Skip to content

Bump the maven-dependencies group with 4 updates#955

Merged
chadlwilson merged 1 commit into
masterfrom
dependabot/maven/maven-dependencies-0e1db7d927
Jul 1, 2026
Merged

Bump the maven-dependencies group with 4 updates#955
chadlwilson merged 1 commit into
masterfrom
dependabot/maven/maven-dependencies-0e1db7d927

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the maven-dependencies group with 4 updates: io.grpc:grpc-bom, org.junit:junit-bom, com.google.protobuf:protobuf-java and org.sonatype.central:central-publishing-maven-plugin.

Updates io.grpc:grpc-bom from 1.81.0 to 1.82.1

Release notes

Sourced from io.grpc:grpc-bom's releases.

v1.82.1

  • protoc-gen-grpc-java: Fix missing osx-x86_64 binary (grpc/grpc-java#12878). This fixes a regression in v1.82.0

v1.82.0

This release drops support for Bazel 7. It may still run, but we are no longer testing it. We are testing Bazel 8 and 9.

We are anticipating requiring Netty 4.2 in the next release. Please file an issue if you still need Netty 4.1 support.

Behavior Changes

  • xds: Disable Priority LB child policy retention cache (#12806). Previously, when a priority became inactive, its associated child load balancer was kept in a deactivated state for potential reuse. Now, inactive child balancers are immediately torn down and removed.
  • xds: skip DiscoveryRequest for unsubscribed types on stream ready (#12782). When the bootstrap declares more than one xDS server (e.g. a default server for LDS/CDS plus an authority-specific EDS-only server), grpc-java was sending CDS/LDS DiscoveryRequests to the EDS-only server too. That server replies UNIMPLEMENTED, which tears down the stream and EDS data never arrives. This fix makes it skip DiscoveryRequests for resource types we don't actually subscribe to on a given server.

Improvements

  • Remove JSR-305 @ThreadSafe annotation and replace with JavaDoc (#12762). Removes JSR-305 annotations but instead of replacing it with ErrorProne's ThreadSafe, sticks to adding a JavaDoc comment. This is done only in public non-final classes and interfaces. This allows Java applications that have moved away from javax to compile and avoids a bug in Immutables and Lombok (and possibly other annotation processors) from failing when JSR-305 is not present.
  • core: Reduce per-stream idle memory on the server by 0.5 KB (b38df6c94). The main improvement here is not retaining the request Metadata for the life of the RPC. That means RPCs with larger request Metadata would see a larger benefit.
  • core: Clarify missing content-type on HTTP error responses (#12720). Adjusts the diagnostic for the missing rather than invalid content-type, in the Status description.
  • core: throw IOException when ProxySelector returns null or empty list (#12793). ProxySelector.select(URI) is required to return a non-null, non-empty list. Some implementations violate this, which previously caused an opaque crash in ProxyDetectorImpl. Now it detects this case explicitly and fails gracefully, naming the offending ProxySelector class to help with debugging.
  • okhttp: enable TLS 1.3 by default for Android clients, retain TLS 1.2-only for desktop JVM (f43013161)
  • xds: Reduce per-endpoint memory from CDS LB (cc0d1a810). This is most noticeable when there are many endpoints returned by EDS, but the LB policy only uses a few of them, like pick_first.
  • xds: pre-parse custom metric names in WRR load balancer (#12773) (324fce715). This reduces the per-RPC overhead of the gRFC A114 support added in v1.81.0
  • xds: Propagate status cause through XdsDepManager (13b4b9727). This preserves more information for failures communicating with the control plane.
  • binder: Give clear error when message is larger than parcel (d92ca44a1)

Bug Fixes

  • xds: Trust Manager fix for certain scenarios where SAN validation shouldn't use the SNI sent (#12775) (bb153a83f).
  • core: Cancel DelayedClientCall when application listener throws (#12761). Align DelayedClientCall.DelayedListener with ClientCallImpl's existing behavior for listener exceptions. When the application listener throws from onHeaders/onMessage/onReady, catch the Throwable, cancel the call with CANCELLED (cause = the throwable), and swallow subsequent callbacks. Previously, a throw from the application listener escaped to the callExecutor's uncaught-exception handler. The real call was not cancelled and the transport kept delivering callbacks to an already broken listener
  • core,opentelemetry: Fix server metric labels on early close (#12774). Addresses the server-side OpenTelemetry metric labeling bug where a generated method can be recorded as grpc.method="other" if streamClosed() happens before serverCallStarted().
  • core: Fix pick_first NPE with GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST=true when accepting resolved addresses and in CONNECTING state (#12814). It makes sure that whenever PickFirstLeafLoadBalancer transitions into CONNECTING the current address in the addressIndex has a corresponding subchannel. This prevents an NPE in acceptResolvedAddresses in some situations.
  • okhttp: HPACK should fail on varint overflow (ec1099254). This should have no visible impact in normal use. It mostly just makes it easier to debug broken implementations
  • xds: When using the file watcher certificate provider, reload cert/key even if only one of them changes (f4125c591)
  • compiler: Avoid compile error on weird proto file names (f021befcd)

New Features

  • googleapis: support ?force-xds query parameter in the google-c2p resolver (#12760) (86fa86063). This disables environment checks and uses xDS unconditionally. Please note that this feature has not yet seen comprehensive testing.

