Bump @grpc/grpc-js and @google-cloud/secret-manager in /secret-manager/secret-manager-client-lib

[dependabot]

Bumps @grpc/grpc-js to 1.14.4 and updates ancestor dependency @google-cloud/secret-manager. These dependencies need to be updated together.

Updates @grpc/grpc-js from 1.2.12 to 1.14.4

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.14.4

• Fix a bug that could cause servers to crash when handling malformed requests (advisory GHSA-5375-pq7m-f5r2)
• Fix a bug that could cause clients and servers to crash when handling malformed compressed messages (advisory GHSA-99f4-grh7-6pcq)

@​grpc/grpc-js 1.14.3

• Send halfClose immediately after messages to prevent late halfClose issues with Envoy (#3031 contributed by @​serkanerip)

@​grpc/grpc-js 1.14.2

• Fix server keep alive timeout not properly destroying connections (#3022 contributed by @​mattias-wiberg)

@​grpc/grpc-js 1.14.1

• Fix a regression of the settings used internally for HTTP/2 sessions (#3023)

@​grpc/grpc-js-xds 1.14.0

• Implement RBAC support (gRFC A41) (#2939, #2945)
• Add weighted_round_robin to LB policy registry (#3001) (currently experimental, enabled by the environment variable GRPC_EXPERIMENTAL_XDS_WRR_LB)
• Add wrr_locality to LB policy registry (#3003)

@​grpc/grpc-js 1.14.0

Changelog

• Add getAuthContext method to client and server call classes (more details can be found in gRFC L35) (#2920)
• Implement custom backend metrics support (gRFC A51) (#2978, #2983, #2985, #2986, #2999)
• Add getConnectionInfo method to the ServerInterceptingCall class (#2922)
• Implement the weighted_round_robin load balancing policy (#2998)
• Fix jitter behavior for client retries (#2960 contributed by @​ekscentrysytet)
• Start connecting from a random index in the round_robin LB policy (#2979)
• Send connection-level WINDOW_UPDATE at session start (#2971 contributed by @​KoenRijpstra)

Experimental API Changes

Added:

• CHANNEL_ARGS_CONFIG_SELECTOR_KEY
• StatusOr<T>
• CallStream
• statusOrFromValue
• statusOrFromError

Modified:

• ResolverListener#onSuccessfulResolution now has the signature (endpointList: StatusOr<Endpoint[]>, attributes: { [key: string]: unknown }, serviceConfig: StatusOr<ServiceConfig> | null, resolutionNote: string): boolean
• LoadBalancer#updateAddressList now has the signature `updateAddressList(endpointList: StatusOr<Endpoint[]>,lbConfig: TypedLoadBalancingConfig, channelOptions: ChannelOptions, resolutionNote: string): boolean

@​grpc/grpc-js 1.13.5

• Fix a bug that could cause servers to crash when handling malformed requests (advisory GHSA-5375-pq7m-f5r2)
• Fix a bug that could cause clients and servers to crash when handling malformed compressed messages (advisory GHSA-99f4-grh7-6pcq)

@​grpc/grpc-js 1.13.4

• Fix ability to set SNI with ssl_target_name_override option (#2956)

... (truncated)

Commits

• See full diff in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates @google-cloud/secret-manager from 3.6.0 to 6.1.3

Release notes

Sourced from @​google-cloud/secret-manager's releases.

secret-manager: v6.1.3

6.1.3 (2026-06-01)

Bug Fixes

• deps: Remove vulnerable dependency uuid (#8120) (3ec901e)

service-directory: v6.1.3

6.1.3 (2026-06-01)

Bug Fixes

• deps: Remove vulnerable dependency uuid (#8120) (3ec901e)

data: v6.1.0

6.1.0 (2026-05-27)

Features

• Clean up per-package eslintrc configurations (b053d0e)

cloud-profiler: v6.0.5

6.0.5 (2026-05-11)

Bug Fixes

• Bump all node submodules (#8178) (9fd76ef)

logging-winston: v6.0.2

6.0.2 (2026-05-11)

Bug Fixes

• Bump all node submodules (#8178) (9fd76ef)

common: v6.0.1

6.0.1 (2026-05-11)

Bug Fixes

• Bump all node submodules (#8178) (9fd76ef)

paginator: v6.0.1

6.0.1 (2026-05-11)

... (truncated)

Changelog

Sourced from @​google-cloud/secret-manager's changelog.

6.1.3 (2026-06-01)

Bug Fixes

• deps: Remove vulnerable dependency uuid (#8120) (3ec901e)

6.1.2 (2026-05-01)

Bug Fixes

• Change the copyright year for files in the packages folder (#8109) (c1a03fe)
• Do not publish the protos to npm (#8079) (816216b)
• Revert "fix: Do not publish the protos to npm" (#8096) (ac0fbb6)

6.1.1 (2025-10-13)

Bug Fixes

• [gkeconnect-gateway] remove unused GatewayServiceClient (#6775) (41c2ff2)
• Remove unmaintained modules (#6789) (5540190)

6.1.0 (2025-07-09)

Features

• [Many APIs] add methods from gax to cache proto root and process custom error details (#6419) (f8a324c)
• [Many APIs] add methods from gax to cache proto root and process custom error details (#6423) (df9184f)
• [secretmanager] update secret manager protos for tags (#6400) (b41f79d)
• Add protobufjs 2023 edition support (#6303) (4a0cba1)

6.0.1 (2025-03-19)

Bug Fixes

• [Many APIs] await/catch promises, and update listOperationsAsync return type (#6188) (a73cdbf)

6.0.0 (2025-03-18)

⚠ BREAKING CHANGES

• upgrade to Node 18 (#6096)

Features

... (truncated)

Commits

• 2b23ba2 chore: release main (#8367)
• 3ec901e fix(deps): remove vulnerable dependency uuid (#8120)
• ea7ec63 chore: [Many APIs] update generator version to newest release v4.11.14 (#8276)
• 4aa32f5 chore: consolidate eslint rules (#8155)
• 4572246 chore: release main (#8148)
• 59f445d fix: sync legacy 0.1.0 snippet metadata versions across monorepo (#8144)
• c1a03fe fix: change the copyright year for files in the packages folder (#8109)
• a47507c chore: consolidate prettierignore and prettierrc files: autogen (#8082)
• ac0fbb6 fix: Revert "fix: Do not publish the protos to npm" (#8096)
• 816216b fix: Do not publish the protos to npm (#8079)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.