The recently added grpc.NewClient function is incompatible with forward proxies, because it resolves the target hostname on the client instead of passing the hostname to the proxy. This bug has been present since the introduction of NewClient. A fix is expected to be a part of grpc-go v1.69. (#7556)
Behavior Changes
stats/opentelemetry/csm: Get mesh_id local label from "CSM_MESH_ID" environment variable, rather than parsing from bootstrap file (#7740)
orca (experimental): if using an ORCA listener, it must now be registered only on a READY SubConn, and the listener will automatically be stopped when the connection is lost. (#7663)
client: ClientConn.Close() now closes transports simultaneously and waits for transports to be closed before returning. (#7666)
credentials: TLS credentials created via NewTLS that use tls.Config.GetConfigForClient will now have CipherSuites, supported TLS versions and ALPN configured automatically. These were previously only set for configs not using the GetConfigForClient option. (#7709)
Bug Fixes
transport: prevent deadlock in client transport shutdown when writing the GOAWAY frame hangs. (#7662)
mem: reuse buffers more accurately by using slice capacity instead of length (#7702)
status: Fix regression caused by #6919 in status.Details() causing it to return a wrapped type when getting proto messages generated with protoc-gen-go < v1. (#7724)
Dependencies
Bump minimum supported Go version to go1.22.7. (#7624)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the production-dependencies group with 5 updates in the / directory:
0.21.00.22.00.8.00.9.01.67.11.68.01.35.11.35.21.33.11.34.1Updates
github.com/google/cel-gofrom 0.21.0 to 0.22.0Release notes
Sourced from github.com/google/cel-go's releases.
Commits
8ad600bEnsure variables in comprehensions don't collide (#1062)3f12ecaSupport for cel.@blockduring policy composition (#1056)f9db1d6Expand visibility of package (#1057)b43274dUpdate go.mod for policy and repl (#1054)ba36ff8Fix out of range error for non-negative string indexing offsets (#1052)3338c3fUpgrade cel-go to support bazel-mod (#1049)7c13168Fix doc strings and version support on math extensions (#1046)04eb5b9Rename strings version test (#1047)bf20be9Add functions to the lists extension. (#1037)bbbc670Remove unused server directory (#1041)Updates
golang.org/x/syncfrom 0.8.0 to 0.9.0Commits
151027eREADME: don't recommend go getUpdates
google.golang.org/grpcfrom 1.67.1 to 1.68.0Release notes
Sourced from google.golang.org/grpc's releases.
Commits
acba4d3Change version to 1.68.0 (#7743)5363dcacredentials: Apply defaults to TLS configs provided through GetConfigForClien...056dc64status: Fix status incompatibility introduced by #6919 and move non-regenerat...b79fb61mem: use slice capacity instead of length, to determine whether to pool buffe...54841efstats/opentelemetry/csm: Get mesh_id local label from "CSM_MESH_ID" environme...ad81c20pickfirstleaf: minor simplification to reconcileSubConnsLocked method (#7731)b850ea5transport : wait for goroutines to exit before transport closes (#7666)00b9e14pickfirst: New pick first policy for dualstack (#7498)18a4eactestutils: add couple of log statements to the restartable listener type (#7716)fdc2ec2xdsclient: deflake TestADS_ResourcesAreRequestedAfterStreamRestart (#7720)Updates
google.golang.org/protobuffrom 1.35.1 to 1.35.2Updates
modernc.org/sqlitefrom 1.33.1 to 1.34.1Commits
8406fdaUpdate change logeaf7611Merge branch 'master' into 'master'13122eeImplement ResetSession and IsValid methods in connection188943badd LiberaPay badgesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show