chore: bump the gradle-production-dependencies group across 1 directory with 14 updates

[dependabot]

Bumps the gradle-production-dependencies group with 14 updates in the /src/adservice directory:

Package	From	To
io.opentelemetry:opentelemetry-bom	1.44.1	1.47.0
io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom	2.10.0	2.13.1
com.google.api.grpc:proto-google-common-protos	2.49.0	2.52.0
io.grpc:grpc-protobuf	1.68.2	1.70.0
io.grpc:grpc-stub	1.68.2	1.70.0
io.grpc:grpc-netty	1.68.2	1.70.0
io.grpc:grpc-services	1.68.2	1.70.0
io.grpc:protoc-gen-grpc-java	1.68.2	1.70.0
org.apache.logging.log4j:log4j-core	2.24.2	2.24.3
dev.openfeature.contrib.providers:flagd	0.10.2	0.11.3
dev.openfeature:sdk	1.12.2	1.14.1
io.netty:netty-tcnative-boringssl-static	2.0.69.Final	2.0.70.Final
com.google.protobuf:protoc	3.25.3	4.29.3
com.github.ben-manes.versions	0.51.0	0.52.0

Updates io.opentelemetry:opentelemetry-bom from 1.44.1 to 1.47.0

Release notes

Sourced from io.opentelemetry:opentelemetry-bom's releases.

Version 1.47.0

API

Incubator

• Make ExtendedTracer easier to use (#6943)
• Add ExtendedLogRecordBuilder#setEventName and corresponding SDK and OTLP serialization (#7012)
• BREAKING: Drop event API / SDK (#7053)

SDK

• Remove -alpha artifacts from runtime classpath of stable components (#6944)

Traces

• Bugfix: Follow spec on span limits, batch processors (#7030)
• Add experimental SdkTracerProvider.setScopeConfigurator(ScopeConfigurator) for updating TracerConfig at runtime (#7021)

Profiles

• Add AttributeKeyValue abstraction to common otlp exporters (#7026)
• Improve profiles attribute table handling (#7031)

Exporters

• Interpret timeout zero value as no limit (#7023)
• Bugfix - OTLP: Fix concurrent span reusable data marshaler (#7041)
• OTLP: Add ability to customize retry exception predicate (#6991)
• OTLP: Expand default OkHttp sender retry exception predicate (#7047, #7057)

Extensions

• Autoconfigure: Consistent application of exporter customizers when otel.{signal}.exporter=none (#7017)
• Autoconfigure: Promote EnvironmentResourceProvider to public API (#7052)
• Autoconfigure: Ensure OTEL_PROPAGATORS still works when OTEL_SDK_DISABLED=true. (#7062)%

Testing

• Add W3CBaggagePropagator to OpenTelemetryRule, OpenTelemetryExtension. (#7056)

🙇 Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

@​breedx-splk @​edeweerd1A @​jack-berg @​jackshirazi @​jhalliday @​jkwatson

... (truncated)

Changelog

Sourced from io.opentelemetry:opentelemetry-bom's changelog.

Version 1.47.0 (2025-02-07)

API

Incubator

• Make ExtendedTracer easier to use (#6943)
• Add ExtendedLogRecordBuilder#setEventName and corresponding SDK and OTLP serialization (#7012)
• BREAKING: Drop event API / SDK (#7053)

SDK

• Remove -alpha artifacts from runtime classpath of stable components (#6944)

Traces

• Bugfix: Follow spec on span limits, batch processors (#7030)
• Add experimental SdkTracerProvider.setScopeConfigurator(ScopeConfigurator) for updating TracerConfig at runtime (#7021)

Profiles

• Add AttributeKeyValue abstraction to common otlp exporters (#7026)
• Improve profiles attribute table handling (#7031)

Exporters

• Interpret timeout zero value as no limit (#7023)
• Bugfix - OTLP: Fix concurrent span reusable data marshaler (#7041)
• OTLP: Add ability to customize retry exception predicate (#6991)
• OTLP: Expand default OkHttp sender retry exception predicate (#7047, #7057)

