Skip to content

Bump the java group across 1 directory with 8 updates#1384

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/java/java-04ae5ce389
Open

Bump the java group across 1 directory with 8 updates#1384
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/java/java-04ae5ce389

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026
edited
Loading

Bumps the java group with 8 updates in the /java directory:

Package From To
com.google.protobuf:protobuf-bom 4.33.4 4.34.1
io.grpc:grpc-bom 1.78.0 1.80.0
com.google.api.grpc:proto-google-common-protos 2.65.0 2.70.0
com.google.guava:guava 33.5.0-android 33.6.0-android
org.apache.maven.plugins:maven-compiler-plugin 3.14.1 3.15.0
org.apache.maven.plugins:maven-dependency-plugin 3.9.0 3.10.0
org.apache.maven.plugins:maven-surefire-plugin 3.5.4 3.5.5
org.apache.maven.plugins:maven-shade-plugin 3.6.1 3.6.2

Updates com.google.protobuf:protobuf-bom from 4.33.4 to 4.34.1

Commits

Updates io.grpc:grpc-bom from 1.78.0 to 1.80.0

Release notes

Sourced from io.grpc:grpc-bom's releases.

V1.80.0

API Changes

  • core: Added PickResult.copyWithSubchannel() and PickResult.copyWithStreamTracerFactory() to simplify updating PickResult while preserving metadata. Load balancing policies should now ensure ForwardingSubchannel decorators are unwrapped before being returned in a pick result. (#12658) (eae16b251)

Bug Fixes

  • core: Fixed the retry backoff jitter range to [0.8, 1.2] to align with the gRPC A6 specification. Retries will now occur more consistently around the calculated backoff interval. (#12639) (024fdd0ea) core: Fixed a race condition in RetriableStream where inFlightSubStreams counting could become inconsistent during concurrent retry and deadline events. This ensures that client calls (such as blockingUnaryCall) do not hang indefinitely and correctly receive a close signal. (#12649) (73abb4854)

Improvements

  • api: Trigger R8's ServiceLoader optimization to reduce necessary configuration when using R8 Full Mode (470219f9c). This allows gRPC to avoid reflection, and the need to specify -keeps for various class’s constructors. Upgrade to protobuf 33.4 (#12615) (50c18f183)
  • cronet: Introduced CRONET_READ_BUFFER_SIZE_KEY to allow customizing the read buffer size per-stream via CallOptions. Increasing the buffer size from the 4KB default can significantly improve performance for large messages by reducing JNI and context-switching overhead. (31fdb6c22)
  • api: Moved FlagResetRule to api/testFixtures and updated ManagedChannelRegistry to honor the GRPC_ENABLE_RFC3986_URIS feature flag. This ensures that target parsing is consistent across the library when the new URI parser is enabled. (#12608)
  • api: Updated NameResolverRegistry to natively support io.grpc.Uri. This is a foundational change that allows gRPC's name resolution system to handle URIs parsed with the new RFC 3986-compliant parser, ensuring more robust target handling. (#12609) (990348876)
  • xds: Removed the GRPC_EXPERIMENTAL_XDS_SNI feature flag. SNI determination via xDS is now always enabled and follows gRFC A101, where SNI is derived from xDS configurations like auto_host_sni or UpstreamTlsContext.sni. This ensures that no SNI is sent if not explicitly configured, unless the legacy channel authority fallback is enabled. (#12625) (ac44e9681)

New Features

  • core: pick_first shuffling now a weighted shuffle and observes weights from EDS (34dd29042). This finishes the gRFC A113 pick_first: Weighted Random Shuffling support
  • netty: Added RFC 3986 support to the unix: name resolver. This enables proper parsing of Unix domain socket URIs, including correct handling of query and fragment components in both hierarchical (e.g., unix:///path) and opaque (e.g., unix:/path) formats. (#12659)

Thanks to

v1.79.0

API Changes

  • core: Delete the never-used io.grpc.internal.ReadableBuffer.readBytes(ByteBuffer) (#12580) (738782fb0). This is deeply internal and not accessible, so shouldn’t impact anything. However, Apache Arrow Java uses reflection to access private fields; GH-939: Remove reflection for gRPC buffers is swapping to gRPC’s public zero-copy APIs

  • opentelemetry: Add target attribute filter for metrics (#12587). Introduce an optional Predicate targetAttributeFilter to control how grpc.target is recorded in OpenTelemetry client metrics. When a filter is provided, targets rejected by the predicate are normalized to "other" to reduce grpc.target metric cardinality, while accepted targets are recorded as-is. If no filter is set, existing behavior is preserved. This change adds a new Builder API on GrpcOpenTelemetry to allow applications to configure the filter. 

Behavior Changes

  • core: Convert AutoConfiguredLB to an actual LB (4bbf8eee5). This is an internal refactoring, but it does improve how errors are handled for broken binaries. Previously, not being able to load pick_first would result in a channel panic. Now it is handled as a regular load balancing error

  • okhttp: Assert no pending streams before transport READY (#12566) (ed6d175fc). No pending streams should exist when the transport transitions to READY. This PR adds an assertion to help verify this invariant.

Bug Fixes

  • core: PickFirstLB should not return a subchannel during CONNECTING (228fc8ecd). Pick-first in grpc-java has behaved this way since it was created, and it was of no consequence. However, now there are some load balancing policies (mainly RLS) that will do a pick() and hope the result to be reasonably accurate for metrics.

  • xds: Endpoint weights are now normalized within localities, so that when using rish_hash the locality weights are preserved (f6d140f87). Previously, localities with many endpoints or high endpoint weights could receive excess traffic. This is one part of gRFC A113 pick_first: Weighted Random Shuffle

... (truncated)

Commits
  • 6c231b4 Bump version to 1.80.0
  • daf7a6c Update README etc to reference 1.80.0
  • b7f9074 Revert "fix(xds): Allow and normalize trailing dot (FQDN) in matchHostName (#...
  • 09a6e2e Revert "netty: Preserve early server handshake failure cause in logs"
  • 31fdb6c Add CRONET_READ_BUFFER_SIZE_KEY API to CronetClientStream
  • 470219f Trigger R8's ServiceLoader optimization
  • 50ead96 netty: Preserve early server handshake failure cause in logs
  • eae16b2 unwrap ForwardingSubchannel during Picks (#12658)
  • d9320ee netty: Add RFC 3986 support to the 'unix:' name resolver.
  • d5536b3 netty: factor out some duplicated code into a helper method
  • Additional commits viewable in compare view

Updates com.google.api.grpc:proto-google-common-protos from 2.65.0 to 2.70.0

Release notes

Sourced from com.google.api.grpc:proto-google-common-protos's releases.

v2.68.0

2.68.0 (2026-03-17)

Features

  • Add client request duration metric. (#4132) (6a76397)
  • Add more attributes to golden signals metrics. (#4135) (59d0624)
  • gax-httpjson: add HttpJsonErrorParser utility (#4137) (a1b7565)
  • generator: add extra allowed modules that will not be removed from the monorepo if they are present (#4124) (774fe6e)
  • o11y: introduce gcp.client.repo and gcp.client.artifact attributes (#4120) (105f644)
  • o11y: Introduce rpc.system.name and rpc.method in gRPC (#4121) (7ab6d2e)
  • o11y: introduce server.port attribute (#4128) (56aa343)

Bug Fixes

  • add null checks for ApiTracerFactory in ClientContext (#4122) (4b3dbe2)
  • Decrease log level for directpath warnings outside GCE (#4139) (c9651e7)
  • gax-grpc: add pick_first fallback to direct path service config (#4143) (b150fe9)
  • Populate method level attributes in metrics recording (#4149) (7b7e6c9)
  • suppress warnings in generated projects for non-idiomatic durations (#4119) (4206e6e)
  • Use ServiceName + MethodName as the regex for Otel (#2543) (b9ae73f)

Documentation

  • hermetic_build: fix config field name in readme (#4130) (a0c8f67)

v2.67.0

2.67.0 (2026-02-18)

Features

  • observability: introduce minimal tracing implementation (#4105) (e4e5e89)

Dependencies

v2.66.1

2.66.1 (2026-02-04)

Documentation

  • [common-protos] update reference documentation for SelectionInput.DROPDOWN to include dynamic data sources and autosuggestion (9960262)

... (truncated)

Changelog

Sourced from com.google.api.grpc:proto-google-common-protos's changelog.

Changelog

2.68.0 (2026-03-17)

Features

  • Add client request duration metric. (#4132) (6a76397)
  • Add more attributes to golden signals metrics. (#4135) (59d0624)
  • gax-httpjson: add HttpJsonErrorParser utility (#4137) (a1b7565)
  • generator: add extra allowed modules that will not be removed from the monorepo if they are present (#4124) (774fe6e)
  • o11y: introduce gcp.client.repo and gcp.client.artifact attributes (#4120) (105f644)
  • o11y: Introduce rpc.system.name and rpc.method in gRPC (#4121) (7ab6d2e)
  • o11y: introduce server.port attribute (#4128) (56aa343)

Bug Fixes

  • add null checks for ApiTracerFactory in ClientContext (#4122) (4b3dbe2)
  • Decrease log level for directpath warnings outside GCE (#4139) (c9651e7)
  • gax-grpc: add pick_first fallback to direct path service config (#4143) (b150fe9)
  • Populate method level attributes in metrics recording (#4149) (7b7e6c9)
  • suppress warnings in generated projects for non-idiomatic durations (#4119) (4206e6e)
  • Use ServiceName + MethodName as the regex for Otel (#2543) (b9ae73f)

Documentation

  • hermetic_build: fix config field name in readme (#4130) (a0c8f67)

2.67.0 (2026-02-18)

Features

  • observability: introduce minimal tracing implementation (#4105) (e4e5e89)

Dependencies

2.66.1 (2026-02-04)

Documentation

  • [common-protos] update reference documentation for SelectionInput.DROPDOWN to include dynamic data sources and autosuggestion (9960262)

... (truncated)

Commits

Updates com.google.guava:guava from 33.5.0-android to 33.6.0-android

Release notes

Sourced from com.google.guava:guava's releases.

33.6.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.6.0-jre</version>
  <!-- or, for Android: -->
  <version>33.6.0-android</version>
</dependency>

Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc

JDiff

Changelog

  • Migrated some classes from finalize() to PhantomReference in preparation for the removal of finalization. (786b619dd6, 7c6b17c, aeef90988d)
  • cache: Deprecated CacheBuilder APIs that use TimeUnit in favor of those that use Duration. (73f8b0bb84)
  • collect: Added toImmutableSortedMap collectors that use the natural comparator. (64d70b9f94)
  • collect: Changed ConcurrentHashMultiset, ImmutableMap and TreeMultiset deserialization to avoid mutating final fields. In extremely unlikely scenarios in which an instance of that type contains an object that refers back to that instance, this could lead to a broken instance that throws NullPointerException when used. (8240c7e596, 046468055f)
  • graph: Removed @Beta from all APIs in the package. (dae9566b73)
  • graph: Added support to Graphs.transitiveClosure() for different strategies for adding self-loops. (2e13df25b2)
  • graph: Added an asNetwork() view to Graph and ValueGraph. (909c593c61)
  • hash: Added BloomFilter.serializedSize(). (df9bcc251a)
  • net: Added HttpHeaders.CDN_CACHE_CONTROL. (75331b5030)
Commits

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

Commits
  • 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
  • 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
  • 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
  • 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
  • 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
  • 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
  • aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
  • 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
  • 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
  • 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.9.0 to 3.10.0

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.10.0

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

Commits
  • 4127c33 [maven-release-plugin] prepare release maven-dependency-plugin-3.10.0
  • 68b5e47 Add analyze-only to usage page
  • 09d5860 Fix Jenkin bages in README
  • 4308f6c Bump org.apache.maven.shared:maven-dependency-analyzer
  • ba3c570 Apply excludeReactor to plugin dependencies in go-offline and resolve-plugins
  • 0d88b66 Only log dependency classpath when no property/file output is specified
  • 0075e31 Bump org.assertj:assertj-core (#1581)
  • 65d53bb Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#1582)
  • eaf54f0 Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#1580)
  • ece9a38 Improve dependencies filtering in AbstractAnalyzeMojo
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

  • Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
  • Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

  • Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

🔧 Build

📦 Dependency updates

... (truncated)

Commits
  • 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
  • 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
  • 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
  • 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
  • 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
  • 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
  • 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
  • e5c01a6 Build only by the latest Maven on Jenkins (#3255)
  • 9c99e97 Fix Jenkin badges in README (#3254)
  • 20930ea Bump parent from 44 to 47 (#3253)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-shade-plugin from 3.6.1 to 3.6.2

Release notes

Sourced from org.apache.maven.plugins:maven-shade-plugin's releases.

3.6.2

🐛 Bug Fixes

  • Bug: Extra JARs and Artifacts were not subjected to filtering (#785) @​cstamas

👻 Maintenance

📦 Dependency updates

Commits
  • ad8de59 [maven-release-plugin] prepare release maven-shade-plugin-3.6.2
  • 8eb19dc Drop unneeded dependencies (#788)
  • 397b2cd Drop excessive dependencies (#786)
  • eca6398 Bug: Extra JARs and Artifacts were not subjected to filtering (#785)
  • 7edce17 Update to parent POM v 47 (#781)
  • 3171a34 Mockito improvements (#783)
  • 678844b Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#782)
  • 73ec909 Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#780)
  • 5f7a877 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#778)
  • 73c5247 chore: remove junit3 reference (#762)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the java group across 1 directory with 8 updates
3fa6ce8 
Bumps the java group with 8 updates in the /java directory:

| Package | From | To |
| --- | --- | --- |
| [com.google.protobuf:protobuf-bom](https://github.com/protocolbuffers/protobuf) | `4.33.4` | `4.34.1` |
| [io.grpc:grpc-bom](https://github.com/grpc/grpc-java) | `1.78.0` | `1.80.0` |
| [com.google.api.grpc:proto-google-common-protos](https://github.com/googleapis/sdk-platform-java) | `2.65.0` | `2.70.0` |
| [com.google.guava:guava](https://github.com/google/guava) | `33.5.0-android` | `33.6.0-android` |
| [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.14.1` | `3.15.0` |
| [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) | `3.9.0` | `3.10.0` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.4` | `3.5.5` |
| [org.apache.maven.plugins:maven-shade-plugin](https://github.com/apache/maven-shade-plugin) | `3.6.1` | `3.6.2` |



Updates `com.google.protobuf:protobuf-bom` from 4.33.4 to 4.34.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `io.grpc:grpc-bom` from 1.78.0 to 1.80.0
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](grpc/grpc-java@v1.78.0...v1.80.0)

Updates `com.google.api.grpc:proto-google-common-protos` from 2.65.0 to 2.70.0
- [Release notes](https://github.com/googleapis/sdk-platform-java/releases)
- [Changelog](https://github.com/googleapis/sdk-platform-java/blob/main/CHANGELOG.md)
- [Commits](googleapis/sdk-platform-java@v2.65.0...gax/v2.70.0)

Updates `com.google.guava:guava` from 33.5.0-android to 33.6.0-android
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.14.1 to 3.15.0
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.14.1...maven-compiler-plugin-3.15.0)

Updates `org.apache.maven.plugins:maven-dependency-plugin` from 3.9.0 to 3.10.0
- [Release notes](https://github.com/apache/maven-dependency-plugin/releases)
- [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-3.9.0...maven-dependency-plugin-3.10.0)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.4 to 3.5.5
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.4...surefire-3.5.5)

Updates `org.apache.maven.plugins:maven-shade-plugin` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/apache/maven-shade-plugin/releases)
- [Commits](apache/maven-shade-plugin@maven-shade-plugin-3.6.1...maven-shade-plugin-3.6.2)

---
updated-dependencies:
- dependency-name: com.google.protobuf:protobuf-bom
  dependency-version: 4.34.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java
- dependency-name: io.grpc:grpc-bom
  dependency-version: 1.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java
- dependency-name: com.google.api.grpc:proto-google-common-protos
  dependency-version: 2.70.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java
- dependency-name: com.google.guava:guava
  dependency-version: 33.6.0-android
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
  dependency-version: 3.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: java
- dependency-name: org.apache.maven.plugins:maven-dependency-plugin
  dependency-version: 3.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: java
- dependency-name: org.apache.maven.plugins:maven-shade-plugin
  dependency-version: 3.6.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: java
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added Dependencies Updates a dependency Java Java/JVM language support labels Apr 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Dependencies Updates a dependency Java Java/JVM language support

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants