-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency grpcio to v1.53.2 [security] #201
Open
renovate
wants to merge
1
commit into
main
Choose a base branch
from
renovate/pypi-grpcio-vulnerability
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 6, 2023 10:40
0c33e3e
to
6b831f8
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.56.0 [security]
Jul 6, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 6, 2023 15:09
6b831f8
to
2cd43f3
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.56.0 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Jul 6, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 9, 2023 09:49
2cd43f3
to
da59b94
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.56.0 [security]
Jul 9, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 9, 2023 12:12
da59b94
to
8815682
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.56.0 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Jul 9, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 16, 2023 15:54
8815682
to
eb6d6c2
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.56.0 [security]
Jul 16, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 16, 2023 19:45
eb6d6c2
to
b2e0470
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.56.0 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Jul 16, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 19, 2023 11:45
b2e0470
to
ad40549
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.56.0 [security]
Jul 19, 2023
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.56.0 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Jul 19, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 19, 2023 13:23
ad40549
to
207be09
Compare
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 27, 2023 16:37
207be09
to
df77b9f
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.56.2 [security]
Jul 27, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 27, 2023 20:14
df77b9f
to
703bfd2
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.56.2 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Jul 27, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
August 1, 2023 20:49
703bfd2
to
80b853a
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.56.2 [security]
Aug 1, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
August 1, 2023 22:42
80b853a
to
4580de4
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.56.2 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Aug 1, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
August 9, 2023 15:46
4580de4
to
a1ede03
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.56.2 [security]
Aug 9, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
August 9, 2023 18:30
a1ede03
to
f086978
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.56.2 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Aug 9, 2023
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
August 22, 2023 16:00
f086978
to
301b242
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.64.1 [security]
Jun 4, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
June 4, 2024 13:34
9042728
to
60a594f
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.64.1 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Jun 4, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
June 17, 2024 12:13
60a594f
to
7197d94
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.64.1 [security]
Jun 17, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
June 17, 2024 18:14
7197d94
to
a5786c5
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.64.1 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Jun 17, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
June 27, 2024 08:35
a5786c5
to
53a8260
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.64.1 [security]
Jun 27, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
June 27, 2024 10:47
53a8260
to
7e733a7
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.64.1 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Jun 27, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
June 28, 2024 20:26
7e733a7
to
f3754ce
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.64.1 [security]
Jun 28, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
June 28, 2024 22:15
f3754ce
to
15884a8
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.64.1 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Jun 28, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 14, 2024 08:33
15884a8
to
7b93c22
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.64.1 [security]
Jul 14, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 14, 2024 10:58
7b93c22
to
28c4d91
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.64.1 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Jul 14, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 21, 2024 13:25
28c4d91
to
64f67d6
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.65.1 [security]
Jul 21, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 21, 2024 15:46
64f67d6
to
20314b3
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.65.1 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Jul 21, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 28, 2024 17:46
20314b3
to
bf87481
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.65.1 [security]
Jul 28, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 28, 2024 19:10
bf87481
to
6adfee2
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.65.1 [security]
chore(deps): update dependency grpcio to v1.53.0 [security]
Jul 28, 2024
renovate
bot
force-pushed
the
renovate/pypi-grpcio-vulnerability
branch
from
July 30, 2024 12:17
6adfee2
to
480319f
Compare
renovate
bot
changed the title
chore(deps): update dependency grpcio to v1.53.0 [security]
chore(deps): update dependency grpcio to v1.53.2 [security]
Jul 30, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==1.33.2
->==1.53.2
GitHub Vulnerability Alerts
CVE-2023-32731
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/32309
CVE-2023-1428
There exists an vulnerability causing an abort() to be called in gRPC.
The following headers cause gRPC's C++ implementation to abort() when called via http2:
te: x (x != trailers)
:scheme: x (x != http, https)
grpclb_client_stats: x (x == anything)
On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.
CVE-2023-32732
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for
-bin
suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309.CVE-2023-33953
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:
The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.
The unbounded memory buffering bugs:
Release Notes
grpc/grpc (grpcio)
v1.53.2
Compare Source
This is release gRPC Core 1.53.2 (glockenspiel).
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes.
Core
v1.53.1
Compare Source
This is release gRPC Core 1.53.1 (glockenspiel).
