This is an automated email from the ASF dual-hosted git repository.

chaokunyang pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/fory.git


The following commit(s) were added to refs/heads/main by this push:
     new b3fda60cd chore(deps): bump io.grpc:grpc-netty-shaded from 1.62.2 to 
1.75.0 in /integration_tests/grpc_tests/java (#3697)
b3fda60cd is described below

commit b3fda60cd437c86e81ac90db4d231de2639d69dd
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Thu May 21 14:27:48 2026 +0530

    chore(deps): bump io.grpc:grpc-netty-shaded from 1.62.2 to 1.75.0 in 
/integration_tests/grpc_tests/java (#3697)
    
    Bumps [io.grpc:grpc-netty-shaded](https://github.com/grpc/grpc-java)
    from 1.62.2 to 1.75.0.
    <details>
    <summary>Release notes</summary>
    <p><em>Sourced from <a
    
href="https://github.com/grpc/grpc-java/releases";>io.grpc:grpc-netty-shaded's
    releases</a>.</em></p>
    <blockquote>
    <h2>v1.75.0</h2>
    <h3>Behavior Changes</h3>
    <ul>
    <li>binder: Introduce server pre-authorization (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/12127";>#12127</a>).
    grpc-binder clients authorize servers by checking the UID of the sender
    of the SETUP_TRANSPORT Binder transaction against some SecurityPolicy.
    But merely binding to an unauthorized server to learn its UID can enable
    &quot;keep-alive&quot; and &quot;background activity launch&quot; abuse,
    even if security policy ultimately causes the grpc connection to fail.
    Pre-authorization mitigates this kind of abuse by resolving addresses
    and authorizing a candidate server Application's UID before binding to
    it. Pre-auth is especially important when the server's address is not
    fixed in advance but discovered by PackageManager lookup.</li>
    </ul>
    <h3>Bug Fixes</h3>
    <ul>
    <li>core: <code>grpc-timeout</code> should always be positive (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/12201";>#12201</a>)
    (6dfa03c51). There is a local race between when the deadline is checked
    before sending the RPC and when the timeout is calculated to put
    on-the-wire. The code replaced negative timeouts with 0 nanoseconds.
    gRPC’s PROTOCOL-HTTP2 spec states that timeouts should be positive, so
    now non-positive values are replaced with 1 nanosecond</li>
    <li>core: Improved DEADLINE_EXCEEDED message for delayed calls
    (6ff8ecac0). Delayed calls are the first calls on a Channel before name
    resolution has resolved addresses. Previously you could see confusing
    errors saying the deadline “will be exceeded in” X time. The message
    tense was simply wrong, and now will be correct: deadline “was exceeded
    after” X time.</li>
    <li>xds: PriorityLB now only uses the failOverTimer to start additional
    priorities, not fail RPCs (c4256add4). You should no longer see
    “Connection timeout for priority” errors.</li>
    </ul>
    <h3>Improvements</h3>
    <ul>
    <li>netty: Count sent RST_STREAMs against
    <code>NettyServerBuilder.maxRstFramesPerWindow()</code> limit (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/12288";>#12288</a>).
    This extends the Rapid Reset tool to also cover MadeYouReset. the reset
    stream count will cause a 420 &quot;Enhance your calm response&quot; to
    be sent. This depends on Netty 4.1.124 for a bug fix to actually call
    the encoder by the frame writer.</li>
    <li>xds: Convert CdsLb to <code>XdsDepManager</code> (297ab05ef). This
    is part of gRFC A74 to have atomic xDS config updates. This is an
    internal change, but does change the error description seen in certain
    cases, especially DEADLINE_EXCEEDED on a brand-new channel.</li>
    <li>census: APIs for stats and tracing (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/12050";>#12050</a>)
    (919370172). Client channel and server builders with interceptors and
    factories respectively for stats and tracing.</li>
    <li>stub: simplify <code>BlockingClientCall</code> infinite blocking (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/12217";>#12217</a>)
    (ba0a7329d). Move deadline computation into overloads with finite
    timeouts. Blocking calls without timeouts now do not have to read the
    clock.</li>
    <li>xds: Do RLS fallback policy eagar start (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/12211";>#12211</a>)
    (42e1829b3). In gRPC-Java, the xDS clusters were lazily subscribed,
    which meant the fallback target which is returned in the RLS config
    wasn’t subscribed until a RPC actually falls back to it. The delayed
    resource subscription process in gRPC Java made it more susceptible to
    the effects of the INITIAL_RESOURCE_FETCH_TIMEOUT compared to other
    programming languages. It also had impact beyond the RLS cache
    expiration case, for example, when the first time the client initialized
    the channel, we couldn't fallback when the intended target times out,
    because of the lazy subscription. This change starts the fallback LB
    policy for the default target at the start of RLS policy instead of only
    when falling back to the default target, which fixes the above mentioned
    problems.</li>
    <li>xds: Aggregate cluster fixes (A75) (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/12186";>#12186</a>)
    (7e982e48a). The earlier implementation of aggregate clusters
    concatenated the priorities from the underlying clusters into a single
    list, so that it could use a single LB policy defined at the aggregate
    cluster layer to choose a priority from that combined list. However, it
    turns out that aggregate clusters don't actually define the LB policy in
    the aggregate cluster; instead, the aggregate cluster uses a special
    cluster-provided LB policy that first chooses the underlying cluster and
