chore: bump the gradle-production-dependencies group across 1 directory with 16 updates

[dependabot]

Bumps the gradle-production-dependencies group with 16 updates in the /src/adservice directory:

Package	From	To
io.opentelemetry:opentelemetry-bom	1.44.1	1.47.0
io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom	2.10.0	2.13.3
com.google.api.grpc:proto-google-common-protos	2.49.0	2.53.0
io.grpc:grpc-protobuf	1.68.2	1.71.0
io.grpc:grpc-stub	1.68.2	1.71.0
io.grpc:grpc-netty	1.68.2	1.71.0
io.grpc:grpc-services	1.68.2	1.71.0
io.grpc:protoc-gen-grpc-java	1.68.2	1.71.0
org.apache.logging.log4j:log4j-core	2.24.2	2.24.3
dev.openfeature.contrib.providers:flagd	0.10.2	0.11.4
dev.openfeature:sdk	1.12.2	1.14.1
com.fasterxml.jackson.core:jackson-core	2.18.2	2.18.3
com.fasterxml.jackson.core:jackson-databind	2.18.2	2.18.3
io.netty:netty-tcnative-boringssl-static	2.0.69.Final	2.0.70.Final
com.google.protobuf:protoc	3.25.3	4.29.3
com.github.ben-manes.versions	0.51.0	0.52.0

Updates io.opentelemetry:opentelemetry-bom from 1.44.1 to 1.47.0

Release notes

Sourced from io.opentelemetry:opentelemetry-bom's releases.

Version 1.47.0

API

Incubator

• Make ExtendedTracer easier to use (#6943)
• Add ExtendedLogRecordBuilder#setEventName and corresponding SDK and OTLP serialization (#7012)
• BREAKING: Drop event API / SDK (#7053)

SDK

• Remove -alpha artifacts from runtime classpath of stable components (#6944)

Traces

• Bugfix: Follow spec on span limits, batch processors (#7030)
• Add experimental SdkTracerProvider.setScopeConfigurator(ScopeConfigurator) for updating TracerConfig at runtime (#7021)

Profiles

• Add AttributeKeyValue abstraction to common otlp exporters (#7026)
• Improve profiles attribute table handling (#7031)

Exporters

• Interpret timeout zero value as no limit (#7023)
• Bugfix - OTLP: Fix concurrent span reusable data marshaler (#7041)
• OTLP: Add ability to customize retry exception predicate (#6991)
• OTLP: Expand default OkHttp sender retry exception predicate (#7047, #7057)

Extensions

• Autoconfigure: Consistent application of exporter customizers when otel.{signal}.exporter=none (#7017)
• Autoconfigure: Promote EnvironmentResourceProvider to public API (#7052)
• Autoconfigure: Ensure OTEL_PROPAGATORS still works when OTEL_SDK_DISABLED=true. (#7062)%

Testing

• Add W3CBaggagePropagator to OpenTelemetryRule, OpenTelemetryExtension. (#7056)

🙇 Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

@​breedx-splk @​edeweerd1A @​jack-berg @​jackshirazi @​jhalliday @​jkwatson

... (truncated)

Changelog

Sourced from io.opentelemetry:opentelemetry-bom's changelog.

Version 1.47.0 (2025-02-07)

API

Incubator

• Make ExtendedTracer easier to use (#6943)
• Add ExtendedLogRecordBuilder#setEventName and corresponding SDK and OTLP serialization (#7012)
• BREAKING: Drop event API / SDK (#7053)

SDK

• Remove -alpha artifacts from runtime classpath of stable components (#6944)

Traces

• Bugfix: Follow spec on span limits, batch processors (#7030)
• Add experimental SdkTracerProvider.setScopeConfigurator(ScopeConfigurator) for updating TracerConfig at runtime (#7021)

Profiles

• Add AttributeKeyValue abstraction to common otlp exporters (#7026)
• Improve profiles attribute table handling (#7031)

Exporters

• Interpret timeout zero value as no limit (#7023)
• Bugfix - OTLP: Fix concurrent span reusable data marshaler (#7041)
• OTLP: Add ability to customize retry exception predicate (#6991)
• OTLP: Expand default OkHttp sender retry exception predicate (#7047, #7057)

Extensions

• Autoconfigure: Consistent application of exporter customizers when otel.{signal}.exporter=none (#7017)
• Autoconfigure: Promote EnvironmentResourceProvider to public API

... (truncated)

Commits

• f97bea8 [release/v1.47.x] Prepare release 1.47.0 (#7085)
• 355d17f Prepare 1.47.0 (#7078)
• 19650df fix(deps): update dependency nl.jqno.equalsverifier:equalsverifier to v3.19 (...
• a17dcd5 fix(deps): update dependency me.champeau.jmh:jmh-gradle-plugin to v0.7.3 (#7054)
• e075cc1 chore(deps): update plugin org.graalvm.buildtools.native to v0.10.5 (#7066)
• 22b6fea chore(deps): update gradle/actions action to v4.3.0 (#7060)
• ab24130 chore(deps): update plugin com.gradleup.shadow to v8.3.6 (#7063)
• a5739eb Spec compliance: OTEL_PROPAGATORS should still work when OTEL_SDK_DISABLED (#...
• d16cad3 feat(sdk-testing): Add W3CBaggagePropagator to test utils (#7056)
• 2fcd5f5 Add OSSF Scorecard code scanning (#7067)
• Additional commits viewable in compare view

Updates io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom from 2.10.0 to 2.13.3

Release notes

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom's releases.

Version 2.13.3

This is a patch release on the previous 2.13.2 release, fixing the issue(s) below.

🛠️ Bug fixes

• Backport: Fix failure to start when AWS Resource Provider is enabled (#13420)

Version 2.13.2

This is a patch release on the previous 2.13.1 release, fixing the issue(s) below.

🛠️ Bug fixes

• Backport: Fix Spring boot starter dependency resolution failure with Gradle and Java 11 (#13402)

Version 2.13.1

This is a patch release on the previous 2.13.0 release, fixing the issue(s) below.

🛠️ Bug fixes

• Backport: Fix double instrumentation of Java runtime metrics (#13339)

Version 2.13.0

This release targets the OpenTelemetry SDK 1.47.0.

Note that many artifacts have the -alpha suffix attached to their version number, reflecting that they are still alpha quality and will continue to have breaking changes. Please see the VERSIONING.md for more details.

Migration notes

• io.opentelemetry.instrumentation.api.incubator.semconv.util.SpanNames has been deprecated, replaced by the stable io.opentelemetry.instrumentation.api.semconv.util.SpanNames
• In preparation for stabilizing HTTP library instrumentation, the classes and methods that were deprecated in the prior two releases have now been removed (#13135, #13150)
• Deprecated Dubbo instrumentation method was removed (#13076)

🌟 New javaagent instrumentation

• jdk.httpserver instrumentation (#13243)

🌟 New library instrumentation

• jdk.httpserver instrumentation (#13243)

📈 Enhancements

• Add database client metrics to Lettuce instrumentation (#13032)
• Stabilize io.opentelemetry.instrumentation.api.semconv.util.SpanNames (#12487)
• Implement ExtendedTextMapGetter in http server instrumentations (#13053)
• Implement ExtendedTextMapGetter in kafka-clients instrumentation (#13068)
• Scrub system property secrets from process resource attribute values (#13225)
• Add database client metrics to AWS SDK 2.x DynamoDB instrumentation (#13283)
• Add runtime metrics to Spring boot starter (#13173)

... (truncated)

Changelog

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom's changelog.

Version 2.13.3 (2025-02-28)

🛠️ Bug fixes

• Backport: Fix failure to start when AWS Resource Provider is enabled (#13420)

Version 2.13.2 (2025-02-27)

🛠️ Bug fixes

• Backport: Fix Spring boot starter dependency resolution failure with Gradle and Java 11 (#13402)

Version 2.13.1 (2025-02-18)

🛠️ Bug fixes

• Backport: Fix double instrumentation of Java runtime metrics (#13339)

Version 2.13.0 (2025-02-17)

Migration notes

• io.opentelemetry.instrumentation.api.incubator.semconv.util.SpanNames has been deprecated, replaced by the stable io.opentelemetry.instrumentation.api.semconv.util.SpanNames
• In preparation for stabilizing HTTP library instrumentation, the classes and methods that were deprecated in the prior two releases have now been removed (#13135, #13150)
• Deprecated Dubbo instrumentation method was removed (#13076)

🌟 New javaagent instrumentation

• jdk.httpserver instrumentation (#13243)

🌟 New library instrumentation

• jdk.httpserver instrumentation (#13243)

📈 Enhancements

• Add database client metrics to Lettuce instrumentation (#13032)
• Stabilize io.opentelemetry.instrumentation.api.semconv.util.SpanNames (#12487)

... (truncated)

Commits

• 4026383 [release/v2.13.x] Prepare release 2.13.3 (#13425)
• 8caa208 Update changelog for upcoming 2.13.3 release (#13424)
• 981df2b [release/v2.13.x] fix(deps): update opentelemetry-java-contrib monorepo to v1...
• 9486838 [release/v2.13.x] Fix testLatestDeps (#13422)
• 240306c [release/v2.13.x] Prepare release 2.13.2 (#13404)
• 47443c6 Update change log for upcoming 2.13.2 patch release (#13403)
• 4ae96cf [release/v2.13.x] Compile opentelemetry-runtime-telemetry-java17 in Java 8 (#...
• a57cfb0 [release/v2.13.x] Prepare release 2.13.1 (#13346)
• 2a3095b [release/v2.13.x] Backport: Fix another release workflow step (#13324) (#13344)
• 7842569 [release/v2.13.x] Update change log for upcoming patch release (#13342)
• Additional commits viewable in compare view

Updates com.google.api.grpc:proto-google-common-protos from 2.49.0 to 2.53.0

Release notes

Sourced from com.google.api.grpc:proto-google-common-protos's releases.

v2.53.0

2.53.0 (2025-02-10)

Features

• enable DirectPath bound token in InstantiatingGrpcChannelProvider (#3572) (5080495)
• Enable MTLS_S2A bound token by default for gRPC S2A enabled flows (#3591) (81e21f2)
• migrate away from deprecated graal-sdk dependency to use nativeimage (#2706) (757801a)

Bug Fixes

• Avoid creating message string prematurely for streaming calls (#3622) (f805e70)

Dependencies

• update dependency com.google.code.gson:gson to v2.12.0 (#3595) (1f1b119)
• update dependency com.google.code.gson:gson to v2.12.0 (#3596) (af62f53)
• update dependency com.google.code.gson:gson to v2.12.1 (#3599) (18917ee)
• update dependency com.google.code.gson:gson to v2.12.1 (#3600) (3f82836)
• update dependency commons-codec:commons-codec to v1.18.0 (#3590) (cd46ba5)
• update dependency io.netty:netty-tcnative-boringssl-static to v2.0.70.final (#3623) (a4d1f95)
• update dependency lxml to v5.3.1 (#3624) (5407646)
• update dependency net.bytebuddy:byte-buddy to v1.17.0 (#3582) (54d99e9)
• update dependency org.checkerframework:checker-qual to v3.49.0 (#3604) (390cffa)
• update dependency org.graalvm.sdk:nativeimage to v24.1.2 (#3597) (9d151c4)
• update docker.io/library/maven:3.9.9-eclipse-temurin-11-alpine docker digest to 456f60c (#3607) (c2d2768)
• update docker.io/library/maven:3.9.9-eclipse-temurin-11-alpine docker digest to d323c2b (#3601) (ed35c23)
• update docker.io/library/python docker tag to v3.13.2 (#3615) (ba007c2)
• update docker.io/library/python:3.13.1-alpine3.20 docker digest to 7788ec8 (#3586) (a24d1ba)
• update google api dependencies (#3584) (08f2b7b)
• update google auth library dependencies to v1.32.0 (#3611) (9436eb0)
• update google auth library dependencies to v1.32.1 (#3618) (88c78e2)
• update google http client dependencies to v1.46.1 (#3616) (2462105)
• update googleapis/java-cloud-bom digest to 47ad868 (#3608) (2bcf9e0)
• update googleapis/java-cloud-bom digest to 514a644 (#3602) (172d4da)
• update googleapis/java-cloud-bom digest to 7752ecd (#3603) (06be924)
• update netty dependencies to v4.1.117.final (#3581) (2734dc0)
• update netty dependencies to v4.1.118.final (#3625) (16ff6bd)
• update netty dependencies to v4.1.118.final (#3626) (316c425)
• Update OpenTelemetry semantic convention packages in the shared dependencies (#3402) (0e69784)
• update opentelemetry-java monorepo to v1.46.0 (#3585) (ac214be)
• update opentelemetry-java monorepo to v1.47.0 (#3619) (66901df)
• update repo-automation-bots digest to 35eff2c (#3609) (b962a01)
• update repo-automation-bots digest to 3a68a9c (#3620) (1d79552)

v2.52.0

2.52.0 (2025-01-24)

... (truncated)

Changelog

Sourced from com.google.api.grpc:proto-google-common-protos's changelog.

2.53.0 (2025-02-10)

Features

• enable DirectPath bound token in InstantiatingGrpcChannelProvider (#3572) (5080495)
• Enable MTLS_S2A bound token by default for gRPC S2A enabled flows (#3591) (81e21f2)
• migrate away from deprecated graal-sdk dependency to use nativeimage (#2706) (757801a)

Bug Fixes

• Avoid creating message string prematurely for streaming calls (#3622) (f805e70)

Dependencies

• update dependency com.google.code.gson:gson to v2.12.0 (#3595) (1f1b119)
• update dependency com.google.code.gson:gson to v2.12.0 (#3596) (af62f53)
• update dependency com.google.code.gson:gson to v2.12.1 (#3599) (18917ee)
• update dependency com.google.code.gson:gson to v2.12.1 (#3600) (3f82836)
• update dependency commons-codec:commons-codec to v1.18.0 (#3590) (cd46ba5)
• update dependency io.netty:netty-tcnative-boringssl-static to v2.0.70.final (#3623) (a4d1f95)
• update dependency lxml to v5.3.1 (#3624) (5407646)
• update dependency net.bytebuddy:byte-buddy to v1.17.0 (#3582) (54d99e9)
• update dependency org.checkerframework:checker-qual to v3.49.0 (#3604) (390cffa)
• update dependency org.graalvm.sdk:nativeimage to v24.1.2 (#3597) (9d151c4)
• update docker.io/library/maven:3.9.9-eclipse-temurin-11-alpine docker digest to 456f60c (#3607) (c2d2768)
• update docker.io/library/maven:3.9.9-eclipse-temurin-11-alpine docker digest to d323c2b (#3601) (ed35c23)
• update docker.io/library/python docker tag to v3.13.2 (#3615) (ba007c2)
• update docker.io/library/python:3.13.1-alpine3.20 docker digest to 7788ec8 (#3586) (a24d1ba)
• update google api dependencies (#3584) (08f2b7b)
• update google auth library dependencies to v1.32.0 (#3611) (9436eb0)
• update google auth library dependencies to v1.32.1 (#3618) (88c78e2)
• update google http client dependencies to v1.46.1 (#3616) (2462105)
• update googleapis/java-cloud-bom digest to 47ad868 (#3608) (2bcf9e0)
• update googleapis/java-cloud-bom digest to 514a644 (#3602) (172d4da)
• update googleapis/java-cloud-bom digest to 7752ecd (#3603) (06be924)
• update netty dependencies to v4.1.117.final (#3581) (2734dc0)
• update netty dependencies to v4.1.118.final (#3625) (16ff6bd)
• update netty dependencies to v4.1.118.final (#3626) (316c425)
• Update OpenTelemetry semantic convention packages in the shared dependencies (#3402) (0e69784)
• update opentelemetry-java monorepo to v1.46.0 (#3585) (ac214be)
• update opentelemetry-java monorepo to v1.47.0 (#3619) (66901df)
• update repo-automation-bots digest to 35eff2c (#3609) (b962a01)
• update repo-automation-bots digest to 3a68a9c (#3620) (1d79552)

2.52.0 (2025-01-24)

... (truncated)

Commits

• 0bc9cce chore(main): release 2.53.0 (#3594)
• f805e70 fix: Avoid creating message string prematurely for streaming calls (#3622)
• c11360e chore: adjust native-image config for spring-cloud-gcp (#3617)
• 5080495 feat: enable DirectPath bound token in InstantiatingGrpcChannelProvider (#3572)
• 316c425 deps: update netty dependencies to v4.1.118.final (#3626)
• 16ff6bd deps: update netty dependencies to v4.1.118.final (#3625)
• a4d1f95 deps: update dependency io.netty:netty-tcnative-boringssl-static to v2.0.70.f...
• 88c78e2 deps: update google auth library dependencies to v1.32.1 (#3618)
• 5407646 deps: update dependency lxml to v5.3.1 (#3624)
• 1d79552 deps: update repo-automation-bots digest to 3a68a9c (#3620)
• Additional commits viewable in compare view

Updates io.grpc:grpc-protobuf from 1.68.2 to 1.71.0

Release notes

Sourced from io.grpc:grpc-protobuf's releases.

v1.70.0

Bug Fixes

• Re-enable animalsniffer, fixing most violations (8ea362937). Violations would only have triggered on API level 23 and earlier, and the violations fixed here were highly unlikely to be triggered
• api: Fix Android API level 23 and earlier compatibility for StatusRuntimeException without stacktrace (#11072) (ebe2b4867). This fixes a regression introduced in 1.64.0. The regression should have caused failures on API level 23 and earlier when a StatusRuntimeException or StatusException was created. However, for unknown reasons tests on old devices didn’t notice issues
• okhttp: Improve certificate handling by rejecting non-ASCII subject alternative names and hostnames as seen in CVE-2021-0341 (#11749) (a0982ca0a). Hostnames are considered trusted and CAs are required to use punycode for non-ASCII hostnames, so this is expected to provide defense-in-depth. See also the related GoSecure blog post and the AOSP fix
• okhttp: Fix for ipv6 link local with scope (#11725) (65b32e60e)
• xds: Preserve nonce when unsubscribing last watcher of a particular type so that new discovery requests of that type are handled correctly (1cf1927d1). This (along with 6c12c2bd2) fixes a nonce-handling regression introduced in 1.66.0 that could cause resources to appear to not exist until re-creating the ADS stream. Triggering the behavior required specific config changes. It is easiest to trigger when clusters use EDS and routes are changed from one cluster to another. The error “found 0 leaf (logical DNS or EDS) clusters for root cluster” might then be seen
• xds: Remember nonces for unknown types (6c12c2bd2)
• xds: Unexpected types in the bootstrap’s server_features should be ignored (e8ff6da2c). They were previously required to be strings
• xds: Remove xds authority label from metric registration (#11760) (6516c7387). This fixes the error “Incorrect number of required labels provided. Expected: 4” introduced in 1.69.0
• xds: Fixed unsupported unsigned 32 bits issue for circuit breaker (#11735) (f8f613984). This fixes clients treating large max_requests as “no requests” and failing all requests

Improvements

• api: Introduce custom NameResolver.Args (#11669) (0b2d44098)
• stub: Introduce new API: BlockingStubV2 which supports Bidi streaming, Client streaming, a cleaner Server streaming and Unary RPCs (#10318) (ea8c31c30)
• bazel: Remove workaround for DoNotCall fixed in Bazel 3.4 (805cad378)
• binder: A standard API for pointing resolvers at a different Android User. (#11775) (1126a8e30)
• xds: Fix XDS control plane client retry timer backoff duration when connection closes after results are received (#11766) (ef7c2d59c)
• xds: Parsing xDS Cluster Metadata (#11741) (1edc4d84d). Not used actively, but this adds validation. The validation is unlikely to fail but may reject invalid resources.
• xds: Use "#server" as dataplane target value for xDS enabled gRPC servers (#11715) (ebb43a69e). This only impacts the grpc.target label in grpc.xds_client.* metrics. Previously the empty string was used
• rls: Reduce RLS debug channel logging (7f9c1f39f). This only matters when debug logging is enabled

Documentation

• examples: Simplify graceful shutdown in Hostname example (f1109e421)
• examples: Remove references to maven-central.storage-download.googleapis.com (c96e926e6)
• examples: Updated the attachHeaders to newAttachHeadersInterceptor in HeaderClientInterceptor (#11759) (5e8abc677)

Dependencies

• Bazel 8 is released, so replace Bazel 6 testing with Bazel 7 (8a5f7776d)

Thanks to

• @​panchenko
• @​benjaminp
• @​ZachChuba
• @​vinodhabib

v1.69.1

Bug Fixes

• okhttp: Improve certificate handling by rejecting non-ASCII subject alternative names and hostnames as seen in CVE-2021-0341 (#11749) (a0982ca0a). Hostnames are considered trusted and CAs are required to use punycode for non-ASCII hostnames, so this is expected to provide defense-in-depth. See also the related GoSecure blog post and the AOSP fix
• xds: Preserve nonce when unsubscribing last watcher of a particular type so that new discovery requests of that type are handled correctly (1cf1927d1). This (along with 6c12c2bd2) fixes a nonce-handling regression introduced in 1.66.0 that could cause resources to appear to not exist until re-creating the ADS stream. Triggering the behavior required specific config changes. It is easiest to trigger when clusters use EDS and routes are changed from one cluster to another. The error “found 0 leaf (logical DNS or EDS) clusters for root cluster” might then be seen
• xds: Remember nonces for unknown types (6c12c2bd2)
• xds: Unexpected types in the bootstrap’s server_features should be ignored (e8ff6da2c). They were previously required to be strings
• xds: Fixed unsupported unsigned 32 bits issue for circuit breaker (#11735) (f8f613984). This fixes clients treating large max_requests as “no requests” and failing all requests
• xds: Remove xds authority label from metric registration (#11760) (6516c7387). This fixes the error “Incorrect number of required labels provided. Expected: 4” introduced in 1.69.0

... (truncated)

Commits

• 865c443 Bump version to 1.71.0
• ac9d0d2 Update README etc to reference 1.71.0
• 16edf7a Examples: Updated HelloWorldServer to use Executor (#11850)
• 16d2672 s2a: Don't allow S2AStub to be set
• 9e54e8e servlet: Provide Gradle a filter version number
• c1d7035 okhttp:Use a locally specified value instead of Segment.SIZE in okhttp (#11899)
• 57af63a kokoro: Increase gradle mem in android-interop
• a5347b2 s2a: inject Optional<AccessTokenManager> in tests
• 41dd0c6 xds:Cleanup to reduce test flakiness (#11895)
• 5a7f350 optimize number of buffer allocations (#11879)
• Additional commits viewable in compare view

Updates io.grpc:grpc-stub from 1.68.2 to 1.71.0

Release notes

Sourced from io.grpc:grpc-stub's releases.

v1.70.0

Bug Fixes

• Re-enable animalsniffer, fixing most violations (8ea362937). Violations would only have triggered on API level 23 and earlier, and the violations fixed here were highly unlikely to be triggered
• api: Fix Android API level 23 and earlier compatibility for StatusRuntimeException without stacktrace (#11072) (ebe2b4867). This fixes a regression introduced in 1.64.0. The regression should have caused failures on API level 23 and earlier when a StatusRuntimeException or StatusException was created. However, for unknown reasons tests on old devices didn’t notice issues
• okhttp: Improve certificate handling by rejecting non-ASCII subject alternative names and hostnames as seen in CVE-2021-0341 (#11749) (a0982ca0a). Hostnames are considered trusted and CAs are required to use punycode for non-ASCII hostnames, so this is expected to provide defense-in-depth. See also the related GoSecure blog post and the AOSP fix
• okhttp: Fix for ipv6 link local with scope (#11725) (65b32e60e)
• xds: Preserve nonce when unsubscribing last watcher of a particular type so that new discovery requests of that type are handled correctly (1cf1927d1). This (along with 6c12c2bd2) fixes a nonce-handling regression introduced in 1.66.0 that could cause resources to appear to not exist until re-creating the ADS stream. Triggering the behavior required specific config changes. It is easiest to trigger when clusters use EDS and routes are changed from one cluster to another. The error “found 0 leaf (logical DNS or EDS) clusters for root cluster” might then be seen
• xds: Remember nonces for unknown types (6c12c2bd2)
• xds: Unexpected types in the bootstrap’s server_features should be ignored (e8ff6da2c). They were previously required to be strings
• xds: Remove xds authority label from metric registration (#11760) (6516c7387). This fixes the error “Incorrect number of required labels provided. Expected: 4” introduced in 1.69.0
• xds: Fixed unsupported unsigned 32 bits issue for circuit breaker (#11735) (f8f613984). This fixes clients treating large max_requests as “no requests” and failing all requests

Improvements

• api: Introduce custom NameResolver.Args (#11669) (0b2d44098)
• stub: Introduce new API: BlockingStubV2 which supports Bidi streaming, Client streaming, a cleaner Server streaming and Unary RPCs (#10318) (ea8c31c30)
• bazel: Remove workaround for DoNotCall fixed in Bazel 3.4 (805cad378)
• binder: A standard API for pointing resolvers at a different Android User. (#11775) (1126a8e30)
• xds: Fix XDS control plane client retry timer backoff duration when connection closes after results are received (#11766) (ef7c2d59c)
• xds: Parsing xDS Cluster Metadata (#11741) (1edc4d84d). Not used actively, but this adds validation. The validation is unlikely to fail but may reject invalid resources.
• xds: Use "#server" as dataplane target value for xDS enabled gRPC servers (#11715) (ebb43a69e). This only impacts the grpc.target label in grpc.xds_client.* metrics. Previously the empty string was used
• rls: Reduce RLS debug channel logging (7f9c1f39f). This only matters when debug logging is enabled

Documentation

• examples: Simplify graceful shutdown in Hostname example (f1109e421)
• examples: Remove references to maven-central.storage-download.googleapis.com (c96e926e6)
• examples: Updated the attachHeaders to newAttachHeadersInterceptor in HeaderClientInterceptor (#11759) (5e8abc677)

Dependencies

• Bazel 8 is released, so replace Bazel 6 testing with Bazel 7 (8a5f7776d)

Thanks to

• @​panchenko
• @​benjaminp
• @​ZachChuba
• @​vinodhabib

v1.69.1

Bug Fixes

• okhttp: Improve certificate handling by rejecting non-ASCII subject alternative names and hostnames as seen in CVE-2021-0341 (#11749) (a0982ca0a). Hostnames are considered trusted and CAs are required to use punycode for non-ASCII hostnames, so this is expected to provide defense-in-depth. See also the related GoSecure blog post and the AOSP fix
• xds: Preserve nonce when unsubscribing last watcher of a particular type so that new discovery requests of that type are handled correctly (1cf1927d1). This (along with 6c12c2bd2) fixes a nonce-handling regression introduced in 1.66.0 that could cause resources to appear to not exist until re-creating the ADS stream. Triggering the behavior required specific config changes. It is easiest to trigger when clusters use EDS and routes are changed from one cluster to another. The error “found 0 leaf (logical DNS or EDS) clusters for root cluster” might then be seen
• xds: Remember nonces for unknown types (6c12c2bd2)
• xds: Unexpected types in the bootstrap’s server_features should be ignored (e8ff6da2c). They were previously required to be strings
• xds: Fixed unsupported unsigned 32 bits issue for circuit breaker (#11735) (f8f613984). This fixes clients treating large max_requests as “no requests” and failing all requests
• xds: Remove xds authority label from metric registration (#11760) (6516c7387). This fixes the error “Incorrect number of required labels provided. Expected: 4” introduced in 1.69.0

... (truncated)

Commits

• 865c443 Bump version to 1.71.0
• ac9d0d2 Update README etc to reference 1.71.0
• 16edf7a Examples: Updated HelloWorldServer to use Executor (#11850)
• 16d2672 s2a: Don't allow S2AStub to be set
• 9e54e8e servlet: Provide Gradle a filter version number
• c1d7035 okhttp:Use a locally specified value instead of Segment.SIZE in okhttp (#11899)
• 57af63a kokoro: Increase gradle mem in android-interop
• a5347b2 s2a: inject Optional<AccessTokenManager> in tests
• 41dd0c6 xds:Cleanup to reduce test flakiness (#11895)
• 5a7f350 optimize number of buffer allocations (#11879)
• Additional commits viewable in compare view

Updates io.grpc:grpc-netty from 1.68.2 to 1.71.0

Release notes

Sourced from io.grpc:grpc-netty's releases.

v1.70.0

Bug Fixes

• Re-enable animalsniffer, fixing most violations (8ea362937). Violations would only have triggered on API level 23 and earlier, and the violations fixed here were highly unlikely to be triggered
• api: Fix Android API level 23 and earlier compatibility for StatusRuntimeException without stacktrace (#11072) (ebe2b4867). This fixes a regression introduced in 1.64.0. The regression should have caused failures on API level 23 and earlier when a StatusRuntimeException or StatusException was created. However, for unknown reasons tests on old devices didn’t notice issues
• okhttp: Improve certificate handling by rejecting non-ASCII subject alternative names and hostnames as seen in CVE-2021-0341 (#11749) (a0982ca0a). Hostnames are...

  Description has been truncated

[dependabot]

Superseded by #336.