Commit 8ac1a03
authored
chore(deps): update upper bound dependencies file (#13571)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[com.google.cloud.opentelemetry:exporter-metrics](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-java)
| `0.36.0` → `0.37.0` |

|

|
|
[com.google.crypto.tink:tink](https://redirect.github.com/tink-crypto/tink-java)
| `1.21.0` → `1.22.0` |

|

|
|
[com.google.errorprone:error_prone_annotations](https://errorprone.info)
([source](https://redirect.github.com/google/error-prone)) | `2.49.0` →
`2.50.0` |

|

|
|
[com.google.http-client:google-http-client](https://redirect.github.com/googleapis/google-http-java-client)
| `2.1.0` → `2.1.1` |

|

|
|
[com.google.protobuf:protobuf-java](https://developers.google.com/protocol-buffers/)
([source](https://redirect.github.com/protocolbuffers/protobuf)) |
`4.35.0` → `4.35.1` |

|

|
| [dev.cel:cel](https://redirect.github.com/google/cel-java) | `0.13.0`
→ `0.13.1` |

|

|
| [io.grpc:grpc-bom](https://redirect.github.com/grpc/grpc-java) |
`1.81.0` → `1.82.1` |

|

|
|
[io.opentelemetry.semconv:opentelemetry-semconv](https://redirect.github.com/open-telemetry/semantic-conventions-java)
| `1.41.1` → `1.42.0` |

|

|
| [org.apache.httpcomponents.core5:httpcore5](https://hc.apache.org/)
([source](https://redirect.github.com/apache/httpcomponents-core)) |
`5.4.2` → `5.4.3` |

|

|
| [org.threeten:threeten-extra](https://www.threeten.org/threeten-extra)
([source](https://redirect.github.com/ThreeTen/threeten-extra)) |
`1.9.0` → `1.10.0` |

