fix(deps): update grpc-java monorepo to v1.77.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
io.grpc:protoc-gen-grpc-java	1.75.0 -> 1.77.0
io.grpc:grpc-stub	1.75.0 -> 1.77.0
io.grpc:grpc-protobuf	1.75.0 -> 1.77.0

---

Release Notes

grpc/grpc-java (io.grpc:protoc-gen-grpc-java)

v1.77.0

API Changes

• binder: Remove experimental BinderChannelBuilder.bindAsUser() method, deprecated since 1.69 (#​12401) (f96ce06)

Bug Fixes

• api: Fix name resolver bridge listener handling for address resolution errors for custom name resolvers (#​12441) (acbbf86). This fixes regression introduced in v1.68.1 causing a “IllegalStateException: No value present.” exception
• core: Fix NullPointerException during address update with Happy Eyeballs (5e8af56). This should not impact many people as the code is disabled by default, behind two experimental environment variables
• okhttp: Fix bidirectional keep-alive causing spurious GOAWAY (6fc3fd0). This fixes the grpc-okhttp server incorrectly closing the connection with GOAWAY: too_many_pings
• xds: SslContext updates handling when using system root certs (#​12340) (63fdaac). Since FileWatcherCertificateProvider isn't used when using system root trust store, the SslContext update for the handshake that depended on it wasn't happening. This fix creates a separate CertificateProvider for handling system root certs that doesn't rely on the FileWatcherCertificateProvider.
• xds: Make cluster selection interceptor run before other filters (#​12381) (82f9b8e). This is needed when there is GcpAuthenticationFilter in the filter chain to make available the cluster resource in CallOptions.
• xds: Handle wildcards in DNS SAN exact matching (#​12345) (5b876cc)
• android: Fix UdsChannelBuilder with WiFi Proxy (349a35a)
• binder: Avoid potential deadlock when canceling AsyncSecurityPolicy futures (#​12283) (4725ced)
• binder: Fix a BinderServerTransport crash in the rare shutdown-before-start case (#​12440) (91f3f4d)

Improvements

• Improve status messages by including causal error details in config parsing errors for outlier detection and xds’s wrr locality policies (86e8b56)
• xds: Detect negative ref count for xds client (21696cd). A negative reference count could cause NullPointerExceptions, so when too many unrefs are detected it produces a SEVERE warning and prevents the reference count from going negative
• xds: Support deprecated xDS TLS fields for Istio compat (#​12435) (53cd1a2). This fixes a regression with Istio introduced in v1.73.0. This gives time for Istio’s new xDS field support to roll out
• googleapis: Allow wrapping NameResolver to inject XdsClient (#​12450) (27d1508). This allows googleapis to inject an xDS bootstrap to use with its channels even if one is already specified in the environment variable or system property. When the code was originally written there was a single global XdsClient, but since gRFC A71 Xds Fallback each target string has its own XdsClient and thus can have its own bootstrap
• alts: Allow overriding metadata server address with env variable (9ac12ef) (498f717)
• binder: Let the server know when the client fails to authorize it. (#​12445) (599a0a1) This avoids the server needing to wait for the handshake timeout before realizing the handshake failed

New Features

• opentelemetry: Implement otel retry metrics from gRFC A96 (#​12064) (d380191)
• opentelemetry: propagate baggage to server metrics for custom attributes (#​12389) (155308d)
• xds: Allow EC Keys in SPIFFE Bundle Map parsing (#​12399) (559e3ba)
• xds: Enable authority rewriting (gRFC A81), system root cert support (gRFC A82), GCP authentication filter (gRFC A83), and SNI (gRFC A101) (#​12499) (246c2b1). Authority rewriting requires the control plane to be labeled trusted_xds_server in the bootstrap. System root cert support and SNI require using XdsChannelCredentials
• rls: Add route lookup reason to request whether it is due to a cache miss or stale cache entry (#​12442) (795ce02)

Dependencies

• compiler: C++ protobuf used by codegen upgraded to 26.1 (#​12330) (55aefd5)
• alts: Remove dep on grpclb (b769f96). ALTS is no longer used with grpclb, so this removes dead code
• Upgrade netty to 4.1.127.Final (b37ee67)

Thanks to

@​panchenko
@​benjaminp
@​HyunSangHan
@​becomeStar
@​ZachChuba
@​oliviamariacodes
@​kssumin
@​laz-canva

v1.76.1

Bug Fixes

• core: Fix NullPointerException during address update with Happy Eyeballs (5e8af56). This should not impact many people as the code is disabled by default, behind two experimental environment variables

v1.76.0

Bug Fixes

• xds: ClusterResolverLb has been converted to use XdsDepManager, which finishes the changes for gRFC A74 xDS Config Tears. This change should resolve some unnecessary reconnections introduced in v1.75.0 when using weighted_round_robin and maybe other policies.
• netty: Remove Netty version detection since grpc-netty-shaded can't reliably determine its Netty version when multiple copies of Netty are present (even when shaded). This fixes the resurfacing of the Netty 4.1.111 corruption fixed in 1.65.0. That version fixed grpc-netty, but v1.75.0 upgraded grpc-netty-shaded to Netty 4.1.111 and exposed the Netty version detection problem. This fixes corruption, so the error messages range wildly, but one of them is "RESOURCE_EXHAUSTED: gRPC message exceeds maximum size"
• compiler: A fix has been implemented for the blockingV2 stub to mangle generated method names that conflict with java.lang.Object methods.
• servlet: A race condition in AsyncServletOutputStreamWriter has been fixed to prevent threads from getting stuck.
• servlet: An issue where AsyncContext.complete() was called multiple times, causing an IllegalStateException, has been resolved.
• binder: The REMOTE_UID is now required to hold the exact UID passed to the SecurityPolicy.
• binder: The server will now only accept post-setup transactions from the authorized server UID.
• util: AdvancedTlsX509TrustManager now errors with a message to say that files don’t exist instead of the previous “Files were unmodified before their initial update. Probably a bug.”
• android: A fix has been implemented for network change handling on API levels below 24.

Improvements

• api: Allocations of Attributes.Builder have been reduced. This mostly benefits attributes.toBuilder(), but that’s not expected to be visible in regular workloads.
• api: An empty array allocation in LoadBalancer.CreateSubchannelArgs.Builder has been avoided. It is a small optimization and is not expected to have any performance impact.
• servlet: A configurable methodNameResolver has been added to configure the mapping from servlet request paths to gRPC method name
• servlet: Avoid a race by increasing the AsyncContext timeout by 5 seconds. The gRPC Context timeout should trigger first
• xds: Pretty-print envoy.service.discovery.v3.Resource in debug logs
• bazel: The java/proto rules from rules_java/rules_proto are now used instead of native rules.
• bazel: Unnecessary direct build dependencies were removed from some targets
• netty: Support for the BCJSSE provider has been added in GrpcSslContexts.
• netty: Huffman coding in server response headers has been disabled; it was already disabled for client request headers
• netty: Include allow header for HTTP response code 405
• okhttp: Include allow header for HTTP response code 405
• binder: Error descriptions for ServiceConnection callbacks have been improved
• binder: Apps can now call SecurityPolicy.checkAuthorization() by PeerUid.

New Features

• stub: Trailers are now propagated in StatusException when thrown by BlockingClientCall.
• compiler: Support for macOS aarch64 with a universal binary has been added.
• opentelemetry: grpc.subchannel.* metrics as described in gRFC A94 OTel metrics for Subchannels have been added. grpc.disconnect_error will show as “unknown” until transports implement support
• binder: A NameResolver for Android's intent: URIs has been introduced.
• binder: A basic SocketStats with just the local and remote addresses has been added for channelz.

Documentation

• SECURITY.md: The documentation now describes how to use gcompat with LD_PRELOAD for Alpine.
• examples: The documentation now explains Bazel BCR releases and the git_override option.

Dependencies

• Upgraded Guava version to 33.4.8.
• The org.apache.tomcat:annotations-api dependency has been removed from the examples.

Thanks to

@​JoeCqupt
@​Sangamesh1997
@​benjaminp
@​camelcc
@​dmytroreutov
@​duckladydinh
@​jirkafm
@​kilink
@​panchenko
@​umairk79
@​vimanikag
@​werkt
@​xuhongxu96
@​zrlw

---

Configuration

📅 Schedule: Branch creation - "after 10pm" in timezone Europe/Prague, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.