chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.74.2

[dependabot]

Bumps google.golang.org/grpc from 1.58.2 to 1.74.2.

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.74.2

API Changes

• balancer: add ExitIdle method to Balancer interface. Earlier, implementing this method was optional. (#8367)

Behavior Changes

• xds: Remove the GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST environment variable that allows disabling the least request balancer with xDS. Least request was made available by default with xDS in v1.72.0. (#8248)
  • Special Thanks: @​atollena
• server: allow 0s grpc-timeout header values, which older gRPC-Java versions could send. This restores the behavior of grpc-go before v1.73.0. (#8439)

Bug Fixes

• googledirectpath: avoid logging the error message Attempt to set a bootstrap configuration... when creating multiple directpath channels. (#8419)

Performance Improvements

• transport: reduce heap allocations by pooling objects and avoiding method-to-closure conversions. (#8361)
• transport: reduce heap allocations by re-using mem.Reader objects. (#8360)

Documentation

• examples: add examples to demonstrate enabling experimental metrics using the OpenTelemetry plugin. (#8388)
  • Special Thanks: @​vinothkumarr227

Release 1.74.1

Version 1.74.1 retracts release v1.74.0 and itself. Release 1.74.0 was accidentally tagged on the wrong commit and should not be used. Version 1.73.0 should be used until 1.74.2 is released.

Release 1.74.0 was accidentally tagged on the wrong commit and should not be used. Version 1.73.0 should be used until 1.74.1 is released.

Release 1.73.0

New Features

• balancer/ringhash: move LB policy from xds/internal to exported path to facilitate use without xds (#8249)
• xds: enable least request LB policy by default. It can be disabled by setting GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST=false in your environment. (#8253)
• grpc: add a CallAuthority Call Option that can be used to overwrite the http :authority header on per-RPC basis. (#8068)
• stats/opentelemetry: add trace event for name resolution delay. (#8074)
• health: added List method to gRPC Health service. (#8155)
  • Special Thanks: @​marcoshuck
• ringhash: implement features from gRFC A76. (#8159)
• xds: add functionality to support SPIFFE Bundle Maps as roots of trust in XDS which can be enabled by setting GRPC_EXPERIMENTAL_XDS_MTLS_SPIFFE=true. (#8167, #8180, #8229, #8343)

Bug Fixes

• xds: locality ID metric label is changed to make it consistent with gRFC A78. (#8256)
• client: fail RPCs on the client when using extremely short contexts that expire before the grpc-timeout header is created. (#8312)
• server: non-positive grpc-timeout header values are now rejected. This is consistent with the gRPC protocol spec. (#8290)
  • Special Thanks: @​evanj
• xds: fix reported error string when LRS load reporting interval is invalid. (#8224)
  • Special Thanks: @​alingse

... (truncated)

Commits

• e9e00cb Change version to 1.74.2 (#8470)
• bd7cb0a Change version to 1.74.2-dev (#8461)
• 002a22c Change version to 1.74.1 (#8455)
• 6e8e7e4 Retract v1.74.0 and v1.74.1 (#8457)
• 48c9e4d Change version to 1.74.1-dev (#8408)
• b8b6cff Change version to 1.74.0 (#8407)
• 077e2c3 Cherry-pick #8411, #8419, #8422, #8445 and #8451 to v1.74.x (#8454)
• b34f845 server: allow 0s grpc-timeout header values, as java is known to be able to s...
• 1787f94 xdsclient: export genericResourceTypeDecoder (#8406)
• 15299cc xdsclient: make a function to return the supported resource type implementati...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Greptile Summary

This PR is a Dependabot-generated dependency update that bumps google.golang.org/grpc from version 1.58.2 to 1.74.2, representing a significant jump of 16 minor versions. The update also cascades to numerous transitive dependencies including OpenTelemetry packages (from v1.14.0 to v1.36.0), protobuf libraries, and various Go system packages.

The gRPC update brings substantial improvements including:

• Performance enhancements through reduced heap allocations and object pooling
• Bug fixes for timeout header handling and compatibility with older gRPC-Java versions
• New features like the CallAuthority call option and enhanced health service methods
• API additions such as the ExitIdle method to the Balancer interface

The PR also updates the Go version requirement from 1.18 to 1.23.0 in the module file, indicating the project is modernizing its toolchain requirements. This change affects the entire zero-examples repository, which serves as demonstration code for the go-zero framework, ensuring all examples stay current with the latest gRPC capabilities and security patches.

Confidence score: 3/5

• This is a large dependency update with potential breaking changes that needs careful testing before merge
• The significant version jump (1.58 to 1.74) includes API changes like the required ExitIdle method and stricter timeout validation that could affect existing code
• Files that need more attention: go.mod and go.sum for version compatibility verification, and any custom gRPC balancer implementations in the examples

[greptile-apps]

_{2 files reviewed, no comments}

_{Edit Code Review Bot Settings | Greptile}

[dependabot]

Superseded by #525.