vendor: github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0

full diff: https://github.com/grpc-ecosystem/grpc-gateway/compare/v2.11.3...v2.16.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

vendor.mod

@@ -160,7 +160,7 @@ require (
 	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
 	github.com/googleapis/gax-go/v2 v2.11.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-msgpack v0.5.5 // indirect
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect

vendor.sum

@@ -717,8 +717,8 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.2/go.mod h1:vNeuVxBJEsws4ogUvrchl83t
 github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 h1:lLT7ZLSzGLI08vc9cpd+tYmNWjdKDqyr/2L+f6U12Fk=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg=
 github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645/go.mod h1:6iZfnjpejD4L/4DwD7NryNaJyCQdzwWwH2MWhCA90Kw=
 github.com/hanwen/go-fuse v1.0.0/go.mod h1:unqXarDXqzAk0rt98O2tVndEPIpUgLD9+rwFisZH3Ok=
 github.com/hanwen/go-fuse/v2 v2.0.3/go.mod h1:0EQM6aH2ctVpvZ6a+onrQ/vaykxh2GH7hy3e13vzTUY=
@@ -838,7 +838,7 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxv
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=

vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/fuzz.go

@@ -1,10 +1,10 @@
+//go:build gofuzz
 // +build gofuzz
 
 package httprule
 
 func Fuzz(data []byte) int {
-	_, err := Parse(string(data))
-	if err != nil {
+	if _, err := Parse(string(data)); err != nil {
 		return 0
 	}
 	return 0

vendor/github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule/parse.go

@@ -1,6 +1,7 @@
 package httprule
 
 import (
+	"errors"
 	"fmt"
 	"strings"
 )
@@ -164,9 +165,9 @@ func (p *parser) segment() (segment, error) {
 
 	v, err := p.variable()
 	if err != nil {
-		return nil, fmt.Errorf("segment neither wildcards, literal or variable: %v", err)
+		return nil, fmt.Errorf("segment neither wildcards, literal or variable: %w", err)
 	}
-	return v, err
+	return v, nil
 }
 
 func (p *parser) literal() (segment, error) {
@@ -191,7 +192,7 @@ func (p *parser) variable() (segment, error) {
 	if _, err := p.accept("="); err == nil {
 		segs, err = p.segments()
 		if err != nil {
-			return nil, fmt.Errorf("invalid segment in variable %q: %v", path, err)
+			return nil, fmt.Errorf("invalid segment in variable %q: %w", path, err)
 		}
 	} else {
 		segs = []segment{wildcard{}}
@@ -213,12 +214,12 @@ func (p *parser) fieldPath() (string, error) {
 	}
 	components := []string{c}
 	for {
-		if _, err = p.accept("."); err != nil {
+		if _, err := p.accept("."); err != nil {
 			return strings.Join(components, "."), nil
 		}
 		c, err := p.accept(typeIdent)
 		if err != nil {
-			return "", fmt.Errorf("invalid field path component: %v", err)
+			return "", fmt.Errorf("invalid field path component: %w", err)
 		}
 		components = append(components, c)
 	}
@@ -237,10 +238,8 @@ const (
 	typeEOF     = termType("$")
 )
 
-const (
-	// eof is the terminal symbol which always appears at the end of token sequence.
-	eof = "\u0000"
-)
+// eof is the terminal symbol which always appears at the end of token sequence.
+const eof = "\u0000"
 
 // accept tries to accept a token in "p".
 // This function consumes a token and returns it if it matches to the specified "term".
@@ -334,7 +333,7 @@ func expectPChars(t string) error {
 // expectIdent determines if "ident" is a valid identifier in .proto schema ([[:alpha:]_][[:alphanum:]_]*).
 func expectIdent(ident string) error {
 	if ident == "" {
-		return fmt.Errorf("empty identifier")
+		return errors.New("empty identifier")
 	}
 	for pos, r := range ident {
 		switch {

vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/BUILD.bazel

@@ -27,7 +27,6 @@ go_library(
         "//internal/httprule",
         "//utilities",
         "@go_googleapis//google/api:httpbody_go_proto",
-        "@io_bazel_rules_go//proto/wkt:field_mask_go_proto",
         "@org_golang_google_grpc//codes",
         "@org_golang_google_grpc//grpclog",
         "@org_golang_google_grpc//health/grpc_health_v1",
@@ -38,6 +37,7 @@ go_library(
         "@org_golang_google_protobuf//reflect/protoreflect",
         "@org_golang_google_protobuf//reflect/protoregistry",
         "@org_golang_google_protobuf//types/known/durationpb",
+        "@org_golang_google_protobuf//types/known/fieldmaskpb",
         "@org_golang_google_protobuf//types/known/structpb",
         "@org_golang_google_protobuf//types/known/timestamppb",
         "@org_golang_google_protobuf//types/known/wrapperspb",
@@ -73,7 +73,6 @@ go_test(
         "@go_googleapis//google/api:httpbody_go_proto",
         "@go_googleapis//google/rpc:errdetails_go_proto",
         "@go_googleapis//google/rpc:status_go_proto",
-        "@io_bazel_rules_go//proto/wkt:field_mask_go_proto",
         "@org_golang_google_grpc//:go_default_library",
         "@org_golang_google_grpc//codes",
         "@org_golang_google_grpc//health/grpc_health_v1",
@@ -84,6 +83,7 @@ go_test(
         "@org_golang_google_protobuf//testing/protocmp",
         "@org_golang_google_protobuf//types/known/durationpb",
         "@org_golang_google_protobuf//types/known/emptypb",
+        "@org_golang_google_protobuf//types/known/fieldmaskpb",
         "@org_golang_google_protobuf//types/known/structpb",
         "@org_golang_google_protobuf//types/known/timestamppb",
         "@org_golang_google_protobuf//types/known/wrapperspb",

vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/context.go

@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/grpclog"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/status"
 )
@@ -35,11 +36,9 @@ const metadataHeaderBinarySuffix = "-Bin"
 const xForwardedFor = "X-Forwarded-For"
 const xForwardedHost = "X-Forwarded-Host"
 
-var (
-	// DefaultContextTimeout is used for gRPC call context.WithTimeout whenever a Grpc-Timeout inbound
-	// header isn't present. If the value is 0 the sent `context` will not have a timeout.
-	DefaultContextTimeout = 0 * time.Second
-)
+// DefaultContextTimeout is used for gRPC call context.WithTimeout whenever a Grpc-Timeout inbound
+// header isn't present. If the value is 0 the sent `context` will not have a timeout.
+var DefaultContextTimeout = 0 * time.Second
 
 // malformedHTTPHeaders lists the headers that the gRPC server may reject outright as malformed.
 // See https://github.com/grpc/grpc-go/pull/4803#issuecomment-986093310 for more context.
@@ -101,12 +100,43 @@ func AnnotateIncomingContext(ctx context.Context, mux *ServeMux, req *http.Reque
 	return metadata.NewIncomingContext(ctx, md), nil
 }
 
+func isValidGRPCMetadataKey(key string) bool {
+	// Must be a valid gRPC "Header-Name" as defined here:
+	//   https://github.com/grpc/grpc/blob/4b05dc88b724214d0c725c8e7442cbc7a61b1374/doc/PROTOCOL-HTTP2.md
+	// This means 0-9 a-z _ - .
+	// Only lowercase letters are valid in the wire protocol, but the client library will normalize
+	// uppercase ASCII to lowercase, so uppercase ASCII is also acceptable.
+	bytes := []byte(key) // gRPC validates strings on the byte level, not Unicode.
+	for _, ch := range bytes {
+		validLowercaseLetter := ch >= 'a' && ch <= 'z'
+		validUppercaseLetter := ch >= 'A' && ch <= 'Z'
+		validDigit := ch >= '0' && ch <= '9'
+		validOther := ch == '.' || ch == '-' || ch == '_'
+		if !validLowercaseLetter && !validUppercaseLetter && !validDigit && !validOther {
+			return false
+		}
+	}
+	return true
+}
+
+func isValidGRPCMetadataTextValue(textValue string) bool {
+	// Must be a valid gRPC "ASCII-Value" as defined here:
+	//   https://github.com/grpc/grpc/blob/4b05dc88b724214d0c725c8e7442cbc7a61b1374/doc/PROTOCOL-HTTP2.md
+	// This means printable ASCII (including/plus spaces); 0x20 to 0x7E inclusive.
+	bytes := []byte(textValue) // gRPC validates strings on the byte level, not Unicode.
+	for _, ch := range bytes {
+		if ch < 0x20 || ch > 0x7E {
+			return false
+		}
+	}
+	return true
+}
+
 func annotateContext(ctx context.Context, mux *ServeMux, req *http.Request, rpcMethodName string, options ...AnnotateContextOption) (context.Context, metadata.MD, error) {
 	ctx = withRPCMethod(ctx, rpcMethodName)
 	for _, o := range options {
 		ctx = o(ctx)
 	}
-	var pairs []string
 	timeout := DefaultContextTimeout
 	if tm := req.Header.Get(metadataGrpcTimeout); tm != "" {
 		var err error
@@ -115,7 +145,7 @@ func annotateContext(ctx context.Context, mux *ServeMux, req *http.Request, rpcM
 			return nil, nil, status.Errorf(codes.InvalidArgument, "invalid grpc-timeout: %s", tm)
 		}
 	}
-
+	var pairs []string
 	for key, vals := range req.Header {
 		key = textproto.CanonicalMIMEHeaderKey(key)
 		for _, val := range vals {
@@ -124,6 +154,10 @@ func annotateContext(ctx context.Context, mux *ServeMux, req *http.Request, rpcM
 				pairs = append(pairs, "authorization", val)
 			}
 			if h, ok := mux.incomingHeaderMatcher(key); ok {
+				if !isValidGRPCMetadataKey(h) {
+					grpclog.Errorf("HTTP header name %q is not valid as gRPC metadata key; skipping", h)
+					continue
+				}
 				// Handles "-bin" metadata in grpc, since grpc will do another base64
 				// encode before sending to server, we need to decode it first.
 				if strings.HasSuffix(key, metadataHeaderBinarySuffix) {
@@ -133,6 +167,9 @@ func annotateContext(ctx context.Context, mux *ServeMux, req *http.Request, rpcM
 					}
 
 					val = string(b)
+				} else if !isValidGRPCMetadataTextValue(val) {
+					grpclog.Errorf("Value of HTTP header %q contains non-ASCII value (not valid as gRPC metadata): skipping", h)
+					continue
 				}
 				pairs = append(pairs, h, val)
 			}
@@ -281,8 +318,8 @@ func timeoutUnitToDuration(u uint8) (d time.Duration, ok bool) {
 	case 'n':
 		return time.Nanosecond, true
 	default:
+		return
 	}
-	return
 }
 
 // isPermanentHTTPHeader checks whether hdr belongs to the list of

vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/convert.go

@@ -37,7 +37,7 @@ func BoolSlice(val, sep string) ([]bool, error) {
 	for i, v := range s {
 		value, err := Bool(v)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
@@ -57,7 +57,7 @@ func Float64Slice(val, sep string) ([]float64, error) {
 	for i, v := range s {
 		value, err := Float64(v)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
@@ -81,7 +81,7 @@ func Float32Slice(val, sep string) ([]float32, error) {
 	for i, v := range s {
 		value, err := Float32(v)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
@@ -101,7 +101,7 @@ func Int64Slice(val, sep string) ([]int64, error) {
 	for i, v := range s {
 		value, err := Int64(v)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
@@ -125,7 +125,7 @@ func Int32Slice(val, sep string) ([]int32, error) {
 	for i, v := range s {
 		value, err := Int32(v)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
@@ -145,7 +145,7 @@ func Uint64Slice(val, sep string) ([]uint64, error) {
 	for i, v := range s {
 		value, err := Uint64(v)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
@@ -169,7 +169,7 @@ func Uint32Slice(val, sep string) ([]uint32, error) {
 	for i, v := range s {
 		value, err := Uint32(v)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
@@ -197,7 +197,7 @@ func BytesSlice(val, sep string) ([][]byte, error) {
 	for i, v := range s {
 		value, err := Bytes(v)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
@@ -209,8 +209,7 @@ func Timestamp(val string) (*timestamppb.Timestamp, error) {
 	var r timestamppb.Timestamp
 	val = strconv.Quote(strings.Trim(val, `"`))
 	unmarshaler := &protojson.UnmarshalOptions{}
-	err := unmarshaler.Unmarshal([]byte(val), &r)
-	if err != nil {
+	if err := unmarshaler.Unmarshal([]byte(val), &r); err != nil {
 		return nil, err
 	}
 	return &r, nil
@@ -221,8 +220,7 @@ func Duration(val string) (*durationpb.Duration, error) {
 	var r durationpb.Duration
 	val = strconv.Quote(strings.Trim(val, `"`))
 	unmarshaler := &protojson.UnmarshalOptions{}
-	err := unmarshaler.Unmarshal([]byte(val), &r)
-	if err != nil {
+	if err := unmarshaler.Unmarshal([]byte(val), &r); err != nil {
 		return nil, err
 	}
 	return &r, nil
@@ -257,66 +255,64 @@ func EnumSlice(val, sep string, enumValMap map[string]int32) ([]int32, error) {
 	for i, v := range s {
 		value, err := Enum(v, enumValMap)
 		if err != nil {
-			return values, err
+			return nil, err
 		}
 		values[i] = value
 	}
 	return values, nil
 }
 
-/*
-	Support for google.protobuf.wrappers on top of primitive types
-*/
+// Support for google.protobuf.wrappers on top of primitive types
 
 // StringValue well-known type support as wrapper around string type
 func StringValue(val string) (*wrapperspb.StringValue, error) {
-	return &wrapperspb.StringValue{Value: val}, nil
+	return wrapperspb.String(val), nil
 }
 
 // FloatValue well-known type support as wrapper around float32 type
 func FloatValue(val string) (*wrapperspb.FloatValue, error) {
 	parsedVal, err := Float32(val)
-	return &wrapperspb.FloatValue{Value: parsedVal}, err
+	return wrapperspb.Float(parsedVal), err
 }
 
 // DoubleValue well-known type support as wrapper around float64 type
 func DoubleValue(val string) (*wrapperspb.DoubleValue, error) {
 	parsedVal, err := Float64(val)
-	return &wrapperspb.DoubleValue{Value: parsedVal}, err
+	return wrapperspb.Double(parsedVal), err
 }
 
 // BoolValue well-known type support as wrapper around bool type
 func BoolValue(val string) (*wrapperspb.BoolValue, error) {
 	parsedVal, err := Bool(val)
-	return &wrapperspb.BoolValue{Value: parsedVal}, err
+	return wrapperspb.Bool(parsedVal), err
 }
 
 // Int32Value well-known type support as wrapper around int32 type
 func Int32Value(val string) (*wrapperspb.Int32Value, error) {
 	parsedVal, err := Int32(val)
-	return &wrapperspb.Int32Value{Value: parsedVal}, err
+	return wrapperspb.Int32(parsedVal), err
 }
 
 // UInt32Value well-known type support as wrapper around uint32 type
 func UInt32Value(val string) (*wrapperspb.UInt32Value, error) {
 	parsedVal, err := Uint32(val)
-	return &wrapperspb.UInt32Value{Value: parsedVal}, err
+	return wrapperspb.UInt32(parsedVal), err
 }
 
 // Int64Value well-known type support as wrapper around int64 type
 func Int64Value(val string) (*wrapperspb.Int64Value, error) {
 	parsedVal, err := Int64(val)
-	return &wrapperspb.Int64Value{Value: parsedVal}, err
+	return wrapperspb.Int64(parsedVal), err
 }
 
 // UInt64Value well-known type support as wrapper around uint64 type
 func UInt64Value(val string) (*wrapperspb.UInt64Value, error) {
 	parsedVal, err := Uint64(val)
-	return &wrapperspb.UInt64Value{Value: parsedVal}, err
+	return wrapperspb.UInt64(parsedVal), err
 }
 
 // BytesValue well-known type support as wrapper around bytes[] type
 func BytesValue(val string) (*wrapperspb.BytesValue, error) {
 	parsedVal, err := Bytes(val)
-	return &wrapperspb.BytesValue{Value: parsedVal}, err
+	return wrapperspb.Bytes(parsedVal), err
 }

vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/errors.go

@@ -38,7 +38,7 @@ func HTTPStatusFromCode(code codes.Code) int {
 	case codes.OK:
 		return http.StatusOK
 	case codes.Canceled:
-		return http.StatusRequestTimeout
+		return 499
 	case codes.Unknown:
 		return http.StatusInternalServerError
 	case codes.InvalidArgument:
@@ -70,10 +70,10 @@ func HTTPStatusFromCode(code codes.Code) int {
 		return http.StatusServiceUnavailable
 	case codes.DataLoss:
 		return http.StatusInternalServerError
+	default:
+		grpclog.Infof("Unknown gRPC error code: %v", code)
+		return http.StatusInternalServerError
 	}
-
-	grpclog.Infof("Unknown gRPC error code: %v", code)
-	return http.StatusInternalServerError
 }
 
 // HTTPError uses the mux-configured error handler.

vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/fieldmask.go

@@ -2,13 +2,14 @@ package runtime
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"sort"
 
-	"google.golang.org/genproto/protobuf/field_mask"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/reflect/protoreflect"
+	field_mask "google.golang.org/protobuf/types/known/fieldmaskpb"
 )
 
 func getFieldByName(fields protoreflect.FieldDescriptors, name string) protoreflect.FieldDescriptor {
@@ -44,7 +45,7 @@ func FieldMaskFromRequestBody(r io.Reader, msg proto.Message) (*field_mask.Field
 			// if the item is an object, then enqueue all of its children
 			for k, v := range m {
 				if item.msg == nil {
-					return nil, fmt.Errorf("JSON structure did not match request type")
+					return nil, errors.New("JSON structure did not match request type")
 				}
 
 				fd := getFieldByName(item.msg.Descriptor().Fields(), k)
@@ -63,7 +64,7 @@ func FieldMaskFromRequestBody(r io.Reader, msg proto.Message) (*field_mask.Field
 					continue
 				}
 
-				if isProtobufAnyMessage(fd.Message()) {
+				if isProtobufAnyMessage(fd.Message()) && !fd.IsList() {
 					_, hasTypeField := v.(map[string]interface{})["@type"]
 					if hasTypeField {
 						queue = append(queue, fieldMaskPathItem{path: k})

vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go

@@ -85,12 +85,12 @@ func ForwardResponseStream(ctx context.Context, mux *ServeMux, marshaler Marshal
 			handleForwardResponseStreamError(ctx, wroteHeader, marshaler, w, req, mux, err, delimiter)
 			return
 		}
-		if _, err = w.Write(buf); err != nil {
+		if _, err := w.Write(buf); err != nil {
 			grpclog.Infof("Failed to send response chunk: %v", err)
 			return
 		}
 		wroteHeader = true
-		if _, err = w.Write(delimiter); err != nil {
+		if _, err := w.Write(delimiter); err != nil {
 			grpclog.Infof("Failed to send delimiter chunk: %v", err)
 			return
 		}
@@ -207,16 +207,16 @@ func handleForwardResponseStreamError(ctx context.Context, wroteHeader bool, mar
 		w.Header().Set("Content-Type", marshaler.ContentType(msg))
 		w.WriteHeader(HTTPStatusFromCode(st.Code()))
 	}
-	buf, merr := marshaler.Marshal(msg)
-	if merr != nil {
-		grpclog.Infof("Failed to marshal an error: %v", merr)
+	buf, err := marshaler.Marshal(msg)
+	if err != nil {
+		grpclog.Infof("Failed to marshal an error: %v", err)
 		return
 	}
-	if _, werr := w.Write(buf); werr != nil {
-		grpclog.Infof("Failed to notify error to client: %v", werr)
+	if _, err := w.Write(buf); err != nil {
+		grpclog.Infof("Failed to notify error to client: %v", err)
 		return
 	}
-	if _, derr := w.Write(delimiter); derr != nil {
+	if _, err := w.Write(delimiter); err != nil {
 		grpclog.Infof("Failed to send delimiter chunk: %v", err)
 		return
 	}

vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_jsonpb.go

@@ -92,23 +92,20 @@ func (j *JSONPb) marshalNonProtoField(v interface{}) ([]byte, error) {
 
 		if rv.Type().Elem().Implements(protoMessageType) {
 			var buf bytes.Buffer
-			err := buf.WriteByte('[')
-			if err != nil {
+			if err := buf.WriteByte('['); err != nil {
 				return nil, err
 			}
 			for i := 0; i < rv.Len(); i++ {
 				if i != 0 {
-					err = buf.WriteByte(',')
-					if err != nil {
+					if err := buf.WriteByte(','); err != nil {
 						return nil, err
 					}
 				}
-				if err = j.marshalTo(&buf, rv.Index(i).Interface().(proto.Message)); err != nil {
+				if err := j.marshalTo(&buf, rv.Index(i).Interface().(proto.Message)); err != nil {
 					return nil, err
 				}
 			}
-			err = buf.WriteByte(']')
-			if err != nil {
+			if err := buf.WriteByte(']'); err != nil {
 				return nil, err
 			}
 
@@ -117,17 +114,16 @@ func (j *JSONPb) marshalNonProtoField(v interface{}) ([]byte, error) {
 
 		if rv.Type().Elem().Implements(typeProtoEnum) {
 			var buf bytes.Buffer
-			err := buf.WriteByte('[')
-			if err != nil {
+			if err := buf.WriteByte('['); err != nil {
 				return nil, err
 			}
 			for i := 0; i < rv.Len(); i++ {
 				if i != 0 {
-					err = buf.WriteByte(',')
-					if err != nil {
+					if err := buf.WriteByte(','); err != nil {
 						return nil, err
 					}
 				}
+				var err error
 				if j.UseEnumNumbers {
 					_, err = buf.WriteString(strconv.FormatInt(rv.Index(i).Int(), 10))
 				} else {
@@ -137,8 +133,7 @@ func (j *JSONPb) marshalNonProtoField(v interface{}) ([]byte, error) {
 					return nil, err
 				}
 			}
-			err = buf.WriteByte(']')
-			if err != nil {
+			if err := buf.WriteByte(']'); err != nil {
 				return nil, err
 			}
 
@@ -219,8 +214,7 @@ func decodeJSONPb(d *json.Decoder, unmarshaler protojson.UnmarshalOptions, v int
 
 	// Decode into bytes for marshalling
 	var b json.RawMessage
-	err := d.Decode(&b)
-	if err != nil {
+	if err := d.Decode(&b); err != nil {
 		return err
 	}
 
@@ -239,8 +233,7 @@ func decodeNonProtoField(d *json.Decoder, unmarshaler protojson.UnmarshalOptions
 		if rv.Type().ConvertibleTo(typeProtoMessage) {
 			// Decode into bytes for marshalling
 			var b json.RawMessage
-			err := d.Decode(&b)
-			if err != nil {
+			if err := d.Decode(&b); err != nil {
 				return err
 			}
 

vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/marshal_proto.go

@@ -1,10 +1,8 @@
 package runtime
 
 import (
-	"io"
-
 	"errors"
-	"io/ioutil"
+	"io"
 
 	"google.golang.org/protobuf/proto"
 )
@@ -38,7 +36,7 @@ func (*ProtoMarshaller) Unmarshal(data []byte, value interface{}) error {
 // NewDecoder returns a Decoder which reads proto stream from "reader".
 func (marshaller *ProtoMarshaller) NewDecoder(reader io.Reader) Decoder {
 	return DecoderFunc(func(value interface{}) error {
-		buffer, err := ioutil.ReadAll(reader)
+		buffer, err := io.ReadAll(reader)
 		if err != nil {
 			return err
 		}
@@ -53,8 +51,7 @@ func (marshaller *ProtoMarshaller) NewEncoder(writer io.Writer) Encoder {
 		if err != nil {
 			return err
 		}
-		_, err = writer.Write(buffer)
-		if err != nil {
+		if _, err := writer.Write(buffer); err != nil {
 			return err
 		}
 

vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/mux.go

@@ -43,9 +43,7 @@ const (
 	UnescapingModeDefault = UnescapingModeLegacy
 )
 
-var (
-	encodedPathSplitter = regexp.MustCompile("(/|%2F)")
-)
+var encodedPathSplitter = regexp.MustCompile("(/|%2F)")
 
 // A HandlerFunc handles a specific pair of path pattern and HTTP method.
 type HandlerFunc func(w http.ResponseWriter, r *http.Request, pathParams map[string]string)
@@ -82,7 +80,7 @@ func WithForwardResponseOption(forwardResponseOption func(context.Context, http.
 	}
 }
 
-// WithEscapingType sets the escaping type. See the definitions of UnescapingMode
+// WithUnescapingMode sets the escaping type. See the definitions of UnescapingMode
 // for more information.
 func WithUnescapingMode(mode UnescapingMode) ServeMuxOption {
 	return func(serveMux *ServeMux) {
@@ -103,13 +101,14 @@ func SetQueryParameterParser(queryParameterParser QueryParameterParser) ServeMux
 type HeaderMatcherFunc func(string) (string, bool)
 
 // DefaultHeaderMatcher is used to pass http request headers to/from gRPC context. This adds permanent HTTP header
-// keys (as specified by the IANA) to gRPC context with grpcgateway- prefix. HTTP headers that start with
-// 'Grpc-Metadata-' are mapped to gRPC metadata after removing prefix 'Grpc-Metadata-'.
+// keys (as specified by the IANA, e.g: Accept, Cookie, Host) to the gRPC metadata with the grpcgateway- prefix. If you want to know which headers are considered permanent, you can view the isPermanentHTTPHeader function.
+// HTTP headers that start with 'Grpc-Metadata-' are mapped to gRPC metadata after removing the prefix 'Grpc-Metadata-'.
+// Other headers are not added to the gRPC metadata.
 func DefaultHeaderMatcher(key string) (string, bool) {
-	key = textproto.CanonicalMIMEHeaderKey(key)
-	if isPermanentHTTPHeader(key) {
+	switch key = textproto.CanonicalMIMEHeaderKey(key); {
+	case isPermanentHTTPHeader(key):
 		return MetadataPrefix + key, true
-	} else if strings.HasPrefix(key, MetadataHeaderPrefix) {
+	case strings.HasPrefix(key, MetadataHeaderPrefix):
 		return key[len(MetadataHeaderPrefix):], true
 	}
 	return "", false
@@ -232,7 +231,6 @@ func WithHealthEndpointAt(healthCheckClient grpc_health_v1.HealthClient, endpoin
 				w.Header().Set("Content-Type", "application/json")
 
 				if resp.GetStatus() != grpc_health_v1.HealthCheckResponse_SERVING {
-					var err error
 					switch resp.GetStatus() {
 					case grpc_health_v1.HealthCheckResponse_NOT_SERVING, grpc_health_v1.HealthCheckResponse_UNKNOWN:
 						err = status.Error(codes.Unavailable, resp.String())
@@ -322,17 +320,6 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		path = r.URL.RawPath
 	}
 
-	var components []string
-	// since in UnescapeModeLegacy, the URL will already have been fully unescaped, if we also split on "%2F"
-	// in this escaping mode we would be double unescaping but in UnescapingModeAllCharacters, we still do as the
-	// path is the RawPath (i.e. unescaped). That does mean that the behavior of this function will change its default
-	// behavior when the UnescapingModeDefault gets changed from UnescapingModeLegacy to UnescapingModeAllExceptReserved
-	if s.unescapingMode == UnescapingModeAllCharacters {
-		components = encodedPathSplitter.Split(path[1:], -1)
-	} else {
-		components = strings.Split(path[1:], "/")
-	}
-
 	if override := r.Header.Get("X-HTTP-Method-Override"); override != "" && s.isPathLengthFallback(r) {
 		r.Method = strings.ToUpper(override)
 		if err := r.ParseForm(); err != nil {
@@ -343,8 +330,18 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	// Verb out here is to memoize for the fallback case below
-	var verb string
+	var pathComponents []string
+	// since in UnescapeModeLegacy, the URL will already have been fully unescaped, if we also split on "%2F"
+	// in this escaping mode we would be double unescaping but in UnescapingModeAllCharacters, we still do as the
+	// path is the RawPath (i.e. unescaped). That does mean that the behavior of this function will change its default
+	// behavior when the UnescapingModeDefault gets changed from UnescapingModeLegacy to UnescapingModeAllExceptReserved
+	if s.unescapingMode == UnescapingModeAllCharacters {
+		pathComponents = encodedPathSplitter.Split(path[1:], -1)
+	} else {
+		pathComponents = strings.Split(path[1:], "/")
+	}
+
+	lastPathComponent := pathComponents[len(pathComponents)-1]
 
 	for _, h := range s.handlers[r.Method] {
 		// If the pattern has a verb, explicitly look for a suffix in the last
@@ -355,23 +352,28 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		// parser because we know what verb we're looking for, however, there
 		// are still some cases that the parser itself cannot disambiguate. See
 		// the comment there if interested.
+
+		var verb string
 		patVerb := h.pat.Verb()
-		l := len(components)
-		lastComponent := components[l-1]
-		var idx int = -1
-		if patVerb != "" && strings.HasSuffix(lastComponent, ":"+patVerb) {
-			idx = len(lastComponent) - len(patVerb) - 1
+
+		idx := -1
+		if patVerb != "" && strings.HasSuffix(lastPathComponent, ":"+patVerb) {
+			idx = len(lastPathComponent) - len(patVerb) - 1
 		}
 		if idx == 0 {
 			_, outboundMarshaler := MarshalerForRequest(s, r)
 			s.routingErrorHandler(ctx, s, outboundMarshaler, w, r, http.StatusNotFound)
 			return
 		}
+
+		comps := make([]string, len(pathComponents))
+		copy(comps, pathComponents)
+
 		if idx > 0 {
-			components[l-1], verb = lastComponent[:idx], lastComponent[idx+1:]
+			comps[len(comps)-1], verb = lastPathComponent[:idx], lastPathComponent[idx+1:]
 		}
 
-		pathParams, err := h.pat.MatchAndEscape(components, verb, s.unescapingMode)
+		pathParams, err := h.pat.MatchAndEscape(comps, verb, s.unescapingMode)
 		if err != nil {
 			var mse MalformedSequenceError
 			if ok := errors.As(err, &mse); ok {
@@ -387,14 +389,33 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// lookup other methods to handle fallback from GET to POST and
-	// to determine if it is NotImplemented or NotFound.
+	// if no handler has found for the request, lookup for other methods
+	// to handle POST -> GET fallback if the request is subject to path
+	// length fallback.
+	// Note we are not eagerly checking the request here as we want to return the
+	// right HTTP status code, and we need to process the fallback candidates in
+	// order to do that.
 	for m, handlers := range s.handlers {
 		if m == r.Method {
 			continue
 		}
 		for _, h := range handlers {
-			pathParams, err := h.pat.MatchAndEscape(components, verb, s.unescapingMode)
+			var verb string
+			patVerb := h.pat.Verb()
+
+			idx := -1
+			if patVerb != "" && strings.HasSuffix(lastPathComponent, ":"+patVerb) {
+				idx = len(lastPathComponent) - len(patVerb) - 1
+			}
+
+			comps := make([]string, len(pathComponents))
+			copy(comps, pathComponents)
+
+			if idx > 0 {
+				comps[len(comps)-1], verb = lastPathComponent[:idx], lastPathComponent[idx+1:]
+			}
+
+			pathParams, err := h.pat.MatchAndEscape(comps, verb, s.unescapingMode)
 			if err != nil {
 				var mse MalformedSequenceError
 				if ok := errors.As(err, &mse); ok {
@@ -406,8 +427,11 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 				}
 				continue
 			}
+
 			// X-HTTP-Method-Override is optional. Always allow fallback to POST.
-			if s.isPathLengthFallback(r) {
+			// Also, only consider POST -> GET fallbacks, and avoid falling back to
+			// potentially dangerous operations like DELETE.
+			if s.isPathLengthFallback(r) && m == http.MethodGet {
 				if err := r.ParseForm(); err != nil {
 					_, outboundMarshaler := MarshalerForRequest(s, r)
 					sterr := status.Error(codes.InvalidArgument, err.Error())

vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/pattern.go

@@ -15,8 +15,6 @@ var (
 	ErrNotMatch = errors.New("not match to the path pattern")
 	// ErrInvalidPattern indicates that the given definition of Pattern is not valid.
 	ErrInvalidPattern = errors.New("invalid pattern")
-	// ErrMalformedSequence indicates that an escape sequence was malformed.
-	ErrMalformedSequence = errors.New("malformed escape sequence")
 )
 
 type MalformedSequenceError string

vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go

@@ -10,13 +10,13 @@ import (
 	"time"
 
 	"github.com/grpc-ecosystem/grpc-gateway/v2/utilities"
-	"google.golang.org/genproto/protobuf/field_mask"
 	"google.golang.org/grpc/grpclog"
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/reflect/protoreflect"
 	"google.golang.org/protobuf/reflect/protoregistry"
 	"google.golang.org/protobuf/types/known/durationpb"
+	field_mask "google.golang.org/protobuf/types/known/fieldmaskpb"
 	"google.golang.org/protobuf/types/known/structpb"
 	"google.golang.org/protobuf/types/known/timestamppb"
 	"google.golang.org/protobuf/types/known/wrapperspb"
@@ -47,8 +47,7 @@ type DefaultQueryParser struct{}
 // A value is ignored if its key starts with one of the elements in "filter".
 func (*DefaultQueryParser) Parse(msg proto.Message, values url.Values, filter *utilities.DoubleArray) error {
 	for key, values := range values {
-		match := valuesKeyRegexp.FindStringSubmatch(key)
-		if len(match) == 3 {
+		if match := valuesKeyRegexp.FindStringSubmatch(key); len(match) == 3 {
 			key = match[1]
 			values = append([]string{match[2]}, values...)
 		}
@@ -180,10 +179,10 @@ func parseField(fieldDescriptor protoreflect.FieldDescriptor, value string) (pro
 		return protoreflect.ValueOfBool(v), nil
 	case protoreflect.EnumKind:
 		enum, err := protoregistry.GlobalTypes.FindEnumByName(fieldDescriptor.Enum().FullName())
-		switch {
-		case errors.Is(err, protoregistry.NotFound):
-			return protoreflect.Value{}, fmt.Errorf("enum %q is not registered", fieldDescriptor.Enum().FullName())
-		case err != nil:
+		if err != nil {
+			if errors.Is(err, protoregistry.NotFound) {
+				return protoreflect.Value{}, fmt.Errorf("enum %q is not registered", fieldDescriptor.Enum().FullName())
+			}
 			return protoreflect.Value{}, fmt.Errorf("failed to look up enum: %w", err)
 		}
 		// Look for enum by name
@@ -194,8 +193,7 @@ func parseField(fieldDescriptor protoreflect.FieldDescriptor, value string) (pro
 				return protoreflect.Value{}, fmt.Errorf("%q is not a valid value", value)
 			}
 			// Look for enum by number
-			v = enum.Descriptor().Values().ByNumber(protoreflect.EnumNumber(i))
-			if v == nil {
+			if v = enum.Descriptor().Values().ByNumber(protoreflect.EnumNumber(i)); v == nil {
 				return protoreflect.Value{}, fmt.Errorf("%q is not a valid value", value)
 			}
 		}
@@ -271,66 +269,64 @@ func parseMessage(msgDescriptor protoreflect.MessageDescriptor, value string) (p
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
-		msg = &wrapperspb.DoubleValue{Value: v}
+		msg = wrapperspb.Double(v)
 	case "google.protobuf.FloatValue":
 		v, err := strconv.ParseFloat(value, 32)
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
-		msg = &wrapperspb.FloatValue{Value: float32(v)}
+		msg = wrapperspb.Float(float32(v))
 	case "google.protobuf.Int64Value":
 		v, err := strconv.ParseInt(value, 10, 64)
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
-		msg = &wrapperspb.Int64Value{Value: v}
+		msg = wrapperspb.Int64(v)
 	case "google.protobuf.Int32Value":
 		v, err := strconv.ParseInt(value, 10, 32)
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
-		msg = &wrapperspb.Int32Value{Value: int32(v)}
+		msg = wrapperspb.Int32(int32(v))
 	case "google.protobuf.UInt64Value":
 		v, err := strconv.ParseUint(value, 10, 64)
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
-		msg = &wrapperspb.UInt64Value{Value: v}
+		msg = wrapperspb.UInt64(v)
 	case "google.protobuf.UInt32Value":
 		v, err := strconv.ParseUint(value, 10, 32)
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
-		msg = &wrapperspb.UInt32Value{Value: uint32(v)}
+		msg = wrapperspb.UInt32(uint32(v))
 	case "google.protobuf.BoolValue":
 		v, err := strconv.ParseBool(value)
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
-		msg = &wrapperspb.BoolValue{Value: v}
+		msg = wrapperspb.Bool(v)
 	case "google.protobuf.StringValue":
-		msg = &wrapperspb.StringValue{Value: value}
+		msg = wrapperspb.String(value)
 	case "google.protobuf.BytesValue":
 		v, err := Bytes(value)
 		if err != nil {
 			return protoreflect.Value{}, err
 		}
-		msg = &wrapperspb.BytesValue{Value: v}
+		msg = wrapperspb.Bytes(v)
 	case "google.protobuf.FieldMask":
 		fm := &field_mask.FieldMask{}
 		fm.Paths = append(fm.Paths, strings.Split(value, ",")...)
 		msg = fm
 	case "google.protobuf.Value":
 		var v structpb.Value
-		err := protojson.Unmarshal([]byte(value), &v)
-		if err != nil {
+		if err := protojson.Unmarshal([]byte(value), &v); err != nil {
 			return protoreflect.Value{}, err
 		}
 		msg = &v
 	case "google.protobuf.Struct":
 		var v structpb.Struct
-		err := protojson.Unmarshal([]byte(value), &v)
-		if err != nil {
+		if err := protojson.Unmarshal([]byte(value), &v); err != nil {
 			return protoreflect.Value{}, err
 		}
 		msg = &v

vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/readerfactory.go

@@ -3,13 +3,12 @@ package utilities
 import (
 	"bytes"
 	"io"
-	"io/ioutil"
 )
 
 // IOReaderFactory takes in an io.Reader and returns a function that will allow you to create a new reader that begins
 // at the start of the stream
 func IOReaderFactory(r io.Reader) (func() io.Reader, error) {
-	b, err := ioutil.ReadAll(r)
+	b, err := io.ReadAll(r)
 	if err != nil {
 		return nil, err
 	}

vendor/github.com/grpc-ecosystem/grpc-gateway/v2/utilities/trie.go

@@ -40,7 +40,7 @@ func NewDoubleArray(seqs [][]string) *DoubleArray {
 func registerTokens(da *DoubleArray, seqs [][]string) [][]int {
 	var result [][]int
 	for _, seq := range seqs {
-		var encoded []int
+		encoded := make([]int, 0, len(seq))
 		for _, token := range seq {
 			if _, ok := da.Encoding[token]; !ok {
 				da.Encoding[token] = len(da.Encoding)

vendor/modules.txt

@@ -602,7 +602,7 @@ github.com/grpc-ecosystem/go-grpc-middleware
 # github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
 ## explicit
 github.com/grpc-ecosystem/go-grpc-prometheus
-# github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3
+# github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0
 ## explicit; go 1.17
 github.com/grpc-ecosystem/grpc-gateway/v2/internal/httprule
 github.com/grpc-ecosystem/grpc-gateway/v2/runtime