fix(deps): update dependency grpc to v1.24.8

[mend-for-github-com]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
grpc (source)	1.6.0 -> 1.24.8

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	CVE
High	9.8	CVE-2018-1000620
High	9.8	CVE-2018-16492
High	9.8	CVE-2018-3750
High	9.8	CVE-2021-3918
High	9.8	CVE-2021-44906
High	9.8	CVE-2021-44906
High	8.8	CVE-2018-3728
High	8.6	CVE-2021-37701
High	8.6	CVE-2021-37712
High	8.6	CVE-2021-37713
High	8.1	CVE-2021-32803
High	8.1	CVE-2021-32804
High	7.5	CVE-2017-15010
High	7.5	CVE-2018-20834
High	7.5	CVE-2018-3737
High	7.5	CVE-2019-13173
High	7.5	CVE-2020-7768
High	7.3	CVE-2020-7788
Medium	6.5	CVE-2018-21270
Medium	5.6	CVE-2020-15366
Medium	5.6	CVE-2020-7598
Medium	5.6	CVE-2020-7598
Medium	5.3	CVE-2017-16137
Medium	4.8	WS-2018-0103

---

Release Notes

grpc/grpc-node

v1.24.7

Compare Source

• Log just serialization and deserialization errors on the server, instead of logging all errors with the code INTERNAL (#​1750)
• Replace the instanceof Function check to make it work properly in certain environments (#​1759 contributed by @​zereraz)

v1.24.6

Compare Source

• Fix prototype pollution possibility in loadPackageDefinition (#​1701)

v1.24.5

Compare Source

• Add support for Electron 11 and newer versions of Electron 10 (#​1684)

v1.24.4

Compare Source

• Add support for Electron 10 and newer minor versions of Electron 8 and 9 (#​1615)
• Add a note in the README stating the latest supported versions of Node and Electron (#​1615)
• Prevent prototype pollution in loadPackageDefinition (#​1606)
• Add ResponseType to ServerWritableStream type definition for compatibility with @grpc/grpc-js (#​1590 contributed by @​badsyntax)
• Add methodTypes enum to type definition (#​1496 contributed by @​jncr)

v1.24.3

Compare Source

• Add support for S390x (originally #​1230 contributed by @​shahidhs-ibm)
• Add support for Node 14, and Electron 7, 8, and 9
• Unbundle the dependency on node-pre-gyp (#​1371 contributed by @​Naktibalda)

Known Issues:

• #​1407 may cause errors when running on Node 14

v1.24.2

• Publish some missing files to fix building from source (#​1060)
• Add support for Node 13 and Electron 7 (#​1097)

C core release notes

v1.23.4

Compare Source

C core release notes

v1.23.3

Node gRPC v1.23.0

• Fix Channel argument validation error messages (#​932 contributed by @​clehene)
• Add support for Electron 4.2 and 6.0 (#​939 contributed by @​CapOM, #​990)
• Fix typos in TypeScript types file (#​972, #​983 contributed by @​esilkensen)

C core release notes

Node gRPC v1.23.1

• Remove dependency on @types/protobufjs (#​999)

Node gRPC v1.23.2

• Merge some changes from the 1.22 branch that got lost (#​1002)

Node gRPC v1.23.3

• Fix EventEmitter import in TypeScript types file (#​1007 contributed by @​sandersn)
• Stop importing protobufjs in TypeScript types file (#​1008)

v1.22.2

• Include missing files for the source build (#​953, #​957)
• Fix missing return type in type declaration of new method (#​949 contributed by @​CyrusNajmabadi, #​959 contributed by @​CapOM)

v1.22.0

• Add support for the cares DNS resolver. This can be enabled by setting the environment variable GRPC_DNS_RESOLVER=ares. This will become the default in version 1.23.x, so we recommend enabling that option to verify that it works correctly with your setup (#​864)

• Add metadata options (#​796)

• Add support for Electron 4.2 (#​944 contributed by @​CapOM)

v1.21.0

Compare Source

• Remove unused ChannelCredential type definitions (#​854 contributed by @​eoogbe)

C core release notes

v1.20.3

Compare Source

• Add support for Electron 5 (#​848)
• Improve error output in some cases when failing to load the native addon (#​849)

v1.20.2

Compare Source

• Add support for Node 12

C core changes:

• Fix possible blue screen on Windows when using "localhost" target addresses (grpc/grpc#​18834).

v1.20.0

Compare Source

• Fix spurious error thrown in generic Client constructor (#​799).
• Add support for Electron 3.1 and 4.1, remove broken support for Electron 4.0 (#​781)

C core changes:

• Fix race condition in HTTP/2 code (grpc/grpc#​18481)
• Fix memory bloat in HTTP/2 code (grpc/grpc#​18163)
• Transition channel into state CONNECTING when we start name resolution (grpc/grpc#​18141)

v1.19.0

Compare Source

• Replace new Buffer with Buffer.from (#​726 contributed by @​shirbr510)

