Update dependency grpcio to v1.53.2 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
grpcio (source)	==1.30.0 -> ==1.53.2

GitHub Vulnerability Alerts

CVE-2023-32731

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in  https://github.com/grpc/grpc/pull/32309

CVE-2023-1428

There exists an vulnerability causing an abort() to be called in gRPC. 
The following headers cause gRPC's C++ implementation to abort() when called via http2:

te: x (x != trailers)

:scheme: x (x != http, https)

grpclb_client_stats: x (x == anything)

On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.

CVE-2023-32732

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309.

CVE-2023-33953

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:

• Unbounded memory buffering in the HPACK parser
• Unbounded CPU consumption in the HPACK parser

The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.

The unbounded memory buffering bugs:

• The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
• HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.
• gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…

---

Release Notes

grpc/grpc (grpcio)

v1.53.2

Compare Source

This is release gRPC Core 1.53.2 (glockenspiel).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

Core

• [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion by @​drfloob in https://github.com/grpc/grpc/pull/33672

v1.53.1

Compare Source

This is release gRPC Core 1.53.1 (glockenspiel).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

• Fixed CVE-2023-32731
• Fixed CVE-2023-32732

v1.53.0

Compare Source

This is release 1.53.0 (glockenspiel) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• xDS: fix crash when removing the last endpoint from the last locality in weighted_target. (#​32592)
• filter stack: pass peer name up via recv_initial_metadata batch. (#​31933)
• [EventEngine] Add advice against blocking work in callbacks. (#​32397)
• [http2] Dont drop connections on metadata limit exceeded. (#​32309)
• xDS: reject aggregate cluster with empty cluster list. (#​32238)
• Fix Python epoll1 Fork Support. (#​32196)
• server: introduce ServerMetricRecorder API and move per-call reporting from a C++ interceptor to a C-core filter. (#​32106)
• [EventEngine] Add invalid handle types to the public API. (#​32202)
• [EventEngine] Refactoring the EventEngine Test Suite: Part 1. (#​32127)
• xDS: fix WeightedClusters total weight handling. (#​32134)

C++

• Update minimum MSVC version to 2019. (#​32615)
• Use CMake variables for paths in pkg-config files. (#​31671)

C#

• Grpc.Tools: Use x86 protoc binaries on arm64 Windows. (#​32017)

Python

• Support python 3.11 on aarch64. (#​32270)
• Include .pyi file. (#​32268)
• De-experimentalize wait-for-ready. (#​32143)
• De-experimentalize compression. (#​32138)

Ruby

• [ruby]: add pre-compiled binaries for ruby 3.2; drop them for ruby 2.6. (#​32089)

v1.52.0

Compare Source

This is release 1.52.0 (gribkoff) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• [༺ EventEngine ༻] Specify requirements for Run* immediate execution. (#​32028)
• Tracing: Add annotations for when call is removed from resolver result queue and lb pick queue. (#​31913)
• ring_hash LB: cap ring size to 4096 with channel arg to override. (#​31692)

C++

• Cmake add separate export for plugin targets. (#​31525)

C#

• Add internal documentation for Grpc.Tools MSBuild integration. (#​31784)

Python

• Change Aio abort() function return type to NoReturn. (#​31984)
• Change the annotated return type of UnaryStreamCall and StreamStreamCall from AsyncIterable to AsyncIterator. (#​31906)
• Build native MacOS arm64 artifacts (universal2). (#​31747)
• Respect CC variable in grpcio python build. (#​26480)
• Revert "Build with System OpenSSL on Mac OS arm64 (#​31096)". (#​31741)

Ruby

• Backport "[ruby]: add pre-compiled binaries for ruby 3.2; drop them for ruby 2.6 #​32089" to v1.52.x. (#​32157)
• remove some default allocators. (#​30434)
• Fix Ruby build errors in 3.2.0 on Apple M1. (#​31997)
• [Ruby] build: make exported symbol files platform-specific. (#​31970)

v1.51.3

Compare Source

This is release gRPC Core 1.51.3 (galaxy).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release is a Python-only patch to release universal2 Mac OS artifacts compatible with both x86 and arm64.

Python

• Backport of #​31747 to v1.51.x (Build native MacOS arm64 artifacts (universal2)) (#​32424)

v1.51.1

Compare Source

This is release gRPC Core 1.51.1 (galaxy).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

Python

• Revert "Build with System OpenSSL on Mac OS arm64 (#​31096)". (#​31739)

v1.51.0

Compare Source

This is release gRPC Core 1.51.0 (galaxy).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

Core

• Bump core version 2022110. (#​31585)
• c-ares DNS resolver: fix logical race between resolution timeout/cancellation and fd readability. (#​31443)
• [log] Longer space for filenames. (#​31432)
• c-ares DNS resolver: remove unnecessary code in SRV callback. (#​31426)
• Correct the domain-socket client address read out from the ServerContext. (#​31108)
• outlier detection: remove env var protection. (#​31251)
• EventEngineFactoryReset - remove custom factory and reset default engine. (#​30554)
• [tls] Remove support for pthread tls. (#​31040)

C++

• Added version macros to gRPC C++. (#​31033)
• OpenCensus: Move measures, views and CensusContext to include file. (#​31341)
• GcpObservability: Add experimental public target. (#​31339)

C#

• Fix msbuild failing when '@​' is present in path (2nd attempt). (#​31527)
• Revert "Fix msbuild failing when '@​' is present in path". (#​31464)
• Fix msbuild failing when '@​' is present in path. (#​31133)

PHP

• fixing php 8.2 deprecations. (#​30997)

Python

• Fix lack of cooldown between poll attempts. (#​31550)
• Build with System OpenSSL on Mac OS arm64. (#​31096)
• Remove enum and future. (#​31381)
• [Remove Six] Remove dependency on six. (#​31340)
• Update xds-protos package to pull in protobuf 4.X. (#​31113)

v1.50.0

Compare Source

This is release gRPC Core 1.50.0 (galley).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• Derive EventEngine from std::enable_shared_from_this. (#​31060)
• Revert "Revert "[chttp2] fix stream leak with queued flow control update and absence of writes (#​30907)" (#​30991)". (#​30992)
• [chttp2] fix stream leak with queued flow control update and absence of writes. (#​30907)
• Remove gpr_codegen. (#​30899)
• client_channel: allow LB policy to communicate update errors to resolver. (#​30809)
• FaultInjection: Fix random number generation. (#​30623)

C++

• OpenCensus Plugin: Add measure and views for started RPCs. (#​31034)

C#

• Grpc.Tools: Parse warnings from libprotobuf (fix #​27502). (#​30371)
• Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #​27099). (#​30411)
• Grpc.Tools document AdditionalImportDirs. (#​30405)
• Fix OutputOptions and GrpcOutputOptions (issue #​25950). (#​30410)

Python

• Support Python 3.11. (#​30818)

Ruby

• Fix ruby windows ucrt build. (#​31051)
• Drop support for ruby 2.5. (#​30699)

v1.49.1

Compare Source

This is release 1.49.1 (gamma) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

All

• Update protobuf to v21.6 on 1.49.x. (#​31028)

Ruby

• Backport "Fix ruby windows ucrt build #​31051" to 1.49.x. (#​31053)

v1.49.0

Compare Source

This is release 1.49.0 (gamma) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• Backport: "stabilize the C2P resolver URI scheme" to v1.49.x. (#​30654)
• Bump core version. (#​30588)
• Update OpenCensus to HEAD. (#​30567)
• Update protobuf submodule to 3.21.5. (#​30548)
• Update third_party/protobuf to 3.21.4. (#​30377)
• [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#​30443)
• HTTP2: Fix keepalive time throttling. (#​30164)
• Use AnyInvocable in EventEngine APIs. (#​30220)

Python

• Support Python 3.11 (#​30818). (#​30944)
• Add type stub generation support to grpcio-tools. (#​30498)

Ruby

• Backport "Drop support for ruby 2.5 (#​30699)" to v1.49.x. (#​30762)

v1.48.2

Compare Source

This is release 1.48.2 (garum) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

All

• Update protobuf to v3.19.5 on v1.48.x. (#​31029)

v1.48.1

Compare Source

This is release 1.48.1 (garum) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• Backport EventEngine Forkables. (#​30605)

v1.48.0

Compare Source

This is release 1.48.0 (garum) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• Upgrade Abseil to LTS 2022062.0 . (#​30155)
• Call: Send cancel op down the stack even when no ops are sent. (#​30004)
• FreeBSD system roots implementation. (#​29436)
• xDS: Workaround to get gRPC clients working with istio. (#​29841)

Python

• Set Correct Platform Tag in Wheels on Mac OS with Python 3.10. (#​29857)
• [Aio] Ensure Core channel closes when deallocated. (#​29797)
• [Aio] Fix the wait_for_termination return value. (#​29795)

Ruby

• Make the gem build on TruffleRuby. (#​27660)
• Support for prebuilt Ruby binary on x64-mingw-ucrt platform. (#​29684)
• [Ruby] Add ruby_abi_version to exported symbols. (#​28976)

Objective-C

First developer preview of XCFramework binary distribution via Cocoapod (#​28749).

This brings in significant speed up to local compile time and includes support for Apple Silicon build.

• The following binary pods are made available for ObjC V1 & V2 API
  • gRPC-XCFramework (source pod gRPC)
  • gRPC-ProtoRPC-XCFramework (source pod gRPC-ProtoRPC)
• The following platforms and architectures are included
  • ios: armv7, arm64 for device. arm64, i386, x86_64 for simulator
  • macos: x86_64 (Intel), arm64 (Apple Silicon)

v1.47.5

Compare Source

This is release 1.47.5 (gridman) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release is a Python-only patch to release universal2 Mac OS artifacts compatible with both x86 and arm64.

Python

• Backport of #​31747 to v1.47.x (Build native MacOS arm64 artifacts (universal2)) (#​32446)

v1.47.2

Compare Source

This is release 1.47.2 (gridman) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

All

• Update protobuf to v3.19.5 on v1.47.x. (#​31031)

v1.47.0

Compare Source

This is release 1.47.0 (gridman) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Announcement

gRPC C++ 1.47.0 is the first release requiring C++14 (proposal). For those who cannot upgrade to C++14 right now, you can use gRPC C++ 1.46.x in the meantime and gRPC C++ 1.46.x will be maintained by having fixes for critical bugs (P0) and security fixes until 2023-06-01.

Core

• xDS: Workaround to get gRPC clients working with istio (#​29841). (#​29850)
• Bump core version to 25.0.0 for upcoming release. (#​29775)
• Initial support for Haiku. (#​27793)
• Add NetBSD support (Community-supported). (#​29542)
• server: per-rpc backend metric reporting. (#​29621)
• Remove C# implementation (individual packages will continue to be maintained through v2.46.x patches or moved to grpc-dotnet). (#​29225)

C++

• Expose NoOpCertificateVerifier to C++. (#​29322)
• RouteGuide example: Abort if database file not found. (#​29398)

C#

• C#: Suppress CS8981 in generated source. (#​29708)

Python

• Set Correct Platform Tag in Wheels on Mac OS with Python 3.10 (#​29857). (#​30026)
• Removed manylinux2010 python artifacts. (#​29734)
• Allow grpcio to be built against system abseil-cpp. (#​27550)
• [Python] Add an UDS example. (#​29592)

Ruby

• Backport "Support for prebuilt Ruby binary on x64-mingw-ucrt platform (#​29684)" to 1.47.x. (#​29868)
• Upgrade ruby rake-compiler-dock images (and stop building ruby gem artifacts on mac, in favor of rake-compile-dock darwin builds). (#​29304)

Other

• Downgrade io_bazel_rules_go to v0.27.0 restore Bazel 3.x support. (#​29596)

v1.46.5

Compare Source

This is release 1.46.5 (golazo) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

All

• Update protobuf to v3.19.5 on v1.46.x. (#​31032)

Core

• Backport to 1.46.x: priority and ring_hash LBs: fix interactions when using ring_hash under priority (#​29332). (#​30253)
• Backport to v1.46.x: ring hash: fix picker propagation bug in xds_cluster_manager policy (#​29959). (#​30254)

C#

• Fix client resource leaks-issues 8451 and 28153. (#​30290)

v1.46.3

Compare Source

This is release gRPC Core 1.46.3 (golazo).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

Core

• backport: xds: use federation env var to guard new-style resource name parsing (#​29725) #​29727

v1.46.1

Compare Source

This is release gRPC Core 1.46.1 (golazo).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

v1.46.0

Compare Source

This is release 1.46.0 (golazo) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Announcement

gRPC C++ 1.46 will be the last release supporting C++11, future releases will require C++ >= 14. We plan to backport critical (P0) bugs and security fixes to this release for a year, that is, until 2023-06-01. This change won't bump the major version of gRPC since this doesn't introduce API changes. Hence, the next version requiring C++14 will be 1.47 (context).

Core

• Ignore Connection Aborted errors on accept. (#​29318)
• Filter content-length metadata from the application. (#​29295)
• RetryFilter: Cleanup pending byte stream. (#​29245)
• HTTP Proxy: Ignore empty entry in no_proxy list. (#​29217)
• Adding http/1.1 support in httpcli. (#​29238)
• HTTP2: Initiate write for acknowledging SETTINGS frame. (#​29218)
• Change the unsupported polling strategy log for forking to GPR_INFO. (#​29232)
• Handle SSL_ERROR_WANT_WRITE error. (#​29176)
• TCP Async Connect: Fix Heap use-after-free. (#​29209)
• HTTP2: Add graceful goaway. (#​29050)
• Remove epollex poller. (#​29160)
• TlsCredentials: Comparator implementation. (#​28940)
• Decrease verbosity of alts handshaker logs which can happen during cancellation. (#​29058)
• HTTP2: Should not run cancelling logic on servers when receiving GOAWAY. (#​29067)
• HTTP2: Don't throttle pings from the server. (#​29053)
• Include ADS stream error in XDS error updates. (#​29014)
• Remove idempotent/cacheable requests. (#​28922)

C++

• Add bazel cpp distribtest for grpc_cc_library. (#​29175)

C#

• Add support for grpc-dotnet in GKE benchmarks. (#​28975)
• Sync unary call after shutdown: Add a repro and fix for #​19090 . (#​23003)
• Remove C# Legacy (a.k.a. "Classic") csproj example. (#​29102)

Python

• Add Python GCF Distribtest. (#​29303)
• Add Python Reflection Client. (#​29085)
• Revert "Fix prefork handler register's default behavior". (#​29229)
• Fix prefork handler register's default behavior. (#​29103)
• Fix fetching CXX variable in setup.py. (#​28873)

Ruby

• Support pre-built binaries for Ruby 3.1. (#​29000)
• Make sure to always receive initial metadata in ruby. (#​29155)

v1.45.0

Compare Source

This is release 1.45.0 (gravity) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• Backport "Include ADS stream error in XDS error updates (#​29014)" to 1.45.x. (#​29121)
• Bump core version to 23.0.0 for upcoming release. (#​29026)
• Fix memory leak in HTTP request security handshake cancellation. (#​28971)
• CompositeChannelCredentials: Comparator implementation. (#​28902)
• Delete custom iomgr. (#​28816)
• Implement transparent retries. (#​28548)
• Uniquify channel args keys. (#​28799)
• Set trailing_metadata_available for recv_initial_metadata ops when generating a fake status. (#​28827)
• Eliminate gRPC insecure build. (#​25586)
• Fix for a racy WorkSerializer shutdown. (#​28769)
• InsecureCredentials: singleton object. (#​28777)
• Add http cancel api. (#​28354)
• Memory leak fix on windows in grpc_tcp_create(). (#​27457)
• xDS: Rbac filter updates. (#​28568)

C++

• Bump the minimum gcc to 5. (#​28786)
• Add experimental API for CRL checking support to gRPC C++ TlsCredentials. (#​28407)

C#

• [C#] Add cancellation token overloads to streaming interfaces. (#​27886)
• [C#] Grpc.Core.Api nullable fixes. (#​28616)

Objective-C

• Patch GRPCCallOptions to use nonatomic properties. (#​28972)

Python

• Reimplement Gevent Integration. (#​28276)
• Support musllinux binary wheels on x64 and x86. (#​28092)
• Increase the Python protobuf requirement to >=3.12.0. (#​28604)

Other

• Upgrade googletest. (#​27287)

v1.44.0

Compare Source

This is release 1.44.0 (great) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• xDS: Rbac filter updates (#​28568). (#​28608)
• Fix xDS client for multiple watchers. (#​28521)
• bump C-core version for upcoming release. (#​28527)
• Add a trace to list which filters are contained in a channel stack. (#​28530)
• Remove grpc_httpcli_context. (#​27867)
• xDS: Add support for RBAC HTTP filter. (#​28309)
• API to cancel grpc_resolve_address. (#​27883)
• Replace work serializer with a mutex in c-ares resolver. (#​27858)
• xDS: Add graceful shutdown for old connections on listener resource update. (#​28154)

C++

• Promote ClientContext::set_wait_for_ready to be non-experimental. (#​28247)

C#

• Only apply "singleplatform" nuget suffix when actually needed. (#​28677)
• [C#] Add ConfigureAwait to AsyncUnaryCall and AsyncClientStreamingCall. (#​28235)

Python

• Add python async example for hellostreamingworld using generator. (#​27343)
• Disable __wrap_memcpy hack for Python builds. (#​28410)
• Bump Bazel Python Cython dependency to 0.29.26. (#​28398)
• Fix libatomic linking on Raspberry Pi OS Bullseye. (#​28041)
• Allow generated proto sources in remote repositories for py_proto_library. (#​28103)

Ruby

• Remove ruby 2.4 support. (#​28522)
• Add an env var to override make parallelism in ruby build. (#​28250)

v1.43.0

Compare Source

This is release 1.43.0 (green) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• Remove redundant work serializer usage in c-ares windows code. (#​28016)
• Support RDS updates on the server. (#​27851)
• Use WorkSerializer in XdsClient to propagate updates in a synchronized manner. (#​27975)
• Support Custom Post-handshake Verification in TlsCredentials. (#​25631)
• Reintroduce the EventEngine default factory. (#​27920)
• Assert Android API >= v21. (#​27943)
• Add support for abstract unix domain sockets. (#​27906)

C++

• OpenCensus: Move metadata storage to arena. (#​27948)

C#

• [C#] Add nullable type attributes to Grpc.Core.Api. (#​27887)

Objective-C

• Revert "Revert "[objc] GRPCMetadataDictionary convenient typedef"". (#​27882)

Python

• [Aio] Validate the input type for set_trailing_metadata and abort. (#​27958)

v1.42.0

Compare Source

This is release 1.42.0 (granola) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• Update RDS parsing for use on servers. (#​27715)
• Upgrade Abseil to LTS 2021032, Patch 2. (#​27811)
• Upgrade bazel to 4.2.1 (LTS), upgrade bazel toolchain to 4.1.0. (#​27410)
• Remove old backwards compatibility cronet compression workaround code. (#​27701)
• EventEngine Test Suite: Timers. (#​27496)
• EventEngine::Closure. (#​27395)
• OpenCensusCallTracer: Move context generation to StartTransportStreamOpBatch. (#​27523)
• Fix client idle filter. (#​27611)
• allow connectivity state watching to work on lame channels. (#​27747)
• grpclb: implement subchannel caching. (#​27657)
• xds: change CSDS to populate new generic_xds_configs field. (#​27794)

C++

• Describe support-levels for undocumented supported platforms. (#​27363)

C#

• Fix link error when building app with Xamarin.iOS. (#​27345)
• C#: metadata.Get and GetAll should accept uppercase keys. (#​27383)
• Fix use-after-free metadata corruption in C# when receiving response headers for streaming response calls. (#​27382)

Objective-C

• [objc] GRPCErrorCode enum base type to int32_t. (#​27908)
• [objc] Adding lightweight generic to GPRCCallOptions's initialMetadata prop . (#​27905)
• [objc] GRPCMetadataDictionary convenient typedef. (#​27845)
• [objc] Switch to proto forward declare for gRPC codegen plugin. (#​27444)

Python

• Add Aspects to Bazel py_proto_library and py_grpc_library Rules. (#​27275)
• [Aio] Add add_done_callback/done/cancelled methods to ServicerContext. (#​27767)
• [Aio] Correct the typing of input metadata. (#​27768)
• Address leak when using request stream interceptors (#​25449). (#​27571)
• Catch ExecuteBatchError in _consume_request_iterator. (#​27240)
• [Aio] Resolve deprecated warnings from asyncio. (#​27635)
• Create Bazel gevent test harness. (#​27507)
• Add python_requires >=3.6 to grpcio-* packages. (#​27495)
• fix: use == instead of is when comparing with a certain types of literals. (#​26519)
• python: fix type annotation for the _metadata field. (#​27251)

Ruby

• ruby: add arm64 darwin support. (#​25992)
• ruby: build native Darwin gems using rake-compiler-dock. (#​25794)

v1.41.1

Compare Source

This is release 1.41.0 (goat) of gRPC Core.

For gRPC documentation, see grpc.io.

v1.41.0

Compare Source

This is release 1.41.0 (goat) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• De-experimentalize XdsCredentials and XdsServerCredentials API. (#​26544)
• xDS: Remove environmental variable guard for security. (#​27290)
• xDS Security: Use new way to fetch certificate provider plugin instance config. (#​27264)
• xDS server serving status: Use a struct to allow more fields to be added in the future. (#​27242)
• Annotate impl/codegen with IWYU pragmas. (#​27252)
• Update submodule envoy-api to origin/main. (#​27256)
• Upgrade third_party/protobuf to v3.17.3. (#​27227)
• update submodule boringssl-with-bazel with origin/master-with-bazel. (#​27208)
• Delete libuv-iomgr implementation and GRPC_UV build option. (#​27188)
• Allow access to Google API regional endpoints via Google Default Credentials. (#​27155)
• Remove GPR_*_TLS macros except PTHREAD. (#​26974)
• Limit initial window size increases and per-stream window delta. (#​26342)

C++

• Bump version to v1.41.0-pre1. (#​27371)
• De-experimentalize XdsServerBuilder. (#​27296)
• C++ opencensus filter: Fix point of creating context for overall call. (#​27221)
• Flag grpc++_test library testonly. (#​27214)
• Add note on officially supported platforms. (#​22344)
• Open census call attempt span name and attribute changes (#​26889). (#​26902)
• Open census call attempt span name and attribute changes. (#​26889)

C#

• Backport #​27382 to v1.41.x. (#​27398)
• [csharp] Fix error loading library grpc_csharp_ext.*.dll on windows with non-ASCII encoding. (#​26762)
• Annotate copied Content native lib items with package id to enable customization. (#​26725)

Objective-C

• Objective-C: Fix issue with creating a Unix file socket. (#​26931)

Python

• Use manylinux_2_17 instead of manylinux_2_24 tag for manylinux2014 aarch64 wheels. (#​27280)
• Add Python 3.10 drop 3.5. (#​26074)
• [Aio] Remove custom IO manager support. (#​27090)

v1.40.0

Compare Source

This is release 1.40.0 (guileless) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• Update Envoy API to the latest version (2021-07-30). (#​26848)
• Enable retries by default. (#​26766)
• Add opentelemetry as a submodule for latest xDS API. (#​26850)
• Pointing the protobuf submodule to the new URL. (#​26811)
• Remove BUILD.gn. (#​26822)
• Prevent race causing early-destruction of grpc_winsocket object when creating a TCP connection. (#​26642)
• TLS Security Connector: Add an always-fail-handshaker when certificates are not ready. (#​26561)
• Enable layering checks in the Bazel build. (#​26591)
• Support user provided "scope" in JWT and GDC. (#​26577)

C++

• C++ opencensus filter: Fix point of creating context for overall call. (#​27238)
• Open census call attempt span name and attribute changes (#​26889). (#​26957)
• Open census filter: Use new internal stats API and record retry stats. (#​26739)
• Add OpenCensus measures and views for retries. (#​26751)

Python

• Add retry example for gRPC Python. (#​26829)
• Remove Python 2.7 binary wheel generations. (#​26691)
• [Aio][fix] catch application exception in request iterators. (#​26706)

v1.39.0

Compare Source

This is release 1.39.0 (goofy) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• Initialize tcp_posix for CFStream when needed. (#​26530)
• Update boringssl submodule. (#​26520)
• Fix backup poller races. (#​26446)
• I am back. (#​26464)
• Use default port 443 in HTTP CONNECT request. (#​26331)

C++

• New iomgr implementation backed by the EventEngine API. (#​26026)
• async_unary_call: add a Destroy method, called by std::default_delete. (#​26389)
• De-experimentalize C++ callback API. (#​25728)

C#

• [C#] Add ChannelCredentials.SecureSsl property for better codecompletion with ChannelCredentials. (#​26472)
• Better way of building protoc aarch64 artifacts. (#​26416)
• Add C# plugin "file_suffix" option defaulting to "Grpc.cs". (#​26162)
• Add "GeneratedCode" attribute to generated service stubs. (#​26164)

PHP

• PHP: stop reading composer.json file just to read the version string. (#​26156)

Python

• Python AIO: Match continuation typing on Interceptors. (#​26500)
• Workaround #​26279 by publishing manylinux_2_24 wheels instead of manylinux2014 on aarch64. (#​26430)
• Fix zlib unistd.h import problem. (#​26374)
• Handle gevent exception in gevent poller. (#​26058)

Ruby

• Set XDS user agent in ruby via macros. (#​26268)

v1.38.1

Compare Source

This is release 1.38.1 (guadalupe_river_park_conservancy) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

C#

• Backport #​26416 into v1.38.x. (#​26423)

Python

• Backport #​26430 and #​26435 to v1.38.x. (#​26436)

v1.38.0

Compare Source

This is release 1.38.0 (guadalupe_river_park_conservancy) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• Invalidate ExecCtx now before computing timeouts in all repeating timer events using a WorkSerializer or combiner. (#​26086)
• Revert #​16288. (#​25827)
• Fix use-after-unref bug in fault_injection_filter. (#​25903)
• Fix #​25897 to avoid crashes when certificates are not yet updated. (#​25899)
• gRPC EventEngine Interface. (#​25795)
• Allow the AWS_DEFAULT_REGION environment variable. (#​25760)

C++

• s/OnServingStatusChange/OnServingStatusUpdate. (#​26010)
• cmake: only install channelz if gRPC_USE_PROTO_LITE is off. (#​25772)

C#

• Grpc.Tools: Use x64 protoc on macOS arm64. (#​26080)
• Provide runtime/framework info in gRPC C# user agent string. (#​25889)

Python

• Add grpcio-admin Python package. (#​26166)
• Add CSDS API to Python. (#​26114)
• Expose code and details from context on the server side. (#​25457)
• Explicitly import importlib.abc; required on Python 3.10. Fixes #​26062. (#​26083)
• Fix potential deadlock on the GIL in AuthMetdataPlugin. (#​26009)
• Introduce new Python package "xds_protos". (#​25975)
• also build python3.6 aarch64 manylinux2014 wheel. (#​25928)
• Remove async mark for set_trailing_metadata interface. (#​25814)

Ruby

• ruby: use x86_64 binary on M1 macs. (#​25756)
• Add ruby 3.0 support for mac binary packages. (#​25429)

v1.37.1

Compare Source

This is release 1.37.1 ([gilded](https://togithub.com/grpc/grpc/blob/mas

---

Configuration

📅 Schedule: Branch creation - "" in timezone Pacific/Auckland, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.