• 48391ba Fix panic in AssertExpectations for mocks without expectations (#1207)
• 840cb80 arrays value types in a zero-initialized state are considered empty (#1126)
• 07dc7ee Bump actions/setup-go from 3.1.0 to 3.2.0 (#1191)
• c33fc8d Bump actions/checkout from 2 to 3 (#1163)
• 3c33e07 Added Go 1.18.1 as a build/supported version (#1182)
• e2b56b3 Bump github.com/stretchr/objx from 0.1.0 to 0.4.0
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from golangci/golangci-lint-action's releases.

v3.0.0

What's Changed

• Fix grammar in action.yml by @​abennett in golangci/golangci-lint-action#356
• Add description for permissions settings by @​sg0hsmt in golangci/golangci-lint-action#298
• Remove Setup-Go by @​StevenACoffman in golangci/golangci-lint-action#403
• Update all direct dependencies by @​SVilgelm in golangci/golangci-lint-action#404
• 139 Dependabot updates

New Contributors

• @​abennett made their first contribution in golangci/golangci-lint-action#356
• @​sg0hsmt made their first contribution in golangci/golangci-lint-action#298
• @​StevenACoffman made their first contribution in golangci/golangci-lint-action#403

Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v2...v3.0.0

• c675eb7 Update all direct dependencies (#404)
• 423fbaf Remove Setup-Go (#403)
• bcfc6f9 build(deps-dev): bump eslint-plugin-import from 2.25.3 to 2.25.4 (#402)
• d34ac2a build(deps): bump setup-go from v2.1.4 to v2.2.0 (#401)
• e4b538e build(deps-dev): bump @​types/node from 16.11.10 to 17.0.19 (#400)
• a288c0d build(deps): bump @​actions/cache from 1.0.8 to 1.0.9 (#399)
• b7a34f8 build(deps): bump @​types/tmp from 0.2.2 to 0.2.3 (#398)
• 129bcf9 build(deps-dev): bump @​types/uuid from 8.3.3 to 8.3.4 (#397)
• 153576c build(deps-dev): bump eslint-config-prettier from 8.3.0 to 8.4.0 (#396)
• a9a9dff build(deps): bump ansi-regex from 5.0.0 to 5.0.1 (#395)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/fullstorydev/grpcui's releases.

v1.3.0

Changes

This release includes numerous new features and some bug fixes. The release binaries on GitHub and the published docker images also now include options for arm64 architecture.

Web UI

These changes impact usage of both the command-line tool and the Go packages.

• The UI will now show error details. Error details consist of zero or more google.protobuf.Any messages that may be attached to any RPC error. Previously, if an error contained details, the UI would not show them.
• The UI now provides the option to load a file to populate bytes fields.
• The UI now includes support for "Examples", similar to collections in postman. These can be loaded programmatically, when using the Go packages, or via a new command-line option for the command-line tool (see more below). When examples are included, they appear as a list on the left. Clicking an item in the list loads the form with the contents of that example.
• The "History" tab of the UI includes a new "Save History" button, for saving all of the requests in the history to a downloaded JSON file. This JSON file is in the same format used to provide examples (see above).
• The UI now can show more information about the service and method selected. There is a small arrow button to the right of the drop-downs that can be used to show and hide this extra information. This description resembles the original proto source for the service and method, including showing any options as well as comments.
  • Caveat: the comments may only be shown when using proto source files to obtain descriptors. This is because most runtimes discard this information for descriptors that are generated and linked into a program (to reduce binary sizes and memory footprint). So when using server reflection to get descriptors, comments likely will not appear.
• The UI now includes tool tips for fields in the request form, that shows more information. Like the service and method information, this description resembles the original proto source, including options as comments. (Same caveat regarding comments as above.)
• Trying to enable (via checkbox) a field of type google.protobuf.Value would result in the UI continuing to show "unset", instead of providing a text input for defining the value. This has been fixed.
• Entering values for google.protobuf.Timestamp fields would cause errors in Safari browsers, due to the use of a date format that was not universally accepted by all browsers. This has been fixed.
• All static resources would previously be served using "public" cache control headers. However, the main index page may include RPC service and method names that are not public. Furthermore, if extra assets were added (using options for the standalone Go package), they would also be served using "public" cache control headers.
  • This is a privacy issue and has been fixed. All assets that may contain non-public data (custom assets and the index page) are now served using a "private" cache control header.
  • There was also a caching issue if the same host and port were used to connect to different backend gRPC servers. In this case, when reloading the index page for a different backend server, the cache directive would allow the browser to use a stale cached copy of the index page, with incorrect services and methods. This could lead to runtime errors until a forced-reload was performed. The index page now uses a "must-revalidate" cache control header to prevent the use of an incorrect stale cached resource.

Command-line tool

This release adds some additional command-line flags:

• A new -base-path flag allows the UI to be served from a path other than /. This can be useful when grpcui is behind a reverse proxy, so / gets routed to other servers and some other sub-path can be routed to grpcui.
• The -H, -rpc-header, and -expand-header flags supported by grpcurl are now also supported by grpcui. Headers defined this way will not appear in the web form UI, but will be added to the RPC request.
• The -use-reflection flag supported by grpcurl is now also supported by grpcui. This allows the UI augment the set of descriptors retrieved from a server (via service reflection) with local proto sources. This can be useful for the UI to understand extensions and custom options that the server may not actually be aware of.
• A new -preserve-header flag has been added that allows the "invoke" XHR endpoint to propagate HTTP headers it receives as request metadata to the server. This can be useful if grpcui is behind an authenticating proxy, like where a JWT (or other credential) header is transparently added to each request which should be forwarded to backend RPC servers.
• The -vvv flag previously would log the body of all HTTP requests and responses that the grpcui web server received. When the body was binary and the log was streaming to a terminal, this could result in unpleasant output -- not only because the binary data is unreadable, but also because some binary data could be interpreted as control/escape sequences by the terminal. Binary responses are now hex-encoded in the log.
• New -extra-js and -extra-css flags can be used to inject custom JS and CSS resources into the index page. This allows for a wide variety of customizations not previously possible without a browser extension.
• A new -also-serve flag can be used to have the grpcui web server host other files/assets. This can be useful, for example, if a custom CSS resource is used which references things like custom fonts or images.
• A new -examples flag allows configuring the UI to show a library of canned "example" requests, loaded from a JSON file.

Go package "github.com/fullstorydev/grpcui"

• Two new functions, AllMethodsViaInProcess and AllFilesViaInProcess, have been added to further simplify the use case where a gRPC UI is embedded into a Go gRPC server. They populate the list of exposed services and file descriptors using the actual services registered with a *grpc.Server and can utilize every proto file generated and linked into the program (even those that are not used or imported by the files that define the services).

Go package "github.com/fullstorydev/grpcui/standalone"

• Numerous new options have been added for the standalone handler that allow serving custom assets without having to load them all into memory: AddJSFile, AddCSSFile, and ServeAssetFile (similar to existing functions AddJS, AddCSS, and ServeAsset). Furthermore, a new ServeAssetDirectory allows easily adding an entire folder of static resources to be served by the handler.
• Two new options, WithExamples and WithExampleData, allow specifying a library of canned "example" requests, which will be shown in the UI.

• 6a5a14b release binaries and docker images for arm64 (#170)
• 2b1a1df include comments in service reflection for testsvr (#169)
• 9a512fe Add ability to pick a file to populate bytes fields (#168)
• e458831 Add the ability to load 'examples' and create examples by saving history (#167)
• d70ce5c add descriptions for services, methods, and fields (#166)
• 380438d fix issue where index page can be cached with wrong list of services/methods ...
• ef4eb08 allowing injecting custom JS, CSS, and other files into the gRPC UI web serve...
• 3da5e70 reconcile grpcui cmd-line options with grpcurl (#163)
• 014444e updates the grpcui client to show error details on response tab (#162)
• 38bf5f4 new methods for collecting methods and files from in-process server (#161)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from google.golang.org/grpc's releases.

Release 1.51.0

Behavior Changes

• xds: NACK EDS resources with duplicate addresses in accordance with a recent spec change (#5715)
  • Special Thanks: @​erni27
• grpc: restrict status codes that can be generated by the control plane (gRFC A54) (#5653)

New Features

• client: set grpc-accept-encoding header with all registered compressors (#5541)
  • Special Thanks: @​jronak
• xds/weightedtarget: return a more meaningful error when all child policies are in TRANSIENT_FAILURE (#5711)
• gcp/observability: add "started rpcs" metric (#5768)
• xds: de-experimentalize the google-c2p-resolver (#5707)
• balancer: add experimental Producer types and methods (#5669)
• orca: provide a way for LB policies to receive OOB load reports (#5669)

Bug Fixes

• go.mod: upgrade x/text dependency to address CVE 2022-32149 (#5769)
• client: fix race that could lead to an incorrect connection state if it was closed immediately after the server's HTTP/2 preface was received (#5714)
  • Special Thanks: @​fuweid
• xds: ensure sum of the weights of all EDS localities at the same priority level does not exceed uint32 max (#5703)
  • Special Thanks: @​erni27
• client: fix binary logging bug which logs a server header on a trailers-only response (#5763)
• balancer/priority: fix a bug where unreleased references to removed child policies (and associated state) was causing a memory leak (#5682)
• xds/google-c2p: validate URI schema for no authorities (#5756)

• eeb9afa Change version to 1.51.0 (#5782)
• 72812fe gcp/observability: filter logging from cloud ops endpoints calls (#5765)
• 0ae33e6 xdsclient: remove unused test code (#5772)
• 824f449 go.mod: upgrade x/text to v0.4 to address CVE (#5769)
• 7f23df0 xdsclient: switch xdsclient watch deadlock test to e2e style (#5697)
• 32f969e o11y: Added started rpc metric in o11y plugin (#5768)
• b597a8e xdsclient: improve authority watchers test (#5700)
• e41e894 orca: create ORCA producer for LB policies to use to receive OOB load reports...
• 36d14db Fix binary logging bug which logs a server header on a trailers only response...
• fcb8bdf xds/google-c2p: validate url for no authorities (#5756)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• b747d7c Bump github.com/stretchr/objx from 0.4.0 to 0.5.0 (#1283)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from google.golang.org/grpc's releases.

Release 1.50.1

New Features

• gcp/observability: support new configuration defined in public preview user guide

• 4c776ec Cherry-pick observability changes from master to v1.50.x and update version t...
• 6576007 Change version to 1.50.1-dev (#5686)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from google.golang.org/grpc's releases.

Release 1.50.0

Behavior Changes

• client: use proper "@" semantics for connecting to abstract unix sockets. (#5678)
  • This is technically a bug fix; the result is that the address was including a trailing NULL byte, which it should not have. This may break users creating the socket in Go by prefixing a NULL instead of an "@", though, so calling it out as a behavior change.
  • Special Thanks: @​jachor

New Features

• metadata: add experimental ValueFromIncomingContext to more efficiently retrieve a single value (#5596)
  • Special Thanks: @​horpto
• stats: provide peer information in HandleConn context (#5589)
  • Special Thanks: @​feihu-stripe
• xds: add support for Outlier Detection, enabled by default (#5435, #5673)

Bug Fixes

• client: fix deadlock in transport caused by GOAWAY racing with stream creation (#5652)
  • This should only occur with an HTTP/2 server that does not follow best practices of an advisory GOAWAY (not a grpc-go server).
• xds/xdsclient: fix a bug which was causing routes with cluster_specifier_plugin set to be NACKed when GRPC_EXPERIMENTAL_XDS_RLS_LB was off (#5670)
• xds/xdsclient: NACK cluster resource if config_source_specifier in lrs_server is not self (#5613)
• xds/ringhash: fix a bug which sometimes prevents the LB policy from retrying connection attempts (#5601)
• xds/ringhash: do nothing when asked to exit IDLE instead of falling back on the default channel behavior of connecting to all addresses (#5614)
• xds/rls: fix a bug which was causing the channel to be stuck in IDLE (#5656)
• alts: fix a bug which was setting WaitForReady on handshaker service RPCs, thereby delaying fallback when required (#5620)
• gcp/observability: fix End() to cleanup global state correctly (#5623)

• c1d7d7a Change version to 1.50.0 (#5685)
• 1451c62 internal/transport: optimize grpc-message encoding/decoding (#5654)
• be4b63b test: minor test cleanup (#5679)
• d83070e Changed Outlier Detection Env Var to default true (#5673)
• 54521b2 client: remove trailing null from unix abstract socket address (#5678)
• 36e4810 orca: cleanup old code, and get grpc package to use new code (#5627)
• e8866a8 build: harden GitHub Workflow permissions (#5660)
• 8458251 xdsclient: ignore routes with cluster_specifier_plugin when GRPC_EXPERIMENTAL...
• a238ceb xDS: Outlier Detection Env Var not hardcoded to false (#5664)
• b1d7f56 transport: Fix deadlock in transport caused by GOAWAY race with new stream cr...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/jhump/protoreflect's releases.

v1.13.0

This version includes mostly bug fixes. It does include some new API and features in desc/builder and desc/sourceinfo packages. This version also introduces support for Windows. (Some packages did not work correctly on platforms where the default path separator was not /. These packages have been fixed.)

"github.com/jhump/protoreflect/desc"

Changes/fixes:

• If using the CreateFileDescriptor functions to convert descriptor protos into "rich" descriptors, a panic could occur on certain kinds of invalid input. For example, if the input type of an RPC method referred to an enum instead of a message, a type assertion panic would be triggered. This has been fixed so that such incorrect input results in the function returning an error, not panic'ing.