    then delegates to the LB policy of the underlying cluster. This change
    implements that.</li>
    <li>api: set size correctly for sets and maps in handling
    <code>Metadata</code> values to be exchanged during a call (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/12229";>#12229</a>)
    (80217275d)</li>
    <li>xds: xdsClient cache transient error for new watchers (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/12291";>#12291</a>).
    When a resource update is NACKed, cache the error and update new
    watchers that get added with that error instead of making them
    hang.</li>
    <li>xds: Avoid PriorityLb re-enabling timer on duplicate CONNECTING (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/12289";>#12289</a>).
    If a LB policy gives extraneous updates with state CONNECTING, then it
    was possible to re-create <code>failOverTimer</code> which would then
    wait the 10 seconds for the child to finish CONNECTING. We only want to
    give the child one opportunity after transitioning out of
    READY/IDLE.</li>
    <li>xds: Use a different log name for <code>XdsClientImpl</code> and
    <code>ControlPlaneClient</code> (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/12287";>#12287</a>).
    <code>ControlPlaneClient</code> uses &quot;xds-cp-client&quot; now
    instead of &quot;xds-client&quot; while logging.</li>
    </ul>
    <h3>Dependencies Changes</h3>
    <ul>
    <li>Upgrade to Netty 4.1.124.Final (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/12286";>#12286</a>).
    This implicitly disables <code>NettyAdaptiveCumulator</code> (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/11284";>#11284</a>),
    which can have a performance impact. We delayed upgrading Netty to give
    time to rework the optimization, but we've gone too long already without
    upgrading which causes problems for vulnerability tracking.</li>
    <li>bazel: Use <code>jar_jar</code> to avoid xds deps (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/12243";>#12243</a>)
    (8f09b9689). The //xds and //xds:orca targets now use
    <code>jar_jar</code> to shade the protobuf generated code. This allows
    them to use their own private copy of the protos and drop direct Bazel
    dependencies on cel-spec, grpc, rules_go, com_github_cncf_xds,
    envoy_api, com_envoyproxy_protoc_gen_validate, and opencensus_proto.
    This mirrors the shading of protobuf messages done for grpc-xds provided
    on Maven Central and should simplify dependency management</li>
    <li>Protobuf upgraded to 3.25.8</li>
    <li>proto-google-common-protos upgraded to 2.59.2</li>
    <li>s2a-proto upgraded to 1.1.2</li>
    <li>google-cloud-logging upgraded to 3.23.1 (used by
    gcp-observability)</li>
    <li>OpenTelemetry upgraded to 1.52.0</li>
    </ul>
    <h3>Documentation</h3>
    <ul>
    <li>Clarify requirements for creating a cross-user Channel. (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/12181";>#12181</a>).
    The <code>@SystemApi</code> runtime visibility requirement isn't really
    new. It has always been implicit in the required INTERACT_ACROSS_USERS
    permission, which can only be held by system apps in production. Now
    deprecated <code>BinderChannelBuilder#bindAsUser</code> has always
    required SDK_INT &gt;= 30. This change just copies that requirement
    forward to its replacement APIs in <code>AndroidComponentAddress</code>
    and the TARGET_ANDROID_USER <code>NameResolver.Args</code>.</li>
    <li>api: Add more Javadoc for <code>NameResolver.Listener2</code>
    interface (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/12220";>#12220</a>)
    (d352540a0)</li>
    </ul>
    <h3>Thanks to</h3>
    <p><a href="https://github.com/benjaminp";><code>@​benjaminp</code></a>
    <a href="https://github.com/werkt";><code>@​werkt</code></a>
    <a href="https://github.com/kilink";><code>@​kilink</code></a>
    <a href="https://github.com/vimanikag";><code>@​vimanikag</code></a></p>
    <h2>v1.74.0</h2>
    <h3>Behavior Changes</h3>
    <ul>
    <li>compiler: Default to <code>@generated=omit</code> (f8700a13a). This
    omits <code>javax.annotation.Generated</code> from the generated code
    and makes the <code>org.apache.tomcat:annotations-api</code>
    compile-only dependency unnecessary (README and examples changes
    forthcoming; we delayed those changes until the release landed). You can
    use the option <code>@generated=javax</code> for the previous behavior,
    but please also file an issue so we can develop alternatives</li>
    <li>compiler: generate blocking v2 unary calls that throw
    StatusException (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/12126";>#12126</a>)
    (a16d65591). Previously, the new blocking stub API was identical to the
    older blocking stub for unary RPCs and used the unchecked
    <code>StatusRuntimeException</code>. However, feedback demonstrated it
    was confusing to mix that with the checked <code>StatusException</code>
    in <code>BlockingClientCall</code>. Now the new blocking stub uses
    StatusException throughout. grpc-java continues to support the old
    generated code, but the version of protoc-gen-grpc-java will dictate
    which API you see. If you support multiple generated code versions, you
    can use the older blocking v1 stub for unary RPCs</li>
    </ul>
    <h3>Bug Fixes</h3>
    <ul>
    <li>netty: Fix a race that caused RPCs to hang on start when a GOAWAY
    was received while the RPCs’ headers were being written to the OS
    (b04c673fd, 15c757398). This was a very old race, not a recent
    regression. All streams should now properly fail instead of hanging,
    although in some cases they may be transparently retried</li>
    </ul>
    </blockquote>
    <p>... (truncated)</p>
    </details>
    <details>
    <summary>Commits</summary>
    <ul>
    <li><a
    
href="https://github.com/grpc/grpc-java/commit/3abc0e6e1f4981017b7117e47e1844a318a51f24";><code>3abc0e6</code></a>
    Bump version to 1.75.0</li>
    <li><a
    
href="https://github.com/grpc/grpc-java/commit/cbfe6c1ccaf0d9480daa8faa3e37a117adb798ba";><code>cbfe6c1</code></a>
    Update README etc to reference 1.75.0</li>
    <li><a
    
href="https://github.com/grpc/grpc-java/commit/a0f3520ad0bf5186f84d48b7df6e2555e8b16da8";><code>a0f3520</code></a>
    Revert &quot;Release v1.75.0 (<a
    
href="https://redirect.github.com/grpc/grpc-java/issues/12294";>#12294</a>)&quot;
    (<a
    
href="https://redirect.github.com/grpc/grpc-java/issues/12295";>#12295</a>)</li>
    <li><a
    
href="https://github.com/grpc/grpc-java/commit/7ef13f40a6d9cdaccd0c064b5bd3745f9518781e";><code>7ef13f4</code></a>
    Release v1.75.0 (<a
    
href="https://redirect.github.com/grpc/grpc-java/issues/12294";>#12294</a>)</li>
    <li><a
    
href="https://github.com/grpc/grpc-java/commit/14fd8eff28d55fae4a791b256602d83a5fb9d848";><code>14fd8ef</code></a>
    xds: xdsClient caches transient error for new watchers (v1.75.x
    backport) (<a
    href="https://redirect.github.com/grpc/grpc-java/issues/1";>#1</a>...</li>
    <li><a
    