|

|
---
> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/7649) for more information.
---
### Release Notes
<details>
<summary>GoogleCloudPlatform/opentelemetry-operations-java
(com.google.cloud.opentelemetry:exporter-metrics)</summary>
###
[`v0.37.0`](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-java/releases/tag/v0.37.0)
[Compare
Source](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-java/compare/v0.36.0...v0.37.0)
#### What's Changed
- Fix CI by [@​dashpole](https://redirect.github.com/dashpole) in
[#​426](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-java/pull/426)
- migrate instrumentation sample to otlphttp by
[@​dashpole](https://redirect.github.com/dashpole) in
[#​425](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-java/pull/425)
- Add region tags in OTLP trace sample by
[@​psx95](https://redirect.github.com/psx95) in
[#​428](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-java/pull/428)
- Update region tags by
[@​psx95](https://redirect.github.com/psx95) in
[#​429](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-java/pull/429)
- Add autoinstrument example with OTLP endpoints by
[@​psx95](https://redirect.github.com/psx95) in
[#​435](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-java/pull/435)
- Remove detector-resources-support by
[@​psx95](https://redirect.github.com/psx95) in
[#​442](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-java/pull/442)
- Add autoconfiguration auth extension example by
[@​psx95](https://redirect.github.com/psx95) in
[#​444](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-java/pull/444)
- chore: update E2E tests to use centralized async cleanup 0.22.0 by
[@​aabmass](https://redirect.github.com/aabmass) in
[#​446](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-java/pull/446)
- Deprecate the exporters and related artifacts by
[@​psx95](https://redirect.github.com/psx95) in
[#​441](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-java/pull/441)
- Update TestContainers dependency by
[@​psx95](https://redirect.github.com/psx95) in
[#​449](https://redirect.github.com/GoogleCloudPlatform/opentelemetry-operations-java/pull/449)
**Full Changelog**:
<GoogleCloudPlatform/opentelemetry-operations-java@v0.36.0...v0.37.0>
</details>
<details>
<summary>tink-crypto/tink-java (com.google.crypto.tink:tink)</summary>
###
[`v1.22.0`](https://redirect.github.com/tink-crypto/tink-java/releases/tag/v1.22.0):
Tink Java v1.22.0
Tink is a multi-language, cross-platform library that provides simple
and misuse-proof APIs for common cryptographic tasks.
**This is Tink Java 1.22.0**
The complete list of changes since 1.21.0 can be found
[here](https://redirect.github.com/tink-crypto/tink-java/compare/v1.21.0...v1.22.0).
- In `MutableKeyDerivationRegistry`, key derivation no longer occurs
within a synchronized block.
- Maven signatures are now more usual ASCII-armored GPG signatures
instead of binary signatures.
- Added predefined signature parameters for `SLH-DSA`.
- Added support for `ML-DSA-44` signature primitive and PEM import.
- Added `SignatureJwkSetConverter`, which is a utility library that
converts signature public keys from and to a JWK set.
- Tink now correctly contains `class` files which target Java Version 11
(major version 55). Tink requires Java 11 since Tink 1.19:
<https://github.com/tink-crypto/tink-java/releases/tag/v1.19.0>. See
also
[#​68](https://redirect.github.com/tink-crypto/tink-java/issues/68).
- Stop running tests on API 23, in preparation for increasing Tink's
minSdkVersion to 24 in line with androidx. See
<https://issuetracker.google.com/issues/474169350>
- Added more no-prefix variants to predefined MAC and Signature
parameters.
##### Maven:
```
<dependency>
<groupId>com.google.crypto.tink</groupId>
<artifactId>tink</artifactId>
<version>1.22.0</version>
</dependency>
```
##### Gradle:
```
dependencies {
implementation 'com.google.crypto.tink:tink-android:1.22.0'
}
```
##### Bazel:
##### Using bzlmod
```
bazel_dep(name = "tink_java")
git_override(
module_name = "tink_java",
remote = "https://github.com/tink-crypto/tink-java",
tag = "v1.22.0",
)
```
</details>
<details>
<summary>google/error-prone
(com.google.errorprone:error_prone_annotations)</summary>
###
[`v2.50.0`](https://redirect.github.com/google/error-prone/releases/tag/v2.50.0):
Error Prone 2.50.0
[Compare
Source](https://redirect.github.com/google/error-prone/compare/v2.49.0...v2.50.0)
New checks:
-
[`BoxingComparator`](https://errorprone.info/bugpattern/BoxingComparator):
Detect implicitly-boxing Comparator.comparing key extractors
-
[`ExposedPrivateType`](https://errorprone.info/bugpattern/ExposedPrivateType):
Discourage references to private member classes from non-private APIs
-
[`JUnitMethodInvoked`](https://errorprone.info/bugpattern/JUnitMethodInvoked):
Discourage directly invoking JUnit test methods
-
[`ListRemoveAmbiguous`](https://errorprone.info/bugpattern/ListRemoveAmbiguous):
Detect ambiguous calls to `List.remove(int|Integer)`
-
[`PreferTestParameter`](https://errorprone.info/bugpattern/PreferTestParameter):
suggests using `@TestParameter` instead of `@TestParameters` for
exhaustive boolean and enum parameters on single-element parameterized
tests
-
[`RecordComponentAccessorAnnotationConflict`](https://errorprone.info/bugpattern/RecordComponentAccessorAnnotationConflict):
Detect conflicts between record components and explicit accessor methods
-
[`RecordComponentOverride`](https://errorprone.info/bugpattern/RecordComponentOverride):
Discourage `@Override` on record component declarations that don't
override
anything
-
[`ThrowableEqualsHashCode`](https://errorprone.info/bugpattern/ThrowableEqualsHashCode):
Discourage overriding `Throwable.equals()` and `hashCode()`
Closed issues:
[#​5553](https://redirect.github.com/google/error-prone/issues/5553),
[#​5649](https://redirect.github.com/google/error-prone/issues/5649),
[#​5778](https://redirect.github.com/google/error-prone/issues/5778)
Full changelog:
<google/error-prone@v2.49.0...v2.50.0>
</details>
<details>
<summary>googleapis/google-http-java-client
(com.google.http-client:google-http-client)</summary>
###
[`v2.1.1`](https://redirect.github.com/googleapis/google-http-java-client/blob/HEAD/CHANGELOG.md#211-2026-06-29)
[Compare
Source](https://redirect.github.com/googleapis/google-http-java-client/compare/v2.1.0...v2.1.1)
##### Bug Fixes
- Add containsKey override for GenericData class
([#​2151](https://redirect.github.com/googleapis/google-http-java-client/issues/2151))
([fbada29](https://redirect.github.com/googleapis/google-http-java-client/commit/fbada293e70c4db96c90128f507ff60efa34fe6a))
- Upgrade commons-codec to 1.14 to resolve security vulnerability
([#​2164](https://redirect.github.com/googleapis/google-http-java-client/issues/2164))
([68d9ba6](https://redirect.github.com/googleapis/google-http-java-client/commit/68d9ba67aef426fddf1bb8f1eb00c10da0e53de3))
</details>
<details>
<summary>google/cel-java (dev.cel:cel)</summary>
###
[`v0.13.1`](https://redirect.github.com/cel-expr/cel-java/releases/tag/v0.13.1)
[Compare
Source](https://redirect.github.com/google/cel-java/compare/v0.13.0...v0.13.1)
This minor release brings expanded support for Native Extensions, and
correctness fixes for optionals, protobuf types and policy evaluation.
#### 🚀 Highlights & New Features
- **Native Extensions:** Expanded support to include arrays for Native
type extensions
([#​1069](https://redirect.github.com/google/cel-java/pull/1069)).
#### 🛠️ Configuration & Default Changes
- **Deprecations:** The `enableCelValue` option has been deprecated
([#​1057](https://redirect.github.com/google/cel-java/pull/1057)).
#### 🐛 Bug Fixes & Correctness
- **Protobuf Conversion:** Updated `ProtoCelValueConverter` to correctly
handle `FIXED32` and `FIXED64` as unsigned values
([#​1073](https://redirect.github.com/google/cel-java/pull/1073)).
- **Native Extensions:** Safely ignored enums in native type extensions
to prevent evaluation errors
([#​1078](https://redirect.github.com/google/cel-java/pull/1078)).
- **Policy Dead Code:** Fixed dead code reachability logic that was
erroneously flagging on unconditional nested rules
([#​1072](https://redirect.github.com/google/cel-java/pull/1072)).
- **Optional Types:** Ensured that chained optional field selection does
not repeatedly wrap the optional type
([#​1086](https://redirect.github.com/google/cel-java/pull/1086)).
#### 👏 New Contributors
- [@​andrewparmet](https://redirect.github.com/andrewparmet) made
their first contribution fixing `FIXED32`/`FIXED64` unsigned handling in
[#​1073](https://redirect.github.com/google/cel-java/pull/1073)
**Full Changelog**:
<cel-expr/cel-java@v0.13.0...v0.13.1>
</details>
<details>
<summary>grpc/grpc-java (io.grpc:grpc-bom)</summary>
###
[`v1.82.1`](https://redirect.github.com/grpc/grpc-java/releases/tag/v1.82.1)
- protoc-gen-grpc-java: Fix missing osx-x86\_64 binary
([#​12878](https://redirect.github.com/grpc/grpc-java/pull/12878)).
This fixes a regression in v1.82.0
###
[`v1.82.0`](https://redirect.github.com/grpc/grpc-java/releases/tag/v1.82.0)
This release drops support for Bazel 7. It may still run, but we are no
longer testing it. We are testing Bazel 8 and 9.
We are anticipating requiring Netty 4.2 in the next release. Please file
an issue if you still need Netty 4.1 support.
##### Behavior Changes
- xds: Disable Priority LB child policy retention cache
([#​12806](https://redirect.github.com/grpc/grpc-java/issues/12806)).
Previously, when a priority became inactive, its associated child load
balancer was kept in a deactivated state for potential reuse. Now,
inactive child balancers are immediately torn down and removed.
- xds: skip DiscoveryRequest for unsubscribed types on stream ready
([#​12782](https://redirect.github.com/grpc/grpc-java/issues/12782)).
When the bootstrap declares more than one xDS server (e.g. a default
server for LDS/CDS plus an authority-specific EDS-only server),
grpc-java was sending CDS/LDS DiscoveryRequests to the EDS-only server
too. That server replies `UNIMPLEMENTED`, which tears down the stream
and EDS data never arrives. This fix makes it skip DiscoveryRequests for
resource types we don't actually subscribe to on a given server.
##### Improvements
- Remove JSR-305 `@ThreadSafe` annotation and replace with JavaDoc
([#​12762](https://redirect.github.com/grpc/grpc-java/issues/12762)).
Removes JSR-305 annotations but instead of replacing it with
ErrorProne's ThreadSafe, sticks to adding a JavaDoc comment. This is
done only in public non-final classes and interfaces. This allows Java
applications that have moved away from javax to compile and avoids a bug
in Immutables and Lombok (and possibly other annotation processors) from
failing when JSR-305 is not present.
- core: Reduce per-stream idle memory on the server by 0.5 KB
([`b38df6c`](https://redirect.github.com/grpc/grpc-java/commit/b38df6c94)).
The main improvement here is not retaining the request Metadata for the
life of the RPC. That means RPCs with larger request Metadata would see
a larger benefit.
- core: Clarify missing content-type on HTTP error responses
([#​12720](https://redirect.github.com/grpc/grpc-java/issues/12720)).
Adjusts the diagnostic for the missing rather than invalid content-type,
in the Status description.
- core: throw IOException when ProxySelector returns null or empty list
([#​12793](https://redirect.github.com/grpc/grpc-java/issues/12793)).
ProxySelector.select(URI) is required to return a non-null, non-empty
list. Some implementations violate this, which previously caused an
opaque crash in ProxyDetectorImpl. Now it detects this case explicitly
and fails gracefully, naming the offending ProxySelector class to help
with debugging.
- okhttp: enable TLS 1.3 by default for Android clients, retain TLS
1.2-only for desktop JVM
([`f430131`](https://redirect.github.com/grpc/grpc-java/commit/f43013161))
- xds: Reduce per-endpoint memory from CDS LB
([`cc0d1a8`](https://redirect.github.com/grpc/grpc-java/commit/cc0d1a810)).
This is most noticeable when there are many endpoints returned by EDS,
but the LB policy only uses a few of them, like pick\_first.
- xds: pre-parse custom metric names in WRR load balancer
([#​12773](https://redirect.github.com/grpc/grpc-java/issues/12773))
([`324fce7`](https://redirect.github.com/grpc/grpc-java/commit/324fce715)).
This reduces the per-RPC overhead of the gRFC A114 support added in
v1.81.0
- xds: Propagate status cause through XdsDepManager
([`13b4b97`](https://redirect.github.com/grpc/grpc-java/commit/13b4b9727)).
This preserves more information for failures communicating with the
control plane.
- binder: Give clear error when message is larger than parcel
([`d92ca44`](https://redirect.github.com/grpc/grpc-java/commit/d92ca44a1))
##### Bug Fixes
- xds: Trust Manager fix for certain scenarios where SAN validation
shouldn't use the SNI sent
([#​12775](https://redirect.github.com/grpc/grpc-java/issues/12775))
([`bb153a8`](https://redirect.github.com/grpc/grpc-java/commit/bb153a83f)).
- core: Cancel DelayedClientCall when application listener throws
([#​12761](https://redirect.github.com/grpc/grpc-java/issues/12761)).
Align DelayedClientCall.DelayedListener with ClientCallImpl's existing
behavior for listener exceptions. When the application listener throws
from onHeaders/onMessage/onReady, catch the Throwable, cancel the call
with CANCELLED (cause = the throwable), and swallow subsequent
callbacks. Previously, a throw from the application listener escaped to
the callExecutor's uncaught-exception handler. The real call was not
cancelled and the transport kept delivering callbacks to an already
broken listener
- core,opentelemetry: Fix server metric labels on early close
([#​12774](https://redirect.github.com/grpc/grpc-java/issues/12774)).
Addresses the server-side OpenTelemetry metric labeling bug where a
generated method can be recorded as grpc.method="other" if
`streamClosed()` happens before `serverCallStarted()`.
- core: Fix pick\_first NPE with
`GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST=true` when accepting resolved
addresses and in CONNECTING state
([#​12814](https://redirect.github.com/grpc/grpc-java/issues/12814)).
It makes sure that whenever PickFirstLeafLoadBalancer transitions into
CONNECTING the current address in the addressIndex has a corresponding
subchannel. This prevents an NPE in acceptResolvedAddresses in some
situations.
- okhttp: HPACK should fail on varint overflow
([`ec10992`](https://redirect.github.com/grpc/grpc-java/commit/ec1099254)).
This should have no visible impact in normal use. It mostly just makes