C core changes:

• Ignore reserved bit in WINDOW_UPDATE frame. (grpc/grpc#​17950)
• Add period at end of metadata.google.internal to prevent unnecessary DNS lookups. (grpc/grpc#​17598)

v1.18.0

Compare Source

• Add missing TypeScript definition for Server.bindAsync() (#​669 contributed by @​andrew8er)
• Fix handling of options.host in client method calls (#​688 contributed by @​winguse)
• Add Electron 4 binaries (#​695)
• Add details property to StatusError type definition (#​700)
• Fix handling of non-service objects in loadPackageDefinition (#​705)

v1.17.0

Compare Source

v1.16.1

Compare Source

• Updated node-pre-gyp dependency to 0.12.0 to solve compiling from source issues with node 10+.
• Published node 11 prebuilt binaries.

v1.16.0

Compare Source

• Add callInvocationTransformer client option (#​557)
• Add Server#bindAsync. We recommend using this going forward instead of Server#bind. (#​579)
• Fix a crash when using the checkServerIdentity SSL credentials option in some versions of Node (#​573)

v1.15.1

Compare Source

Node changes:

• Use getRequestHeaders instead of getRequestMetadata in credentials.createFromGoogleCredential whenever possible (#​547 contributed by @​alexander-fenster)
• Now publishing grpc prebuilt binaries for Electron 3 (#​451)

v1.15.0

Compare Source

Node changes:

• Properly handle options when using deprecatedArgumentOrder client method wrappers (#​445 contributed by @​servel333)
• Properly handle non-numeric Error codes in errors passed to the server (#​522)

Core changes:

• Check connectivity state before watching in pick-first load balancing policy (grpc/grpc#​16306)
• Fix re-resolution in pick-first load balancing policy (grpc/grpc#​16076)
• Added system roots feature to load roots from OS trust store. (grpc/grpc#​16083)

v1.14.2

Compare Source

Node changes:

• Fixes source packages (#​501)

v1.14.1

Compare Source

Node changes:

• Fix segmentation fault when calling some methods on a closed channel (#​492)
• Fix missing return type on Channel#watchConnectivityState in TypeScript type definitions file (#​496).

v1.14.0

Compare Source

Node changes:

• Add Channel class and Client channel override options to public API (#​446)
• Add checkServerIdentity callback option to client SSL credentials (#​403 contributed by @​JackOfMostTrades)
• Fix handling of UTF-8 status messages (#​428)
• Update CallOptions type to allow custom options (#​437 contributed by @​TLadd)
• Changed hosting path for prebuilt binaries (#​458)

Core changes:

• Fixed ordering in adding pending picks to Round Robin LB. (grpc/grpc#​15947)
• Prefer using https_proxy over http_proxy. (#​15698)
• Add channel arg to enable/disable http proxy. (#​15699)

v1.13.1

Compare Source

Node changes:

• Changed grpc.setLogger from using lodash's template to an inline function to avoid calling eval in production (#​454).

v1.13.0

Compare Source

Node changes:

• Deprecated grpc.load. We strongly recommend using the @grpc/proto-loader and the grpc.loadPackageDefinition function instead. (#​392)
• Resume publishing previously omitted 32 bit ARM packages. (#​418)
• Fix Protobuf.js Message type usage in TypeScript type definitions (#​393)

Core changes:

• gRPC stats will only be collected for debug builds or if GRPC_COLLECT_STATS is defined. It will be disabled for opt builds. (grpc/grpc#​15280)
• Fix for Issue grpc/grpc#​13553. Unlimited can now be set as the max receive message length. (grpc/grpc#​15394)

v1.12.4

Compare Source

Core changes:

• Fix a rare crash in libuv (https://github.com/grpc/grpc/pull/15556)

v1.12.3

Compare Source

Node changes:

• Fix client interceptor handling in generic client method calls (#​385)

v1.12.2

Compare Source

Node changes:

• Fix missing node-pre-gyp bundled dependency (#​367)

v1.12.1

Compare Source

Node changes:

• Fix build on FreeBSD (#​255)
• Update dependency on lodash (#​331 contributed by @​wyardley)
• Update dependency on Protobuf.js to fix reported ReDoS security vulnerability (#​342)

Core changes:

• Experimental support for configurable retries (use at your own risk) (grpc/grpc#​10684)
• Use socklen_t instead of size_t for address length (fixes use case for some big endian systems) (grpc/grpc#​14464)
• Avoid crashes on environments with hot-plugged CPUs (grpc/grpc#​14712)
• Fix: Check retry timer before starting resolving (grpc/grpc#​15156)
• Performance: Avoid low severity log message construction (grpc/grpc#​14945)

v1.11.3

Compare Source

v1.11.2

Compare Source

• Fix syntax errors in TypeScript type definitions file (#​307 contributed by @​JustinBeckwith)

v1.11.1

Compare Source

• Fixed an issue where building from source would sometimes fail (#​304)
• Added NodeJS 10 pre-built binaries (#​302)
• Added Electron 2 pre-built binaries (#​291)
• Added TypeScript type definitions for APIs added in v1.11.x (#​306)

v1.11.0

Compare Source

@grpc/proto-loader v0.1.0

This is a new library for loading .proto files for use with gRPC using the latest version of Protobuf.js. The output of this package is intended to be loaded using the new loadPackageDefinition function in the grpc library.

