dependabot[bot] opened a new pull request #1229: URL: https://github.com/apache/avro/pull/1229
Bumps `grpc.version` from 1.37.1 to 1.38.0. Updates `grpc-core` from 1.37.1 to 1.38.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc-java/releases";>grpc-core's releases</a>.</em></p> <blockquote> <h2>v1.38.0</h2> <h2>gRPC Java 1.38.0 Release Notes</h2> <h1>API Changes</h1> <ul> <li>services: move classes with protobuf dependency into io.grpc.protobuf.services. Users currently using BinaryLogging, HealthChecking, Channelz should migrate to use the corresponding classes in io.grpc.protobuf.services. (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8056";>#8056</a>)</li> <li>ChannelCredentials and ServerCredentials and are now stable. Notably, this also includes TlsChannelCredentials and TlsServerCredentials that allow mTLS configuration without a direct dependency on Netty. The description of the new API can be found in <a href="https://github.com/grpc/proposal/blob/master/L74-java-channel-creds.md#proposal";>gRFC L74</a>. These APIs are intended to “replace” the implicit security defaults of channels/servers as well as the <code>usePlaintext()</code> and <code>useTransportSecurity()</code> methods on the channel and server builders. The previous APIs are stable so will not be removed. Over time, documentation and examples will be migrated to the new API</li> </ul> <h1>Bug Fixes</h1> <ul> <li>xds: Fixed a bug that xDS users may experience null pointer exception in rare cases (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8087";>#8087</a>)</li> <li>netty: Fixed a bug that client RPCs may fail with a wrong exception with message "Maximum active streams violated for this endpoint" when receiving GOAWAY while MAX_CONCURRENT_STREAMS is reached. After the fix the client RPC should fail with UNAVAILABLE status in such a scenario. (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8020";>#8020</a>)</li> <li>xds: Fixed a bug that xDS LB policies may process and propagate load balancing state update from its child LB policy after itself being shut down. This can be cascaded and result in hard-to-reason behaviors if any one layer of the LB policies does not clean up its internal state after shutdown.</li> </ul> <h1>Behavior Changes</h1> <ul> <li>core, grpclb, xds: let leaf LB policies explicitly refresh name resolution when subchannel connection is broken. Custom LoadBalancer implementations should refresh name resolution (with <code>Helper.refreshNameResolution()</code>) when seeing its created subchannel becomes IDLE or TRANSIENT_FAILURE. Currently the Channel will do it for you and log a warning. But this operation will be removed in the future releases. (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8048";>#8048</a>)</li> <li>netty: Added support for OpenJSSE</li> </ul> <h1>Dependencies</h1> <ul> <li>Upgrade Guava to 30.1 (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8100";>#8100</a>). As part of <a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/4671";>#4671</a> grpc-java will drop support for Java 7, with no impact to Android API levels supported. Guava is going through the same process and in this Guava release it warns when used on Java 7. If you are using Java 7 and are impacted, please comment on <a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/4671";>#4671</a>. The Java 7 check may be noticed by Android builds and fail without language-level desugaring. We expect most users have already enabled language-level desugaring, but if not it would be necessary to add to your build.gradle:</li> </ul> <pre><code>android { compileOptions { sourceCompatibility JavaVersion.VERSION_1_8 targetCompatibility JavaVersion.VERSION_1_8 } } </code></pre> <ul> <li>auth: Allow pre- and post-0.25.0 behavior from google-auth-library-java, for Bazel users. google-auth-library-java 0.25.0 changed its behavior for JWT that caused a gRPC test to fail. The failure was benign but prevented Bazel users from using newer versions of the library</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc-java/commit/51a1c777b7e5738ec724aaf238bfcf905abce742";><code>51a1c77</code></a> Bump version to 1.38.0</li> <li><a href="https://github.com/grpc/grpc-java/commit/78a3d68ea4bc6db0f2bbbc503d14403b084f7acf";><code>78a3d68</code></a> Update README etc to reference 1.38.0</li> <li><a href="https://github.com/grpc/grpc-java/commit/88ca8749585dbce0dfa5b3ecaaaa8621ea4f97c3";><code>88ca874</code></a> buildscripts: switch xds-k8s cluster to 1.20.x</li> <li><a href="https://github.com/grpc/grpc-java/commit/65d4bf5a33f539e901fdf35d18eedc0ade9ae292";><code>65d4bf5</code></a> xds: add null reference checks in SslContextProviderSupplier (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8169";>#8169</a>) (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8171";>#8171</a>)</li> <li><a href="https://github.com/grpc/grpc-java/commit/9055e6d07cb21a4c416b853d6944cb2381bd30f7";><code>9055e6d</code></a> netty: Remove Maven pom.properties from netty-shaded</li> <li><a href="https://github.com/grpc/grpc-java/commit/f049530e15344b1fce0b8d7212dd8599ecff7312";><code>f049530</code></a> xds: use a standalone Context for xDS control plane RPCs (v1.38.x backport) (...</li> <li><a href="https://github.com/grpc/grpc-java/commit/48ea63d9a47a3f78947687368826cd6678fa8542";><code>48ea63d</code></a> grpclb: use a standalone Context for gRPCLB control plane RPCs (v1.38.x backp...</li> <li><a href="https://github.com/grpc/grpc-java/commit/d2160ea703ddd5c2cfb972d18e0f0f81350eb643";><code>d2160ea</code></a> Extend the xDS interop tests timeout to 360 mins (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8133";>#8133</a>)</li> <li><a href="https://github.com/grpc/grpc-java/commit/c9e327d42f2095bb78249a30959df3c533780d81";><code>c9e327d</code></a> xds: extend SslContextProviderSupplier to DowmstreamTlsContext for server sid...</li> <li><a href="https://github.com/grpc/grpc-java/commit/27b1641653b4c27232d473496a632db193735b74";><code>27b1641</code></a> xds: import envoy (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8145";>#8145</a>)</li> <li>Additional commits viewable in <a href="https://github.com/grpc/grpc-java/compare/v1.37.1...v1.38.0";>compare view</a></li> </ul> </details> <br /> Updates `grpc-stub` from 1.37.1 to 1.38.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc-java/releases";>grpc-stub's releases</a>.</em></p> <blockquote> <h2>v1.38.0</h2> <h2>gRPC Java 1.38.0 Release Notes</h2> <h1>API Changes</h1> <ul> <li>services: move classes with protobuf dependency into io.grpc.protobuf.services. Users currently using BinaryLogging, HealthChecking, Channelz should migrate to use the corresponding classes in io.grpc.protobuf.services. (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8056";>#8056</a>)</li> <li>ChannelCredentials and ServerCredentials and are now stable. Notably, this also includes TlsChannelCredentials and TlsServerCredentials that allow mTLS configuration without a direct dependency on Netty. The description of the new API can be found in <a href="https://github.com/grpc/proposal/blob/master/L74-java-channel-creds.md#proposal";>gRFC L74</a>. These APIs are intended to “replace” the implicit security defaults of channels/servers as well as the <code>usePlaintext()</code> and <code>useTransportSecurity()</code> methods on the channel and server builders. The previous APIs are stable so will not be removed. Over time, documentation and examples will be migrated to the new API</li> </ul> <h1>Bug Fixes</h1> <ul> <li>xds: Fixed a bug that xDS users may experience null pointer exception in rare cases (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8087";>#8087</a>)</li> <li>netty: Fixed a bug that client RPCs may fail with a wrong exception with message "Maximum active streams violated for this endpoint" when receiving GOAWAY while MAX_CONCURRENT_STREAMS is reached. After the fix the client RPC should fail with UNAVAILABLE status in such a scenario. (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8020";>#8020</a>)</li> <li>xds: Fixed a bug that xDS LB policies may process and propagate load balancing state update from its child LB policy after itself being shut down. This can be cascaded and result in hard-to-reason behaviors if any one layer of the LB policies does not clean up its internal state after shutdown.</li> </ul> <h1>Behavior Changes</h1> <ul> <li>core, grpclb, xds: let leaf LB policies explicitly refresh name resolution when subchannel connection is broken. Custom LoadBalancer implementations should refresh name resolution (with <code>Helper.refreshNameResolution()</code>) when seeing its created subchannel becomes IDLE or TRANSIENT_FAILURE. Currently the Channel will do it for you and log a warning. But this operation will be removed in the future releases. (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8048";>#8048</a>)</li> <li>netty: Added support for OpenJSSE</li> </ul> <h1>Dependencies</h1> <ul> <li>Upgrade Guava to 30.1 (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8100";>#8100</a>). As part of <a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/4671";>#4671</a> grpc-java will drop support for Java 7, with no impact to Android API levels supported. Guava is going through the same process and in this Guava release it warns when used on Java 7. If you are using Java 7 and are impacted, please comment on <a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/4671";>#4671</a>. The Java 7 check may be noticed by Android builds and fail without language-level desugaring. We expect most users have already enabled language-level desugaring, but if not it would be necessary to add to your build.gradle:</li> </ul> <pre><code>android { compileOptions { sourceCompatibility JavaVersion.VERSION_1_8 targetCompatibility JavaVersion.VERSION_1_8 } } </code></pre> <ul> <li>auth: Allow pre- and post-0.25.0 behavior from google-auth-library-java, for Bazel users. google-auth-library-java 0.25.0 changed its behavior for JWT that caused a gRPC test to fail. The failure was benign but prevented Bazel users from using newer versions of the library</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc-java/commit/51a1c777b7e5738ec724aaf238bfcf905abce742";><code>51a1c77</code></a> Bump version to 1.38.0</li> <li><a href="https://github.com/grpc/grpc-java/commit/78a3d68ea4bc6db0f2bbbc503d14403b084f7acf";><code>78a3d68</code></a> Update README etc to reference 1.38.0</li> <li><a href="https://github.com/grpc/grpc-java/commit/88ca8749585dbce0dfa5b3ecaaaa8621ea4f97c3";><code>88ca874</code></a> buildscripts: switch xds-k8s cluster to 1.20.x</li> <li><a href="https://github.com/grpc/grpc-java/commit/65d4bf5a33f539e901fdf35d18eedc0ade9ae292";><code>65d4bf5</code></a> xds: add null reference checks in SslContextProviderSupplier (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8169";>#8169</a>) (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8171";>#8171</a>)</li> <li><a href="https://github.com/grpc/grpc-java/commit/9055e6d07cb21a4c416b853d6944cb2381bd30f7";><code>9055e6d</code></a> netty: Remove Maven pom.properties from netty-shaded</li> <li><a href="https://github.com/grpc/grpc-java/commit/f049530e15344b1fce0b8d7212dd8599ecff7312";><code>f049530</code></a> xds: use a standalone Context for xDS control plane RPCs (v1.38.x backport) (...</li> <li><a href="https://github.com/grpc/grpc-java/commit/48ea63d9a47a3f78947687368826cd6678fa8542";><code>48ea63d</code></a> grpclb: use a standalone Context for gRPCLB control plane RPCs (v1.38.x backp...</li> <li><a href="https://github.com/grpc/grpc-java/commit/d2160ea703ddd5c2cfb972d18e0f0f81350eb643";><code>d2160ea</code></a> Extend the xDS interop tests timeout to 360 mins (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8133";>#8133</a>)</li> <li><a href="https://github.com/grpc/grpc-java/commit/c9e327d42f2095bb78249a30959df3c533780d81";><code>c9e327d</code></a> xds: extend SslContextProviderSupplier to DowmstreamTlsContext for server sid...</li> <li><a href="https://github.com/grpc/grpc-java/commit/27b1641653b4c27232d473496a632db193735b74";><code>27b1641</code></a> xds: import envoy (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8145";>#8145</a>)</li> <li>Additional commits viewable in <a href="https://github.com/grpc/grpc-java/compare/v1.37.1...v1.38.0";>compare view</a></li> </ul> </details> <br /> Updates `grpc-netty` from 1.37.1 to 1.38.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc-java/releases";>grpc-netty's releases</a>.</em></p> <blockquote> <h2>v1.38.0</h2> <h2>gRPC Java 1.38.0 Release Notes</h2> <h1>API Changes</h1> <ul> <li>services: move classes with protobuf dependency into io.grpc.protobuf.services. Users currently using BinaryLogging, HealthChecking, Channelz should migrate to use the corresponding classes in io.grpc.protobuf.services. (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8056";>#8056</a>)</li> <li>ChannelCredentials and ServerCredentials and are now stable. Notably, this also includes TlsChannelCredentials and TlsServerCredentials that allow mTLS configuration without a direct dependency on Netty. The description of the new API can be found in <a href="https://github.com/grpc/proposal/blob/master/L74-java-channel-creds.md#proposal";>gRFC L74</a>. These APIs are intended to “replace” the implicit security defaults of channels/servers as well as the <code>usePlaintext()</code> and <code>useTransportSecurity()</code> methods on the channel and server builders. The previous APIs are stable so will not be removed. Over time, documentation and examples will be migrated to the new API</li> </ul> <h1>Bug Fixes</h1> <ul> <li>xds: Fixed a bug that xDS users may experience null pointer exception in rare cases (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8087";>#8087</a>)</li> <li>netty: Fixed a bug that client RPCs may fail with a wrong exception with message "Maximum active streams violated for this endpoint" when receiving GOAWAY while MAX_CONCURRENT_STREAMS is reached. After the fix the client RPC should fail with UNAVAILABLE status in such a scenario. (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8020";>#8020</a>)</li> <li>xds: Fixed a bug that xDS LB policies may process and propagate load balancing state update from its child LB policy after itself being shut down. This can be cascaded and result in hard-to-reason behaviors if any one layer of the LB policies does not clean up its internal state after shutdown.</li> </ul> <h1>Behavior Changes</h1> <ul> <li>core, grpclb, xds: let leaf LB policies explicitly refresh name resolution when subchannel connection is broken. Custom LoadBalancer implementations should refresh name resolution (with <code>Helper.refreshNameResolution()</code>) when seeing its created subchannel becomes IDLE or TRANSIENT_FAILURE. Currently the Channel will do it for you and log a warning. But this operation will be removed in the future releases. (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8048";>#8048</a>)</li> <li>netty: Added support for OpenJSSE</li> </ul> <h1>Dependencies</h1> <ul> <li>Upgrade Guava to 30.1 (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8100";>#8100</a>). As part of <a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/4671";>#4671</a> grpc-java will drop support for Java 7, with no impact to Android API levels supported. Guava is going through the same process and in this Guava release it warns when used on Java 7. If you are using Java 7 and are impacted, please comment on <a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/4671";>#4671</a>. The Java 7 check may be noticed by Android builds and fail without language-level desugaring. We expect most users have already enabled language-level desugaring, but if not it would be necessary to add to your build.gradle:</li> </ul> <pre><code>android { compileOptions { sourceCompatibility JavaVersion.VERSION_1_8 targetCompatibility JavaVersion.VERSION_1_8 } } </code></pre> <ul> <li>auth: Allow pre- and post-0.25.0 behavior from google-auth-library-java, for Bazel users. google-auth-library-java 0.25.0 changed its behavior for JWT that caused a gRPC test to fail. The failure was benign but prevented Bazel users from using newer versions of the library</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc-java/commit/51a1c777b7e5738ec724aaf238bfcf905abce742";><code>51a1c77</code></a> Bump version to 1.38.0</li> <li><a href="https://github.com/grpc/grpc-java/commit/78a3d68ea4bc6db0f2bbbc503d14403b084f7acf";><code>78a3d68</code></a> Update README etc to reference 1.38.0</li> <li><a href="https://github.com/grpc/grpc-java/commit/88ca8749585dbce0dfa5b3ecaaaa8621ea4f97c3";><code>88ca874</code></a> buildscripts: switch xds-k8s cluster to 1.20.x</li> <li><a href="https://github.com/grpc/grpc-java/commit/65d4bf5a33f539e901fdf35d18eedc0ade9ae292";><code>65d4bf5</code></a> xds: add null reference checks in SslContextProviderSupplier (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8169";>#8169</a>) (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8171";>#8171</a>)</li> <li><a href="https://github.com/grpc/grpc-java/commit/9055e6d07cb21a4c416b853d6944cb2381bd30f7";><code>9055e6d</code></a> netty: Remove Maven pom.properties from netty-shaded</li> <li><a href="https://github.com/grpc/grpc-java/commit/f049530e15344b1fce0b8d7212dd8599ecff7312";><code>f049530</code></a> xds: use a standalone Context for xDS control plane RPCs (v1.38.x backport) (...</li> <li><a href="https://github.com/grpc/grpc-java/commit/48ea63d9a47a3f78947687368826cd6678fa8542";><code>48ea63d</code></a> grpclb: use a standalone Context for gRPCLB control plane RPCs (v1.38.x backp...</li> <li><a href="https://github.com/grpc/grpc-java/commit/d2160ea703ddd5c2cfb972d18e0f0f81350eb643";><code>d2160ea</code></a> Extend the xDS interop tests timeout to 360 mins (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8133";>#8133</a>)</li> <li><a href="https://github.com/grpc/grpc-java/commit/c9e327d42f2095bb78249a30959df3c533780d81";><code>c9e327d</code></a> xds: extend SslContextProviderSupplier to DowmstreamTlsContext for server sid...</li> <li><a href="https://github.com/grpc/grpc-java/commit/27b1641653b4c27232d473496a632db193735b74";><code>27b1641</code></a> xds: import envoy (<a href="https://github-redirect.dependabot.com/grpc/grpc-java/issues/8145";>#8145</a>)</li> <li>Additional commits viewable in <a href="https://github.com/grpc/grpc-java/compare/v1.37.1...v1.38.0";>compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