it easier to debug broken implementations
- xds: When using the file watcher certificate provider, reload cert/key
even if only one of them changes
([`f4125c5`](https://redirect.github.com/grpc/grpc-java/commit/f4125c591))
- compiler: Avoid compile error on weird proto file names
([`f021bef`](https://redirect.github.com/grpc/grpc-java/commit/f021befcd))
##### New Features
- googleapis: support `?force-xds` query parameter in the `google-c2p`
resolver
([#​12760](https://redirect.github.com/grpc/grpc-java/issues/12760))
([`86fa860`](https://redirect.github.com/grpc/grpc-java/commit/86fa86063)).
This disables environment checks and uses xDS unconditionally. Please
note that this feature has not yet seen comprehensive testing.
##### Dependencies
- Upgrade Netty to 4.1.133
([`ada087b`](https://redirect.github.com/grpc/grpc-java/commit/ada087b9d))
- bazel: Upgrade googleapis proto repo to commit
[`1dbb1a1`](https://redirect.github.com/grpc/grpc-java/commit/1dbb1a14)
([`ec0a9c9`](https://redirect.github.com/grpc/grpc-java/commit/ec0a9c976)).
This fixed a rules\_go incompatibility issue with Bazel 9.1. But it also
greatly reduced the overall transitive dependencies, as the C++ grpc
repo is no longer a dependency
- bazel: Upgrade workflows to Bazel 8
([`039ad77`](https://redirect.github.com/grpc/grpc-java/commit/039ad7779))
add Bazel 9.1.0 to our CI matrix
([`17be0d3`](https://redirect.github.com/grpc/grpc-java/commit/17be0d3d1))
- protoc-gen-grpc-java: Linux binaries are now built with Ubuntu 20.04
instead of 18.04
([`8802dc3`](https://redirect.github.com/grpc/grpc-java/commit/8802dc35b5),
[`da98b04`](https://redirect.github.com/grpc/grpc-java/commit/da98b04b09))
##### Thanks to
[@​becomeStar](https://redirect.github.com/becomeStar)\
[@​bengtsson1-flir](https://redirect.github.com/bengtsson1-flir)\
[@​jnowjack-lucidchart](https://redirect.github.com/jnowjack-lucidchart)\
[@​Kainsin](https://redirect.github.com/Kainsin)\
[@​kenkangxgwe](https://redirect.github.com/kenkangxgwe)\
[@​mfperminov](https://redirect.github.com/mfperminov)\
[@​paulmurhy123](https://redirect.github.com/paulmurhy123)\
[@​schiemon](https://redirect.github.com/schiemon)\
[@​therepanic](https://redirect.github.com/therepanic)
</details>
<details>
<summary>open-telemetry/semantic-conventions-java
(io.opentelemetry.semconv:opentelemetry-semconv)</summary>
###
[`v1.42.0`](https://redirect.github.com/open-telemetry/semantic-conventions-java/blob/HEAD/CHANGELOG.md#Version-1420-2026-06-16)
[Compare
Source](https://redirect.github.com/open-telemetry/semantic-conventions-java/compare/v1.41.1...v1.42.0)
- Bump to semconv v1.42.0
([#​497](https://redirect.github.com/open-telemetry/semantic-conventions-java/pull/497))
</details>
<details>
<summary>ThreeTen/threeten-extra (org.threeten:threeten-extra)</summary>
###
[`v1.10.0`](https://redirect.github.com/ThreeTen/threeten-extra/releases/tag/v1.10.0)
[Compare
Source](https://redirect.github.com/ThreeTen/threeten-extra/compare/v1.9.0...v1.10.0)
See the [change
notes](https://www.threeten.org/threeten-extra/changes-report.html) for
more information.
##### What's Changed
- Fix code style issues by
[@​jodastephen](https://redirect.github.com/jodastephen) in
[#​378](https://redirect.github.com/ThreeTen/threeten-extra/pull/378)
- Add JSpecify null annotations by
[@​jodastephen](https://redirect.github.com/jodastephen) in
[#​379](https://redirect.github.com/ThreeTen/threeten-extra/pull/379)
- Update tests for JSpecify by
[@​jodastephen](https://redirect.github.com/jodastephen) in
[#​380](https://redirect.github.com/ThreeTen/threeten-extra/pull/380)
- Update pom.xml versions by
[@​jodastephen](https://redirect.github.com/jodastephen) in
[#​381](https://redirect.github.com/ThreeTen/threeten-extra/pull/381)
**Full Changelog**:
<ThreeTen/threeten-extra@v1.9.0...v1.10.0>
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- At any time (no schedule defined)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/googleapis/google-cloud-java).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNDIuMiIsInVwZGF0ZWRJblZlciI6IjQzLjI0Mi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->1 parent 5a460f0 commit 8ac1a03
1 file changed
Lines changed: 10 additions & 10 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
12 | | - | |
| 12 | + | |
13 | 13 | | |
14 | | - | |
| 14 | + | |
15 | 15 | | |
16 | 16 | | |
17 | | - | |
| 17 | + | |
18 | 18 | | |
19 | | - | |
| 19 | + | |
20 | 20 | | |
21 | 21 | | |
22 | 22 | | |
| |||
29 | 29 | | |
30 | 30 | | |
31 | 31 | | |
32 | | - | |
| 32 | + | |
33 | 33 | | |
34 | 34 | | |
35 | 35 | | |
36 | 36 | | |
37 | 37 | | |
38 | 38 | | |
39 | 39 | | |
40 | | - | |
| 40 | + | |
41 | 41 | | |
42 | 42 | | |
43 | 43 | | |
44 | | - | |
| 44 | + | |
45 | 45 | | |
46 | 46 | | |
47 | | - | |
48 | | - | |
| 47 | + | |
| 48 | + | |
49 | 49 | | |
50 | | - | |
| 50 | + | |
51 | 51 | | |
0 commit comments