Skip to content

Bump grpc.version from 1.18.0 to 1.24.1 #125

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot-preview wants to merge 1 commit into from
Closed

Bump grpc.version from 1.18.0 to 1.24.1 #125

dependabot-preview wants to merge 1 commit into from

Conversation

@dependabot-preview
Copy link
Contributor

@dependabot-preview dependabot-preview bot commented Oct 24, 2019

Bumps grpc.version from 1.18.0 to 1.24.1.

Updates grpc-netty from 1.18.0 to 1.24.1

Release notes

Sourced from grpc-netty's releases.

v1.24.0

Dependencies

  • core: Migrate to new OpenCensus method & status tags (#5996)

Bug Fixes

  • core: handle removing partially-closed resources for throwing on close. Fixes #6002. (#6044)
  • auth: fix builder invocation for converting Google service account to Jwt access credential (#6106)
  • netty: netty client using http proxy may experienced hang is fixed (#6159). This issue was introduced in 1.22.0.
  • bazel: Fix java path separator bug on Windows (#6054)
  • grpclb: fix pick_first mode shutdown without subchannels. (#6072)

API Changes

  • The deprecated API ManagedChannelBuilder.usePlaintext(boolean skipNegotiation) will be removed in the next release. If you are still using it, please plan a migration (#1772)
  • android: final stabilization of AndroidChannelBuilder (#6097). AndroidChannelBuilder is stabilized. Deprecated APIs are deleted. fromBuilder(...) is deprecated with replacement of usingBuilder(...).
  • core: allow setting custom Deadline.Ticker to InProcessServerBuilder (#6034)

New Features

  • bazel: Added //netty:shaded_maven target, similar to netty-shaded. It is only intended as a dependency for pre-compiled JARs
  • bazel: Added IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS for use with maven_install. See repositories.bzl for how to use
  • cronet: add grpc-cronet artifact publishing configurations (#6130). grpc-cronet is published as a standalone artifact in maven central.

Documentation

  • doc: explicitly mention that Deadline might saturate (#6085)

Acknowledgements

v1.23.0

This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood). Users using the grpc-netty server with untrusted clients should upgrade.

Dependencies

  • Bump netty to 4.1.38
  • Bump PerfMark to 0.17.0
  • Bump protobuf to 3.9.0

Bug Fixes

  • netty: Limit number of frames a client can cause the server to enqueue (#6056). Addresses CVE-2019-9515 (Settings flood). While grpc-java was not vulnerable to CVE-2019-9512 (Ping flood) nor CVE-2019-9514 (Reset flood), the fix provides protections against these attacks as well
  • alts: Fix server hang (#5900)
  • context: Fix race between CancellableContext and Context (#5981)
  • stub: Avoid race in onHalfClose server StreamObserver (#5991)
  • core: Avoid using partially-closed resources that threw during close in SharedResourceHolder (#6048). This avoids a permanent hang when using google-cloud-java. See googleapis/google-cloud-java#5810 and googleapis/google-cloud-java#5801

API Changes

... (truncated)
Commits
  • 2f0c3e7 Bump version to 1.24.1
  • d832c95 Update README etc to reference 1.24.1
  • e665962 okhttp: fix header scheme does not match transport type.
  • 9e5a08c bom: specify pom type for protoc-gen-grpc-java
  • 8d8d205 bom: format(tab->space) build.gradle
  • 52c449d Revert "buildscripts: android.sh to clean the build when building HEAD^"
  • b13d31c repositories.bzl: Fix typo in maven_install override_targets
  • 0612d84 Bump version to 1.24.1-SNAPSHOT
  • 93f0733 Bump version to 1.24.0
  • 4d79cdf Update README etc to reference 1.24.0
  • Additional commits viewable in compare view

Updates grpc-protobuf from 1.18.0 to 1.24.1

Release notes

Sourced from grpc-protobuf's releases.

v1.24.0

Dependencies

  • core: Migrate to new OpenCensus method & status tags (#5996)

Bug Fixes

  • core: handle removing partially-closed resources for throwing on close. Fixes #6002. (#6044)
  • auth: fix builder invocation for converting Google service account to Jwt access credential (#6106)
  • netty: netty client using http proxy may experienced hang is fixed (#6159). This issue was introduced in 1.22.0.
  • bazel: Fix java path separator bug on Windows (#6054)
  • grpclb: fix pick_first mode shutdown without subchannels. (#6072)

API Changes

  • The deprecated API ManagedChannelBuilder.usePlaintext(boolean skipNegotiation) will be removed in the next release. If you are still using it, please plan a migration (#1772)
  • android: final stabilization of AndroidChannelBuilder (#6097). AndroidChannelBuilder is stabilized. Deprecated APIs are deleted. fromBuilder(...) is deprecated with replacement of usingBuilder(...).
  • core: allow setting custom Deadline.Ticker to InProcessServerBuilder (#6034)

New Features

  • bazel: Added //netty:shaded_maven target, similar to netty-shaded. It is only intended as a dependency for pre-compiled JARs
  • bazel: Added IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS for use with maven_install. See repositories.bzl for how to use
  • cronet: add grpc-cronet artifact publishing configurations (#6130). grpc-cronet is published as a standalone artifact in maven central.

