Skip to content

Commit

Permalink
MINOR: [Java] Bump io.grpc:grpc-bom from 1.65.0 to 1.68.1 in /java (#…
Browse files Browse the repository at this point in the history 
…44639)

Bumps [io.grpc:grpc-bom](https://github.com/grpc/grpc-java) from 1.65.0 to 1.68.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/grpc/grpc-java/releases">io.grpc:grpc-bom's releases</a>.</em></p>
<blockquote>
<h2>v1.68.1</h2>
<h1>gRPC Java 1.68.1 Release Notes</h1>
<p>v1.68.0 was a mistake. This is the first release of version 1.68.x</p>
<h3>Bug Fixes</h3>
<ul>
<li>xds: Fix NullPointerException introduced in &quot;Fix load reporting when pick first is used for locality-routing&quot; (<a href="https://redirect.github.com/grpc/grpc-java/issues/11553">#11553</a>). This was in 1.67.1 but not 1.68.0</li>
</ul>
<h3>Behavior Changes</h3>
<ul>
<li>core: JSON parsing rejects duplicate keys in objects (<a href="https://redirect.github.com/grpc/grpc-java/issues/11575">#11575</a>) (4be69e3f8). This is the existing behavior in C core. Duplicate keys in objects are dangerous as which value takes effect is undefined. Previously, the last value was used</li>
<li>okhttp: Detect transport executors with no remaining threads (<a href="https://redirect.github.com/grpc/grpc-java/issues/11503">#11503</a>) (3a6be9ca1). The transport uses two threads, but one is on-demand. If the executor provided to <code>builder.transportExecutor()</code> runs out of threads (e.g., it is a fixed-size thread pool), <em>all</em> transports can be wedged, unable to run on-demand tasks, until keepalive kills one of them. Two threads are now used when handshaking a new transport, and the transport will time out after 1 second with “Timed out waiting for second handshake thread” if two threads are unavailable</li>
<li>gcp-csm-o11y: Get  <code>mesh_id</code> value from <code>CSM_MESH_ID</code> environment variable, instead of getting it from bootstrap file (84d30afad)</li>
</ul>
<h3>Improvements</h3>
<ul>
<li>New grpc-context-override-opentelemetry artifact (<a href="https://redirect.github.com/grpc/grpc-java/issues/11523">#11523</a>) (782a44ad6) (<a href="https://redirect.github.com/grpc/grpc-java/issues/11599">#11599</a>) (e59ae5fad). This is a <code>io.grpc.Context</code> storage override to store its state in <code>io.opentelemetry.context.Context</code>. Libraries should not add a dependency on this artifact, as applications can only have one storage override in their classpath</li>
<li>New grpc-s2a artifact. It is a transport that offloads the handshake similar to ALTS, but for TLS. It provides <code>io.grpc.s2a.S2AChannelCredentials</code></li>
<li>api: Enhance name resolver `ResolutionResult` to hold addresses or error so the single listener API <em>onResult2</em> is used to convey both success and error cases for name resolution (<a href="https://redirect.github.com/grpc/grpc-java/issues/11330">#11330</a>) (1ded8aff8)</li>
<li>core: Handle NameResolver/LoadBalancer exceptions when panicking (b692b9d26). This expands the class of bugs that will fail RPCs with the panic error, versus some undefined behavior</li>
<li>core: Use the default service config in case of initial name resolver address resolution error (<a href="https://redirect.github.com/grpc/grpc-java/issues/11577">#11577</a>) (fa26a8bc5)</li>
<li>core: <code>StreamTracer.inboundMessageRead()</code> now reports uncompressed message size when the message does not need compression (<a href="https://redirect.github.com/grpc/grpc-java/issues/11598">#11598</a>) (2aae68e11). Previously it always reported <code>-1</code> (unknown)</li>
<li>netty: Avoid TCP_USER_TIMEOUT warning when explicitly specifying a non-epoll channel type to use (<a href="https://redirect.github.com/grpc/grpc-java/issues/11564">#11564</a>) (62f409810)</li>
<li>okhttp: Don't warn about missing Conscrypt (6f3542297). This is especially helpful when using TLS but not running on Android</li>
<li>android: For <code>UdsChannelBuilder</code>, use fake IP instead of localhost (a908b5e40). This avoids an unnecessary DNS lookup</li>
<li>xds: Add xDS node ID in select control plane errors to enable cross-referencing with control plane logs when debugging (f3cf7c3c7)</li>
<li>xds: Enhanced how ADS stream terminations are handled, specifically addressing cases where a response has or hasn't been received (#2e9c3e19f)</li>
<li>binder: Update status code documentation for Android 11's package visibility rules. (<a href="https://redirect.github.com/grpc/grpc-java/issues/11551">#11551</a>) (99be6e985)</li>
<li>binder: Update binderDied() error description to spell out the possibilities for those unfamiliar with Android internals. (<a href="https://redirect.github.com/grpc/grpc-java/issues/11628">#11628</a>) (46c1b387f)</li>
<li>example-gauth: Use application default creds instead of file argument (<a href="https://redirect.github.com/grpc/grpc-java/issues/11595">#11595</a>) (94a0a0d1c)</li>
<li>opentelemetry: Experimental OpenTelemetry tracing is available. Set the <code>GRPC_EXPERIMENTAL_ENABLE_OTEL_TRACING</code> environment variable to <code>true</code> to enable tracing support in <code>GrpcOpenTelemetry</code> (<a href="https://redirect.github.com/grpc/grpc-java/issues/11409">#11409</a>, <a href="https://redirect.github.com/grpc/grpc-java/issues/11477">#11477</a>)(043ba55, 421e237)</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>Updated protobuf-java to 3.25.5. This helps avoid CVE-2024-7254 (2ff837ab6)</li>
</ul>
<p>Thanks to:<br />
<a href="https://github.com/Juneezee"><code>@​Juneezee</code></a><br />
<a href="https://github.com/lgalfaso"><code>@​lgalfaso</code></a><br />
<a href="https://github.com/bestbeforetoday"><code>@​bestbeforetoday</code></a><br />
<a href="https://github.com/hlx502"><code>@​hlx502</code></a><br />
<a href="https://github.com/JoeCqupt"><code>@​JoeCqupt</code></a></p>
<h2>v1.68.0 MISTAKE</h2>
<p>This was supposed to be v1.67.0, but there was a mistake during the release process. This has everything in v1.67.1, <em>except</em> for:</p>
<ul>
<li>xds: Fix NullPointerException introduced in &quot;Fix load reporting when pick first is used for locality-routing&quot; (<a href="https://redirect.github.com/grpc/grpc-java/pull/11553">grpc/grpc-java#11553</a>)</li>
</ul>
<h2>v1.67.1</h2>
<h2>gRPC Java 1.67.1 Release Notes</h2>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/grpc/grpc-java/commit/16f93c8127ce60e3ee7d1276f60a5e6369ff5d7d"><code>16f93c8</code></a> Bump version to 1.68.1</li>
<li><a href="https://github.com/grpc/grpc-java/commit/2b533529df1fe94009359d2fee27e7490a4d21c7"><code>2b53352</code></a> Update README etc to reference 1.68.1</li>
<li><a href="https://github.com/grpc/grpc-java/commit/135f433bcd212fc251eb70b3ec41cd28515dc65e"><code>135f433</code></a> Revert &quot;stub: Ignore unary response on server if status is not OK&quot; (<a href="https://redirect.github.com/grpc/grpc-java/issues/11636">#11636</a>) (...</li>
<li><a href="https://github.com/grpc/grpc-java/commit/2d0c15898763a209a7069122ac30a283d909de24"><code>2d0c158</code></a> Bump to 1.68.1-SNAPSHOT (<a href="https://redirect.github.com/grpc/grpc-java/issues/11637">#11637</a>)</li>
<li><a href="https://github.com/grpc/grpc-java/commit/46c1b387fa547038dbfb2f6ecd236ed3e4b757e3"><code>46c1b38</code></a> Update binderDied() error description to spell out the possibilities for thos...</li>
<li><a href="https://github.com/grpc/grpc-java/commit/b65cbf508195fb86b3642b75185c2b150c700e31"><code>b65cbf5</code></a> inprocess: Support tracing message sizes guarded by flag (<a href="https://redirect.github.com/grpc/grpc-java/issues/11629">#11629</a>)</li>
<li><a href="https://github.com/grpc/grpc-java/commit/62f409810d48bbae9fdd111217e7b2b85d377e60"><code>62f4098</code></a> netty: Avoid TCP_USER_TIMEOUT warning when not using epoll (<a href="https://redirect.github.com/grpc/grpc-java/issues/11564">#11564</a>)</li>
<li><a href="https://github.com/grpc/grpc-java/commit/00c8bc78dd5a338a1b5b1476dd8ea86b4290a8bf"><code>00c8bc7</code></a> Minor grammar fix in Javadoc (<a href="https://redirect.github.com/grpc/grpc-java/issues/11609">#11609</a>)</li>
<li><a href="https://github.com/grpc/grpc-java/commit/4be69e3f8a9c70ec36234d6373c9854eab6e9027"><code>4be69e3</code></a> core: SpiffeUtil API for extracting Spiffe URI and loading TrustBundles (<a href="https://redirect.github.com/grpc/grpc-java/issues/11575">#11575</a>)</li>
<li><a href="https://github.com/grpc/grpc-java/commit/1e0928fb7927bef13e1dbc2b47ef8971d16673cb"><code>1e0928f</code></a> api: fix javadoc of CallCredentials.applyRequestMetadata</li>
<li>Additional commits viewable in <a href="https://github.com/grpc/grpc-java/compare/v1.65.0...v1.68.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.grpc:grpc-bom&package-manager=maven&previous-version=1.65.0&new-version=1.68.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@ dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@ dependabot rebase` will rebase this PR
- `@ dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@ dependabot merge` will merge this PR after your CI passes on it
- `@ dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@ dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@ dependabot reopen` will reopen this PR if it is closed
- `@ dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@ dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@ dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@ dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@ dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: David Li <[email protected]>
  • Loading branch information
@dependabot
dependabot[bot] authored Nov 5, 2024
1 parent 640bdd8 commit 1a6de9d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion java/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ under the License.
<dep.slf4j.version>2.0.16</dep.slf4j.version>
<dep.guava-bom.version>33.3.1-jre</dep.guava-bom.version>
<dep.netty-bom.version>4.1.114.Final</dep.netty-bom.version>
<dep.grpc-bom.version>1.65.0</dep.grpc-bom.version>
<dep.grpc-bom.version>1.68.1</dep.grpc-bom.version>
<dep.protobuf-bom.version>3.25.4</dep.protobuf-bom.version>
<dep.jackson-bom.version>2.18.0</dep.jackson-bom.version>
<dep.hadoop.version>3.4.1</dep.hadoop.version>
Expand Down

0 comments on commit 1a6de9d

Please sign in to comment.