deps(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3

[dependabot]

Bumps google.golang.org/grpc from 1.78.0 to 1.79.3.

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

• server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

• stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

• grpc: Remove the -dev suffix from the User-Agent header. (grpc/grpc-go#8902)

Release 1.79.0

API Changes

• mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)
  • Special Thanks: @​vanja-p
• experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

• balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

• experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)
• pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.
  • This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)
• xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)
• balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)
  • Special Thanks: @​marek-szews

Bug Fixes

• credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)
  • Special Thanks: @​Atul1710
• xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)
• health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)
  • Special Thanks: @​sanki92
• transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)
  • Special Thanks: @​joybestourous
• server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)
  • Special Thanks: @​joybestourous

Performance Improvements

• credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)
• mem: Optimize pooling and creation of buffer objects. (#8784)
• transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

Commits

• dda86db Change version to 1.79.3 (#8983)
• 72186f1 grpc: enforce strict path checking for incoming requests on the server (#8981)
• 97ca352 Changing version to 1.79.3-dev (#8954)
• 8902ab6 Change the version to release 1.79.2 (#8947)
• a928670 Cherry-pick #8874 to v1.79.x (#8904)
• 06df363 Change version to 1.79.2-dev (#8903)
• 782f2de Change version to 1.79.1 (#8902)
• 850eccb Change version to 1.79.1-dev (#8851)
• 765ff05 Change version to 1.79.0 (#8850)
• 68804be Cherry pick #8864 to v1.79.x (#8896)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Assignees

The following users could not be added as assignees: arsheenali. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: go. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

@@          Coverage Diff           @@
##            main    #170    +/-   ##
======================================
  Coverage   4.15%   4.16%            
======================================
  Files        160     160            
  Lines      35212   35212            
  Branches    4108    4003   -105     
======================================
+ Hits        1462    1465     +3     
+ Misses     33659   33657     -2     
+ Partials      91      90     -1     

see 1 file with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update dc7328f...bf31dd9. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[dependabot]

Superseded by #171.