshake is completed (#2904)

New Features

... (truncated)

Commits

• f6d0f9e Change version to 1.24.0 (#3041)
• 230def7 docs: fix debugging README typo (#3037)
• 788ffe6 Update governance, contributing, code of conduct docs (#3033)
• 6b46f47 client: consider service config invalid if loadBalancingConfig… (#3034)
• a5e64ec test: fix channelz test for violating flow control (#3031)
• e2cfd1c internal: update proto library version (#3025)
• 7b8c556 Add functionality to read xDS bootstrap file. (#3000)
• 40ed2eb server: set and advertise max frame size of 16KB (#3018)
• ac35b67 grpclb: fix deadlock in grpclb connection cache (#3017)
• 4ccf24a vet: ignore status code from grep -L (#3016)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/evenh/intercert/pull/56 **Author:** [@dependabot-preview[bot]](https://github.com/apps/dependabot-preview) **Created:** 10/25/2019 **Status:** ✅ Merged **Merged:** 10/25/2019 **Merged by:** [@evenh](https://github.com/evenh) **Base:** `master` ← **Head:** `dependabot/go_modules/google.golang.org/grpc-1.24.0` --- ### 📝 Commits (1) - [`cf86589`](https://github.com/evenh/intercert/commit/cf865895576b5abf057713546b589aa55d77acf0) Bump google.golang.org/grpc from 1.21.1 to 1.24.0 ### 📊 Changes **2 files changed** (+6 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `go.mod` (+1 -1) 📝 `go.sum` (+5 -0) </details> ### 📄 Description Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.21.1 to 1.24.0. <details> <summary>Release notes</summary> *Sourced from [google.golang.org/grpc's releases](https://github.com/grpc/grpc-go/releases).* > ## Release 1.24.0 > # Dependencies > > * internal: update proto library version used to generate pb.go files ([#3025](https://github-redirect.dependabot.com/grpc/grpc-go/issues/3025)) > > # New Features > > * xds: add functionality to read bootstrap file. ([#3000](https://github-redirect.dependabot.com/grpc/grpc-go/issues/3000)) > > # Performance Improvements > > * transport: remove defer in http2Client.getStream ([#2980](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2980)) > - Special Thanks: [@&#8203;dzbarsky](https://github.com/dzbarsky) > * transport: derive transport context from context.Background ([#2930](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2930)) > - Special Thanks: [@&#8203;JNProtzman](https://github.com/JNProtzman) > > # Bug Fixes > > * client: consider service config invalid if loadBalancingConfig contains no supported policy ([#3034](https://github-redirect.dependabot.com/grpc/grpc-go/issues/3034)) > * credentials/alts: fix panic detecting GCP environment ([#2996](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2996)) > - Special Thanks: [@&#8203;mwhudson](https://github.com/mwhudson) > * internal: fix context leak when stream is not created successfully ([#2985](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2985)) > * grpclb: fix deadlock in grpclb connection cache ([#3017](https://github-redirect.dependabot.com/grpc/grpc-go/issues/3017)) > * server: set and advertise max frame size of 16KB ([#3018](https://github-redirect.dependabot.com/grpc/grpc-go/issues/3018)) > > > ## Release 1.23.1 > * server: set and advertise max frame size of 16KB ([#3018](https://github-redirect.dependabot.com/grpc/grpc-go/issues/3018)) > > * grpclb: fix deadlock in grpclb connection cache ([#3017](https://github-redirect.dependabot.com/grpc/grpc-go/issues/3017)) > > Before the fix, if the timer to remove a SubConn fires at the same time > NewSubConn cancels the timer, it caused a mutex leak and deadlock. > > ## Release 1.23.0 > # Security > > * transport: block reading frames when too many transport control frames are queued ([#2970](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2970)) > * Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). > > > # API Changes > > * xds: move code to a root level xds directory ([#2950](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2950)) > > # Behavior