search

zapier / kubechecks

Check your Kubernetes changes before they hit the cluster
https://kubechecks.readthedocs.io/en/latest/
Mozilla Public License 2.0
155 stars 14 forks source link

Bump google.golang.org/grpc from 1.64.0 to 1.65.0 #252

Closed dependabot[bot] closed 1 week ago

dependabot[bot] commented 1 month ago

Bumps google.golang.org/grpc from 1.64.0 to 1.65.0.

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.65.0

Dependencies

  • Change support policy to cover only the latest TWO releases of Go, matching the policy for Go itself. See #7249 for more information. (#7250)
  • Update x/net/http2 to address CVE-2023-45288 (#7282)

Behavior Changes

  • credentials/tls: clients and servers will now reject connections that don't support ALPN when environment variable GRPC_ENFORCE_ALPN_ENABLED is set to "true" (case insensitive). (#7184)
    • NOTE: this behavior will become the default in a future release.
  • metadata: remove String method from MD to make printing more consistent (#7373)

New Features

  • grpc: add WithMaxCallAttempts to configure gRPC's retry behavior per-channel. (#7229)

Bug Fixes

  • ringhash: properly apply endpoint weights instead of ignoring them (#7156)
  • xds: fix a bug that could cause xds-enabled servers to stop accepting new connections after handshaking errors (#7128)

Release 1.64.1

Dependencies

  • Update x/net/http2 to address CVE-2023-45288 (#7352)
  • metadata: remove String method from MD to make printing consistent (#7374)
Commits
  • 2da9769 Change version to 1.65.0 (#7306)
  • ede96b7 metadata: remove String method (#7373)
  • 64be203 grpc: Readd pick first name (#7336) (#7341)
  • 25e33a6 examples: Add CSM Observability example (#7302) (#7318)
  • 04a5f46 xds/internal/xdsclient: Emit unknown for CSM Labels if not present in CDS (#7...
  • cff5c3e stats/opentelemetry: Add e2e testing for CSM Observability (#7279) (#7316)
  • 9b970fd dns: fix constant 30s backoff for re-resolution (#7262) (#7311)
  • 6d23620 documentation: on server, use FromIncomingContext for retrieving context and...
  • 7e5898e xds: unify xDS client creation APIs meant for testing (#7268)
  • 5d7bd7a interop/xds: Interop client and server changes for CSM Observability (#7280)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
github-actions[bot] commented 1 month ago

Temporary image deleted.

zapier-sre-bot commented 1 month ago

Mergecat's Review

Click to read mergecats review! ## 😼 Mergecat review of go.mod ```diff @@ -54,7 +54,7 @@ require ( golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 golang.org/x/net v0.26.0 golang.org/x/oauth2 v0.20.0 - google.golang.org/grpc v1.64.0 + google.golang.org/grpc v1.65.0 gopkg.in/dealancer/validate.v2 v2.1.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.26.15 ``` ### Feedback & Suggestions: 1. **Dependency Update Verification**: Ensure that the update from `google.golang.org/grpc v1.64.0` to `v1.65.0` is compatible with your codebase. Check the release notes for any breaking changes or deprecations that might affect your project. 2. **Security Considerations**: Verify if the new version addresses any security vulnerabilities. It's always good practice to keep dependencies up-to-date, but ensure that the update does not introduce new vulnerabilities. 3. **Testing**: After updating the dependency, run your test suite to ensure that everything works as expected. This will help catch any issues introduced by the new version. 4. **Documentation**: If your project has documentation that specifies dependency versions, make sure to update it to reflect this change. --- Overall, the diff looks good, but always ensure thorough testing and verification when updating dependencies. 🚀

Dependency Review

Click to read mergecats review! No suggestions found
dependabot[bot] commented 1 week ago

Superseded by #267.