Skip to content

deps: bump google.golang.org/grpc from 1.79.1 to 1.79.3#43

Merged
tnando merged 2 commits into
mainfrom
dependabot/go_modules/google.golang.org/grpc-1.79.3
Apr 5, 2026
Merged

deps: bump google.golang.org/grpc from 1.79.1 to 1.79.3#43
tnando merged 2 commits into
mainfrom
dependabot/go_modules/google.golang.org/grpc-1.79.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 19, 2026
edited
Loading

Bumps google.golang.org/grpc from 1.79.1 to 1.79.3.

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

  • server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

  • stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)
Commits

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Mar 19, 2026

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot force-pushed the dependabot/go_modules/google.golang.org/grpc-1.79.3 branch 2 times, most recently from a81f2f2 to 0be64b3 Compare March 24, 2026 03:55
@dependabot
deps: bump google.golang.org/grpc from 1.79.1 to 1.79.3
610ff8e 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.79.1 to 1.79.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.79.1...v1.79.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.79.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/google.golang.org/grpc-1.79.3 branch from 0be64b3 to 610ff8e Compare April 5, 2026 03:43
@tnando
Copy link
Copy Markdown
Collaborator

tnando commented Apr 5, 2026
edited
Loading

Claude finished @tnando's task in 16s —— View job

Review Summary

Verdict: APPROVE

Domain focus: none (general review only)

This is a Dependabot patch bump of google.golang.org/grpc from 1.79.1 → 1.79.3. The diff touches only go.mod and go.sum (+3/-3). The upstream release notes include:

Both are safe patch-level changes on the same minor (1.79.x), with a relevant security fix. No code changes required in this repo.

Findings

Critical (must fix)

  • None

Warnings (should fix)

  • None

Suggestions

  • None — take the patch bump, especially for the authz security fix.

Domain-Specific Notes

No agent labels on this PR; no domain-specific review applied. CI (build, lint, test, contract-guard) should be green before merge per CLAUDE.md merge policy.

tnando-gh-bot
tnando-gh-bot approved these changes Apr 5, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@tnando-gh-bot tnando-gh-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude AI review: Approved — all checks passed.

@tnando tnando merged commit 475450c into main Apr 5, 2026
9 checks passed
@tnando tnando deleted the dependabot/go_modules/google.golang.org/grpc-1.79.3 branch April 5, 2026 03:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tnando-gh-bot tnando-gh-bot tnando-gh-bot approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tnando @tnando-gh-bot