Skip to content

chore(deps): update all non-major dependencies#232

Merged
charithe merged 1 commit into
mainfrom
renovate/all-minor-patch
Jun 15, 2026
Merged

chore(deps): update all non-major dependencies#232
charithe merged 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change Age Confidence
gradle/actions action minor v6.1.0v6.2.0 age confidence
io.netty:netty-tcnative-boringssl-static (source) dependencies patch 2.0.78.Final2.0.79.Final age confidence
io.grpc:grpc-netty-shaded dependencies minor 1.81.01.82.0 age confidence
io.grpc:grpc-stub dependencies minor 1.81.01.82.0 age confidence
io.grpc:grpc-protobuf dependencies minor 1.81.01.82.0 age confidence
com.google.protobuf:protobuf-java-util (source) dependencies patch 4.35.04.35.1 age confidence
com.google.protobuf:protobuf-java (source) dependencies patch 4.35.04.35.1 age confidence
io.grpc:protoc-gen-grpc-java dependencies minor 1.81.01.82.0 age confidence
com.google.protobuf:protoc (source) dependencies patch 4.35.04.35.1 age confidence

Release Notes

gradle/actions (gradle/actions)

v6.2.0

Compare Source

v6.1.1

Compare Source

This release updates various dependency versions, resolving several reported security vulnerabilities.
No functional changes are included

What's Changed

Full Changelog: gradle/actions@v6.1.0...v6.1.1

grpc/grpc-java (io.grpc:grpc-netty-shaded)

v1.82.0

Compare Source

This release drops support for Bazel 7. It may still run, but we are no longer testing it. We are testing Bazel 8 and 9.

We are anticipating requiring Netty 4.2 in the next release. Please file an issue if you still need Netty 4.1 support.

Behavior Changes
  • xds: Disable Priority LB child policy retention cache (#​12806). Previously, when a priority became inactive, its associated child load balancer was kept in a deactivated state for potential reuse. Now, inactive child balancers are immediately torn down and removed.
  • xds: skip DiscoveryRequest for unsubscribed types on stream ready (#​12782). When the bootstrap declares more than one xDS server (e.g. a default server for LDS/CDS plus an authority-specific EDS-only server), grpc-java was sending CDS/LDS DiscoveryRequests to the EDS-only server too. That server replies UNIMPLEMENTED, which tears down the stream and EDS data never arrives. This fix makes it skip DiscoveryRequests for resource types we don't actually subscribe to on a given server.
Improvements
  • Remove JSR-305 @ThreadSafe annotation and replace with JavaDoc (#​12762). Removes JSR-305 annotations but instead of replacing it with ErrorProne's ThreadSafe, sticks to adding a JavaDoc comment. This is done only in public non-final classes and interfaces. This allows Java applications that have moved away from javax to compile and avoids a bug in Immutables and Lombok (and possibly other annotation processors) from failing when JSR-305 is not present.
  • core: Reduce per-stream idle memory on the server by 0.5 KB (b38df6c). The main improvement here is not retaining the request Metadata for the life of the RPC. That means RPCs with larger request Metadata would see a larger benefit.
  • core: Clarify missing content-type on HTTP error responses (#​12720). Adjusts the diagnostic for the missing rather than invalid content-type, in the Status description.
  • core: throw IOException when ProxySelector returns null or empty list (#​12793). ProxySelector.select(URI) is required to return a non-null, non-empty list. Some implementations violate this, which previously caused an opaque crash in ProxyDetectorImpl. Now it detects this case explicitly and fails gracefully, naming the offending ProxySelector class to help with debugging.
  • okhttp: enable TLS 1.3 by default for Android clients, retain TLS 1.2-only for desktop JVM (f430131)
  • xds: Reduce per-endpoint memory from CDS LB (cc0d1a8). This is most noticeable when there are many endpoints returned by EDS, but the LB policy only uses a few of them, like pick_first.
  • xds: pre-parse custom metric names in WRR load balancer (#​12773) (324fce7). This reduces the per-RPC overhead of the gRFC A114 support added in v1.81.0
  • xds: Propagate status cause through XdsDepManager (13b4b97). This preserves more information for failures communicating with the control plane.
  • binder: Give clear error when message is larger than parcel (d92ca44)
Bug Fixes
  • xds: Trust Manager fix for certain scenarios where SAN validation shouldn't use the SNI sent (#​12775) (bb153a8).
  • core: Cancel DelayedClientCall when application listener throws (#​12761). Align DelayedClientCall.DelayedListener with ClientCallImpl's existing behavior for listener exceptions. When the application listener throws from onHeaders/onMessage/onReady, catch the Throwable, cancel the call with CANCELLED (cause = the throwable), and swallow subsequent callbacks. Previously, a throw from the application listener escaped to the callExecutor's uncaught-exception handler. The real call was not cancelled and the transport kept delivering callbacks to an already broken listener
  • core,opentelemetry: Fix server metric labels on early close (#​12774). Addresses the server-side OpenTelemetry metric labeling bug where a generated method can be recorded as grpc.method="other" if streamClosed() happens before serverCallStarted().
  • core: Fix pick_first NPE with GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST=true when accepting resolved addresses and in CONNECTING state (#​12814). It makes sure that whenever PickFirstLeafLoadBalancer transitions into CONNECTING the current address in the addressIndex has a corresponding subchannel. This prevents an NPE in acceptResolvedAddresses in some situations.
  • okhttp: HPACK should fail on varint overflow (ec10992). This should have no visible impact in normal use. It mostly just makes it easier to debug broken implementations
  • xds: When using the file watcher certificate provider, reload cert/key even if only one of them changes (f4125c5)
  • compiler: Avoid compile error on weird proto file names (f021bef)
New Features
  • googleapis: support ?force-xds query parameter in the google-c2p resolver (#​12760) (86fa860). This disables environment checks and uses xDS unconditionally. Please note that this feature has not yet seen comprehensive testing.
Dependencies
  • Upgrade Netty to 4.1.133 (ada087b)
  • bazel: Upgrade googleapis proto repo to commit 1dbb1a1 (ec0a9c9). This fixed a rules_go incompatibility issue with Bazel 9.1. But it also greatly reduced the overall transitive dependencies, as the C++ grpc repo is no longer a dependency
  • bazel: Upgrade workflows to Bazel 8 (039ad77) add Bazel 9.1.0 to our CI matrix (17be0d3)
  • protoc-gen-grpc-java: Linux binaries are now built with Ubuntu 20.04 instead of 18.04 (8802dc3, da98b04)
Thanks to

@​becomeStar
@​bengtsson1-flir
@​jnowjack-lucidchart
@​Kainsin
@​kenkangxgwe
@​mfperminov
@​paulmurhy123
@​schiemon
@​therepanic


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@charithe charithe merged commit 946da6c into main Jun 15, 2026
6 checks passed
@charithe charithe deleted the renovate/all-minor-patch branch June 15, 2026 06:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant