-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency grpcio to v1.53.0 [security] #201
Open
renovate
wants to merge
1
commit into
main
Choose a base branch
from
renovate/pypi-grpcio-vulnerability
base: main
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 6, 2023 10:40
0c33e3e
to
6b831f8
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.56.0 [security]
Jul 6, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 6, 2023 15:09
6b831f8
to
2cd43f3
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.56.0 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Jul 6, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 9, 2023 09:49
2cd43f3
to
da59b94
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.56.0 [security]
Jul 9, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 9, 2023 12:12
da59b94
to
8815682
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.56.0 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Jul 9, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 16, 2023 15:54
8815682
to
eb6d6c2
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.56.0 [security]
Jul 16, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 16, 2023 19:45
eb6d6c2
to
b2e0470
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.56.0 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Jul 16, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 19, 2023 11:45
b2e0470
to
ad40549
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.56.0 [security]
Jul 19, 2023
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.56.0 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Jul 19, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 19, 2023 13:23
ad40549
to
207be09
Compare
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 27, 2023 16:37
207be09
to
df77b9f
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.56.2 [security]
Jul 27, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 27, 2023 20:14
df77b9f
to
703bfd2
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.56.2 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Jul 27, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
August 1, 2023 20:49
703bfd2
to
80b853a
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.56.2 [security]
Aug 1, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
August 1, 2023 22:42
80b853a
to
4580de4
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.56.2 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Aug 1, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
August 9, 2023 15:46
4580de4
to
a1ede03
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.56.2 [security]
Aug 9, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
August 9, 2023 18:30
a1ede03
to
f086978
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.56.2 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Aug 9, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
August 22, 2023 16:00
f086978
to
301b242
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.62.1 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Mar 20, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
March 24, 2024 15:10
66eb89e
to
cd9078f
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.62.1 [security]
Mar 24, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
March 24, 2024 19:29
cd9078f
to
dfb8261
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.62.1 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Mar 24, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
April 14, 2024 11:37
dfb8261
to
1b400a6
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.62.1 [security]
Apr 14, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
April 14, 2024 13:43
1b400a6
to
184e67f
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.62.1 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Apr 14, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
April 21, 2024 08:27
184e67f
to
051bdd7
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.62.2 [security]
Apr 21, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
April 21, 2024 11:14
051bdd7
to
7e4cf3e
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.62.2 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Apr 21, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
April 25, 2024 10:33
7e4cf3e
to
4770a38
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.62.2 [security]
Apr 25, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
April 25, 2024 12:53
4770a38
to
a3eb56f
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.62.2 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Apr 25, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
May 1, 2024 10:01
a3eb56f
to
d91d7e7
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.63.0 [security]
May 1, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
May 1, 2024 12:31
d91d7e7
to
568cefd
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.63.0 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
May 1, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
May 9, 2024 11:01
568cefd
to
50a3980
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.63.0 [security]
May 9, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
May 9, 2024 12:15
50a3980
to
dd41a5a
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.63.0 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
May 9, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
May 15, 2024 17:46
dd41a5a
to
766ab8c
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.63.0 [security]
May 15, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
May 15, 2024 23:29
766ab8c
to
99be2d3
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.63.0 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
May 15, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==1.33.2
->==1.53.0
GitHub Vulnerability Alerts
CVE-2023-32731
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/32309
CVE-2023-1428
There exists an vulnerability causing an abort() to be called in gRPC.
The following headers cause gRPC's C++ implementation to abort() when called via http2:
te: x (x != trailers)
:scheme: x (x != http, https)
grpclb_client_stats: x (x == anything)
On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.
CVE-2023-32732
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for
-bin
suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309.Release Notes
grpc/grpc (grpcio)
v1.53.0
Compare Source
This is release 1.53.0 (glockenspiel) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
C#
Python
Ruby
v1.52.0
Compare Source
This is release 1.52.0 (gribkoff) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
C#
Python
UnaryStreamCall
andStreamStreamCall
fromAsyncIterable
toAsyncIterator
. (#31906)Ruby
v1.51.3
Compare Source
This is release gRPC Core 1.51.3 (galaxy).
