Skip to content

build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3#607

Closed
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/go_modules/google.golang.org/grpc-1.79.3
Closed

build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3#607
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/go_modules/google.golang.org/grpc-1.79.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 6, 2026
edited
Loading

Bumps google.golang.org/grpc from 1.79.1 to 1.79.3.

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

  • server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

  • stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 6, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 6, 2026 18:57
lerian-studio
lerian-studio requested changes Apr 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@lerian-studio lerian-studio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Invalid Source Branch

Pull requests to main can only come from:

  • develop
  • release-candidate
  • hotfix/*

Your source branch: dependabot/go_modules/google.golang.org/grpc-1.79.3

Please change the base branch or create a PR from an allowed branch.

@brunobls brunobls changed the base branch from main to develop April 7, 2026 20:25
@gandalf-at-lerian
Copy link
Copy Markdown
Contributor

gandalf-at-lerian commented Apr 7, 2026

@dependabot rebase

@dependabot dependabot Bot changed the base branch from develop to main April 7, 2026 20:27
@dependabot dependabot Bot force-pushed the dependabot/go_modules/google.golang.org/grpc-1.79.3 branch from 9d57099 to 2627eda Compare April 7, 2026 20:27
lerian-studio
lerian-studio requested changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@lerian-studio lerian-studio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Invalid Source Branch

Pull requests to main can only come from:

  • develop
  • release-candidate
  • hotfix/*

Your source branch: dependabot/go_modules/google.golang.org/grpc-1.79.3

Please change the base branch or create a PR from an allowed branch.

@lerian-studio
Copy link
Copy Markdown
Contributor

lerian-studio commented Apr 7, 2026

📊 Unit Test Coverage Report: reporter-worker

Metric Value
Overall Coverage 90.9% ✅ PASS
Threshold 85%

Coverage by Package

Package Coverage
github.com/LerianStudio/reporter/components/worker/internal/services 93.0%

Generated by Go PR Analysis workflow

@lerian-studio
Copy link
Copy Markdown
Contributor

lerian-studio commented Apr 7, 2026

📊 Unit Test Coverage Report: reporter-manager

Metric Value
Overall Coverage 89.0% ✅ PASS
Threshold 85%

Coverage by Package

Package Coverage
github.com/LerianStudio/reporter/components/manager/internal/adapters/http/in 84.6%
github.com/LerianStudio/reporter/components/manager/internal/services 91.5%

Generated by Go PR Analysis workflow

@brunobls brunobls changed the base branch from main to develop April 7, 2026 20:35
gandalf-at-lerian
gandalf-at-lerian approved these changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gandalf-at-lerian gandalf-at-lerian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Patch-level bump of an indirect dependency (grpc-go 1.79.1 → 1.79.3).

This release includes a security fix: authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz (grpc/grpc-go#8981). Non-canonical paths are now immediately rejected with Unimplemented.

Changes are scoped to go.mod + go.sum — no code changes, no breaking API surface. Safe to merge.

@gandalf-at-lerian
Copy link
Copy Markdown
Contributor

gandalf-at-lerian commented Apr 7, 2026

@dependabot rebase

1 similar comment
@brunobls
Copy link
Copy Markdown
Member

brunobls commented Apr 7, 2026

@dependabot rebase

@dependabot
build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3
f6ee146 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.79.1 to 1.79.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.79.1...v1.79.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.79.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the base branch from develop to main April 7, 2026 20:36
@dependabot dependabot Bot force-pushed the dependabot/go_modules/google.golang.org/grpc-1.79.3 branch from 2627eda to f6ee146 Compare April 7, 2026 20:36
@gandalf-at-lerian gandalf-at-lerian changed the base branch from main to develop April 7, 2026 20:37
lerian-studio
lerian-studio requested changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@lerian-studio lerian-studio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Invalid Source Branch

Pull requests to main can only come from:

  • develop
  • release-candidate
  • hotfix/*

Your source branch: dependabot/go_modules/google.golang.org/grpc-1.79.3

Please change the base branch or create a PR from an allowed branch.

@gandalf-at-lerian
Copy link
Copy Markdown
Contributor

gandalf-at-lerian commented Apr 7, 2026

Closing — google.golang.org/grpc v1.79.3 is already present in develop. This bump was absorbed by a prior dependency update, so the PR has zero diff against the target branch. No action needed.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 7, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/go_modules/google.golang.org/grpc-1.79.3 branch April 7, 2026 20:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lerian-studio lerian-studio lerian-studio requested changes

@brunobls brunobls brunobls approved these changes

@gandalf-at-lerian gandalf-at-lerian gandalf-at-lerian approved these changes

Assignees

No one assigned

Labels

area: dependencies dependencies Pull requests that update a dependency file go Pull requests that update go code size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gandalf-at-lerian @lerian-studio @brunobls