chore(deps): bump the maven-dependencies group across 1 directory with 25 updates

[dependabot]

Bumps the maven-dependencies group with 25 updates in the / directory:

Package	From	To
io.grpc:grpc-netty-shaded	1.65.0	1.78.0
io.grpc:grpc-protobuf	1.65.0	1.78.0
io.grpc:grpc-stub	1.65.0	1.78.0
com.google.protobuf:protobuf-java	3.25.3	4.33.2
io.micrometer:micrometer-registry-prometheus	1.13.1	1.16.1
org.apache.lucene:lucene-core	9.8.0	10.3.2
org.apache.lucene:lucene-analysis-common	9.8.0	10.3.2
org.apache.lucene:lucene-queryparser	9.8.0	10.3.2
org.apache.lucene:lucene-highlighter	9.8.0	10.3.2
org.apache.lucene:lucene-facet	9.8.0	10.3.2
org.junit.jupiter:junit-jupiter	5.10.2	6.0.1
org.mockito:mockito-core	5.11.0	5.21.0
org.mockito:mockito-junit-jupiter	5.11.0	5.21.0
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml	2.15.2	2.20.1
com.fasterxml.jackson.core:jackson-databind	2.15.2	2.20.1
org.yaml:snakeyaml	2.2	2.5
ai.djl:api	0.28.0	0.36.0
ai.djl.pytorch:pytorch-engine	0.28.0	0.36.0
ai.djl.huggingface:tokenizers	0.28.0	0.36.0
ai.djl.huggingface:translators	0.28.0	0.36.0
ch.qos.logback:logback-classic	1.5.6	1.5.23
org.apache.maven.plugins:maven-surefire-plugin	3.2.5	3.5.4
org.apache.maven.plugins:maven-compiler-plugin	3.11.0	3.14.1
com.diffplug.spotless:spotless-maven-plugin	2.43.0	3.1.0
org.apache.maven.plugins:maven-shade-plugin	3.5.1	3.6.1

Updates io.grpc:grpc-netty-shaded from 1.65.0 to 1.78.0

Release notes

Sourced from io.grpc:grpc-netty-shaded's releases.

V1.78.0

Bug Fixes

• core: Fix shutdown failing accepted RPCs during channel startup (02e98a806). This fixes a race where RPCs could fail with "UNAVAILABLE: Channel shutdown invoked" even though they were created before channel.shutdown()
• okhttp: Fix race condition overwriting MAX_CONCURRENT_STREAMS (#12548) (8d49dc1c9)
• binder: Stop leaking this from BinderServerTransport's ctor (#12453) (89d77e062)
• rls: Avoid missed config update from reentrancy (55ae1d054). This fixes a regression since 1.75.0 triggered by CdsLb being converted to XdsDepManager. Without this fix, a second channel to the same target may hang when starting, causing DEADLINE_EXCEEDED, and unhang when the control plane delivers an update (e.g., endpoint address update)

Improvements

• xds: gRFC A88 - Changes to XdsClient Watcher APIs (#12446) (f385add31). We now have improved xDS error handling and this provides a clearer mechanism for the xDS server to report per-resource errors to the client, resulting in better error messages for debugging and faster detection of non-existent resources. This also improves the handling of all xDS-related data errors and the behavior of the xDS resource timer.
• rls: Control plane channel monitor state and back off handling (#12460) (26c1c1341). Resets RLS request backoff timers when the Control plane channel state transitions to READY. Also when the backoff timer expires, instead of making a RLS request immediately, it just causes a picker update to allow making rpc again to the RLS target.
• core: simplify DnsNameResolver.resolveAddresses() (4843256af)
• netty: Run handshakeCompleteRunnable in success cases (283f1031f)
• api,netty: Add custom header support for HTTP CONNECT proxy (bbc0aa369)
• binder: Pre-factor out the guts of the BinderClientTransport handshake. (9313e87df)
• compiler: Add RISC-V 64-bit architecture support to compiler build configuration (725ab22f3)
• core: Release lock before closing shared resource (cb73f217e). Shared resources are internal to gRPC for sharing expensive objects across channels and servers, like threads. This reduces the chances of forming a deadlock, like seen with s2a in d50098f
• Upgrade gson to 2.12.1 (6dab2ceab)
• Upgrade dependencies (f36defa2d). proto-google-common-protos to 2.63.1, google-auth-library to 1.40.0, error-prone annotations to 2.44.0, guava to 33.5.0-android, opentelemetry to 1.56.0
• compiler: Update maximum supported protobuf edition to EDITION_2024 (2f64092b8)
• binder: Introduce server authorization strategy v2 (d9710725d). Adds support for android:isolatedProcess Services and moves all security checks to the handshake, making subsequent transactions more efficient.

New Features

• compiler: Upgrade to C++ protobuf 33.1 (#12534) (58ae5f808).
• util: Add gRFC A68 random subsetting LB (48a42889d). The policy uses the name random_subsetting_experimental. If it is working for you, tell us so we can gauge marking it stable. While the xDS portions haven’t yet landed, it is possible to use with xDS with JSON-style Structs as supported by gRFC A52
• xds: Support for System Root Certs (#12499) (51611bad1). Most service mesh workloads use mTLS, as described in gRFC A29. However, there are cases where it is useful for applications to use normal TLS rather than using certificates for workload identity, such as when a mesh wants to move some workloads behind a reverse proxy. The xDS CertificateValidationContext message (see envoyproxy/envoy#34235) has a system_root_certs field. In the gRPC client, if this field is present and the ca_certificate_provider_instance field is unset, system root certificates will be used for validation. This implements gRFC A82.
• xds: Support for GCP Authentication Filter (#12499) (51611bad1). In service mesh environments, there are cases where intermediate proxies make it impossible to rely on mTLS for end-to-end authentication. These cases can be addressed instead by the use of service account identity JWT tokens. The xDS GCP Authentication filter provides a mechanism for attaching such JWT tokens as gRPC call credentials on GCP. gRPC already supports a framework for xDS HTTP filters, as described in gRFC A39. This release supports the GCP Authentication filter under this framework as described in gRFC A83.
• xds: Support for xDS-based authority rewriting (#12499) (51611bad1). gRPC supports getting routing configuration from an xDS server, as described in gRFCs A27 and A28. The xDS configuration can configure the client to rewrite the authority header on requests. This functionality can be useful in cases where the server is using the authority header to make decisions about how to process the request, such as when multiple hosts are handled via a reverse proxy. Note that this feature is solely about rewriting the authority header on data plane RPCs; it does not affect the authority used in the TLS handshake.
  As mentioned in gRFC A29, there are use-cases for gRPC that prohibit trusting the xDS server to control security-centric configuration. The authority rewriting feature falls under the same umbrella as mTLS configuration. As a result, the authority rewriting feature will only be enabled when the bootstrap config for the xDS server has trusted_xds_server in the server_features field.
• xds: xDS based SNI setting and SAN validation (#12378) (0567531). When using xDS credentials make SNI for the Tls handshake to be configured via xDS, rather than use the channel authority as the SNI, and make SAN validation to be able to use the SNI sent when so instructed via xDS. Implements gRFC A101.

Documentation

• api: Document gRFC A18 TCP_USER_TIMEOUT handling for keepalive (da7038782)
• core: Fix AbstractClientStream Javadoc (28a6130e8)
• examples: Document how to preserve META-INF/services in uber jars (97695d523)

Thanks to

• @​panchenko
• @​Dayuxiaoshui
• @​becomeStar
• @​kssumin
• @​marcindabrowski
• @​MariusVolkhart
• @​Zgoda91
• @​devalkone

... (truncated)

Commits

• 8fa6000 Bump version to 1.78.0
• 87df333 Update README etc to reference 1.78.0
• 283f103 netty: Run handshakeCompleteRunnable in success cases
• eb8a63c Introduce io.grpc.Uri. (#12535)
• 58ae5f8 compiler: Upgrade to protobuf 33.1 (#12534)
• 8d49dc1 okhttp: Fix race condition overwriting MAX_CONCURRENT_STREAMS (#12548)
• b1a94a4 xds: implement server feature fail_on_data_errors (#12544)
• 55ae1d0 rls: Avoid missed config update from reentrancy
• 53a0926 xds: fix race in simpleFlowControl (#12547)
• f36defa Upgrade dependencies
• Additional commits viewable in compare view

Updates io.grpc:grpc-protobuf from 1.65.0 to 1.78.0

Release notes

Sourced from io.grpc:grpc-protobuf's releases.

V1.78.0

Bug Fixes

• core: Fix shutdown failing accepted RPCs during channel startup (02e98a806). This fixes a race where RPCs could fail with "UNAVAILABLE: Channel shutdown invoked" even though they were created before channel.shutdown()
• okhttp: Fix race condition overwriting MAX_CONCURRENT_STREAMS (#12548) (8d49dc1c9)
• binder: Stop leaking this from BinderServerTransport's ctor (#12453) (89d77e062)
• rls: Avoid missed config update from reentrancy (55ae1d054). This fixes a regression since 1.75.0 triggered by CdsLb being converted to XdsDepManager. Without this fix, a second channel to the same target may hang when starting, causing DEADLINE_EXCEEDED, and unhang when the control plane delivers an update (e.g., endpoint address update)

Improvements

• xds: gRFC A88 - Changes to XdsClient Watcher APIs (#12446) (f385add31). We now have improved xDS error handling and this provides a clearer mechanism for the xDS server to report per-resource errors to the client, resulting in better error messages for debugging and faster detection of non-existent resources. This also improves the handling of all xDS-related data errors and the behavior of the xDS resource timer.
• rls: Control plane channel monitor state and back off handling (#12460) (26c1c1341). Resets RLS request backoff timers when the Control plane channel state transitions to READY. Also when the backoff timer expires, instead of making a RLS request immediately, it just causes a picker update to allow making rpc again to the RLS target.
• core: simplify DnsNameResolver.resolveAddresses() (4843256af)
• netty: Run handshakeCompleteRunnable in success cases (283f1031f)
• api,netty: Add custom header support for HTTP CONNECT proxy (bbc0aa369)
• binder: Pre-factor out the guts of the BinderClientTransport handshake. (9313e87df)
• compiler: Add RISC-V 64-bit architecture support to compiler build configuration (725ab22f3)
• core: Release lock before closing shared resource (cb73f217e). Shared resources are internal to gRPC for sharing expensive objects across channels and servers, like threads. This reduces the chances of forming a deadlock, like seen with s2a in d50098f
• Upgrade gson to 2.12.1 (6dab2ceab)
• Upgrade dependencies (f36defa2d). proto-google-common-protos to 2.63.1, google-auth-library to 1.40.0, error-prone annotations to 2.44.0, guava to 33.5.0-android, opentelemetry to 1.56.0
• compiler: Update maximum supported protobuf edition to EDITION_2024 (2f64092b8)
• binder: Introduce server authorization strategy v2 (d9710725d). Adds support for android:isolatedProcess Services and moves all security checks to the handshake, making subsequent transactions more efficient.

New Features

• compiler: Upgrade to C++ protobuf 33.1 (#12534) (58ae5f808).
• util: Add gRFC A68 random subsetting LB (48a42889d). The policy uses the name random_subsetting_experimental. If it is working for you, tell us so we can gauge marking it stable. While the xDS portions haven’t yet landed, it is possible to use with xDS with JSON-style Structs as supported by gRFC A52
• xds: Support for System Root Certs (#12499) (51611bad1). Most service mesh workloads use mTLS, as described in gRFC A29. However, there are cases where it is useful for applications to use normal TLS rather than using certificates for workload identity, such as when a mesh wants to move some workloads behind a reverse proxy. The xDS CertificateValidationContext message (see envoyproxy/envoy#34235) has a system_root_certs field. In the gRPC client, if this field is present and the ca_certificate_provider_instance field is unset, system root certificates will be used for validation. This implements gRFC A82.
• xds: Support for GCP Authentication Filter (#12499) (51611bad1). In service mesh environments, there are cases where intermediate proxies make it impossible to rely on mTLS for end-to-end authentication. These cases can be addressed instead by the use of service account identity JWT tokens. The xDS GCP Authentication filter provides a mechanism for attaching such JWT tokens as gRPC call credentials on GCP. gRPC already supports a framework for xDS HTTP filters, as described in gRFC A39. This release supports the GCP Authentication filter under this framework as described in gRFC A83.
• xds: Support for xDS-based authority rewriting (#12499) (51611bad1). gRPC supports getting routing configuration from an xDS server, as described in gRFCs A27 and A28. The xDS configuration can configure the client to rewrite the authority header on requests. This functionality can be useful in cases where the server is using the authority header to make decisions about how to process the request, such as when multiple hosts are handled via a reverse proxy. Note that this feature is solely about rewriting the authority header on data plane RPCs; it does not affect the authority used in the TLS handshake.
  As mentioned in gRFC A29, there are use-cases for gRPC that prohibit trusting the xDS server to control security-centric configuration. The authority rewriting feature falls under the same umbrella as mTLS configuration. As a result, the authority rewriting feature will only be enabled when the bootstrap config for the xDS server has trusted_xds_server in the server_features field.
• xds: xDS based SNI setting and SAN validation (#12378) (0567531). When using xDS credentials make SNI for the Tls handshake to be configured via xDS, rather than use the channel authority as the SNI, and make SAN validation to be able to use the SNI sent when so instructed via xDS. Implements gRFC A101.

Documentation

• api: Document gRFC A18 TCP_USER_TIMEOUT handling for keepalive (da7038782)
• core: Fix AbstractClientStream Javadoc (28a6130e8)
• examples: Document how to preserve META-INF/services in uber jars (97695d523)

Thanks to

• @​panchenko
• @​Dayuxiaoshui
• @​becomeStar
• @​kssumin
• @​marcindabrowski
• @​MariusVolkhart
• @​Zgoda91
• @​devalkone

... (truncated)

Commits

• 8fa6000 Bump version to 1.78.0
• 87df333 Update README etc to reference 1.78.0
• 283f103 netty: Run handshakeCompleteRunnable in success cases
• eb8a63c Introduce io.grpc.Uri. (#12535)
• 58ae5f8 compiler: Upgrade to protobuf 33.1 (#12534)
• 8d49dc1 okhttp: Fix race condition overwriting MAX_CONCURRENT_STREAMS (#12548)
• b1a94a4 xds: implement server feature fail_on_data_errors (#12544)
• 55ae1d0 rls: Avoid missed config update from reentrancy
• 53a0926 xds: fix race in simpleFlowControl (#12547)
• f36defa Upgrade dependencies
• Additional commits viewable in compare view

Updates io.grpc:grpc-stub from 1.65.0 to 1.78.0

Release notes

Sourced from io.grpc:grpc-stub's releases.

V1.78.0

Bug Fixes

• core: Fix shutdown failing accepted RPCs during channel startup (02e98a806). This fixes a race where RPCs could fail with "UNAVAILABLE: Channel shutdown invoked" even though they were created before channel.shutdown()
• okhttp: Fix race condition overwriting MAX_CONCURRENT_STREAMS (#12548) (8d49dc1c9)
• binder: Stop leaking this from BinderServerTransport's ctor (#12453) (89d77e062)
• rls: Avoid missed config update from reentrancy (55ae1d054). This fixes a regression since 1.75.0 triggered by CdsLb being converted to XdsDepManager. Without this fix, a second channel to the same target may hang when starting, causing DEADLINE_EXCEEDED, and unhang when the control plane delivers an update (e.g., endpoint address update)

Improvements

• xds: gRFC A88 - Changes to XdsClient Watcher APIs (#12446) (f385add31). We now have improved xDS error handling and this provides a clearer mechanism for the xDS server to report per-resource errors to the client, resulting in better error messages for debugging and faster detection of non-existent resources. This also improves the handling of all xDS-related data errors and the behavior of the xDS resource timer.
• rls: Control plane channel monitor state and back off handling (#12460) (26c1c1341). Resets RLS request backoff timers when the Control plane channel state transitions to READY. Also when the backoff timer expires, instead of making a RLS request immediately, it just causes a picker update to allow making rpc again to the RLS target.
• core: simplify DnsNameResolver.resolveAddresses() (4843256af)
• netty: Run handshakeCompleteRunnable in success cases (283f1031f)
• api,netty: Add custom header support for HTTP CONNECT proxy (bbc0aa369)
• binder: Pre-factor out the guts of the BinderClientTransport handshake. (9313e87df)
• compiler: Add RISC-V 64-bit architecture support to compiler build configuration (725ab22f3)
• core: Release lock before closing shared resource (cb73f217e). Shared resources are internal to gRPC for sharing expensive objects across channels and servers, like threads. This reduces the chances of forming a deadlock, like seen with s2a in d50098f
• Upgrade gson to 2.12.1 (6dab2ceab)
• Upgrade dependencies (f36defa2d). proto-google-common-protos to 2.63.1, google-auth-library to 1.40.0, error-prone annotations to 2.44.0, guava to 33.5.0-android, opentelemetry to 1.56.0
• compiler: Update maximum supported protobuf edition to EDITION_2024 (2f64092b8)
• binder: Introduce server authorization strategy v2 (d9710725d). Adds support for android:isolatedProcess Services and moves all security checks to the handshake, making subsequent transactions more efficient.

New Features

• compiler: Upgrade to C++ protobuf 33.1 (#12534) (58ae5f808).
• util: Add gRFC A68 random subsetting LB (48a42889d). The policy uses the name random_subsetting_experimental. If it is working for you, tell us so we can gauge marking it stable. While the xDS portions haven’t yet landed, it is possible to use with xDS with JSON-style Structs as supported by gRFC A52
• xds: Support for System Root Certs (#12499) (51611bad1). Most service mesh workloads use mTLS, as described in gRFC A29. However, there are cases where it is useful for applications to use normal TLS rather than using certificates for workload identity, such as when a mesh wants to move some workloads behind a reverse proxy. The xDS CertificateValidationContext message (see envoyproxy/envoy#34235) has a system_root_certs field. In the gRPC client, if this field is present and the ca_certificate_provider_instance field is unset, system root certificates will be used for validation. This implements gRFC A82.
• xds: Support for GCP Authentication Filter (#12499) (51611bad1). In service mesh environments, there are cases where intermediate proxies make it impossible to rely on mTLS for end-to-end authentication. These cases can be addressed instead by the use of service account identity JWT tokens. The xDS GCP Authentication filter provides a mechanism for attaching such JWT tokens as gRPC call credentials on GCP. gRPC already supports a framework for xDS HTTP filters, as described in gRFC A39. This release supports the GCP Authentication filter under this framework as described in gRFC A83.
• xds: Support for xDS-based authority rewriting (#12499) (51611bad1). gRPC supports getting routing configuration from an xDS server, as described in gRFCs A27 and A28. The xDS configuration can configure the client to rewrite the authority header on requests. This functionality can be useful in cases where the server is using the authority header to make decisions about how to process the request, such as when multiple hosts are handled via a reverse proxy. Note that this feature is solely about rewriting the authority header on data plane RPCs; it does not affect the authority used in the TLS handshake.
  As mentioned in gRFC A29, there are use-cases for gRPC that prohibit trusting the xDS server to control security-centric configuration. The authority rewriting feature falls under the same umbrella as mTLS configuration. As a result, the authority rewriting feature will only be enabled when the bootstrap config for the xDS server has trusted_xds_server in the server_features field.
• xds: xDS based SNI setting and SAN validation (#12378) (0567531). When using xDS credentials make SNI for the Tls handshake to be configured via xDS, rather than use the channel authority as the SNI, and make SAN validation to be able to use the SNI sent when so instructed via xDS. Implements gRFC A101.

Documentation

• api: Document gRFC A18 TCP_USER_TIMEOUT handling for keepalive (da7038782)
• core: Fix AbstractClientStream Javadoc (28a6130e8)
• examples: Document how to preserve META-INF/services in uber jars (97695d523)

Thanks to

• @​panchenko
• @​Dayuxiaoshui
• @​becomeStar
• @​kssumin
• @​marcindabrowski
• @​MariusVolkhart
• @​Zgoda91
• @​devalkone

... (truncated)

Commits

• 8fa6000 Bump version to 1.78.0
• 87df333 Update README etc to reference 1.78.0
• 283f103 netty: Run handshakeCompleteRunnable in success cases
• eb8a63c Introduce io.grpc.Uri. (#12535)
• 58ae5f8 compiler: Upgrade to protobuf 33.1 (#12534)
• 8d49dc1 okhttp: Fix race condition overwriting MAX_CONCURRENT_STREAMS (#12548)
• b1a94a4 xds: implement server feature fail_on_data_errors (#12544)
• 55ae1d0 rls: Avoid missed config update from reentrancy
• 53a0926 xds: fix race in simpleFlowControl (#12547)
• f36defa Upgrade dependencies
• Additional commits viewable in compare view

Updates io.grpc:grpc-protobuf from 1.65.0 to 1.78.0

Release notes

Sourced from io.grpc:grpc-protobuf's releases.

V1.78.0

Bug Fixes

• core: Fix shutdown failing accepted RPCs during channel startup (02e98a806). This fixes a race where RPCs could fail with "UNAVAILABLE: Channel shutdown invoked" even though they were created before channel.shutdown()
• okhttp: Fix race condition overwriting MAX_CONCURRENT_STREAMS (#12548) (8d49dc1c9)
• binder: Stop leaking this from BinderServerTransport's ctor (#12453) (89d77e062)
• rls: Avoid missed config update from reentrancy (55ae1d054). This fixes a regression since 1.75.0 triggered by CdsLb being converted to XdsDepManager. Without this fix, a second channel to the same target may hang when starting, causing DEADLINE_EXCEEDED, and unhang when the control plane delivers an update (e.g., endpoint address update)

Improvements

• xds: gRFC A88 - Changes to XdsClient Watcher APIs (#12446) (f385add31). We now have improved xDS error handling and this provides a clearer mechanism for the xDS server to report per-resource errors to the client, resulting in better error messages for debugging and faster detection of non-existent resources. This also improves the handling of all xDS-related data errors and the behavior of the xDS resource timer.
• rls: Control plane channel monitor state and back off handling (#12460) (26c1c1341). Resets RLS request backoff timers when the Control plane channel state transitions to READY. Also when the backoff timer expires, instead of making a RLS request immediately, it just causes a picker update to allow making rpc again to the RLS target.
• core: simplify DnsNameResolver.resolveAddresses() (4843256af)
• netty: Run handshakeCompleteRunnable in success cases (283f1031f)
• api,netty: Add custom header support for HTTP CONNECT proxy (bbc0aa369)
• binder: Pre-factor out the guts of the BinderClientTransport handshake. (9313e87df)
• compiler: Add RISC-V 64-bit architecture support to compiler build configuration (725ab22f3)
• core: Release lock before closing shared resource (cb73f217e). Shared resources are internal to gRPC for sharing expensive objects across channels and servers, like threads. This reduces the chances of forming a deadlock, like seen with s2a in d50098f
• Upgrade gson to 2.12.1 (6dab2ceab)
• Upgrade dependencies (f36defa2d). proto-google-common-protos to 2.63.1, google-auth-library to 1.40.0, error-prone annotations to 2.44.0, guava to 33.5.0-android, opentelemetry to 1.56.0
• compiler: Update maximum supported protobuf edition to EDITION_2024 (2f64092b8)
• binder: Introduce server authorization strategy v2 (d9710725d). Adds support for android:isolatedProcess Services and moves all security checks to the handshake, making subsequent transactions more efficient.

New Features

• compiler: Upgrade to C++ protobuf 33.1 (#12534) (58ae5f808).
• util: Add gRFC A68 random subsetting LB (48a42889d). The policy uses the name random_subsetting_experimental. If it is working for you, tell us so we can gauge marking it stable. While the xDS portions haven’t yet landed, it is possible to use with xDS with JSON-style Structs as supported by gRFC A52
• xds: Support for System Root Certs (#12499) (51611bad1). Most service mesh workloads use mTLS, as described in gRFC A29. However, there are cases where it is useful for applications to use normal TLS rather than using certificates for workload identity, such as when a mesh wants to move some workloads behind a reverse proxy. The xDS CertificateValidationContext message (see envoyproxy/envoy#34235) has a system_root_certs field. In the gRPC client, if this field is present and the ca_certificate_provider_instance field is unset, system root certificates will be used for validation. This implements gRFC A82.
• xds: Support for GCP Authentication Filter (#12499) (51611bad1). In service mesh environments, there are cases where intermediate proxies make it impossible to rely on mTLS for end-to-end authentication. These cases can be addressed instead by the use of service account identity JWT tokens. The xDS GCP Authentication filter provides a mechanism for attaching such JWT tokens as gRPC call credentials on GCP. gRPC already supports a framework for xDS HTTP filters, as described in gRFC A39. This release supports the GCP Authentication filter under this framework as described in gRFC A83.
• xds: Support for xDS-based authority rewriting (#12499) (51611bad1). gRPC supports getting routing configuration from an xDS server, as described in gRFCs A27 and A28. The xDS configuration can configure the client to rewrite the authority header on requests. This functionality can be useful in cases where the server is using the authority header to make decisions about how to process the request, such as when multiple hosts are handled via a reverse proxy. Note that this feature is solely about rewriting the authority header on data plane RPCs; it does not affect the authority used in the TLS handshake.
  As mentioned in gRFC A29, there are use-cases for gRPC that prohibit trusting the xDS server to control security-centric configuration. The authority rewriting feature falls under the same umbrella as mTLS configuration. As a result, the authority rewriting feature will only be enabled when the bootstrap config for the xDS server has trusted_xds_server in the server_features field.
• xds: xDS based SNI setting and SAN validation (#12378) (0567531). When using xDS credentials make SNI for the Tls handshake to be configured via xDS, rather than use the channel authority as the SNI, and make SAN validation to be able to use the SNI sent when so instructed via xDS. Implements gRFC A101.

Documentation

• api: Document gRFC A18 TCP_USER_TIMEOUT handling for keepalive (da7038782)
• core: Fix AbstractClientStream Javadoc (28a6130e8)
• examples: Document how to preserve META-INF/services in uber jars (97695d523)

Thanks to

• @​panchenko
• @​Dayuxiaoshui
• @​becomeStar
• @​kssumin
• @​marcindabrowski
• @​MariusVolkhart
• @​Zgoda91
• @​devalkone

... (truncated)

Commits

• 8fa6000 Bump version to 1.78.0
• 87df333 Update README etc to reference 1.78.0
• 283f103 netty: Run handshakeCompleteRunnable in success cases
• eb8a63c Introduce io.grpc.Uri. (#12535)
• 58ae5f8 compiler: Upgrade to protobuf 33.1 (#12534)
• 8d49dc1 okhttp: Fix race condition overwriting MAX_CONCURRENT_STREAMS (#12548)
• b1a94a4 xds: implement server feature fail_on_data_errors (#12544)
• 55ae1d0 rls: Avoid missed config update from reentrancy
• 53a0926 xds: fix race in simpleFlowControl (#12547)
• f36defa Upgrade dependencies
• Additional commits viewable in compare view

Updates io.grpc:grpc-stub from 1.65.0 to 1.78.0

Release notes

Sourced from io.grpc:grpc-stub's releases.

V1.78.0

Bug Fixes

• core: Fix shutdown failing accepted RPCs during channel startup (02e98a806). This fixes a race where RPCs could fail with "UNAVAILABLE: Channel shutdown invoked" even though they were created before channel.shutdown()
• okhttp: Fix race condition overwriting MAX_CONCURRENT_STREAMS (#12548) (8d49dc1c9)
• binder: Stop leaking this from BinderServerTransport's ctor (#12453) (89d77e062)
• rls: Avoid missed config update from reentrancy (55ae1d054). This fixes a regression since 1.75.0 triggered by CdsLb being converted to XdsDepManager. Without this fix, a second channel to the same target may hang when starting, causing DEADLINE_EXCEEDED, and unhang when the control plane delivers an update (e.g., endpoint address update)

Improvements

• xds: gRFC A88 - Changes to XdsClient Watcher APIs (#12446) (f385add31). We now have improved xDS error handling and this provides a clearer mechanism for the xDS server to report per-resource errors to the client, resulting in better error messages for debugging and faster detection of non-existent resources. This also improves the handling of all xDS-related data errors and the behavior of the xDS resource timer.
• rls: Control plane channel monitor state and back off handling (#12460) (26c1c1341). Resets RLS request backoff timers when the Control plane channel state transitions to READY. Also when the backoff timer expires, instead of making a RLS request immediately, it just causes a picker update to allow making rpc again to the RLS target.
• core: simplify DnsNameResolver.resolveAddresses() (4843256af)
• netty: Run handshakeCompleteRunnable in success cases (283f1031f)
• api,netty: Add custom header support for HTTP CONNECT proxy (bbc0aa369)
• binder: Pre-factor out the guts of the BinderClientTransport handshake. (9313e87df)
• compiler: Add RISC-V 64-bit architecture support to compiler build configuration (725ab22f3)
• core: Release lock before closing shared resource (cb73f217e). Shared resources are internal to gRPC for sharing expensive objects across channels and servers, like threads. This reduces the chances of forming a deadlock, like seen with s2a in d50098f
• Upgrade gson to 2.12.1 (6dab2ceab)
• Upgrade dependencies (f36defa2d). proto-google-common-protos to 2.63.1, google-auth-library to 1.40.0, error-prone annotations to 2.44.0, guava to 33.5.0-android, opentelemetry to 1.56.0
• compiler: Update maximum supported protobuf edition to EDITION_2024 (2f64092b8)
• binder: Introduce server authorization strategy v2 (d9710725d). Adds support for android:isolatedProcess Services and moves all security checks to the handshake, making subsequent transactions more efficient.

New Features

• compiler: Upgrade to C++ protobuf 33.1 (#12534) (58ae5f808).
• util: Add gRFC A68 random subsetting LB (48a42889d). The policy uses the name random_subsetting_experimental. If it is working for you, tell us so we can gauge marking it stable. While the xDS portions haven’t yet landed, it is possible to use with xDS with JSON-style Structs as supported by gRFC A52
• xds: Support for System Root Certs (#12499) (51611bad1). Most service mesh workloads use mTLS, as described in gRFC A29. However, there are cases where it is useful for applications to use normal TLS rather than using certificates for workload identity, such as when a mesh wants to move some workloads behind a reverse proxy. The xDS CertificateValidationContext message (see envoyproxy/envoy#34235) has a system_root_certs field. In the gRPC client, if this field is present and the ca_certificate_provider_instance field is unset, system root certificates will be used for validation. This implements gRFC A82.
• xds: Support for GCP Authentication Filter (#12499) (51611bad1). In service mesh environments, there are cases where intermediate proxies make it impossible to rely on mTLS for end-to-end authentication. These cases can be addressed instead by the use of service account identity JWT tokens. The xDS GCP Authentication filter provides a mechanism for attaching such JWT tokens as gRPC call credentials on GCP. gRPC already supports a framework for xDS HTTP filters, as described in gRFC A39. This release supports the GCP Authentication filter under this framework as described in gRFC A83.
• xds: Support for xDS-based authority rewriting (#12499) (51611bad1). gRPC supports getting routing configuration from an xDS server, as described in gRFCs A27 and A28. The xDS configuration can configure the client to rewrite the authority header on requests. This functionality can be useful in cases where the server is using the authority header to make decisions about how to process the request, such as when multiple hosts are handled via a reverse proxy. Note that this feature is solely about rewriting the authority header on data plane RPCs; it does not affect the authority used in the TLS handshake.
  As mentioned in gRFC A29, there are use-cases for gRPC that prohibit trusting the xDS server to control security-centric configuration. The authority rewriting feature falls under the same umbrella as mTLS configuration. As a result, the authority rewriting feature will only be enabled when the bootstrap config for the xDS server has trusted_xds_server in the server_features field.
• xds: xDS based SNI setting and SAN validation (#12378) (0567531). When using xDS credentials make SNI for the Tls handshake to be configured via xDS, rather than use the channel authority as the SNI, and make SAN validation to be able to use the SNI sent when so instructed via xDS. Implements gRFC A101.

Documentation

• api: Document gRFC A18 TCP_USER_TIMEOUT handling for keepalive (da7038782)
• core: Fix AbstractClientStream Javadoc (28a6130e8)
• examples: Document how to preserve META-INF/services in uber jars (97695d523)

Thanks to

• @​panchenko
• @​Dayuxiaoshui
• @​becomeStar
• @​kssumin
• @​marcindabrowski
• @​MariusVolkhart
• @​Zgoda91
• @​devalkone

... (truncated)

Commits

• 8fa6000 Bump version to 1.78.0
• 87df333 Update README etc to reference 1.78.0
• 283f103 netty: Run handshakeCompleteRunnable in success cases
• eb8a63c Introduce io.grpc.Uri. (#12535)
• 58ae5f8 compiler: Upgrade to protobuf 33.1 (#12534)
• 8d49dc1 okhttp: Fix race condition overwriting MAX_CONCURRENT_STREAMS (#12548)
• b1a94a4 xds: implement server feature fail_on_data_errors (#12544)
• 55ae1d0 rls: Avoid missed config update from reentrancy
• 53a0926 xds: fix race in simpleFlowControl (#12547)
• f36defa Upgrade dependencies
• Additional commits viewable in compare view

Updates com.google.protobuf:protobuf-java from 3.25.3 to 4.33.2

Commits

• See full diff in compare view

Updates io.micrometer:micrometer-registry-prometheus from 1.13.1 to 1.16.1

Release notes

Sourced from io.micrometer:micrometer-registry-prometheus's releases.

1.16.1

🐞 Bug Fixes

• Don't filter log events in LogbackMetricsBenchmark #6891
• Return value nullability is incorrect on function wrapper methods #6869

📔 Documentation

• Add link to the latest Micrometer Team talk #6881
• Document JSpecify dependency #6886
• Make cross-references more consistent in the docs #6915

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 #6877
• Bump com.netflix.spectator:spectator-reg-atlas from 1.9.1 to 1.9.2 #6904
• Bump com.uber.nullaway:nullaway from 0.12.12 to 0.12.14 #6937
• Bump grpc from 1.76.0 to 1.76.1 #6902
• Bump io.freefair.aspectj.post-compile-weaving from 8.14.2 to 8.14.3 #6876
• Bump io.prometheus:prometheus-metrics-bom from 1.4.2 to 1.4.3 #6868
• Bump spring6 from 6.2.12 to 6.2.14 #6890

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​MiLabuda, @​izeye, and @​ngocnhan-tran1996

1.16.0

We upgraded the Prometheus Java Client to 1.4.x (#6830) which brings support for Unicode which includes some behavioral change in naming conventions, see the 1.16 Migration-Guide.

⚠️ Noteworthy

• Deprecate the Wavefront module #6328
• Remove deprecated io.micrometer.core.lang annotations #6407
• Register JCache cache.removals as a FunctionCounter by default #2754
• Improve no-op behavior of the Observation API #6700

⭐ New Features

• Support KeyValues with annotations when using ObservedAspect/@Observed #4030
• Validate low cardinality keys #6713
• Add counter for total loaded classes #3561
• Add eventexecutor.workers metrics for Netty #6375
• Avoid DistributionStatisticsConfig creation when retrieving timers #6661
• Avoid capturing lambda allocation when retrieving existing meters #6670
• Introduce MeterConvention #6710
• OpenTelemetry Semantic Conventions for JVM metrics #5286
• Add MeterFilter.forMeters utility method #6594

... (truncated)

Commits

• 0550e76 Merge branch '1.15.x' into 1.16.x
• e8dd176 Merge branch '1.14.x' into 1.15.x
• d8a46b5 Fixed flaky test for mongo client (#6924)
• 0bbe73b Bump com.uber.nullaway:nullaway from 0.12.13 to 0.12.14 (#6937)
• d0b368d Polish gh-6612 (#6932)
• aa9eac0 Bump com.uber.nullaway:nullaway from 0.12.12 to 0.12.13 (#6930)
• 57bd4ff Merge branch '1.15.x' into 1.16.x
• 11d8fb1 Merge branch '1.14.x' into 1.15.x
• 5779b09 Backport fixing typos in docs
• 8b88e43 Merge branch '1.15.x' into 1.16.x
• Additional commits viewable in compare view

Updates org.apache.lucene:lucene-core from 9.8.0 to 10.3.2

Updates org.apache.lucene:lucene-analysis-common from 9.8.0 to 10.3.2

Updates org.apache.lucene:lucene-queryparser from 9.8.0 to 10.3.2

Updates org.apache.lucene:lucene-highlighter from 9.8.0 to 10.3.2

Updates org.apache.lucene:lucene-facet from 9.8.0 to 10.3.2

Updates org.apache.lucene:lucene-analysis-common from 9.8.0 to 10.3.2

Updates org.apache.lucene:lucene-queryparser from 9.8.0 to 10.3.2

Updates org.apache.lucene:lucene-highlighter from 9.8.0 to 10.3.2

Updates org.apache.lucene:lucene-facet from 9.8.0 to 10.3.2

Updates org.junit.jupiter:junit-jupiter from 5.10.2 to 6.0.1

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: https://github.com/junit-team/junit-framew...

Description has been truncated

[dependabot]

Looks like these dependencies are no longer being updated by Dependabot, so this is no longer needed.

[dependabot]

The group that created this PR has been removed from your configuration.