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release is a Python-only patch to release universal2 Mac OS artifacts compatible with both x86 and arm64.
Python
v1.51.1
Compare Source
This is release gRPC Core 1.51.1 (galaxy).
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes.
Python
v1.51.0
Compare Source
This is release gRPC Core 1.51.0 (galaxy).
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes.
Core
2022110
. (#31585)C++
C#
PHP
Python
v1.50.0
Compare Source
This is release gRPC Core 1.50.0 (galley).
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
gpr_codegen
. (#30899)C++
C#
Python
Ruby
v1.49.1
Compare Source
This is release 1.49.1 (gamma) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
All
Ruby
v1.49.0
Compare Source
This is release 1.49.0 (gamma) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
Python
Ruby
v1.48.2
Compare Source
This is release 1.48.2 (garum) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
All
v1.48.1
Compare Source
This is release 1.48.1 (garum) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
v1.48.0
Compare Source
This is release 1.48.0 (garum) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
2022062
.0 . (#30155)Python
Ruby
Objective-C
First developer preview of XCFramework binary distribution via Cocoapod (#28749).
This brings in significant speed up to local compile time and includes support for Apple Silicon build.
v1.47.5
Compare Source
This is release 1.47.5 (gridman) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release is a Python-only patch to release universal2 Mac OS artifacts compatible with both x86 and arm64.
Python
v1.47.2
Compare Source
This is release 1.47.2 (gridman) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
All
v1.47.0
Compare Source
This is release 1.47.0 (gridman) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Announcement
gRPC C++ 1.47.0 is the first release requiring C++14 (proposal). For those who cannot upgrade to C++14 right now, you can use gRPC C++ 1.46.x in the meantime and gRPC C++ 1.46.x will be maintained by having fixes for critical bugs (P0) and security fixes until 2023-06-01.
Core
C++
C#
Python
Ruby
Other
v1.46.5
Compare Source
This is release 1.46.5 (golazo) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
All
Core
C#
v1.46.3
Compare Source
This is release gRPC Core 1.46.3 (golazo).
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes.
Core
v1.46.1
Compare Source
This is release gRPC Core 1.46.1 (golazo).
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes.
v1.46.0
Compare Source
This is release 1.46.0 (golazo) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Announcement
gRPC C++ 1.46 will be the last release supporting C++11, future releases will require C++ >= 14. We plan to backport critical (P0) bugs and security fixes to this release for a year, that is, until 2023-06-01. This change won't bump the major version of gRPC since this doesn't introduce API changes. Hence, the next version requiring C++14 will be 1.47 (context).
Core
content-length
metadata from the application. (#29295)C++
C#
Python
Ruby
v1.45.0
Compare Source
This is release 1.45.0 (gravity) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
C#
Objective-C
Python
Other
v1.44.0
Compare Source
This is release 1.44.0 (great) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
C#
Python
Ruby
v1.43.0
Compare Source
This is release 1.43.0 (green) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
C#
Objective-C
Python
v1.42.0
Compare Source
This is release 1.42.0 (granola) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
2021032
, Patch 2. (#27811)C++
C#
Objective-C
Python
Ruby
v1.41.1
Compare Source
This is release 1.41.0 (goat) of gRPC Core.
For gRPC documentation, see grpc.io.
v1.41.0
Compare Source
This is release 1.41.0 (goat) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
C#
Objective-C
Python
v1.40.0
Compare Source
This is release 1.40.0 (guileless) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
Python
v1.39.0
Compare Source
This is release 1.39.0 (goofy) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
C#
PHP
Python
Ruby
v1.38.1
Compare Source
This is release 1.38.1 (guadalupe_river_park_conservancy) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
C#
Python
v1.38.0
Compare Source
This is release 1.38.0 (guadalupe_river_park_conservancy) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
C#
Python
Ruby
v1.37.1
Compare Source
This is release 1.37.1 (gilded) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
Python
v1.37.0
Compare Source
This is release 1.37.0 (gilded) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.