Skip to content

fix(deps): bump google.golang.org/grpc to v1.79.3#868

Merged
appleboy merged 1 commit intomasterfrom
worktree-sec
Mar 21, 2026
Merged

fix(deps): bump google.golang.org/grpc to v1.79.3#868
appleboy merged 1 commit intomasterfrom
worktree-sec

Conversation

@appleboy
Copy link
Copy Markdown
Owner

@appleboy appleboy commented Mar 21, 2026

Summary

  • Bump google.golang.org/grpc from v1.79.2 to v1.79.3 to fix CVE-2026-33186 (CRITICAL)
  • gRPC-Go authorization bypass via missing leading slash in :path
  • No code changes — pure dependency patch bump

Test plan

  • make build passes
  • go test -tags sqlite ./rpc/... passes
  • Verify Trivy scan no longer reports CVE-2026-33186

🤖 Generated with Claude Code

@appleboy @claude
fix(deps): bump google.golang.org/grpc to v1.79.3
2784821 
- Bump google.golang.org/grpc from v1.79.2 to v1.79.3 to fix CVE-2026-33186
- Address critical authorization bypass via missing leading slash in :path

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings March 21, 2026 04:31
Copilot AI reviewed Mar 21, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the project’s Go module dependencies to pick up the latest gRPC-Go patch release, addressing the critical security advisory referenced in the PR description, without changing application code.

Changes:

  • Bump google.golang.org/grpc from v1.79.2 to v1.79.3 in go.mod.
  • Update go.sum checksums to match the new gRPC version.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
go.mod Advances the direct google.golang.org/grpc requirement to v1.79.3.
go.sum Replaces v1.79.2 checksum entries with v1.79.3 entries.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@appleboy appleboy merged commit d50915d into master Mar 21, 2026
12 of 17 checks passed
@appleboy appleboy deleted the worktree-sec branch March 21, 2026 05:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@appleboy