This is an automated email from the ASF dual-hosted git repository.
lidavidm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow.git
The following commit(s) were added to refs/heads/main by this push:
new 1a6de9d659 MINOR: [Java] Bump io.grpc:grpc-bom from 1.65.0 to 1.68.1
in /java (#44639)
1a6de9d659 is described below
commit 1a6de9d6590c6cc9afb28d7d5590378ee3d0844f
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Mon Nov 4 20:01:37 2024 -0500
MINOR: [Java] Bump io.grpc:grpc-bom from 1.65.0 to 1.68.1 in /java (#44639)
Bumps [io.grpc:grpc-bom](https://github.com/grpc/grpc-java) from 1.65.0 to
1.68.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/grpc/grpc-java/releases";>io.grpc:grpc-bom's
releases</a>.</em></p>
<blockquote>
<h2>v1.68.1</h2>
<h1>gRPC Java 1.68.1 Release Notes</h1>
<p>v1.68.0 was a mistake. This is the first release of version 1.68.x</p>
<h3>Bug Fixes</h3>
<ul>
<li>xds: Fix NullPointerException introduced in "Fix load reporting
when pick first is used for locality-routing" (<a
href="https://redirect.github.com/grpc/grpc-java/issues/11553";>#11553</a>).
This was in 1.67.1 but not 1.68.0</li>
</ul>
<h3>Behavior Changes</h3>
<ul>
<li>core: JSON parsing rejects duplicate keys in objects (<a
href="https://redirect.github.com/grpc/grpc-java/issues/11575";>#11575</a>)
(4be69e3f8). This is the existing behavior in C core. Duplicate keys in objects
are dangerous as which value takes effect is undefined. Previously, the last
value was used</li>
<li>okhttp: Detect transport executors with no remaining threads (<a
href="https://redirect.github.com/grpc/grpc-java/issues/11503";>#11503</a>)
(3a6be9ca1). The transport uses two threads, but one is on-demand. If the
executor provided to <code>builder.transportExecutor()</code> runs out of
threads (e.g., it is a fixed-size thread pool), <em>all</em> transports can be
wedged, unable to run on-demand tasks, until keepalive kills one of them. Two
threads are now used when handshaking a [...]
<li>gcp-csm-o11y: Get <code>mesh_id</code> value from
<code>CSM_MESH_ID</code> environment variable, instead of getting it from
bootstrap file (84d30afad)</li>
</ul>
<h3>Improvements</h3>
<ul>
<li>New grpc-context-override-opentelemetry artifact (<a
href="https://redirect.github.com/grpc/grpc-java/issues/11523";>#11523</a>)
(782a44ad6) (<a
href="https://redirect.github.com/grpc/grpc-java/issues/11599";>#11599</a>)
(e59ae5fad). This is a <code>io.grpc.Context</code> storage override to store
its state in <code>io.opentelemetry.context.Context</code>. Libraries should
not add a dependency on this artifact, as applications can only have one
storage override in their classpath</li>
<li>New grpc-s2a artifact. It is a transport that offloads the handshake
similar to ALTS, but for TLS. It provides
<code>io.grpc.s2a.S2AChannelCredentials</code></li>
<li>api: Enhance name resolver `ResolutionResult` to hold addresses or
error so the single listener API <em>onResult2</em> is used to convey both
success and error cases for name resolution (<a
href="https://redirect.github.com/grpc/grpc-java/issues/11330";>#11330</a>)
(1ded8aff8)</li>
<li>core: Handle NameResolver/LoadBalancer exceptions when panicking
(b692b9d26). This expands the class of bugs that will fail RPCs with the panic
error, versus some undefined behavior</li>
<li>core: Use the default service config in case of initial name resolver
address resolution error (<a
href="https://redirect.github.com/grpc/grpc-java/issues/11577";>#11577</a>)
(fa26a8bc5)</li>
<li>core: <code>StreamTracer.inboundMessageRead()</code> now reports
