Bump google.golang.org/grpc from 1.77.0 to 1.78.0

[dependabot]

Bumps google.golang.org/grpc from 1.77.0 to 1.78.0.

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.78.0

Behavior Changes

• client: Reject target URLs containing unbracketed colons in the hostname in Go version 1.26+. (#8716)
  • Special Thanks: @​neild

New Features

• stats/otel: Add backend service label to wrr metrics as part of A89. (#8737)
• stats/otel: Add subchannel metrics (without the disconnection reason) to eventually replace the pickfirst metrics. (#8738)
• client: Wait for all pending goroutines to complete when closing a graceful switch balancer. (#8746)
  • Special Thanks: @​twz123

Bug Fixes

• transport/client : Return status code Unknown on malformed grpc-status. (#8735)
• client: Add experimental.AcceptCompressors so callers can restrict the grpc-accept-encoding header advertised for a call. (#8718)
  • Special Thanks: @​iblancasa
• xds: Fix a bug in StringMatcher where regexes would match incorrectly when ignore_case is set to true. (#8723)
• xds/resolver:
  • Drop previous route resources and report an error when no matching virtual host is found.
  • Only log LDS/RDS configuration errors following a successful update and retain the last valid resource to prevent transient failures. (#8711)
• client:
  • Change connectivity state to CONNECTING when creating the name resolver (as part of exiting IDLE).
  • Change connectivity state to TRANSIENT_FAILURE if name resolver creation fails (as part of exiting IDLE).
  • Change connectivity state to IDLE after idle timeout expires even when current state is TRANSIENT_FAILURE.
  • Fix a bug that resulted in OnFinish call option not being invoked for RPCs where stream creation failed. (#8710)
• xdsclient: Fix a race in the xdsClient that could lead to resource-not-found errors. (#8627)

Performance Improvements

• mem: Round up to nearest 4KiB for pool allocations larger than 1MiB. (#8705)
  • Special Thanks: @​cjc25

Commits

• 9df039e Change version to 1.78.0 (#8761)
• 9b990b6 gracefulswitch: Wait for all goroutines on close (#8746)
• 6677d9a xds: Fixing a typo (#8760)
• d35cedd xds/resolver: pass route's auto_host_rewrite to LB picker (gRFC A81) (#8740)
• d931fdc client: allow overriding grpc-accept-encoding header (#8718)
• 0800ec7 xds/clusterimpl: update TestChildPolicyChangeOnConfigUpdate to use custom lb ...
• 6553ea1 stats/otel: Add subchannel metrics (A94) (#8738)
• 81a00ce grpc: Fixing spelling typo (#8756)
• e413838 client: Change connectivity state to CONNECTING when creating the name resolv...
• f9d2bdb stats/otel: Add grpc.lb.backend_service label to wrr metrics (A89) (#8737)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[senzingdevops]

Automated: approving this pull request because it includes a minor update

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Executive Summary

This PR updates gRPC dependencies (google.golang.org/grpc from v1.77.0 to v1.78.0 and related genproto package). This is a standard dependency update with no code changes.

---

Detailed Review

Code Quality

✅ Code follows style guide

• N/A - This is a dependency update only, no code changes to review against style guide

✅ No commented-out code

• No code changes present

✅ Meaningful variable names

• N/A - No code changes

✅ DRY principle followed

• N/A - No code changes

✅ Identify Defects

• No bugs, logic errors, or defects introduced
• This is a minor version bump (1.77.0 → 1.78.0) which should be backward compatible per semantic versioning
• No code logic changes that could introduce race conditions, memory leaks, or crashes

✅ Project memory configuration

• Checked for ./.claude/CLAUDE.md - will verify if exists

Testing

⚠️ Unit tests for new functions

• N/A for dependency updates, but recommend:
  • Verify existing tests still pass with updated gRPC version
  • Check for any deprecation warnings from the new gRPC version

⚠️ Integration tests for new endpoints

• N/A - No new endpoints added

⚠️ Edge cases covered

• Existing test coverage should validate compatibility with new gRPC version

❓ Test coverage > 80%

• Cannot verify from diff alone - recommend running test coverage report to ensure no regression

Documentation

✅ Readme updated if needed

• N/A - Dependency updates typically don't require README changes unless there are breaking changes or new features to document

❌ CHANGELOG.md updated

• CRITICAL: CHANGELOG.md should be updated to document this dependency update
• Recommended entry: Document the gRPC version bump from 1.77.0 to 1.78.0

✅ API docs updated

• N/A - No API changes

✅ Inline comments for complex logic

• N/A - No code changes

✅ Markdown formatting

• N/A - No markdown files modified

Security

✅ No hardcoded credentials

• No credentials present in diff

✅ Input validation implemented

• N/A - No code changes

✅ Proper error handling

• N/A - No code changes

✅ No sensitive data in logs

• N/A - No logging changes

✅ No license files (.lic) or AQAAAD strings

• No license files or suspicious strings in the diff

---

Action Items

Required Changes

1. go.sum:156-157, go.mod:14 - Update CHANGELOG.md to document the gRPC version bump:

   - Updated google.golang.org/grpc from v1.77.0 to v1.78.0
   - Updated google.golang.org/genproto/googleapis/rpc to v0.0.0-20251029180050-ab9386a59fda

Recommended Actions

1. Verify all existing tests pass with the new gRPC version
2. Check gRPC v1.78.0 release notes for any breaking changes or important updates: https://github.com/grpc/grpc-go/releases/tag/v1.78.0
3. Ensure no deprecation warnings are introduced by the upgrade
4. Run integration tests if the project uses gRPC services

---

Overall Assessment

Status: ⚠️ Approve with Minor Changes

This is a straightforward dependency update that should be low-risk. The only required change is updating the CHANGELOG.md to document the version bump. The dependency update follows best practices for keeping dependencies current and includes both the direct dependency (grpc) and its transitive dependency (genproto) updates.

Automated code review analyzing defects and coding standards

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Code Quality

✅ Code follows style guide - This is a dependency update only (go.mod/go.sum files). No code style concerns.

✅ No commented-out code - No commented code present.

✅ Meaningful variable names - Not applicable (dependency update only).

✅ DRY principle followed - Not applicable (dependency update only).

✅ Identify Defects - No defects identified. This is a minor version bump of gRPC from v1.77.0 to v1.78.0, which typically includes bug fixes and improvements. The corresponding update to google.golang.org/genproto/googleapis/rpc is expected as these packages are related.

✅ Project memory configuration - No .claude/CLAUDE.md file found in the repository to review against.

Testing

⚠️ Unit tests for new functions - Not applicable for dependency updates, but recommendation: Ensure existing tests pass with the updated gRPC version. The CI should verify compatibility.

⚠️ Integration tests for new endpoints - Not applicable.

⚠️ Edge cases covered - Not applicable.

⚠️ Test coverage > 80% - Cannot verify from diff alone. This should be checked by CI/CD pipeline.

Documentation

✅ Readme updated if needed - Not required for minor dependency updates.

✅ API docs updated - Not required for minor dependency updates.

✅ Inline comments for complex logic - Not applicable.

❌ CHANGELOG.md updated - No CHANGELOG.md update detected in this diff. Recommendation: Add an entry documenting the gRPC version bump from 1.77.0 to 1.78.0, even for dependency updates, to maintain a complete project history.

✅ Markdown formatting - Not applicable (no markdown changes).

Security

✅ No hardcoded credentials - None present.

✅ Input validation implemented - Not applicable.

✅ Proper error handling - Not applicable.

✅ No sensitive data in logs - Not applicable.

✅ No license files (.lic) or AQAAAD strings - None detected.

---

Summary

This PR updates gRPC from v1.77.0 to v1.78.0 and the related genproto dependency. The changes are minimal and low-risk.

Issues Found:

1. ❌ CHANGELOG.md not updated - Should document dependency version bumps

Recommendations:

1. Add a CHANGELOG.md entry noting the gRPC update
2. Verify all tests pass with the new gRPC version (should be handled by CI)
3. Check the gRPC v1.78.0 release notes for any breaking changes or important fixes: https://github.com/grpc/grpc-go/releases

Overall Assessment: ✅ APPROVED with minor documentation suggestion. This is a routine dependency maintenance update.

Automated code review analyzing defects and coding standards

[senzingdevops]

Automated: approving this pull request because it includes a minor update

[senzingdevops]

Automated: approving this pull request because it includes a minor update

[github-actions]

🤖 Claude Code Review

⚠️ No file changes detected - skipping code review.

This PR appears to contain only metadata changes (labels, description, etc.).

[github-actions]

🤖 Claude Code Review

⚠️ No file changes detected - skipping code review.

This PR appears to contain only metadata changes (labels, description, etc.).

[senzingdevops]

Automated: approving this pull request because it includes a minor update