Documentation

  • doc: explicitly mention that Deadline might saturate (#6085)

Acknowledgements

v1.23.0

This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood). Users using the grpc-netty server with untrusted clients should upgrade.

Dependencies

  • Bump netty to 4.1.38
  • Bump PerfMark to 0.17.0
  • Bump protobuf to 3.9.0

Bug Fixes

  • netty: Limit number of frames a client can cause the server to enqueue (#6056). Addresses CVE-2019-9515 (Settings flood). While grpc-java was not vulnerable to CVE-2019-9512 (Ping flood) nor CVE-2019-9514 (Reset flood), the fix provides protections against these attacks as well
  • alts: Fix server hang (#5900)
  • context: Fix race between CancellableContext and Context (#5981)
  • stub: Avoid race in onHalfClose server StreamObserver (#5991)
  • core: Avoid using partially-closed resources that threw during close in SharedResourceHolder (#6048). This avoids a permanent hang when using google-cloud-java. See googleapis/google-cloud-java#5810 and googleapis/google-cloud-java#5801

API Changes

... (truncated)
Commits
  • 2f0c3e7 Bump version to 1.24.1
  • d832c95 Update README etc to reference 1.24.1
  • e665962 okhttp: fix header scheme does not match transport type.
  • 9e5a08c bom: specify pom type for protoc-gen-grpc-java
  • 8d8d205 bom: format(tab->space) build.gradle
  • 52c449d Revert "buildscripts: android.sh to clean the build when building HEAD^"
  • b13d31c repositories.bzl: Fix typo in maven_install override_targets
  • 0612d84 Bump version to 1.24.1-SNAPSHOT
  • 93f0733 Bump version to 1.24.0
  • 4d79cdf Update README etc to reference 1.24.0
  • Additional commits viewable in compare view

Updates grpc-stub from 1.18.0 to 1.24.1

Release notes

Sourced from grpc-stub's releases.

v1.24.0

Dependencies

  • core: Migrate to new OpenCensus method & status tags (#5996)

Bug Fixes

  • core: handle removing partially-closed resources for throwing on close. Fixes #6002. (#6044)
  • auth: fix builder invocation for converting Google service account to Jwt access credential (#6106)
  • netty: netty client using http proxy may experienced hang is fixed (#6159). This issue was introduced in 1.22.0.
  • bazel: Fix java path separator bug on Windows (#6054)
  • grpclb: fix pick_first mode shutdown without subchannels. (#6072)

API Changes

  • The deprecated API ManagedChannelBuilder.usePlaintext(boolean skipNegotiation) will be removed in the next release. If you are still using it, please plan a migration (#1772)
  • android: final stabilization of AndroidChannelBuilder (#6097). AndroidChannelBuilder is stabilized. Deprecated APIs are deleted. fromBuilder(...) is deprecated with replacement of usingBuilder(...).
  • core: allow setting custom Deadline.Ticker to InProcessServerBuilder (#6034)

New Features

  • bazel: Added //netty:shaded_maven target, similar to netty-shaded. It is only intended as a dependency for pre-compiled JARs
  • bazel: Added IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS for use with maven_install. See repositories.bzl for how to use
  • cronet: add grpc-cronet artifact publishing configurations (#6130). grpc-cronet is published as a standalone artifact in maven central.

Documentation

  • doc: explicitly mention that Deadline might saturate (#6085)

Acknowledgements

v1.23.0

This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood). Users using the grpc-netty server with untrusted clients should upgrade.

Dependencies

  • Bump netty to 4.1.38
  • Bump PerfMark to 0.17.0
  • Bump protobuf to 3.9.0

Bug Fixes

  • netty: Limit number of frames a client can cause the server to enqueue (#6056). Addresses CVE-2019-9515 (Settings flood). While grpc-java was not vulnerable to CVE-2019-9512 (Ping flood) nor CVE-2019-9514 (Reset flood), the fix provides protections against these attacks as well
  • alts: Fix server hang (#5900)
  • context: Fix race between CancellableContext and Context (#5981)
  • stub: Avoid race in onHalfClose server StreamObserver (#5991)
  • core: Avoid using partially-closed resources that threw during close in SharedResourceHolder (#6048). This avoids a permanent hang when using google-cloud-java. See googleapis/google-cloud-java#5810 and googleapis/google-cloud-java#5801

API Changes

... (truncated)
Commits
  • 2f0c3e7 Bump version to 1.24.1
  • d832c95 Update README etc to reference 1.24.1
  • e665962 okhttp: fix header scheme does not match transport type.
  • 9e5a08c bom: specify pom type for protoc-gen-grpc-java
  • 8d8d205 bom: format(tab->space) build.gradle
  • 52c449d Revert "buildscripts: android.sh to clean the build when building HEAD^"
  • b13d31c repositories.bzl: Fix typo in maven_install override_targets
  • 0612d84 Bump version to 1.24.1-SNAPSHOT
  • 93f0733 Bump version to 1.24.0
  • 4d79cdf Update README etc to reference 1.24.0
  • Additional commits viewable in compare view

