Bump google.golang.org/grpc from 1.79.3 to 1.81.1

[dependabot]

Bumps google.golang.org/grpc from 1.79.3 to 1.81.1.

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

• xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)
  • Special Thanks: @​al4an444

Bug Fixes

• otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)

Release 1.81.0

Behavior Changes

• balancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (#8808)

Dependencies

• Minimum supported Go version is now 1.25. (#8969)

Bug Fixes

• xds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (#8956)
• transport: Send a RST_STREAM when receiving an END_STREAM when the stream is not already half-closed. (#8832)
• xds: Fix ADS resource name validation to prevent a panic. (#8970)

New Features

• grpc/stats: Add support for custom labels in per-call metrics (gRFC A108). (#9008)
• xds: Add support for Server Name Indication (SNI) and SAN validation (gRFC A101). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_SNI=true environment variable. (#9016)
• xds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (gRFC A85). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true. (#9005)
• xds: Add metrics to track xDS client connectivity and cached resource state (gRFC A78). (#8807)
• stats/otel: Enhance grpc.subchannel.disconnections metric by adding disconnection reason to the grpc.disconnect_error label (gRFC A94). This provides granular insights into why subchannels are closing. (#8973)
• mem: Add mem.Buffer.Slice() API to slice the buffer like a slice. (#8977)
  • Special Thanks: @​ash2k

Performance Improvements

• alts: Pool read buffers to lower memory utilization when sockets are unreadable. (#8964)
• transport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false and report any issues. (#9032)

Release 1.80.0

Behavior Changes

• balancer: log a warning if a balancer is registered with uppercase letters, as balancer names should be lowercase. In a future release, balancer names will be treated as case-insensitive; see #5288 for details. (#8837)
• xds: update resource error handling and re-resolution logic (#8907)
  • Re-resolve all LOGICAL_DNS clusters simultaneously when re-resolution is requested.
  • Fail all in-flight RPCs immediately upon receipt of listener or route resource errors, instead of allowing them to complete.

Bug Fixes

... (truncated)

Commits

• caf0772 Change version from 1.81.1-dev to 1.81.1 (#9122)
• 6ccbeeb Cherry-pick #9111 into v1.81.x (#9121)
• b33c29e Cherry-pick #9081 into v1.81.x (#9102)
• c45fae6 Change version to 1.81.1-dev (#9063)
• cb18228 Change version to 1.81.0 (#9062)
• 96748f9 Cherry-pick #9105 to 1.81.x (#9106)
• 9183222 Cherry pick #9055, #9032 to v1.81.x (#9095)
• 5cba6da Revert "deps: update dependencies for all modules (#9065)" (#9067)
• af8a936 deps: update dependencies for all modules (#9065)
• cdc60df transport: optimize heap allocations in ready reader and update syscall conne...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
gomod/go.opentelemetry.io/otel	1.43.0	🟢 9.2	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 13/14 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices 🟢 5 badge detected: Passing Pinned-Dependencies 🟢 10 all dependencies are pinned SAST 🟢 9 SAST tool detected but not run on all commits License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 43 contributing companies or organizations
gomod/go.opentelemetry.io/otel/metric	1.43.0	🟢 9.2	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 13/14 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices 🟢 5 badge detected: Passing Pinned-Dependencies 🟢 10 all dependencies are pinned SAST 🟢 9 SAST tool detected but not run on all commits License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 43 contributing companies or organizations
gomod/go.opentelemetry.io/otel/sdk	1.43.0	🟢 9.2	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 13/14 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices 🟢 5 badge detected: Passing Pinned-Dependencies 🟢 10 all dependencies are pinned SAST 🟢 9 SAST tool detected but not run on all commits License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 43 contributing companies or organizations
gomod/go.opentelemetry.io/otel/trace	1.43.0	🟢 9.2	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 13/14 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices 🟢 5 badge detected: Passing Pinned-Dependencies 🟢 10 all dependencies are pinned SAST 🟢 9 SAST tool detected but not run on all commits License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Fuzzing 🟢 10 project is fuzzed Security-Policy 🟢 10 security policy file detected CI-Tests 🟢 10 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 43 contributing companies or organizations
gomod/golang.org/x/crypto	0.48.0	Unknown	Unknown
gomod/golang.org/x/net	0.51.0	Unknown	Unknown
gomod/golang.org/x/sync	0.20.0	Unknown	Unknown
gomod/golang.org/x/sys	0.42.0	Unknown	Unknown
gomod/golang.org/x/term	0.40.0	Unknown	Unknown
gomod/golang.org/x/text	0.34.0	Unknown	Unknown
gomod/gonum.org/v1/gonum	0.17.0	🟢 6.2	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 10 17 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/google.golang.org/genproto/googleapis/api	0.0.0-20260226221140-a57be14db171	🟢 6.6	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4
gomod/google.golang.org/genproto/googleapis/rpc	0.0.0-20260226221140-a57be14db171	🟢 6.6	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4
gomod/google.golang.org/grpc	1.81.1	🟢 7.7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 7 SAST tool detected but not run on all commits

Scanned Files

• go.mod