@grpc/grpc-js v0.1.0

This is the first alpha release of the new pure JavaScript implementation of gRPC. It implements the same API as the existing grpc library. Currently only the client is implemented, with the following functionality:

• loadPackageDefinition
• Unary and streaming calls
• Cancellation
• Deadlines
• Metadata
• Basic automatic reconnection logic
• Channel and call credentials

grpc v1.11.0

Node changes:

• Add client interceptors API (#​59 contributed by @​drobertduke)
• Add loadPackageDefintion function (#​196)
• Publish ARM64 binaries (#​200)
• Improve function type test in a client method (#​204 contributed by @​arcana261)
• Add details to UNIMPLEMENTED response status (#​207 contributed by @​theogravity)
• Add error handling for missing files when calling grpc.load (#​228 contributed by @​cblair)
• Fix error message in grpc.loadObject when failing to detect Protobuf.js version (#​253 contributed by @​kellycampbell)
• Remove -zdefs flag from binding.gyp to enable building on FreeBSD (#​266)

v1.10.1

Compare Source

Node changes:

• Update dependency on node-pre-gyp to version 0.7.0 (#​245)

C core changes:

• Decrease number of pings sent by clients (grpc/grpc#​14804)
• Fix memory leak caused by flow control bug (grpc/grpc#​14828)

v1.10.0

Compare Source

C Core Changes

• Fix memory leaks in max_age_filter (grpc/grpc#​14501) and http_proxy (grpc/grpc#​14137)
• Added re-resolution into grpclb policy (grpc/grpc#​14438)
• Update BoringSSL submodule (grpc/grpc#​13948)
• Make RR re-resolve when any of its subchannels fail (grpc/grpc#​14170)
• DNS resolver caches results, allowing it to be hit arbitrarily often. Resolution frequency is controlled via channel arg "grpc.dns_min_time_between_resolutions_ms". (grpc/grpc#​14228)

v1.9.1

Compare Source

• Fix usage of Protobuf.js Message type in TypeScript type definitions file (#​177)
• Fix handling of undefined values for optional call arguments (#​179)

v1.9.0

Compare Source

• Further improve the error output when failing to load an installed precompiled binary (#​175)
• Fix type definition documentation for KeyCertPair (#​171)
• Fix server segfault on invalid HTTP/2 (grpc/grpc#​14199)
• LB policies request re-resolution without shutting down (grpc/grpc#​12829)
• On server, include receiving HTTP/2 settings in handshake timeout (grpc/grpc#​13336)
• Fix max connection idleness crash (grpc/grpc#​14122)
• Report metadata plugin auth errors with an UNAVAILABLE status instead of UNAUTHENTICATED (grpc/grpc#​13363).

v1.8.4

Compare Source

• Add error code name and number to status Error objects for easier debugging. The status details string is now available in the Error object's details field. (#​126)
• Made a build process change that may fix some installation errors
• Add more informative error for a missing callback to the Server#tryShutdown method (#​143)
• Removed extraneous files from published package
• Mark some network errors with an UNAVAILABLE status (grpc/grpc#​13917)
• Fix HTTP/2 PING issues (grpc/grpc#​13950)

v1.8.0

Compare Source

• Publish precompiled binaries for Alpine Linux
• Improve the error output when failing to load an installed precompiled binary (#​106).

v1.7.3

Compare Source

• Pick up a security bug fix from gRPC core (grpc/grpc#​13642).

v1.7.2

Compare Source

• Separate precompiled binaries for glibc and musl libc (#​82, courtesy of @​bkw)
  • Precompiled binaries are not yet distributed for musl libc. Installations on Alpine Linux will result in compiling the binary locally.
• Remove incorrect assertion (#​92)

v1.7.1

Compare Source

Changes

• Publish prebuilt binaries for Node 9
• Fix file permissions issue with Linux prebuilt binaries (reported in #​76).

v1.7.0

Please see the notes for the previous releases here: https://github.com/grpc/grpc/releases. Also please see http://grpc.io/ for all information regarding this product.

This is the 1.7 release of Node gRPC.

Changes

• Significantly decrease on-disk package size. (#​41)
• Allow client methods to be referenced using the exact name in the .proto file. (#​42)
• Ensure that Client#waitForReady actually triggers long-idle clients to reconnect. (#​43)
• Add TypeScript typings file (#​52, courtesy of @​Crevil)

---

• If you want to rebase/retry this PR, click this checkbox.