Extensions

• Autoconfigure: Consistent application of exporter customizers when otel.{signal}.exporter=none (#7017)
• Autoconfigure: Promote EnvironmentResourceProvider to public API

... (truncated)

Commits

• f97bea8 [release/v1.47.x] Prepare release 1.47.0 (#7085)
• 355d17f Prepare 1.47.0 (#7078)
• 19650df fix(deps): update dependency nl.jqno.equalsverifier:equalsverifier to v3.19 (...
• a17dcd5 fix(deps): update dependency me.champeau.jmh:jmh-gradle-plugin to v0.7.3 (#7054)
• e075cc1 chore(deps): update plugin org.graalvm.buildtools.native to v0.10.5 (#7066)
• 22b6fea chore(deps): update gradle/actions action to v4.3.0 (#7060)
• ab24130 chore(deps): update plugin com.gradleup.shadow to v8.3.6 (#7063)
• a5739eb Spec compliance: OTEL_PROPAGATORS should still work when OTEL_SDK_DISABLED (#...
• d16cad3 feat(sdk-testing): Add W3CBaggagePropagator to test utils (#7056)
• 2fcd5f5 Add OSSF Scorecard code scanning (#7067)
• Additional commits viewable in compare view

Updates io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom from 2.10.0 to 2.13.1

Release notes

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom's releases.

Version 2.13.1

This is a patch release on the previous 2.13.0 release, fixing the issue(s) below.

🛠️ Bug fixes

• Backport: Fix double instrumentation of Java runtime metrics (#13339)

Version 2.13.0

This release targets the OpenTelemetry SDK 1.47.0.

Note that many artifacts have the -alpha suffix attached to their version number, reflecting that they are still alpha quality and will continue to have breaking changes. Please see the VERSIONING.md for more details.

Migration notes

• io.opentelemetry.instrumentation.api.incubator.semconv.util.SpanNames has been deprecated, replaced by the stable io.opentelemetry.instrumentation.api.semconv.util.SpanNames
• In preparation for stabilizing HTTP library instrumentation, the classes and methods that were deprecated in the prior two releases have now been removed (#13135, #13150)
• Deprecated Dubbo instrumentation method was removed (#13076)

🌟 New javaagent instrumentation

• jdk.httpserver instrumentation (#13243)

🌟 New library instrumentation

• jdk.httpserver instrumentation (#13243)

📈 Enhancements

• Add database client metrics to Lettuce instrumentation (#13032)
• Stabilize io.opentelemetry.instrumentation.api.semconv.util.SpanNames (#12487)
• Implement ExtendedTextMapGetter in http server instrumentations (#13053)
• Implement ExtendedTextMapGetter in kafka-clients instrumentation (#13068)
• Scrub system property secrets from process resource attribute values (#13225)
• Add database client metrics to AWS SDK 2.x DynamoDB instrumentation (#13283)
• Add runtime metrics to Spring boot starter (#13173)

🛠️ Bug fixes

• Fix akka shutdown hanging (#13073)
• Fix MalformedInputException on z/OS (#13042)
• Fix scope leak in aws sdk instrumentation (#13129)
• Fix MapConverter does not get initialized when OTEL_SDK_DISABLED is set to true (#13224)
• Fix logback appender on android (#13234)
• Fix Ktor 3 CallLogging and StatusPages don't have Trace IDs (#13239)
• Fix Micrometer-bridge breaking Spring Actuator metrics (#13083)

🙇 Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

... (truncated)

Changelog

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom's changelog.

