chore: bump the gradle-production-dependencies group across 1 directory with 13 updates

[dependabot]

Bumps the gradle-production-dependencies group with 13 updates in the /src/adservice directory:

Package	From	To
io.opentelemetry:opentelemetry-bom	1.44.1	1.46.0
io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom	2.10.0	2.12.0
com.google.api.grpc:proto-google-common-protos	2.49.0	2.50.1
io.grpc:grpc-protobuf	1.68.2	1.70.0
io.grpc:grpc-stub	1.68.2	1.70.0
io.grpc:grpc-netty	1.68.2	1.70.0
io.grpc:grpc-services	1.68.2	1.70.0
io.grpc:protoc-gen-grpc-java	1.68.2	1.70.0
org.apache.logging.log4j:log4j-core	2.24.2	2.24.3
dev.openfeature.contrib.providers:flagd	0.10.2	0.10.5
dev.openfeature:sdk	1.12.2	1.14.0
com.google.protobuf:protoc	3.25.3	4.29.3
com.github.ben-manes.versions	0.51.0	0.52.0

Updates io.opentelemetry:opentelemetry-bom from 1.44.1 to 1.46.0

Release notes

Sourced from io.opentelemetry:opentelemetry-bom's releases.

Version 1.46.0

SDK

• Remove unused dependencies, cleanup code after stabilizing Value (#6948)
• Explicitly allow null into CompletableResultCode.failExceptionally() (#6963)

Traces

• Fix span setStatus (#6990)

Logs

• Add getters/accessors for readable fields in ReadWriteLogRecord. (#6924)

Exporters

• OTLP: Update to opentelemetry-proto 1.5 (#6999)
• Bugfix - OTLP: Ensure Serializer runtime exceptions are rethrown as IOException (#6969)
• BREAKING - OTLP: Delete experimental OTLP authenticator concept. See OTLP authentication docs for supported solutions. (#6984)

Extensions

• BREAKING - Autoconfigure: Remove support for deprecated otel.experimental.resource.disabled.keys (#6931)

🙇 Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

@​breedx-splk @​celikrecep @​happysiddharth @​jack-berg @​jaydeluca @​jhalliday @​jkwatson @​laurit @​robsunday @​steverao @​trask @​zeitlinger

Version 1.45.0

API

• Add convenience method setAttribute(Attribute<Long>, int) to SpanBuilder (matching the existing convenience method in Span) (#6884)
• Extends TextMapGetter with experimental GetAll() method, implement usage in W3CBaggagePropagator (#6852)

SDK

Traces

... (truncated)

Changelog

Sourced from io.opentelemetry:opentelemetry-bom's changelog.

Version 1.46.0 (2025-01-10)

SDK

• Remove unused dependencies, cleanup code after stabilizing Value (#6948)
• Explicitly allow null into CompletableResultCode.failExceptionally() (#6963)

Traces

• Fix span setStatus (#6990)

Logs

• Add getters/accessors for readable fields in ReadWriteLogRecord. (#6924)

Exporters

• OTLP: Update to opentelemetry-proto 1.5 (#6999)
• Bugfix - OTLP: Ensure Serializer runtime exceptions are rethrown as IOException (#6969)
• BREAKING - OTLP: Delete experimental OTLP authenticator concept. See OTLP authentication docs for supported solutions. (#6984)

Extensions

• BREAKING - Autoconfigure: Remove support for deprecated otel.experimental.resource.disabled.keys (#6931)

Version 1.45.0 (2024-12-06)

API

• Add convenience method setAttribute(Attribute<Long>, int) to SpanBuilder (matching the existing convenience method in Span) (#6884)
• Extends TextMapGetter with experimental GetAll() method, implement usage in W3CBaggagePropagator (#6852)

SDK

Traces

• Add synchronization to SimpleSpanProcessor to ensure thread-safe export of spans

... (truncated)

Commits

• 5640314 [release/v1.46.x] Prepare release 1.46.0 (#7010)
• 0920d11 Prepare 1.46.0 (#7007)
• 2e0b315 fix(deps): update dependency com.google.protobuf:protobuf-bom to v4.29.3 (#7003)
• d74e277 fix(deps): update dependency com.squareup.okio:okio-bom to v3.10.2 (#7001)
• ccb6346 fix(deps): update dependency nl.jqno.equalsverifier:equalsverifier to v3.18.1...
• 43b38e2 Update profiling exporters for proto 1.5 (#6999)
• 330881a fix(deps): update dependency com.google.api.grpc:proto-google-common-protos t...
• 6f8d491 fix(deps): update spotless packages to v7.0.1 (#6998)
• 5f90b03 Fix span setStatus (#6990)
• d3e3807 fix(deps): update dependency com.squareup.okio:okio-bom to v3.10.1 (#6997)
• Additional commits viewable in compare view

Updates io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom from 2.10.0 to 2.12.0

Release notes

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom's releases.

Version 2.12.0

This release targets the OpenTelemetry SDK 1.46.0.

Note that many artifacts have the -alpha suffix attached to their version number, reflecting that they are still alpha quality and will continue to have breaking changes. Please see the VERSIONING.md for more details.

Migration notes

• Some Java agent instrumentation suppression keys have been renamed to match their module names: - elasticsearch-rest-6.0 --> elasticsearch-rest-6.4 - internal-application-logging --> internal-application-logger - javalin-5 -> javalin-5.0 - pulsar-2.8.0 -> pulsar-2.8
• In preparation for stabilizing HTTP library instrumentation soon: - setCaptured*Headers(List) methods in *TelemetryBuilder classes were changed to setCaptured*Headers(Collection) (#12901) - setKnownMethods(Set) methods in *TelemetryBuilder classes were changed to setKnownMethods(Collection) (#12902)

📈 Enhancements

• Support ExtendedTextMapGetter in gRPC instrumentation (#13011)
• Add database client metrics in DynamoDB instrumentation (#13033)
• Propagate context into async http client CompletableFuture callbacks (#13041)
• Exclude spring routing data source from Spring Starter instrumentation (#13054)
• Instrument jdbc batch queries (#12797)

🛠️ Bug fixes

• Fix incorrect dubbo trace caused by using rpcContext.isProviderSide() (#12930)
• Fix ClickHouse query failing with syntax error (#13020)
• Fix instrumentation module not loading silently when duplicate helper classnames are detected (#13005)
• Fix compatibility problem due to DubboHeadersGetter#keys in Dubbo 2.7.6 and 2.7.7 (#12982)
• Fix appender install for async Logback appenders (#13047)

🙇 Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

@​AlbumenJ @​annettejanewilson @​ataraxis @​cleverchuk @​FlorianBruckner @​jamesmoessis @​jaydeluca @​jeanbisutti @​johnbley @​JonasKunz @​laurit @​markAtAthena @​rghugikar @​shalk @​steverao @​SylvainJuge @​trask @​xiepuhuan @​zeitlinger

... (truncated)

Changelog

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom's changelog.

Version 2.12.0 (2025-01-17)

Migration notes

• Some Java agent instrumentation suppression keys have been renamed to match their module names:
  • elasticsearch-rest-6.0 --> elasticsearch-rest-6.4
  • internal-application-logging --> internal-application-logger
  • javalin-5 -> javalin-5.0
  • pulsar-2.8.0 -> pulsar-2.8
• In preparation for stabilizing HTTP library instrumentation soon:
  • setCaptured*Headers(List) methods in *TelemetryBuilder classes were changed to setCaptured*Headers(Collection) (#12901)
  • setKnownMethods(Set) methods in *TelemetryBuilder classes were changed to setKnownMethods(Collection) (#12902)

📈 Enhancements

• Support ExtendedTextMapGetter in gRPC instrumentation (#13011)
• Add database client metrics in DynamoDB instrumentation (#13033)
• Propagate context into async http client CompletableFuture callbacks (#13041)
• Exclude spring routing data source from Spring Starter instrumentation (#13054)
• Instrument jdbc batch queries (#12797)

🛠️ Bug fixes

• Fix incorrect dubbo trace caused by using rpcContext.isProviderSide() (#12930)
• Fix ClickHouse query failing with syntax error (#13020)
• Fix instrumentation module not loading silently when duplicate helper classnames are detected (#13005)
• Fix compatibility problem due to DubboHeadersGetter#keys in Dubbo 2.7.6 and 2.7.7 (#12982)
• Fix appender install for async Logback appenders (#13047)

Version 2.11.0 (2024-12-23)

Migration notes

In preparation for stabilizing HTTP library instrumentation soon:

• addAttributeExtractor methods in a few *TelemetryBuilder classes have been deprecated

... (truncated)

Commits

• 65f2b92 [release/v2.12.x] Prepare release 2.12.0 (#13056)
• 9fc83aa Update changelog for upcoming release (#13045)
• 467dfc0 Instrument jdbc batch queries (#12797)
• aaed8ac Spring starter: exclude spring routing data source from instrumentation (#13054)
• 93bca06 make rmi instrumentation indy-compatible + add module opener (#12585)
• 2da1d1f Logback: fix otel appender install for async appenders (#13047)
• ebdd5af fix(deps): update dependency org.snakeyaml:snakeyaml-engine to v2.9 (#13048)
• 93dd4c8 Propagate context into async http client CompletableFuture callbacks (#13041)
• 44bea8d add db client metrics for dynamo db (#13033)
• 4d2ea25 Rename another setSet... (#13046)
• Additional commits viewable in compare view

