chore(deps): bump google.golang.org/grpc from 1.80.0 to 1.81.0 in the go-dependencies group

[dependabot]

Bumps the go-dependencies group with 1 update: google.golang.org/grpc.

Updates google.golang.org/grpc from 1.80.0 to 1.81.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.0

Behavior Changes

• balancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (#8808)

Dependencies

• Minimum supported Go version is now 1.25. (#8969)

Bug Fixes

• xds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (#8956)
• transport: Send a RST_STREAM when receiving an END_STREAM when the stream is not already half-closed. (#8832)
• xds: Fix ADS resource name validation to prevent a panic. (#8970)

New Features

• grpc/stats: Add support for custom labels in per-call metrics (gRFC A108). (#9008)
• xds: Add support for Server Name Indication (SNI) and SAN validation (gRFC A101). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_SNI=true environment variable. (#9016)
• xds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (gRFC A85). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true. (#9005)
• xds: Add metrics to track xDS client connectivity and cached resource state (gRFC A78). (#8807)
• stats/otel: Enhance grpc.subchannel.disconnections metric by adding disconnection reason to the grpc.disconnect_error label (gRFC A94). This provides granular insights into why subchannels are closing. (#8973)
• mem: Add mem.Buffer.Slice() API to slice the buffer like a slice. (#8977)
  • Special Thanks: @​ash2k

Performance Improvements

• alts: Pool read buffers to lower memory utilization when sockets are unreadable. (#8964)
• transport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false and report any issues. (#9032)

Commits

• cb18228 Change version to 1.81.0 (#9062)
• 96748f9 Cherry-pick #9105 to 1.81.x (#9106)
• 9183222 Cherry pick #9055, #9032 to v1.81.x (#9095)
• 5cba6da Revert "deps: update dependencies for all modules (#9065)" (#9067)
• af8a936 deps: update dependencies for all modules (#9065)
• cdc60df transport: optimize heap allocations in ready reader and update syscall conne...
• 208d053 xds/resolver: pass complete XDSConfig in RPC context for HTTP filters (gRFC A...
• 50fe1cc test: Fix flaky test TestServerStreaming_ClientCallRecvMsgTwice in `end2end...
• d574bad build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (#9050)
• b8bf4d0 build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in /inte...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[claude]

Claude finished @dependabot[bot]'s task in 52s —— View job

---

Dependency Upgrade Review: google.golang.org/grpc 1.80.0 → 1.81.0

• Identify changed dependencies
• Review release notes for breaking changes
• Search codebase for grpc usage and assess impact
• Post review summary

---

Risk assessment: Low ✅

What changed: Minor version bump of google.golang.org/grpc (1.80.0 → 1.81.0), plus transitive dependency updates (cncf/xds/go, envoyproxy/go-control-plane/envoy, envoyproxy/protoc-gen-validate).

Codebase usage: This repo has very narrow grpc usage — only internal/cloudrun/errors.go imports grpc/codes and grpc/status to classify Cloud Run SDK errors by gRPC status code. Tests in internal/cloudrun/errors_test.go and cmd/kosli/snapshotCloudRun_test.go also use these two sub-packages. No other production code imports grpc.

Release notes analysis:

Concern	Assessment
Min Go version → 1.25	✅ Safe — go.mod already specifies go 1.25.9
Behavior change (RLS gauge metrics)	✅ No impact — this repo doesn't use the RLS balancer
Bug fixes (xDS, transport RST_STREAM)	✅ No impact — this repo doesn't use xDS or raw gRPC transport
New features (custom labels, SNI, ORCA)	✅ All opt-in or disabled by default
codes / status API stability	✅ These are stable, core sub-packages — no changes in this release

Transitive dependency bumps (cncf/xds/go, envoyproxy/*) are internal to grpc's xDS implementation, which this codebase does not use.

Verdict: Safe to merge. The only APIs this codebase uses (codes.Code constants and status.FromError) are untouched in this release. No follow-up action needed.