Changes > > * client: remove option to send RPCs before HTTP/2 handshake is completed ([#2904](https://github-redirect.dependabot.com/grpc/grpc-go/issues/2904)) > > # New Features ></tr></table> ... (truncated) </details> <details> <summary>Commits</summary> - [`f6d0f9e`](https://github.com/grpc/grpc-go/commit/f6d0f9ee430895e87ef1ceb5ac8f39725bafceef) Change version to 1.24.0 ([#3041](https://github-redirect.dependabot.com/grpc/grpc-go/issues/3041)) - [`230def7`](https://github.com/grpc/grpc-go/commit/230def769105c46b2e597578b23002a6ac159dde) docs: fix debugging README typo ([#3037](https://github-redirect.dependabot.com/grpc/grpc-go/issues/3037)) - [`788ffe6`](https://github.com/grpc/grpc-go/commit/788ffe62759ade61e0d6273e480c9e8f3d09d30d) Update governance, contributing, code of conduct docs ([#3033](https://github-redirect.dependabot.com/grpc/grpc-go/issues/3033)) - [`6b46f47`](https://github.com/grpc/grpc-go/commit/6b46f470d101e9ad1c8a02a4c8cb06fb53a0d300) client: consider service config invalid if loadBalancingConfig… ([#3034](https://github-redirect.dependabot.com/grpc/grpc-go/issues/3034)) - [`a5e64ec`](https://github.com/grpc/grpc-go/commit/a5e64ec425533f3212fb53add0c4c45c4f9a3890) test: fix channelz test for violating flow control ([#3031](https://github-redirect.dependabot.com/grpc/grpc-go/issues/3031)) - [`e2cfd1c`](https://github.com/grpc/grpc-go/commit/e2cfd1c28f4a49333263cf65123aae57b081750b) internal: update proto library version ([#3025](https://github-redirect.dependabot.com/grpc/grpc-go/issues/3025)) - [`7b8c556`](https://github.com/grpc/grpc-go/commit/7b8c5564b6e27cdc45ff89e1367bbd0993750e88) Add functionality to read xDS bootstrap file. ([#3000](https://github-redirect.dependabot.com/grpc/grpc-go/issues/3000)) - [`40ed2eb`](https://github.com/grpc/grpc-go/commit/40ed2eb467471df2bd3c59e66cc5357159062d48) server: set and advertise max frame size of 16KB ([#3018](https://github-redirect.dependabot.com/grpc/grpc-go/issues/3018)) - [`ac35b67`](https://github.com/grpc/grpc-go/commit/ac35b67779b9802189d5c0bcfc25d84ce7ba36a1) grpclb: fix deadlock in grpclb connection cache ([#3017](https://github-redirect.dependabot.com/grpc/grpc-go/issues/3017)) - [`4ccf24a`](https://github.com/grpc/grpc-go/commit/4ccf24ac5d6329f8ae702de2e62866928da54a77) vet: ignore status code from grep -L ([#3016](https://github-redirect.dependabot.com/grpc/grpc-go/issues/3016)) - Additional commits viewable in [compare view](https://github.com/grpc/grpc-go/compare/v1.21.1...v1.24.0) </details> <br /> [](https://dependabot.com/compatibility-score.html?dependency-name=google.golang.org/grpc&package-manager=go_modules&previous-version=1.21.1&new-version=1.24.0) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-25 22:31:20 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

2025

dependabot/docker/golang-1.22-alpine

dependabot/go_modules/github.com/spf13/viper-1.18.2

dependabot/go_modules/github.com/spf13/cobra-1.8.0

dependabot/go_modules/github.com/stretchr/testify-1.8.4

dependabot/go_modules/github.com/golang/protobuf-1.5.3

dependabot/docker/golang-1.16.6-alpine

dependabot/go_modules/google.golang.org/grpc-1.36.0

dependabot/go_modules/github.com/stretchr/testify-1.7.0

dependabot/go_modules/github.com/golang/protobuf-1.4.3

dependabot/go_modules/github.com/go-acme/lego/v3-3.9.0

dependabot/go_modules/github.com/spf13/viper-1.7.1

dependabot/go_modules/github.com/spf13/cobra-0.0.7

dependabot/go_modules/github.com/mholt/certmagic-0.9.3

dependabot/go_modules/github.com/pkg/errors-0.9.1

v0.0.2

v0.0.1

Labels

Clear labels   

enhancement

  

good first issue

  

hacktoberfest

  

pull-request

Mirrored from GitHub Pull Request

  

security

  

security

No labels

enhancement

good first issue

hacktoberfest

pull-request

security

security

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/intercert#180

No description provided.