Version 2.13.1 (2025-02-18)

🛠️ Bug fixes

• Backport: Fix double instrumentation of Java runtime metrics (#13339)

Version 2.13.0 (2025-02-17)

Migration notes

• io.opentelemetry.instrumentation.api.incubator.semconv.util.SpanNames has been deprecated, replaced by the stable io.opentelemetry.instrumentation.api.semconv.util.SpanNames
• In preparation for stabilizing HTTP library instrumentation, the classes and methods that were deprecated in the prior two releases have now been removed (#13135, #13150)
• Deprecated Dubbo instrumentation method was removed (#13076)

🌟 New javaagent instrumentation

• jdk.httpserver instrumentation (#13243)

🌟 New library instrumentation

• jdk.httpserver instrumentation (#13243)

📈 Enhancements

• Add database client metrics to Lettuce instrumentation (#13032)
• Stabilize io.opentelemetry.instrumentation.api.semconv.util.SpanNames (#12487)
• Implement ExtendedTextMapGetter in http server instrumentations (#13053)
• Implement ExtendedTextMapGetter in kafka-clients instrumentation (#13068)
• Scrub system property secrets from process resource attribute values (#13225)
• Add database client metrics to AWS SDK 2.x DynamoDB instrumentation (#13283)
• Add runtime metrics to Spring boot starter (#13173)

🛠️ Bug fixes

• Fix akka shutdown hanging

... (truncated)

Commits

• a57cfb0 [release/v2.13.x] Prepare release 2.13.1 (#13346)
• 2a3095b [release/v2.13.x] Backport: Fix another release workflow step (#13324) (#13344)
• 7842569 [release/v2.13.x] Update change log for upcoming patch release (#13342)
• 6d87871 [release/v2.13.x] fix double instrumentation (#13339)
• 766c21d Add release option to finish the release (#13317)
• 7d3ac05 Fix release branch builds (#13318)
• c8ce712 [release/v2.13.x] Fix OpenJ9 test failure (#13314)
• a9d29cf [release/v2.13.x] Fix release workflow failure (#13310)
• 2221130 [release/v2.13.x] Prepare release 2.13.0 (#13303)
• d3fc5c0 Update change log for upcoming release (#13293)
• Additional commits viewable in compare view

Updates com.google.api.grpc:proto-google-common-protos from 2.49.0 to 2.52.0

Release notes

Sourced from com.google.api.grpc:proto-google-common-protos's releases.

v2.52.0

2.52.0 (2025-01-24)

Features

• add support for new setAllowHardBoundTokens field. (#3467) (38431a2)
• revert #3400: reintroduce experimental S2A integration in client libraries grpc transport (#3548) (65a0f11)

Dependencies

• update dependency com.google.api-client:google-api-client-bom to v2.7.2 (#3578) (f6e5ad9)
• update dependency commons-codec:commons-codec to v1.17.2 (#3557) (07ce801)
• update dependency gitpython to v3.1.44 (#3559) (e924db0)
• update dependency org.checkerframework:checker-qual to v3.48.4 (#3560) (a4726e9)
• update dependency smmap to v5.0.2 (#3561) (6cd5d0d)
• update docker.io/library/alpine docker tag to v3.21.1 (#3551) (edd5a4c)
• update docker.io/library/alpine docker tag to v3.21.2 (#3580) (f577ecd)
• update docker.io/library/maven:3.9.9-eclipse-temurin-11-alpine docker digest to 9a259c6 (#3554) (eb2cbd6)
• update docker.io/library/python:3.13.1-alpine3.20 docker digest to 9ab3b6e (#3555) (40a74fe)
• update google auth library dependencies to v1.31.0 (#3577) (7fa879a)
• update googleapis/java-cloud-bom digest to c7c443f (#3579) (fcf40b7)
• update repo-automation-bots digest to 0a12b5d (#3464) (b9c9d21)

v2.51.1

2.51.1 (2025-01-08)

Dependencies

• update dependency com.google.guava:guava to v33.4.0-jre (#3473) (453b897)
• update dependency com.google.guava:guava-bom to v33.4.0-jre (#3545) (07eb10e)
• update dependency com.google.oauth-client:google-oauth-client-bom to v1.37.0 (#3471) (1f1c369)
• update dependency net.bytebuddy:byte-buddy to v1.15.11 (#3468) (fde27db)
• update google api dependencies (#3461) (12d9ff2)
• update googleapis/java-cloud-bom digest to 03f6dcd (#3465) (67f5ea2)
• update junit5 monorepo to v5.11.4 (#3470) (164ebac)
• update netty dependencies to v4.1.116.final (#3543) (d4fa54d)
• update repo-automation-bots digest to 8b7d94b (#3458) (59f9e0a)

Documentation

• update development guide (#3480) (9a65386)

v2.51.0

2.51.0 (2024-12-12)

... (truncated)

Changelog

Sourced from com.google.api.grpc:proto-google-common-protos's changelog.

2.52.0 (2025-01-24)

Features

• add support for new setAllowHardBoundTokens field. (#3467) (38431a2)
• revert #3400: reintroduce experimental S2A integration in client libraries grpc transport (#3548) (65a0f11)

Dependencies

• update dependency com.google.api-client:google-api-client-bom to v2.7.2 (#3578) (f6e5ad9)
• update dependency commons-codec:commons-codec to v1.17.2 (#3557) (07ce801)
• update dependency gitpython to v3.1.44 (#3559) (e924db0)
• update dependency org.checkerframework:checker-qual to v3.48.4 (#3560) (a4726e9)
• update dependency smmap to v5.0.2 (#3561) (6cd5d0d)
• update docker.io/library/alpine docker tag to v3.21.1 (#3551) (edd5a4c)
• update docker.io/library/alpine docker tag to v3.21.2 (#3580) (f577ecd)
• update docker.io/library/maven:3.9.9-eclipse-temurin-11-alpine docker digest to 9a259c6 (#3554) (eb2cbd6)
• update docker.io/library/python:3.13.1-alpine3.20 docker digest to 9ab3b6e (#3555) (40a74fe)
• update google auth library dependencies to v1.31.0 (#3577) (7fa879a)
• update googleapis/java-cloud-bom digest to c7c443f (#3579) (fcf40b7)
• update repo-automation-bots digest to 0a12b5d (#3464) (b9c9d21)

2.51.1 (2025-01-08)

Dependencies

• update dependency com.google.guava:guava to v33.4.0-jre (#3473) (453b897)
• update dependency com.google.guava:guava-bom to v33.4.0-jre (#3545) (07eb10e)
• update dependency com.google.oauth-client:google-oauth-client-bom to v1.37.0 (#3471) (1f1c369)
• update dependency net.bytebuddy:byte-buddy to v1.15.11 (#3468) (fde27db)
• update google api dependencies (#3461) (12d9ff2)
• update googleapis/java-cloud-bom digest to 03f6dcd (#3465) (67f5ea2)
• update junit5 monorepo to v5.11.4 (#3470) (164ebac)
• update netty dependencies to v4.1.116.final (#3543) (d4fa54d)
• update repo-automation-bots digest to 8b7d94b (#3458) (59f9e0a)

Documentation

• update development guide (#3480) (9a65386)

2.51.0 (2024-12-12)

Features

• [iam] add ResourcePolicyMember to google/iam/v1 (b8e2859)

... (truncated)

Commits

• c5b9924 chore(main): release 2.52.0 (#3576)
• 540c8e5 chore: prepare showcase for Graal SDK 23.x (#3574)
• 65a0f11 feat: revert #3400: reintroduce experimental S2A integration in client librar...
• f577ecd deps: update docker.io/library/alpine docker tag to v3.21.2 (#3580)
• a4726e9 deps: update dependency org.checkerframework:checker-qual to v3.48.4 (#3560)
• b9c9d21 deps: update repo-automation-bots digest to 0a12b5d (#3464)
• fcf40b7 deps: update googleapis/java-cloud-bom digest to c7c443f (#3579)
• 7fa879a deps: update google auth library dependencies to v1.31.0 (#3577)
• 07ce801 deps: update dependency commons-codec:commons-codec to v1.17.2 (#3557)
• f6e5ad9 deps: update dependency com.google.api-client:google-api-client-bom to v2.7.2...
• Additional commits viewable in compare view

Updates io.grpc:grpc-protobuf from 1.68.2 to 1.70.0

Release notes

Sourced from io.grpc:grpc-protobuf's releases.

v1.70.0

Bug Fixes

• Re-enable animalsniffer, fixing most violations (8ea362937). Violations would only have triggered on API level 23 and earlier, and the violations fixed here were highly unlikely to be triggered
• api: Fix Android API level 23 and earlier compatibility for StatusRuntimeException without stacktrace (#11072) (ebe2b4867). This fixes a regression introduced in 1.64.0. The regression should have caused failures on API level 23 and earlier when a StatusRuntimeException or StatusException was created. However, for unknown reasons tests on old devices didn’t notice issues
• okhttp: Improve certificate handling by rejecting non-ASCII subject alternative names and hostnames as seen in CVE-2021-0341 (#11749) (a0982ca0a). Hostnames are considered trusted and CAs are required to use punycode for non-ASCII hostnames, so this is expected to provide defense-in-depth. See also the related GoSecure blog post and the AOSP fix
• okhttp: Fix for ipv6 link local with scope (#11725) (65b32e60e)
• xds: Preserve nonce when unsubscribing last watcher of a particular type so that new discovery requests of that type are handled correctly (1cf1927d1). This (along with 6c12c2bd2) fixes a nonce-handling regression introduced in 1.66.0 that could cause resources to appear to not exist until re-creating the ADS stream. Triggering the behavior required specific config changes. It is easiest to trigger when clusters use EDS and routes are changed from one cluster to another. The error “found 0 leaf (logical DNS or EDS) clusters for root cluster” might then be seen
• xds: Remember nonces for unknown types (6c12c2bd2)
• xds: Unexpected types in the bootstrap’s server_features should be ignored (e8ff6da2c). They were previously required to be strings
• xds: Remove xds authority label from metric registration (#11760) (6516c7387). This fixes the error “Incorrect number of required labels provided. Expected: 4” introduced in 1.69.0
• xds: Fixed unsupported unsigned 32 bits issue for circuit breaker (#11735) (f8f613984). This fixes clients treating large max_requests as “no requests” and failing all requests

Improvements

• api: Introduce custom NameResolver.Args (#11669) (0b2d44098)
• stub: Introduce new API: BlockingStubV2 which supports Bidi streaming, Client streaming, a cleaner Server streaming and Unary RPCs (#10318) (ea8c31c30)
• bazel: Remove workaround for DoNotCall fixed in Bazel 3.4 (805cad378)
• binder: A standard API for pointing resolvers at a different Android User. (#11775) (1126a8e30)
• xds: Fix XDS control plane client retry timer backoff duration when connection closes after results are received (#11766) (ef7c2d59c)
• xds: Parsing xDS Cluster Metadata (#11741) (1edc4d84d). Not used actively, but this adds validation. The validation is unlikely to fail but may reject invalid resources.
• xds: Use "#server" as dataplane target value for xDS enabled gRPC servers (#11715) (ebb43a69e). This only impacts the grpc.target label in grpc.xds_client.* metrics. Previously the empty string was used
• rls: Reduce RLS debug channel logging (7f9c1f39f). This only matters when debug logging is enabled

Documentation

• examples: Simplify graceful shutdown in Hostname example (f1109e421)
• examples: Remove references to maven-central.storage-download.googleapis.com (c96e926e6)
• examples: Updated the attachHeaders to newAttachHeadersInterceptor in HeaderClientInterceptor (#11759) (5e8abc677)

Dependencies

• Bazel 8 is released, so replace Bazel 6 testing with Bazel 7 (8a5f7776d)

Thanks to

• @​panchenko
• @​benjaminp
• @​ZachChuba
• @​vinodhabib

v1.69.1

Bug Fixes

• okhttp: Improve certificate handling by rejecting non-ASCII subject alternative names and hostnames as seen in CVE-2021-0341 (#11749) (a0982ca0a). Hostnames are considered trusted and CAs are required to use punycode for non-ASCII hostnames, so this is expected to provide defense-in-depth. See also the related GoSecure blog post and the AOSP fix
• xds: Preserve nonce when unsubscribing last watcher of a particular type so that new discovery requests of that type are handled correctly (1cf1927d1). This (along with 6c12c2bd2) fixes a nonce-handling regression introduced in 1.66.0 that could cause resources to appear to not exist until re-creating the ADS stream. Triggering the behavior required specific config changes. It is easiest to trigger when clusters use EDS and routes are changed from one cluster to another. The error “found 0 leaf (logical DNS or EDS) clusters for root cluster” might then be seen
• xds: Remember nonces for unknown types (6c12c2bd2)
• xds: Unexpected types in the bootstrap’s server_features should be ignored (e8ff6da2c). They were previously required to be strings
• xds: Fixed unsupported unsigned 32 bits issue for circuit breaker (#11735) (f8f613984). This fixes clients treating large max_requests as “no requests” and failing all requests
• xds: Remove xds authority label from metric registration (#11760) (6516c7387). This fixes the error “Incorrect number of required labels provided. Expected: 4” introduced in 1.69.0

... (truncated)

Commits

• 22a42c8 Bump version to 1.70.0
• e015a74 Update README etc to reference 1.70.0
• 4412054 xds: Rename grpc.xds.cluster to grpc.lb.backend_service
• 7dada7d xds: Pass grpc.xds.cluster label to tracer
• 1edc4d8 xds: Parsing xDS Cluster Metadata (#11741)
• 4222f77 xds:Move creating the retry timer in handleRpcStreamClosed to as late as poss...
• 6c12c2b xds: Remember nonces for unknown types
• 4a0f707 xds: Avoid depending on io.grpc.xds.Internal* classes
• 1cf1927 xds: Preserve nonce when unsubscribing type
• 9a712c3 xds: Make XdsClient.ResourceStore package-private
• Additional commits viewable in compare view

Updates io.grpc:grpc-stub from 1.68.2 to 1.70.0

Release notes

Sourced from io.grpc:grpc-stub's releases.

v1.70.0

Bug Fixes

• Re-enable animalsniffer, fixing most violations (8ea362937). Violations would only have triggered on API level 23 and earlier, and the violations fixed here were highly unlikely to be triggered
• api: Fix Android API level 23 and earlier compatibility for StatusRuntimeException without stacktrace (#11072) (ebe2b4867). This fixes a regression introduced in 1.64.0. The regression should have caused failures on API level 23 and earlier when a StatusRuntimeException or StatusException was created. However, for unknown reasons tests on old devices didn’t notice issues
• okhttp: Improve certificate handling by rejecting non-ASCII subject alternative names and hostnames as seen in CVE-2021-0341 (#11749) (a0982ca0a). Hostnames are considered trusted and CAs are required to use punycode for non-ASCII hostnames, so this is expected to provide defense-in-depth. See also the related GoSecure blog post and the AOSP fix
• okhttp: Fix for ipv6 link local with scope (#11725) (65b32e60e)
• xds: Preserve nonce when unsubscribing last watcher of a particular type so that new discovery requests of that type are handled correctly (1cf1927d1). This (along with 6c12c2bd2) fixes a nonce-handling regression introduced in 1.66.0 that could cause resources to appear to not exist until re-creating the ADS stream. Triggering the behavior required specific config changes. It is easiest to trigger when clusters use EDS and routes are changed from one cluster to another. The error “found 0 leaf (logical DNS or EDS) clusters for root cluster” might then be seen
• xds: Remember nonces for unknown types (6c12c2bd2)
• xds: Unexpected types in the bootstrap’s server_features should be ignored (e8ff6da2c). They were previously required to be strings
• xds: Remove xds authority label from metric registration (#11760) (6516c7387). This fixes the error “Incorrect number of required labels provided. Expected: 4” introduced in 1.69.0
• xds: Fixed unsupported unsigned 32 bits issue for circuit breaker (#11735) (f8f613984). This fixes clients treating large max_requests as “no requests” and failing all requests

Improvements

• api: Introduce custom NameResolver.Args (#11669) (0b2d44098)
• stub: Introduce new API: BlockingStubV2 which supports Bidi streaming, Client streaming, a cleaner Server streaming and Unary RPCs (#10318) (ea8c31c30)
• bazel: Remove workaround for DoNotCall fixed in Bazel 3.4 (805cad378)
• binder: A standard API for pointing resolvers at a different Android User. (#11775) (1126a8e30)
• xds: Fix XDS control plane client retry timer backoff duration when connection closes after results are received (#11766) (ef7c2d59c)
• xds: Parsing xDS Cluster Metadata (#11741) (1edc4d84d). Not used actively, but this adds validation. The validation is unlikely to fail but may reject invalid resources.
• xds: Use "#server" as dataplane target value for xDS enabled gRPC servers (#11715) (ebb43a69e). This only impacts the grpc.target label in grpc.xds_client.* metrics. Previously the empty string was used
• rls: Reduce RLS debug channel logging (7f9c1f39f). This only matters when debug logging is enabled

Documentation

• examples: Simplify graceful shutdown in Hostname example (f1109e421)
• examples: Remove references to maven-central.storage-download.googleapis.com (c96e926e6)
• examples: Updated the attachHeaders to newAttachHeadersInterceptor in HeaderClientInterceptor (#11759) (5e8abc677)

Dependencies

• Bazel 8 is released, so replace Bazel 6 testing with Bazel 7 (8a5f7776d)

Thanks to

• @​panchenko
• @​benjaminp
• @​ZachChuba
• @​vinodhabib

v1.69.1

Bug Fixes

• okhttp: Improve certificate handling by rejecting non-ASCII subject alternative names and hostnames as seen in CVE-2021-0341 (#11749) (a0982ca0a). Hostnames are considered trusted and CAs are required to use punycode for non-ASCII hostnames, so this is expected to provide defense-in-depth. See also the related GoSecure blog post and the AOSP fix
• xds: Preserve nonce when unsubscribing last watcher of a particular type so that new discovery requests of that type are handled correctly (1cf1927d1). This (along with 6c12c2bd2) fixes a nonce-handling regression introduced in 1.66.0 that could cause resources to appear to not exist until re-creating the ADS stream. Triggering the behavior required specific config changes. It is easiest to trigger when clusters use EDS and routes are changed from one cluster to another. The error “found 0 leaf (logical DNS or EDS) clusters for root cluster” might then be seen
• xds: Remember nonces for unknown types (6c12c2bd2)
• xds: Unexpected types in the bootstrap’s server_features should be ignored (e8ff6da2c). They were previously required to be strings
• xds: Fixed unsupported unsigned 32 bits issue for circuit breaker (#11735) (f8f613984). This fixes clients treating large max_requests as “no requests” and failing all requests
• xds: Remove xds authority label from metric registration (#11760) (6516c7387). This fixes the error “Incorrect number of required labels provided. Expected: 4” introduced in 1.69.0

... (truncated)

Commits

• 22a42c8 Bump version to 1.70.0
• e015a74 Update README etc to reference 1.70.0
• 4412054 xds: Rename grpc.xds.cluster to grpc.lb.backend_service
• 7dada7d xds: Pass grpc.xds.cluster label to tracer
• 1edc4d8 xds: Parsing xDS Cluster Metadata (#11741)
• 4222f77 xds:Move creating the retry timer in handleRpcStreamClosed to as late as poss...
• 6c12c2b xds: Remember nonces for unknown types
• 4a0f707 xds: Avoid depending on io.grpc.xds.Internal* classes
• 1cf1927 xds: Preserve nonce when unsubscribing type
• 9a712c3 xds: Make XdsClient.ResourceStore package-private
• Additional commits viewable in compare view

Updates io.grpc:grpc-netty from 1.68.2 to 1.70.0

Release notes

Sourced from io.grpc:grpc-netty's releases.

v1.70.0

Bug Fixes

• Re-enable animalsniffer, fixing most violations (8ea362937). Violations would only have triggered on API level 23 and earlier, and the violations fixed here were highly unlikely to be triggered
• api: Fix Android API level 23 and earlier compatibility for StatusRuntimeException without stacktrace (#11072) (ebe2b4867). This fixes a regression introduced in 1.64.0. The regression should have caused failures on API level 23 and earlier when a StatusRuntimeException or StatusException was created. However, for unknown reasons tests on old devices didn’t notice issues
• okhttp: Improve certificate handling by rejecting non-ASCII subject alternative names and hostnames as seen in CVE-2021-0341 (#11749) (a0982ca0a). Hostnames are considered trusted and CAs are required to use punycode for non-ASCII hostnames, so this is expected to provide defense-in-depth. See also the related GoSecure blog post and the AOSP fix
• okhttp: Fix for ipv6 link local with scope (#11725) (65b32e60e)
• xds: Preserve nonce when unsubscribing last watcher of a particular type so that new discovery requests of that type are handled correctly (1cf1927d1). This (along with 6c12c2bd2) fixes a nonce-handling regression introduced in 1.66.0 that could cause resources to appear to not exist until re-creating the ADS stream. Triggering the behavior required specific config changes. It is easiest to trigger when clusters use EDS and routes are changed from one cluster to another. The error “found 0 leaf (logical DNS or EDS) clusters for root cluster” might then be seen
• xds: Remember nonces for unknown types (6c12c2bd2)
• xds: Unexpected types in the bootstrap’s server_features should be ignored (e8ff6da2c). They were previously required to be strings
• xds: Remove xds authority label from metric registration (#11760) (6516c7387). This fixes the error “Incorrect number of required labels provided. Expected: 4” introduced in 1.69.0
• xds: Fixed unsupported unsigned 32 bits issue for circuit breaker (#11735) (f8f613984). This fixes clients treating large max_requests as “no requests” and failing all requests

Improvements

• api: Introduce custom NameResolver.Args (#11669) (0b2d44098)
• stub: Introduce new API: BlockingStubV2 which supports Bidi streaming, Client streaming, a cleaner Server streaming and Unary RPCs (#10318) (ea8c31c30)
• bazel: Remove workaround for DoNotCall fixed in Bazel 3.4 (805cad378)
• binder: A standard API for pointing resolvers at a different Android User. (#11775) (1126a8e30)
• xds: Fix XDS control plane client retry timer backoff duration when connection closes after results are received (#11766) (ef7c2d59c)
• xds: Parsing xDS Cluster Metadata (#11741) (1edc4d84d). Not used actively, but this adds validation. The validation is unlikely to fail but may reject invalid resources.
• xds: Use "#server" as dataplane target value for xDS enabled gRPC servers (#11715) (ebb43a69e). This only impacts the grpc.target label in grpc.xds_client.* metrics. Previously the empty string was used
• rls: Reduce RLS debug channel logging (7f9c1f39f). This only matters when debug logging is enabled

Documentation

• examples: Simplify graceful shutdown in Hostname example (f1109e421)
• examples: Remove references to maven-central.storage-download.googleapis.com (c96e926e6)
• examples: Updated the attachHeaders to newAttachHeadersInterceptor in HeaderClientInterceptor (

[dependabot]

Superseded by #320.