"github.com/jhump/protoreflect/desc/builder"

Additions:

• Adds a new method PruneUnusedDependencies to the FileBuilder type. This can be used to remove any unused dependencies. This is mainly useful when modifying an existing descriptor and removing elements from it. After removing elements, some of the file's imports may no longer be used.

"github.com/jhump/protoreflect/desc/protoparse"

Changes/fixes:

• Fixes a potential panic when parsing and linking source files. If the source contains a symbol that conflicted with the name of a synthetic oneof (an implementation detail of how descriptors with "proto3 optional" fields are generated), it would trigger a nil de-reference panic while trying to construct the error message. This has been fixed.
• Fixes a subtle issue when resolving relative references in field types and extendees, whereby this package would previously accept a reference that protoc would reject. The resolution rules in protoc handle partially-qualified references a little differently than unqualified references, and this package didn't previously implement the subtle difference. This is now fixed.
• Fixes an issue where a field type was allowed to directly refer to the name of a synthetic map entry message. This is not actually allowed by protoc. Now such an incorrect usage results in an appropriate error.
• Adds checks to verify that default JSON names for fields and enum values do not conflict. This implements the check in the same fashion as protoc, which is case-insensitive. For enum values, any prefix on the value name that matches the enum name (regardless of case or underscores) is disregarded when performing this check. The check results in an error for proto3 syntax files, but only a warning for proto2 syntax files.
• Adds a check to make sure that custom json_name options on fields are valid. So if two fields try to declare the same json_name, this will be considered an error. For proto3 syntax files, if a custom json_name option conflicts with another field's default JSON name, this is also an error (but only a warning for proto2 syntax files).
• The ParseFilesButDoNotLink method will now return uninterpreted options in a form that matches the way the official C++ Parser class does. In particular, aggregate values now use the same string format, which will be identical to the original message literal in source but without the enclosing braces ({ and }), with all comments and whitespace removed, and with a single space inserted between lexical elements.

"github.com/jhump/protoreflect/desc/protoprint"

Changes/fixes:

• Previously, characters outside US ASCII (7 bit) in string literals would be encoded using octal escapes when printed. (There is not enough information in a descriptor to preserve the original source's encoding.) This made string literals with other unicode code points (other languages/alphabets, emoji, etc) impossible to read. This has been fixed. String literals used for bytes fields still use aggressive octal escapes. But for string fields, escapes are only used for non-printable code points.

"github.com/jhump/protoreflect/dynamic"

Changes/fixes:

• The GetKnownType method of KnownTypeRegistry could previously return an invalid type, if given the fully-qualified name of a synthetic map entry message. It now returns nil in such a case.

"github.com/jhump/protoreflect/desc/sourceinfo"

Additions:

• This release adds a new RegisterEncodedSourceInfo function, used by newer code generated by protoc-gen-gosrcinfo. It accepts compressed encoded data in the form of a byte array.

"github.com/jhump/protoreflect/desc/sourceinfo/cmd/protoc-gen-gosrcinfo"

Changes/fixes:

• The generated code now emits compressed information. That way, it uses less space in the executable, resulting in smaller binaries.

• bccb0aa protoprint: try to preserve printable unicode code points in output (#529)
• 8dab444 protoparse: match the way protoc populates aggregate values in uninterpreted ...
• cd98cc0 desc: avoid panic if descriptor proto has invalid type references (#525)
• ab4615d protoparse: enum value name constraints, ostensibly related to JSON format (#...
• 3057e78 protoparse: enforce unique JSON names (#523)
• 7614117 protoparse: it is not allowed to reference a synthetic map entry (#522)
• bc733da oops, how did we never notice license issue
• 73d52db add caveat about the V1 protobuf API
• 25e6f5d protoparse: fix scoping issue for extendees and field type names; also fix ar...
• 060cc04 Remove dependency on grpc-go in internal/testprotos (#519)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from google.golang.org/grpc's releases.

Release 1.49.0

New Features

• gcp/observability: add support for Environment Variable GRPC_CONFIG_OBSERVABILITY_JSON (#5525)
• gcp/observability: add support for custom tags (#5565)

Behavior Changes

• server: reduce log level from Warning to Info for early connection establishment errors (#5524)
  • Special Thanks: @​jpkrohling

Bug Fixes

• client: fix race in flow control that could lead to unexpected EOF errors (#5494)
• client: fix a race that could cause RPCs to time out instead of failing more quickly with UNAVAILABLE (#5503)
• client & server: fix a panic caused by passing a nil stats handler to grpc.WithStatsHandler or grpc.StatsHandler (#5543)
• transport/server: fix a race that could cause a stray header to be sent (#5513)
• balancer: give precedence to IDLE over TRANSIENT_FAILURE when aggregating connectivity state (#5473)
• xds/xdsclient: request correct resource name when user specifies a new style resource name with empty authority (#5488)
• xds/xdsclient: NACK endpoint resources with zero weight (#5560)
• xds/xdsclient: fix bug that would reset resource version information after ADS stream restart (#5422)
• xds/xdsclient: fix goroutine leaks when load reporting is enabled (#5505)
• xds/ringhash: fix config update processing to recreate ring and picker when min/max ring size changes (#5557)
• xds/ringhash: avoid recreating subChannels when update doesn't change address weight information (#5431)
• xds/priority: fix bug which could cause priority LB to block all traffic after a config update (#5549)
• xds: fix bug when environment variable GRPC_EXPERIMENTAL_ENABLE_OUTLIER_DETECTION is set to true (#5537)

• 1c29e07 Change version to 1.49.0 (#5583)
• 8e5a84e xds/resolver: generate channel ID randomly (#5603)
• 92cee34 gcp/observability: Add logging filters for logging, tracing, and metrics API ...
• c7fe135 O11Y: Added support for custom tags (#5565)
• 7981af4 test/kokoro: add missing image tagging to the xDS interop url map buildscript...
• 6f34b7a xdsclient: NACK endpoint resource if load_balancing_weight is specified and i...
• f9409d3 ringhash: handle config updates properly (#5557)
• 946dde0 xdsclient: NACK endpoint resources with zero weight (#5560)
• b89f49b xdsclient: deflake Test/LDSWatch_PartialValid (#5552)
• 9bc72de grpc: remove mentions of WithBalancerName from comments (#5555)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/fullstorydev/grpcui's releases.

v1.3.1

Changes

• Minor UI style tweaks
• Several dependency version updates
• Support for Go 1.18

Changelog

• 410c0c3 Add go1.18 support; set go1.18 in Dockerfile (#196)
• 347dfad fix: update go get -u golang.org/x/sys to support Go 1.18 (#178)
• fa32837 Bump google.golang.org/protobuf from 1.26.0 to 1.28.0 (#189)
• 4268775 add dependabot
• cca8f59 don't use now-deleted srcinforeflection package (#172)
• a5287db tweak the spacing and font size of the top UI elements above the form (#173)
• 2d4a93e add "Web UI" section to release notes template
• 15a4e2d use newer goreleaser (#171)

• 410c0c3 Add go1.18 support; set go1.18 in Dockerfile (#196)
• 347dfad fix: update go get -u golang.org/x/sys to support Go 1.18 (#178)
• fa32837 Bump google.golang.org/protobuf from 1.26.0 to 1.28.0 (#189)
• 4268775 add dependabot
• cca8f59 don't use now-deleted srcinforeflection package (#172)
• a5287db tweak the spacing and font size of the top UI elements above the form (#173)
• 2d4a93e add "Web UI" section to release notes template
• 15a4e2d use newer goreleaser (#171)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from google.golang.org/grpc's releases.

Release 1.48.0

Bug Fixes

• xds/priority: fix bug that could prevent higher priorities from receiving config updates (#5417)
• RLS load balancer: don't propagate the status code returned on control plane RPCs to data plane RPCs (#5400)

New Features

• stats: add support for multiple stats handlers in a single client or server (#5347)
• gcp/observability: add experimental OpenCensus tracing/metrics support (#5372)
• xds: enable aggregate and logical DNS clusters by default (#5380)
• credentials/google (for xds): support xdstp C2P cluster names (#5399)

• 6417495 Change version to 1.48.0 (#5482)
• 5770b1d xds: drop localities with zero weight at the xdsClient layer (#5476)
• 423cd8e interop: update proto to make vet happy (#5475)
• c9b16c8 transport: remove unused bufWriter.onFlush() (#5464)
• 755bf5a fix typo in the binary log (#5467)
• 15739b5 health: split imports into healthpb and healthgrpc (#5466)
• c075d20 interop client: provide new flag, --soak_min_time_ms_between_rpcs (#5421)
• 4b75005 clusterresolver: merge P(p)arseConfig functions (#5462)
• d883f3d test/xds: fail only when state changes to something other than READY and IDLE...
• c6ee1c7 xdsclient: only include nodeID in error strings, not the whole nodeProto (#5461)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)