Skip to content

fix: update @grpc/grpc-js peer dependency to ^1.0.3#25

Open
jamessharp wants to merge 1 commit intomasterfrom
fix/grpc-js-compatibility
Open

fix: update @grpc/grpc-js peer dependency to ^1.0.3#25
jamessharp wants to merge 1 commit intomasterfrom
fix/grpc-js-compatibility

Conversation

@jamessharp
Copy link
Member

@jamessharp jamessharp commented Jan 15, 2026

Summary

  • Update @grpc/grpc-js peer dependency from ^0.6.15 || ^0.7.1 || ^1.0.3 to ^1.0.3
  • Update @grpc/grpc-js dev dependency to ^1.12.0

Rationale

The 0.x versions of @grpc/grpc-js are very old (from 2019-2020) and no longer maintained. Removing support for these versions:

  • Simplifies peer dependency resolution
  • Allows consumers to use modern gRPC versions without peer dependency warnings
  • Aligns with the infra packages which now require ^1.12.0

Breaking change

This drops support for @grpc/grpc-js versions < 1.0.3. All current consumers already use 1.x versions.

Test plan

  • Tested with resources-service using infra beta packages (2.655.0-grpc-security-update.3)
  • All 3868 tests pass

🤖 Generated with Claude Code

@jamessharp @claude
fix: update @grpc/grpc-js peer dependency to ^1.0.3
2d3d845 
Simplifies peer dependency to allow any 1.x version of @grpc/grpc-js,
enabling consumers to use newer versions with security fixes.

Previously: ^0.6.15 || ^0.7.1 || ^1.0.3
Now: ^1.0.3

This allows using @grpc/grpc-js 1.12+ which uses @grpc/proto-loader
with fixed protobufjs (no prototype pollution vulnerability).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Kaderbhai Kaderbhai Kaderbhai approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jamessharp @Kaderbhai