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes.
v1.53.0
Compare Source
This is release 1.53.0 (glockenspiel) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
C#
Python
Ruby
v1.52.0
Compare Source
This is release 1.52.0 (gribkoff) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
C#
Python
UnaryStreamCall
andStreamStreamCall
fromAsyncIterable
toAsyncIterator
. (#31906)Ruby
v1.51.3
Compare Source
This is release gRPC Core 1.51.3 (galaxy).
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release is a Python-only patch to release universal2 Mac OS artifacts compatible with both x86 and arm64.
Python
v1.51.1
Compare Source
This is release gRPC Core 1.51.1 (galaxy).
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes.
Python
v1.51.0
Compare Source
This is release gRPC Core 1.51.0 (galaxy).
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes.
Core
2022110
. (#31585)C++
C#
PHP
Python
v1.50.0
Compare Source
This is release gRPC Core 1.50.0 (galley).
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
gpr_codegen
. (#30899)C++
C#
Python
Ruby
v1.49.1
Compare Source
This is release 1.49.1 (gamma) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
All
Ruby
v1.49.0
Compare Source
This is release 1.49.0 (gamma) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
Python
Ruby
v1.48.2
Compare Source
This is release 1.48.2 (garum) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
All
v1.48.1
Compare Source
This is release 1.48.1 (garum) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
v1.48.0
Compare Source
This is release 1.48.0 (garum) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
2022062
.0 . (#30155)Python
Ruby
Objective-C
First developer preview of XCFramework binary distribution via Cocoapod (#28749).
This brings in significant speed up to local compile time and includes support for Apple Silicon build.
v1.47.5
Compare Source
This is release 1.47.5 (gridman) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release is a Python-only patch to release universal2 Mac OS artifacts compatible with both x86 and arm64.
Python
v1.47.2
Compare Source
This is release 1.47.2 (gridman) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
All
v1.47.0
Compare Source
This is release 1.47.0 (gridman) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Announcement
gRPC C++ 1.47.0 is the first release requiring C++14 (proposal). For those who cannot upgrade to C++14 right now, you can use gRPC C++ 1.46.x in the meantime and gRPC C++ 1.46.x will be maintained by having fixes for critical bugs (P0) and security fixes until 2023-06-01.
Core
C++
C#
Python
Ruby
Other
v1.46.5
Compare Source
This is release 1.46.5 (golazo) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
All
Core
C#
v1.46.3
Compare Source
This is release gRPC Core 1.46.3 (golazo).
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes.
Core
v1.46.1
Compare Source
This is release gRPC Core 1.46.1 (golazo).
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes.
v1.46.0
Compare Source
This is release 1.46.0 (golazo) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Announcement
gRPC C++ 1.46 will be the last release supporting C++11, future releases will require C++ >= 14. We plan to backport critical (P0) bugs and security fixes to this release for a year, that is, until 2023-06-01. This change won't bump the major version of gRPC since this doesn't introduce API changes. Hence, the next version requiring C++14 will be 1.47 (context).
Core
content-length
metadata from the application. (#29295)C++
C#
Python
Ruby
v1.45.0
Compare Source
This is release 1.45.0 (gravity) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
C#
Objective-C
Python
Other
v1.44.0
Compare Source
This is release 1.44.0 (great) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
C#
Python
Ruby
v1.43.0
Compare Source
This is release 1.43.0 (green) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
C#
Objective-C
Python
v1.42.0
Compare Source
This is release 1.42.0 (granola) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
2021032
, Patch 2. (#27811)C++
C#
Objective-C
Python
Ruby
v1.41.1
Compare Source
This is release 1.41.0 (goat) of gRPC Core.
For gRPC documentation, see grpc.io.
v1.41.0
Compare Source
This is release 1.41.0 (goat) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
C#
Objective-C
Python
v1.40.0
Compare Source
This is release 1.40.0 (guileless) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
Python
v1.39.0
Compare Source
This is release 1.39.0 (goofy) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
Core
C++
C#
PHP
Python
Ruby
v1.38.1
Compare Source
This is release 1.38.1 (guadalupe_river_park_conservancy) of gRPC Core.
For gRPC documentation, see grpc.io. For previous releases, see Releases.
This release contains refinements, improvements, and bug fixes, with highlights listed below.
C#
Python
v1.38.0
Compare Source
This is release 1.38.0 ([guadalupe_river_park_conservancy](https://redirect.gi
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.