uncompressed message size when the message does not need compression (<a
href="https://redirect.github.com/grpc/grpc-java/issues/11598";>#11598</a>)
(2aae68e11). Previously it always reported <code>-1</code> (unknown)</li>
<li>netty: Avoid TCP_USER_TIMEOUT warning when explicitly specifying a
non-epoll channel type to use (<a
href="https://redirect.github.com/grpc/grpc-java/issues/11564";>#11564</a>)
(62f409810)</li>
<li>okhttp: Don't warn about missing Conscrypt (6f3542297). This is
especially helpful when using TLS but not running on Android</li>
<li>android: For <code>UdsChannelBuilder</code>, use fake IP instead of
localhost (a908b5e40). This avoids an unnecessary DNS lookup</li>
<li>xds: Add xDS node ID in select control plane errors to enable
cross-referencing with control plane logs when debugging (f3cf7c3c7)</li>
<li>xds: Enhanced how ADS stream terminations are handled, specifically
addressing cases where a response has or hasn't been received (#2e9c3e19f)</li>
<li>binder: Update status code documentation for Android 11's package
visibility rules. (<a
href="https://redirect.github.com/grpc/grpc-java/issues/11551";>#11551</a>)
(99be6e985)</li>
<li>binder: Update binderDied() error description to spell out the
possibilities for those unfamiliar with Android internals. (<a
href="https://redirect.github.com/grpc/grpc-java/issues/11628";>#11628</a>)
(46c1b387f)</li>
<li>example-gauth: Use application default creds instead of file argument
(<a href="https://redirect.github.com/grpc/grpc-java/issues/11595";>#11595</a>)
(94a0a0d1c)</li>
<li>opentelemetry: Experimental OpenTelemetry tracing is available. Set the
<code>GRPC_EXPERIMENTAL_ENABLE_OTEL_TRACING</code> environment variable to
<code>true</code> to enable tracing support in <code>GrpcOpenTelemetry</code>
(<a href="https://redirect.github.com/grpc/grpc-java/issues/11409";>#11409</a>,
<a
href="https://redirect.github.com/grpc/grpc-java/issues/11477";>#11477</a>)(043ba55,
421e237)</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>Updated protobuf-java to 3.25.5. This helps avoid CVE-2024-7254
(2ff837ab6)</li>
</ul>
<p>Thanks to:<br />
<a href="https://github.com/Juneezee";><code>@Juneezee</code></a><br />
<a href="https://github.com/lgalfaso";><code>@lgalfaso</code></a><br />
<a
href="https://github.com/bestbeforetoday";><code>@bestbeforetoday</code></a><br
/>
<a href="https://github.com/hlx502";><code>@hlx502</code></a><br />
<a href="https://github.com/JoeCqupt";><code>@JoeCqupt</code></a></p>
<h2>v1.68.0 MISTAKE</h2>
<p>This was supposed to be v1.67.0, but there was a mistake during the
release process. This has everything in v1.67.1, <em>except</em> for:</p>
<ul>
<li>xds: Fix NullPointerException introduced in "Fix load reporting
when pick first is used for locality-routing" (<a
href="https://redirect.github.com/grpc/grpc-java/pull/11553";>grpc/grpc-java#11553</a>)</li>
</ul>
<h2>v1.67.1</h2>
<h2>gRPC Java 1.67.1 Release Notes</h2>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/grpc/grpc-java/commit/16f93c8127ce60e3ee7d1276f60a5e6369ff5d7d";><code>16f93c8</code></a>
Bump version to 1.68.1</li>
<li><a
href="https://github.com/grpc/grpc-java/commit/2b533529df1fe94009359d2fee27e7490a4d21c7";><code>2b53352</code></a>
Update README etc to reference 1.68.1</li>
<li><a
href="https://github.com/grpc/grpc-java/commit/135f433bcd212fc251eb70b3ec41cd28515dc65e";><code>135f433</code></a>
Revert "stub: Ignore unary response on server if status is not OK"
(<a href="https://redirect.github.com/grpc/grpc-java/issues/11636";>#11636</a>)
(...</li>
<li><a
href="https://github.com/grpc/grpc-java/commit/2d0c15898763a209a7069122ac30a283d909de24";><code>2d0c158</code></a>
Bump to 1.68.1-SNAPSHOT (<a
href="https://redirect.github.com/grpc/grpc-java/issues/11637";>#11637</a>)</li>
<li><a
href="https://github.com/grpc/grpc-java/commit/46c1b387fa547038dbfb2f6ecd236ed3e4b757e3";><code>46c1b38</code></a>
Update binderDied() error description to spell out the possibilities for
thos...</li>
<li><a
href="https://github.com/grpc/grpc-java/commit/b65cbf508195fb86b3642b75185c2b150c700e31";><code>b65cbf5</code></a>
inprocess: Support tracing message sizes guarded by flag (<a
href="https://redirect.github.com/grpc/grpc-java/issues/11629";>#11629</a>)</li>
<li><a
href="https://github.com/grpc/grpc-java/commit/62f409810d48bbae9fdd111217e7b2b85d377e60";><code>62f4098</code></a>
netty: Avoid TCP_USER_TIMEOUT warning when not using epoll (<a
href="https://redirect.github.com/grpc/grpc-java/issues/11564";>#11564</a>)</li>
<li><a
href="https://github.com/grpc/grpc-java/commit/00c8bc78dd5a338a1b5b1476dd8ea86b4290a8bf";><code>00c8bc7</code></a>
Minor grammar fix in Javadoc (<a
href="https://redirect.github.com/grpc/grpc-java/issues/11609";>#11609</a>)</li>
<li><a
href="https://github.com/grpc/grpc-java/commit/4be69e3f8a9c70ec36234d6373c9854eab6e9027";><code>4be69e3</code></a>
core: SpiffeUtil API for extracting Spiffe URI and loading TrustBundles (<a
href="https://redirect.github.com/grpc/grpc-java/issues/11575";>#11575</a>)</li>
<li><a
href="https://github.com/grpc/grpc-java/commit/1e0928fb7927bef13e1dbc2b47ef8971d16673cb";><code>1e0928f</code></a>
api: fix javadoc of CallCredentials.applyRequestMetadata</li>
<li>Additional commits viewable in <a
href="https://github.com/grpc/grpc-java/compare/v1.65.0...v1.68.1";>compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting `@
dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@ dependabot rebase` will rebase this PR
- `@ dependabot recreate` will recreate this PR, overwriting any edits that
have been made to it
- `@ dependabot merge` will merge this PR after your CI passes on it
- `@ dependabot squash and merge` will squash and merge this PR after your
CI passes on it
- `@ dependabot cancel merge` will cancel a previously requested merge and
block automerging
- `@ dependabot reopen` will reopen this PR if it is closed
- `@ dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@ dependabot show <dependency name> ignore conditions` will show all of
the ignore conditions of the specified dependency
- `@ dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen the PR
or upgrade to it yourself)
- `@ dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen the PR
or upgrade to it yourself)
- `@ dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the PR or
upgrade to it yourself)
</details>
Authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: David Li <[email protected]>
---
java/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/pom.xml b/java/pom.xml
index 15c46be50d..7e3e908716 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -97,7 +97,7 @@ under the License.
<dep.slf4j.version>2.0.16</dep.slf4j.version>
<dep.guava-bom.version>33.3.1-jre</dep.guava-bom.version>
<dep.netty-bom.version>4.1.114.Final</dep.netty-bom.version>
- <dep.grpc-bom.version>1.65.0</dep.grpc-bom.version>
+ <dep.grpc-bom.version>1.68.1</dep.grpc-bom.version>
<dep.protobuf-bom.version>3.25.4</dep.protobuf-bom.version>
<dep.jackson-bom.version>2.18.0</dep.jackson-bom.version>
<dep.hadoop.version>3.4.1</dep.hadoop.version>
