[Security] Bump @grpc/grpc-js from 1.1.7 to 1.3.6

[dependabot-preview]

Bumps @grpc/grpc-js from 1.1.7 to 1.3.6. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Prototype pollution in grpc and @​grpc/grpc-js "The package grpc before 1.24.4 and the package @​grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition."

Affected versions: < 1.1.8

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.3.4

• Ensure that the grpc.keepalive_permit_without_calls option does not cause unused clients to keep the process from exiting (#1828)

@​grpc/grpc-js 1.3.3

• Add some options to logging environment variables (full documentation (#1822)

@​grpc/grpc-js 1.3.2

• Fix function type check so that callbacks can be async functions (#1787)

@​grpc/grpc-js 1.3.1

• Change a couple of isFunction checks to work in more contexts (#1761 contributed by @​zereraz)
• Eliminate some log spam in subchannel trace logs (#1770)
• Fix the check for outputting the "read ECONNRESET" error as UNAVAILABLE (#1780)
• Make the GRPC_VERBOSITY environment variable accept lower-case values (#1781)

@​grpc/grpc-js-xds 1.3.1

• Stop incorrectly applying the case_sensitive option to safe_regex path matchers in routing functionality (#1834)

@​grpc/grpc-js 1.3.0

• Add support for ipv4 and ipv6 address schemes (#1752)
• Remove google-auth-library dependency (#1703)
• Add grpc-node.max_session_memory channel argument to configure maximum memory used per HTTP/2 session (#1666 contributed by dwrip)
• Remove runtime Node version compatibility check (#1739)
• Experimental API changes: Add ConfigSelector type and add configSelector argument to ResolverListener#onSuccessfulResolution (#1681)

@​grpc/grpc-js-xds 1.3.0

• Add xDS Traffic Splitting and Routing feature (#1687, #1704, #1724)

@​grpc/grpc-js 1.2.11

• Fix a crash when using the library on Electron (#1709)
• Make waitForReady finish immediately if the client has been closed (#1714)

@​grpc/grpc-js 1.2.10

• Fixed an internal bug that caused trailer filters to be called twice for most calls (#1707)

@​grpc/grpc-js 1.2.9

• Speculative fix for ECONNRESET errors (#1705)

@​grpc/grpc-js 1.2.8

• Don't propagate non-numeric errors from auth plugins (#1690)

@​grpc/grpc-js 1.2.7

• Fix an issue holding the Node process open after the channel was closed in some cases (#1688)
• Improve error reporting when a stream fails to start (#1689)

@​grpc/grpc-js 1.2.6

• Loosen the dependency on @types/node to avoid conflicts with other packages' dependencies on the same types package (#1683)

@​grpc/grpc-js 1.2.5

• Fix a bug that caused some errors thrown in client response handling code to be incorrectly reported as response message parsing errors. (#1672)

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)