Skip to content

Bump google.golang.org/grpc from 1.79.2 to 1.79.3#3339

Merged
knative-prow[bot] merged 2 commits intomainfrom
dependabot/go_modules/google.golang.org/grpc-1.79.3
Mar 19, 2026
Merged

Bump google.golang.org/grpc from 1.79.2 to 1.79.3#3339
knative-prow[bot] merged 2 commits intomainfrom
dependabot/go_modules/google.golang.org/grpc-1.79.3

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 19, 2026

Bumps google.golang.org/grpc from 1.79.2 to 1.79.3.

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

  • server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump google.golang.org/grpc from 1.79.2 to 1.79.3
8248446 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.79.2 to 1.79.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.79.2...v1.79.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.79.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 19, 2026
@knative-prow
Copy link

knative-prow bot commented Mar 19, 2026

There are empty aliases in OWNER_ALIASES, cleanup is advised.

@knative-prow knative-prow bot requested review from creydr and skonto March 19, 2026 02:46
@knative-prow knative-prow bot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Mar 19, 2026
@knative-prow knative-prow bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Mar 19, 2026
@dprotaso
Copy link
Member

dprotaso commented Mar 19, 2026

/cherry-pick release-1.21
/lgtm
/approve

@knative-prow-robot
Copy link
Contributor

knative-prow-robot commented Mar 19, 2026

@dprotaso: once the present PR merges, I will cherry-pick it on top of release-1.21 in a new PR and assign it to you.

Details

In response to this:

/cherry-pick release-1.21
/lgtm
/approve

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Mar 19, 2026
@knative-prow
Copy link

knative-prow bot commented Mar 19, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dependabot[bot], dprotaso

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow knative-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 19, 2026
@dprotaso
Copy link
Member

dprotaso commented Mar 19, 2026

/cherry-pick release-1.20

@knative-prow-robot
Copy link
Contributor

knative-prow-robot commented Mar 19, 2026

@dprotaso: once the present PR merges, I will cherry-pick it on top of release-1.20 in a new PR and assign it to you.

Details

In response to this:

/cherry-pick release-1.20

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@knative-prow knative-prow bot merged commit 8c68e18 into main Mar 19, 2026
5 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/google.golang.org/grpc-1.79.3 branch March 19, 2026 14:48
@knative-prow-robot
Copy link
Contributor

knative-prow-robot commented Mar 19, 2026

@dprotaso: #3339 failed to apply on top of branch "release-1.21":

Applying: Bump google.golang.org/grpc from 1.79.2 to 1.79.3
Using index info to reconstruct a base tree...
M	go.mod
M	go.sum
M	vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
M	vendor/google.golang.org/grpc/server.go
M	vendor/google.golang.org/grpc/version.go
M	vendor/modules.txt
Falling back to patching base and 3-way merge...
Auto-merging vendor/modules.txt
CONFLICT (content): Merge conflict in vendor/modules.txt
Auto-merging vendor/google.golang.org/grpc/version.go
CONFLICT (content): Merge conflict in vendor/google.golang.org/grpc/version.go
Auto-merging vendor/google.golang.org/grpc/server.go
Auto-merging vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
CONFLICT (content): Merge conflict in vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
Auto-merging go.sum
CONFLICT (content): Merge conflict in go.sum
Auto-merging go.mod
CONFLICT (content): Merge conflict in go.mod
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config set advice.mergeConflict false"
Patch failed at 0001 Bump google.golang.org/grpc from 1.79.2 to 1.79.3
Details

In response to this:

/cherry-pick release-1.21
/lgtm
/approve

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@knative-prow-robot
Copy link
Contributor

knative-prow-robot commented Mar 19, 2026

@dprotaso: #3339 failed to apply on top of branch "release-1.20":

Applying: Bump google.golang.org/grpc from 1.79.2 to 1.79.3
Using index info to reconstruct a base tree...
M	go.mod
M	go.sum
M	vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
M	vendor/google.golang.org/grpc/server.go
M	vendor/google.golang.org/grpc/version.go
M	vendor/modules.txt
Falling back to patching base and 3-way merge...
Auto-merging vendor/modules.txt
CONFLICT (content): Merge conflict in vendor/modules.txt
Auto-merging vendor/google.golang.org/grpc/version.go
CONFLICT (content): Merge conflict in vendor/google.golang.org/grpc/version.go
Auto-merging vendor/google.golang.org/grpc/server.go
Auto-merging vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
CONFLICT (content): Merge conflict in vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
Auto-merging go.sum
CONFLICT (content): Merge conflict in go.sum
Auto-merging go.mod
CONFLICT (content): Merge conflict in go.mod
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config set advice.mergeConflict false"
Patch failed at 0001 Bump google.golang.org/grpc from 1.79.2 to 1.79.3
Details

In response to this:

/cherry-pick release-1.20

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@dprotaso
Copy link
Member

dprotaso commented Mar 19, 2026

cc @Fedosin @linkvt if you're pulling things into release branches you might want to check which dependency bumps are also worth pulling in

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@creydr creydr Awaiting requested review from creydr

@skonto skonto Awaiting requested review from skonto

Assignees

@dprotaso dprotaso

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dependencies Pull requests that update a dependency file go Pull requests that update Go code lgtm Indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dprotaso @knative-prow-robot