Updates grpc-core from 1.18.0 to 1.24.1

Release notes

Sourced from grpc-core's releases.

v1.24.0

Dependencies

  • core: Migrate to new OpenCensus method & status tags (#5996)

Bug Fixes

  • core: handle removing partially-closed resources for throwing on close. Fixes #6002. (#6044)
  • auth: fix builder invocation for converting Google service account to Jwt access credential (#6106)
  • netty: netty client using http proxy may experienced hang is fixed (#6159). This issue was introduced in 1.22.0.
  • bazel: Fix java path separator bug on Windows (#6054)
  • grpclb: fix pick_first mode shutdown without subchannels. (#6072)

API Changes

  • The deprecated API ManagedChannelBuilder.usePlaintext(boolean skipNegotiation) will be removed in the next release. If you are still using it, please plan a migration (#1772)
  • android: final stabilization of AndroidChannelBuilder (#6097). AndroidChannelBuilder is stabilized. Deprecated APIs are deleted. fromBuilder(...) is deprecated with replacement of usingBuilder(...).
  • core: allow setting custom Deadline.Ticker to InProcessServerBuilder (#6034)

New Features

  • bazel: Added //netty:shaded_maven target, similar to netty-shaded. It is only intended as a dependency for pre-compiled JARs
  • bazel: Added IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS for use with maven_install. See repositories.bzl for how to use
  • cronet: add grpc-cronet artifact publishing configurations (#6130). grpc-cronet is published as a standalone artifact in maven central.

Documentation

  • doc: explicitly mention that Deadline might saturate (#6085)

Acknowledgements

v1.23.0

This release resolves the DoS vulnerability CVE-2019-9515 (SETTINGS flood). Users using the grpc-netty server with untrusted clients should upgrade.

Dependencies

  • Bump netty to 4.1.38
  • Bump PerfMark to 0.17.0
  • Bump protobuf to 3.9.0

Bug Fixes

  • netty: Limit number of frames a client can cause the server to enqueue (#6056). Addresses CVE-2019-9515 (Settings flood). While grpc-java was not vulnerable to CVE-2019-9512 (Ping flood) nor CVE-2019-9514 (Reset flood), the fix provides protections against these attacks as well
  • alts: Fix server hang (#5900)
  • context: Fix race between CancellableContext and Context (#5981)
  • stub: Avoid race in onHalfClose server StreamObserver (#5991)
  • core: Avoid using partially-closed resources that threw during close in SharedResourceHolder (#6048). This avoids a permanent hang when using google-cloud-java. See googleapis/google-cloud-java#5810 and googleapis/google-cloud-java#5801

API Changes

... (truncated)
Commits
  • 2f0c3e7 Bump version to 1.24.1
  • d832c95 Update README etc to reference 1.24.1
  • e665962 okhttp: fix header scheme does not match transport type.
  • 9e5a08c bom: specify pom type for protoc-gen-grpc-java
  • 8d8d205 bom: format(tab->space) build.gradle
  • 52c449d Revert "buildscripts: android.sh to clean the build when building HEAD^"
  • b13d31c repositories.bzl: Fix typo in maven_install override_targets
  • 0612d84 Bump version to 1.24.1-SNAPSHOT
  • 93f0733 Bump version to 1.24.0
  • 4d79cdf Update README etc to reference 1.24.0
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Automerge options (never/patch/minor, and dev/runtime dependencies)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

@dependabot-preview
Bump grpc.version from 1.18.0 to 1.24.1
de2530e 
Bumps `grpc.version` from 1.18.0 to 1.24.1.

Updates `grpc-netty` from 1.18.0 to 1.24.1
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](grpc/grpc-java@v1.18.0...v1.24.1)

Updates `grpc-protobuf` from 1.18.0 to 1.24.1
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](grpc/grpc-java@v1.18.0...v1.24.1)

Updates `grpc-stub` from 1.18.0 to 1.24.1
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](grpc/grpc-java@v1.18.0...v1.24.1)

Updates `grpc-core` from 1.18.0 to 1.24.1
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](grpc/grpc-java@v1.18.0...v1.24.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
@dependabot-preview dependabot-preview bot requested a review from sgammon as a code owner October 24, 2019 09:12
@dependabot-preview dependabot-preview bot mentioned this pull request Oct 24, 2019
Closed
@dependabot-preview
Copy link
Contributor Author

dependabot-preview bot commented Nov 6, 2019

Superseded by #128.

@dependabot-preview dependabot-preview bot deleted the dependabot/maven/grpc.version-1.24.1 branch November 6, 2019 09:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sgammon sgammon Awaiting requested review from sgammon sgammon is a code owner

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant