Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump @grpc/grpc-js, @temporalio/client and @temporalio/worker in /workers/typescript #90

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 11, 2024

Bumps @grpc/grpc-js to 1.10.9 and updates ancestor dependencies @grpc/grpc-js, @temporalio/client and @temporalio/worker. These dependencies need to be updated together.

Updates @grpc/grpc-js from 1.7.3 to 1.10.9

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.10.9

  • Avoid buffering significantly more than grpc.max_receive_message_size per received message.

@​grpc/grpc-js 1.10.8

  • Fix a bug that caused channels with unix: targets to not reconnect after the channel goes idle (#2750)

@​grpc/grpc-js 1.10.7

  • Improve reporting of HTTP error codes (#2723)
  • Update dependency on @grpc/proto-loader to the latest version (#2732)

@​grpc/grpc-js 1.10.6

  • Fix a bug that could cause a server to sometimes send the status early (#2708)

@​grpc/grpc-js 1.10.5

  • Resolve exception when Error.stackTraceLimit is undefined (#2701 contributed by @​davidfiala)
  • Call configured checkServerIdentity when grpc.ssl_target_name_override is set (#2704)
  • Add more information to DEADLINE_EXCEEDED error details strings (#2692)

@​grpc/grpc-js 1.10.4

  • Fix a bug that caused server interceptors to crash when using partially-populated ResponderBuilder and ListenerBuilder objects (#2696)
  • Avoid sending RST_STREAM from the client when the server has already finished its side of the stream (#2695)

@​grpc/grpc-js 1.10.3

  • Revert client reconnection changes in #2680 (#2691)

@​grpc/grpc-js 1.10.2

  • Implement server connection idle timeouts and improve channelz performance (#2677 contributed by @​AVVS)
  • Fix a bug that caused clients to automatically reconnect even when there were no active requests (#2680)
  • Modify order of server call events to more closely match pre-1.10.x behavior (#2683)

@​grpc/grpc-js 1.10.1

  • Fix a bug causing channels using the round_robin LB policy to fail to reconnect after a connection drops (#2667)

@​grpc/grpc-js-xds 1.10.1

  • Update dependency on @grpc/proto-loader to the latest version (#2732)

@​grpc/grpc-js-xds 1.10.0

@​grpc/grpc-js 1.10.0

Changelog

... (truncated)

Commits
  • 674f4e3 Merge pull request from GHSA-7v5v-9h63-cj86
  • 7ecaa2d grpc-js: Bump to 1.10.9
  • e64d816 grpc-js: Avoid buffering significantly more than max_receive_message_size per...
  • 45e5fe5 Merge pull request #2750 from murgatroid99/grpc-js_idle_uds_fix
  • 87a3541 grpc-js: Fix UDS channels not reconnecting after going idle
  • 3105791 Merge pull request #2740 from sergiitk/backport-1.10-psm-interop-common-prod-...
  • fec135a Merge pull request #2729 from sergiitk/psm-interop-common-prod-tests
  • 76fe802 Merge pull request #2739 from murgatroid99/backport-1.10-grpc-js_linkify-it_fix
  • d5edf49 Merge pull request #2735 from murgatroid99/grpc-js_linkify-it_fix
  • 23c05fc Merge pull request #2732 from murgatroid99/grpc-js_proto-loader_update
  • Additional commits viewable in compare view

Updates @temporalio/client from 1.9.3 to 1.10.1

Release notes

Sourced from @​temporalio/client's releases.

v1.10.1

What changed

  • On Linux, restored compatibility with GLIBC 2.18+ on both x64 and arm64 architectures.

v1.10.0

Important updates

  • 💥 Support for Node.js 14 and older GLIBC releases has been dropped. As announced previously, TS SDK v1.9 was the last minor release to support Node.js 14.

    Going forward, the TypeScript SDK requires:

    • Node.js 16.15 or more recent;
    • GLIBC 2.35 or more recent (update: we restored compatibility with GLIBC 2.18 in v1.10.1)
  • 💥 Support for Node.js 16 will soon be dropped. TS SDK v1.10 will be the last minor release to support Node.js 16. TS SDK v1.11 will require Node 18 or higher.

    Node.js 14 officially reached end-of-life on April 30th, 2023, and Node.js 16 reached end-of-life on September 11th, 2023 (see Node.js release schedule). We strongly encourage everyone to take immediate action in updating their deployments to supported versions of Node.js to ensure continued compatibility and receive the latest features and security updates.

Features

  • [client] Both Connection and NativeConnection now accept an apiKey option, making it easier to connect to Temporal Cloud and other Temporal servers that use bearer token authentication (#1385), as well as HTTP CONNECT Proxy (#1411, thanks to @​brendan-myers for his help on getting this started 🙏).

  • [client] The startdelay Workflow option is no longer experimental (#1379). Thanks @​tlafano 🙏.

  • [core] Core can now be configured to emit duration metrics as either seconds or milliseconds, as well as to include unit suffixes in metric names (#1383).

  • [worker] Add taskQueue and logSource metadata attributes on all log messages emitted inside the context of a worker. These attributes are there make is easier to diagnose some low level issues, as well as allow implementing fine-grained filtering of messages (eg. show DEBUG level messages for user-code, but only WARN for messages from the worker) (#1391).

Bug Fixes

  • [client] Bring gRPC retry options in line with other SDKs (#1368). Thanks to @​chronos-tachyon 🙏.

  • [worker] Unreference timer created in parseWorkflowCode (#1370). Thanks @​jhecking 🙏.

  • On POSIX systems, stdout and stderr are now properly inherited by ephemeral servers (e.g. TestWorkflowEnvironment.createLocal() and TestWorkflowEnvironment.createTimeSkipping()), making it easier to diagnose issues while creating a test environment (#1394).

  • @grpc/grpc-js has been updated to 1.10.x (#1388). It had previously been pinned to 1.7.3 to avoid multiple bugs and incompatibilities introduced in grpc-js 1.8.0. We have since reviewed these changes and confirmed that there is no longer any reason to refrain form updating that dependency.

  • bundler: Webpack output is now recorded as a single log entry, and color are disabled if output is not being sent to the console (#1414). Thanks @​ikonst 🙏.

  • MockActivityEnvironment no longer causes initialization of the Runtime (#1401).

  • [common] Improve error messages for failureConverters (#1373).

  • [doc] Fix comment on default maxConcurrentActivityTaskPolls value (#1374) Thanks @​taonic 🙏.

Commits

Updates @temporalio/worker from 1.9.3 to 1.10.1

Release notes

Sourced from @​temporalio/worker's releases.

v1.10.1

What changed

  • On Linux, restored compatibility with GLIBC 2.18+ on both x64 and arm64 architectures.

v1.10.0

Important updates

  • 💥 Support for Node.js 14 and older GLIBC releases has been dropped. As announced previously, TS SDK v1.9 was the last minor release to support Node.js 14.

    Going forward, the TypeScript SDK requires:

    • Node.js 16.15 or more recent;
    • GLIBC 2.35 or more recent (update: we restored compatibility with GLIBC 2.18 in v1.10.1)
  • 💥 Support for Node.js 16 will soon be dropped. TS SDK v1.10 will be the last minor release to support Node.js 16. TS SDK v1.11 will require Node 18 or higher.

    Node.js 14 officially reached end-of-life on April 30th, 2023, and Node.js 16 reached end-of-life on September 11th, 2023 (see Node.js release schedule). We strongly encourage everyone to take immediate action in updating their deployments to supported versions of Node.js to ensure continued compatibility and receive the latest features and security updates.

Features

  • [client] Both Connection and NativeConnection now accept an apiKey option, making it easier to connect to Temporal Cloud and other Temporal servers that use bearer token authentication (#1385), as well as HTTP CONNECT Proxy (#1411, thanks to @​brendan-myers for his help on getting this started 🙏).

  • [client] The startdelay Workflow option is no longer experimental (#1379). Thanks @​tlafano 🙏.

  • [core] Core can now be configured to emit duration metrics as either seconds or milliseconds, as well as to include unit suffixes in metric names (#1383).

  • [worker] Add taskQueue and logSource metadata attributes on all log messages emitted inside the context of a worker. These attributes are there make is easier to diagnose some low level issues, as well as allow implementing fine-grained filtering of messages (eg. show DEBUG level messages for user-code, but only WARN for messages from the worker) (#1391).

Bug Fixes

  • [client] Bring gRPC retry options in line with other SDKs (#1368). Thanks to @​chronos-tachyon 🙏.

  • [worker] Unreference timer created in parseWorkflowCode (#1370). Thanks @​jhecking 🙏.

  • On POSIX systems, stdout and stderr are now properly inherited by ephemeral servers (e.g. TestWorkflowEnvironment.createLocal() and TestWorkflowEnvironment.createTimeSkipping()), making it easier to diagnose issues while creating a test environment (#1394).

  • @grpc/grpc-js has been updated to 1.10.x (#1388). It had previously been pinned to 1.7.3 to avoid multiple bugs and incompatibilities introduced in grpc-js 1.8.0. We have since reviewed these changes and confirmed that there is no longer any reason to refrain form updating that dependency.

  • bundler: Webpack output is now recorded as a single log entry, and color are disabled if output is not being sent to the console (#1414). Thanks @​ikonst 🙏.

  • MockActivityEnvironment no longer causes initialization of the Runtime (#1401).

  • [common] Improve error messages for failureConverters (#1373).

  • [doc] Fix comment on default maxConcurrentActivityTaskPolls value (#1374) Thanks @​taonic 🙏.

Commits
  • fdb708f chore(release): Publish
  • ff79445 chore(release): Publish
  • e3c1574 fix(bundler): Pass Webpack output to logger in a single record (#1414)
  • dd9cee8 feat(worker): Add support for HTTP CONNECT Proxy (#1411)
  • bc9e6cc chore: Remove support for Node 14
  • df72bfb Update comment for WorkerOptions.debugMode that the default is taken from the...
  • 9f55277 Add sdkComponent and taskQueue metadata on log messages (#1401)
  • 54dd058 Revert "Add logSource and taskQueue metadata on log messages (#1399)
  • 1708529 Add logSource and taskQueue metadata on log messages (#1391)
  • b54bf2c Api Key Support (#1385)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [@grpc/grpc-js](https://github.com/grpc/grpc-node) to 1.10.9 and updates ancestor dependencies [@grpc/grpc-js](https://github.com/grpc/grpc-node), [@temporalio/client](https://github.com/temporalio/sdk-typescript/tree/HEAD/packages/client) and [@temporalio/worker](https://github.com/temporalio/sdk-typescript/tree/HEAD/packages/worker). These dependencies need to be updated together.


Updates `@grpc/grpc-js` from 1.7.3 to 1.10.9
- [Release notes](https://github.com/grpc/grpc-node/releases)
- [Commits](https://github.com/grpc/grpc-node/compare/@grpc/[email protected]...@grpc/[email protected])

Updates `@temporalio/client` from 1.9.3 to 1.10.1
- [Release notes](https://github.com/temporalio/sdk-typescript/releases)
- [Changelog](https://github.com/temporalio/sdk-typescript/blob/main/CHANGELOG.md)
- [Commits](https://github.com/temporalio/sdk-typescript/commits/v1.10.1/packages/client)

Updates `@temporalio/worker` from 1.9.3 to 1.10.1
- [Release notes](https://github.com/temporalio/sdk-typescript/releases)
- [Changelog](https://github.com/temporalio/sdk-typescript/blob/main/CHANGELOG.md)
- [Commits](https://github.com/temporalio/sdk-typescript/commits/v1.10.1/packages/worker)

---
updated-dependencies:
- dependency-name: "@grpc/grpc-js"
  dependency-type: indirect
- dependency-name: "@temporalio/client"
  dependency-type: direct:production
- dependency-name: "@temporalio/worker"
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added javascript Pull requests that update Javascript code Mend: dependency security vulnerability Security vulnerability detected by Mend labels Jun 11, 2024
@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
javascript Pull requests that update Javascript code Mend: dependency security vulnerability Security vulnerability detected by Mend
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant