diff --git a/examples/v1/example.js b/examples/v1/example.js
index 6f3d08a..9390d4f 100644
--- a/examples/v1/example.js
+++ b/examples/v1/example.js
@@ -1,8 +1,8 @@
 import { v1 } from '@authzed/authzed-node';
-const { promises: promiseClient } = client; // access client.promises
 // set up it on localhost like this:
 // const client = v1.NewClient('mytokenhere', 'localhost:50051', 1);
 const client = v1.NewClient('mytokenhere');
+const { promises: promiseClient } = client; // access client.promises after instantiating client
 
 const writeRequest = v1.WriteSchemaRequest.create({
   schema: `definition test/user {}
diff --git a/js-dist/package.json b/js-dist/package.json
index b35b996..cca39e4 100644
--- a/js-dist/package.json
+++ b/js-dist/package.json
@@ -22,7 +22,7 @@
     "only-run-tests": "vitest"
   },
   "dependencies": {
-    "@grpc/grpc-js": "~1.12.5",
+    "@grpc/grpc-js": "~1.13.1",
     "google-protobuf": "^3.15.3"
   },
   "devDependencies": {
diff --git a/package.json b/package.json
index 9bdc802..be7df06 100644
--- a/package.json
+++ b/package.json
@@ -38,7 +38,7 @@
     "build-js-client": "tsc --declaration false --outDir js-dist"
   },
   "dependencies": {
-    "@grpc/grpc-js": "~1.12.5",
+    "@grpc/grpc-js": "^1.13.1",
     "@protobuf-ts/runtime": "^2.9.6",
     "@protobuf-ts/runtime-rpc": "^2.9.6",
     "google-protobuf": "^3.21.4"
diff --git a/src/util.ts b/src/util.ts
index 4ce5ec8..e226aa9 100644
--- a/src/util.ts
+++ b/src/util.ts
@@ -1,31 +1,52 @@
 import * as grpc from "@grpc/grpc-js";
 import { NextCall } from "@grpc/grpc-js/build/src/client-interceptors.js";
-import { ConnectionOptions } from "tls";
+import * as net from "net";
+import { SecureConnector } from "@grpc/grpc-js/build/src/channel-credentials.js";
+import { GrpcUri } from "@grpc/grpc-js/build/src/uri-parser.js";
 
 // NOTE: Copied from channel-credentials.ts in gRPC Node package because its not exported:
 // https://github.com/grpc/grpc-node/blob/3106057f5ad8f79a71d2ae411e116ad308a2e835/packages/grpc-js/src/call-credentials.ts#L143
 class ComposedChannelCredentials extends grpc.ChannelCredentials {
   constructor(
     private channelCredentials: KnownInsecureChannelCredentialsImpl,
-    callCreds: grpc.CallCredentials
+    private callCreds: grpc.CallCredentials
   ) {
-    super(callCreds);
+    super();
+    // NOTE: leaving this here to show what changed from the upstream.
+    /*
+    if (!channelCredentials._isSecure()) {
+      throw new Error('Cannot compose insecure credentials');
+    }
+    */
   }
   compose(callCredentials: grpc.CallCredentials) {
     const combinedCallCredentials =
-      this.callCredentials.compose(callCredentials);
+      this.callCreds.compose(callCredentials);
     return new ComposedChannelCredentials(
       this.channelCredentials,
       combinedCallCredentials
     );
   }
-
-  _getConnectionOptions(): ConnectionOptions | null {
-    return this.channelCredentials._getConnectionOptions();
-  }
   _isSecure(): boolean {
     return false;
   }
+
+  // NOTE: this is copied from the InsecureChannelCredentialsImpl class
+  _createSecureConnector(
+    channelTarget: GrpcUri,
+    options: grpc.ChannelOptions,
+    callCredentials?: grpc.CallCredentials
+  ): SecureConnector {
+    return {
+      connect: async (socket: net.Socket) => {
+        return { socket, secure: false };
+      },
+      waitForReady: async () => {},
+      getCallCredentials: () => callCredentials || this.callCreds,
+      destroy: () => {}
+    };
+  }
+
   _equals(other: grpc.ChannelCredentials): boolean {
     if (this === other) {
       return true;
@@ -33,7 +54,7 @@ class ComposedChannelCredentials extends grpc.ChannelCredentials {
     if (other instanceof ComposedChannelCredentials) {
       return (
         this.channelCredentials._equals(other.channelCredentials) &&
-        this.callCredentials._equals(other.callCredentials)
+        this.callCreds._equals(other.callCreds)
       );
     } else {
       return false;
@@ -44,25 +65,32 @@ class ComposedChannelCredentials extends grpc.ChannelCredentials {
 // Create our own known insecure channel creds.
 // See https://github.com/grpc/grpc-node/issues/543 for why this is necessary.
 class KnownInsecureChannelCredentialsImpl extends grpc.ChannelCredentials {
-  constructor(callCredentials?: grpc.CallCredentials) {
-    super(callCredentials);
-  }
 
   compose(callCredentials: grpc.CallCredentials): grpc.ChannelCredentials {
-    const combinedCallCredentials =
-      this.callCredentials.compose(callCredentials);
-    return new ComposedChannelCredentials(this, combinedCallCredentials);
+    return new ComposedChannelCredentials(this, callCredentials);
   }
 
-  _getConnectionOptions(): ConnectionOptions {
-    return {};
-  }
   _isSecure(): boolean {
     return false;
   }
   _equals(other: grpc.ChannelCredentials): boolean {
     return other instanceof KnownInsecureChannelCredentialsImpl;
   }
+
+   _createSecureConnector(
+    channelTarget: GrpcUri,
+    options: grpc.ChannelOptions,
+    callCredentials: grpc.CallCredentials
+  ): SecureConnector {
+    return {
+      connect: async (socket: net.Socket) => {
+        return { socket, secure: false };
+      },
+      waitForReady: async () => {},
+      getCallCredentials: () => callCredentials,
+      destroy: () => {}
+    };
+  }
 }
 
 export enum ClientSecurity {