fix(deps): update dependency @grpc/grpc-js to v1.9.15 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@grpc/grpc-js (source)	1.9.12 -> 1.9.15

GitHub Vulnerability Alerts

CVE-2024-37168

Impact

There are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option:

1. If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded.
2. If an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded.

Patches

This has been patched in versions 1.10.9, 1.9.15, and 1.8.22

---

Release Notes

grpc/grpc-node (@​grpc/grpc-js)

v1.9.15: @​grpc/grpc-js 1.9.15

Compare Source

• Avoid buffering significantly more than grpc.max_receive_message_size per received message.

v1.9.14: @​grpc/grpc-js 1.9.14

Compare Source

• Fix a bug that could rarely cause connection leaks (#​2644)
• Fix a bug that could cause clients to go IDLE incorrectly some time after calling waitForReady (#​2643)

v1.9.13: @​grpc/grpc-js 1.9.13

Compare Source

• Fix a bug that could cause the Node process to close early when establishing a connection while a request is pending (#​2626)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.