href="https://github.com/grpc/grpc-java/commit/653d076c605a9066cf6ae484921058580df2437d";><code>653d076</code></a>
    xds: Avoid PriorityLb re-enabling timer on duplicate CONNECTING (<a
    
href="https://redirect.github.com/grpc/grpc-java/issues/12289";>#12289</a>)</li>
    <li><a
    
href="https://github.com/grpc/grpc-java/commit/a5c2b1aa51608b1fff016a313d8ee65f92e8d23d";><code>a5c2b1a</code></a>
    netty: Count sent RST_STREAMs against limit (1.75.x backport) (<a
    
href="https://redirect.github.com/grpc/grpc-java/issues/12288";>#12288</a>)</li>
    <li><a
    
href="https://github.com/grpc/grpc-java/commit/0d3e8283a8105a7bbf1bf746d96cac1e363de2e3";><code>0d3e828</code></a>
    xds: Use a different log name for XdsClientImpl and ControlPlaneClient
    (1.75....</li>
    <li><a
    
href="https://github.com/grpc/grpc-java/commit/d750e9df576a63f8b0d55eefc730282dc60f99d1";><code>d750e9d</code></a>
    Upgrade to Netty 4.1.124.Final (v1.75.x backport) (<a
    
href="https://redirect.github.com/grpc/grpc-java/issues/12286";>#12286</a>)</li>
    <li><a
    
href="https://github.com/grpc/grpc-java/commit/19c579e8a93cc0660df1523b5740eae9aa888a09";><code>19c579e</code></a>
    Bump versions of dependencies (<a
    
href="https://redirect.github.com/grpc/grpc-java/issues/12252";>#12252</a>)</li>
    <li>Additional commits viewable in <a
    href="https://github.com/grpc/grpc-java/compare/v1.62.2...v1.75.0";>compare
    view</a></li>
    </ul>
    </details>
    <br />
    
    
    [![Dependabot compatibility
    
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.grpc:grpc-netty-shaded&package-manager=maven&previous-version=1.62.2&new-version=1.75.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
    
    Dependabot will resolve any conflicts with this PR as long as you don't
    alter it yourself. You can also trigger a rebase manually by commenting
    `@dependabot rebase`.
    
    [//]: # (dependabot-automerge-start)
    [//]: # (dependabot-automerge-end)
    
    ---
    
    <details>
    <summary>Dependabot commands and options</summary>
    <br />
    
    You can trigger Dependabot actions by commenting on this PR:
    - `@dependabot rebase` will rebase this PR
    - `@dependabot recreate` will recreate this PR, overwriting any edits
    that have been made to it
    - `@dependabot show <dependency name> ignore conditions` will show all
    of the ignore conditions of the specified dependency
    - `@dependabot ignore this major version` will close this PR and stop
    Dependabot creating any more for this major version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this minor version` will close this PR and stop
    Dependabot creating any more for this minor version (unless you reopen
    the PR or upgrade to it yourself)
    - `@dependabot ignore this dependency` will close this PR and stop
    Dependabot creating any more for this dependency (unless you reopen the
    PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the
    [Security Alerts page](https://github.com/apache/fory/network/alerts).
    
    </details>
    
    Signed-off-by: dependabot[bot] <[email protected]>
    Co-authored-by: dependabot[bot] 
<49699333+dependabot[bot]@users.noreply.github.com>
---
 integration_tests/grpc_tests/java/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/integration_tests/grpc_tests/java/pom.xml 
b/integration_tests/grpc_tests/java/pom.xml
index 7ce2e2baa..6ae539e2a 100644
--- a/integration_tests/grpc_tests/java/pom.xml
+++ b/integration_tests/grpc_tests/java/pom.xml
@@ -33,7 +33,7 @@
   <artifactId>grpc_tests</artifactId>
 
   <properties>
-    <grpc.version>1.62.2</grpc.version>
+    <grpc.version>1.75.0</grpc.version>
     <maven.compiler.source>8</maven.compiler.source>
     <maven.compiler.target>8</maven.compiler.target>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to