Dependencies

  • Upgrade Netty to 4.1.133 (ada087b9d)
  • bazel: Upgrade googleapis proto repo to commit 1dbb1a14 (ec0a9c976). This fixed a rules_go incompatibility issue with Bazel 9.1. But it also greatly reduced the overall transitive dependencies, as the C++ grpc repo is no longer a dependency
  • bazel: Upgrade workflows to Bazel 8 (039ad7779) add Bazel 9.1.0 to our CI matrix (17be0d3d1)
  • protoc-gen-grpc-java: Linux binaries are now built with Ubuntu 20.04 instead of 18.04 (8802dc35b5, da98b04b09)

Thanks to

@​becomeStar
@​bengtsson1-flir

... (truncated)

Commits
  • 7b5e9ff Bump version to 1.82.1
  • 20768f1 Update README etc to reference 1.82.1
  • 5ab5eba kokoro: Remove extra / in architecture replacement
  • 6726caf buildscripts: add regional td config for psm-interop (v1.82.x backport) (#12864)
  • 022256f Bump version to 1.82.1-SNAPSHOT
  • 78fb519 Bump version to 1.82.0
  • b62b0fc Update README etc to reference 1.82.0
  • 8802dc3 build: downgrade multiarch to Ubuntu 20.04 and consolidate images (#12830)
  • be300bd kokoro: Avoid brew on Mac OS
  • 4111f6f core: throw IOException when ProxySelector returns null or empty list (#12793)
  • Additional commits viewable in compare view

Updates org.junit:junit-bom from 6.1.0 to 6.1.1

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.1.1 = Platform 6.1.1 + Jupiter 6.1.1 + Vintage 6.1.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.1.0...r6.1.1

Commits
  • 0d85889 Release 6.1.1
  • 0363eee Finalize 6.1.1 release notes
  • a6d540a Move entry to 6.1.1 release notes
  • 69339d5 Only pass timeout when publishing to avoid failure in nmcp plugin
  • dec2eb9 Allow excluding engines from memory cleanup mode (#5786)
  • a5f4270 Publish sha256/sha512 checksums again but filter out signature ones (#5796)
  • 8213012 Update plugin nmcp-settings to v1.6.0 (#5787)
  • d1bf847 Generate Javadoc for aggregator modules
  • d721de5 Pass --no-fonts to javadoc convention
  • d289ec6 Restore original SetSystemProperty values in a ParameterizedTest (#5720)
  • Additional commits viewable in compare view

Updates com.google.protobuf:protobuf-java from 4.35.0 to 4.35.1

Commits

Updates org.sonatype.central:central-publishing-maven-plugin from 0.10.0 to 0.11.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the maven-dependencies group with 4 updates: [io.grpc:grpc-bom](https://github.com/grpc/grpc-java), [org.junit:junit-bom](https://github.com/junit-team/junit-framework), [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) and [org.sonatype.central:central-publishing-maven-plugin](https://github.com/sonatype/central-publishing-maven-plugin).


Updates `io.grpc:grpc-bom` from 1.81.0 to 1.82.1
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](grpc/grpc-java@v1.81.0...v1.82.1)

Updates `org.junit:junit-bom` from 6.1.0 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.1.0...r6.1.1)

Updates `com.google.protobuf:protobuf-java` from 4.35.0 to 4.35.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `org.sonatype.central:central-publishing-maven-plugin` from 0.10.0 to 0.11.0
- [Commits](https://github.com/sonatype/central-publishing-maven-plugin/commits)

---
updated-dependencies:
- dependency-name: io.grpc:grpc-bom
  dependency-version: 1.82.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.junit:junit-bom
  dependency-version: 6.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: com.google.protobuf:protobuf-java
  dependency-version: 4.35.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.sonatype.central:central-publishing-maven-plugin
  dependency-version: 0.11.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 1, 2026
@chadlwilson chadlwilson merged commit b663961 into master Jul 1, 2026
22 checks passed
@chadlwilson chadlwilson deleted the dependabot/maven/maven-dependencies-0e1db7d927 branch July 1, 2026 04:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Development

Successfully merging this pull request may close these issues.

1 participant