Updates com.google.api.grpc:proto-google-common-protos from 2.49.0 to 2.50.1

Release notes

Sourced from com.google.api.grpc:proto-google-common-protos's releases.

v2.50.0

2.50.0 (2024-11-14)

Features

• Add experimental S2A integration in client libraries grpc transport (#3326) (1138ca6)
• enable selective generation based on service config include list (#3323) (0cddadb)
• introduce java.time to java-core (#3330) (f202c3b)
• Update Gapic-Generator to generate libraries using java.time methods (#3321) (b21c9a4)

Bug Fixes

• Fix flaky test ScheduledRetryingExecutorTest.testCancelOuterFutureAfterStart (#3335) (e73740d)
• httpjson callables to trace attempts (started, failed) (#3300) (15a64ee)
• instantiate GaxProperties at build time to ensure we get the protobuf version (#3365) (bb2a3be)
• protobuf version not always getting set in headers (#3322) (7f6e470)
• use BuildKit instead of legacy builder to build the Hermetic Build images (#3338) (222fb45)

Dependencies

• update google auth library dependencies to v1.30.0 (#3367) (a31c682)
• update grpc dependencies to v1.68.1 (#3240) (c8e3941)

Documentation

• fix list num (#3356) (b7d6296)
• hermetic-build: indicate usage of Docker Buildkit in development guide (#3337) (01e742d)
• modify hermetic build docs (#3331) (25023af)

Changelog

Sourced from com.google.api.grpc:proto-google-common-protos's changelog.

Changelog

2.51.1 (2025-01-08)

Dependencies

• update dependency com.google.guava:guava to v33.4.0-jre (#3473) (453b897)
• update dependency com.google.guava:guava-bom to v33.4.0-jre (#3545) (07eb10e)
• update dependency com.google.oauth-client:google-oauth-client-bom to v1.37.0 (#3471) (1f1c369)
• update dependency net.bytebuddy:byte-buddy to v1.15.11 (#3468) (fde27db)
• update google api dependencies (#3461) (12d9ff2)
• update googleapis/java-cloud-bom digest to 03f6dcd (#3465) (67f5ea2)
• update junit5 monorepo to v5.11.4 (#3470) (164ebac)
• update netty dependencies to v4.1.116.final (#3543) (d4fa54d)
• update repo-automation-bots digest to 8b7d94b (#3458) (59f9e0a)

Documentation

• update development guide (#3480) (9a65386)

2.51.0 (2024-12-12)

Features

• [iam] add ResourcePolicyMember to google/iam/v1 (b8e2859)

Bug Fixes

• #3381 (75dcb96)
• graalvm missing build time class when using protobuf 4.x (#3438) (f0236cf)
• return all library names if repo-level parameter changes (#3379) (75dcb96), closes #3381

Dependencies

• update dependency com.fasterxml.jackson:jackson-bom to v2.18.2 (#3422) (fdc3a54)
• update dependency com.google.api-client:google-api-client-bom to v2.7.1 (#3450) (35f1310)
• update dependency com.google.auth:google-auth-library-oauth2-http to v1.30.0 (#3428) (78cbff1)
• update dependency com.google.errorprone:error_prone_annotations to v2.36.0 (#3425) (52dcc0d)
• update dependency com.google.errorprone:error_prone_annotations to v2.36.0 (#3426) (77dd85d)
• update dependency dev.cel:cel to v0.8.0 (#3429) (79cde20)
• update dependency io.github.java-diff-utils:java-diff-utils to v4.15 (#3430) (91fd5cb)
• update dependency net.bytebuddy:byte-buddy to v1.15.10 (#3298) (7b503de)
• update dependency org.checkerframework:checker-qual to v3.48.3 (#3278) (c5fd1b4)
• update dependency org.easymock:easymock to v5.5.0 (#3431) (3c22f5e)
• update dependency packaging to v24.2 (#3432) (c1e7c81)

... (truncated)

Commits

• See full diff in compare view

Updates io.grpc:grpc-protobuf from 1.68.2 to 1.70.0

Release notes

Sourced from io.grpc:grpc-protobuf's releases.

v1.69.1

Bug Fixes

• okhttp: Improve certificate handling by rejecting non-ASCII subject alternative names and hostnames as seen in CVE-2021-0341 (#11749) (a0982ca0a). Hostnames are considered trusted and CAs are required to use punycode for non-ASCII hostnames, so this is expected to provide defense-in-depth. See also the related GoSecure blog post and the AOSP fix
• xds: Preserve nonce when unsubscribing last watcher of a particular type so that new discovery requests of that type are handled correctly (1cf1927d1). This (along with 6c12c2bd2) fixes a nonce-handling regression introduced in 1.66.0 that could cause resources to appear to not exist until re-creating the ADS stream. Triggering the behavior required specific config changes. It is easiest to trigger when clusters use EDS and routes are changed from one cluster to another. The error “found 0 leaf (logical DNS or EDS) clusters for root cluster” might then be seen
• xds: Remember nonces for unknown types (6c12c2bd2)
• xds: Unexpected types in the bootstrap’s server_features should be ignored (e8ff6da2c). They were previously required to be strings
• xds: Fixed unsupported unsigned 32 bits issue for circuit breaker (#11735) (f8f613984). This fixes clients treating large max_requests as “no requests” and failing all requests
• xds: Remove xds authority label from metric registration (#11760) (6516c7387). This fixes the error “Incorrect number of required labels provided. Expected: 4” introduced in 1.69.0

v1.69.0

v1.69.0

New Features

• api: Allow LoadBalancers to specify an authority per-RPC.(#11631) (c167ead85) CallOptions.withAuthority() has higher precedence.
• netty: Add soft Metadata size limit enforcement. (#11603) (735b3f3fe) The soft limit is a lower size limit that fails an increasing percentage of RPCs as the Metadata size approaches the upper limit. This can be used as an “early warning” that the Metadata size is growing too large
• alts: support altsCallCredentials in GoogleDefaultChannelCredentials (#11634) (ba8ab796e)
• xds: Add grpc.xds_client metrics, as documented by OpenTelemetry Metrics (#11661) (20d09cee5). grpc.xds.authority is not yet available

Bug Fixes

• api: When forwarding from Listener onAddresses to Listener2 continue to use onResult (#11666) (dae078c0a). This fixes a 1.68.1 "IllegalStateException: Not called from the SynchronizationContext" regression (#11662) that could be seen in certain custom NameResolvers
• okhttp: If the frame handler thread is null do not schedule it on the executor (ef1fe8737). This fixes a 1.68.1 NullPointerException regression when a custom transportExecutor was provided to the channel and it did not have enough threads to run new tasks

Improvements

• api: Add java.time.Duration overloads to CallOptions, AbstractStub methods that take TimeUnit and a time value (#11562) (766b92379)
• core: Make timestamp usage in Channelz use nanos from Java.time.Instant when available (#11604) (9176b5528). This increases the timestamp precision from milliseconds
• okhttp: Fix for ipv6 link local with scope (#11725) (e98e7445b)
• binder: Let AndroidComponentAddress specify a target UserHandle (#11670) (e58c998a4)
• servlet: Deframe failures should be logged on the server as warnings (#11645) (a5db67d0c)
• s2a: Rename the Bazel target s2av2_credentials to s2a (29dd9bad3). The target s2a had been referenced by IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS but didn’t previously exist
• services: Make channelz work with proto lite (#11685) (b1703345f). This compatibility is on the source level. There is not a pre-built binary on Maven Central that supports proto lite
• services: Deprecate ProtoReflectionService (#11681) (921f88ae3). The class implements the deprecated v1alpha of the reflection protocol. Prefer ProtoReflectionServiceV1, which implements the v1 version of the reflection protocol

Dependencies

• Upgrade proto-google-common-protos to 2.48.0 (1993e68b0)
• Upgrade google-auth-library to 1.24.1 (1993e68b0)
• Upgrade error_prone_annotations to 2.30.0 (1993e68b0)
• Upgrade Guava to 33.3.1-android (1993e68b0)
• Upgrade opentelemetry-api to 1.43.0 (1993e68b0)
• xds: Remove Bazel dependency on xds v2 (664f1fcf8). This had been done for the Maven Central binaries in 1.63.0, but had been missed for Bazel builds

Documentation

• binder: Update error codes doc for new "Safer Intent" rules. (#11639) (fe350cfd5)
• examples: Use xds-enabled server and xds credentials in example-gcp-csm-observability (#11706) (a79982c7f)

... (truncated)

Commits

• 22a42c8 Bump version to 1.70.0
• e015a74 Update README etc to reference 1.70.0
• 4412054 xds: Rename grpc.xds.cluster to grpc.lb.backend_service
• 7dada7d xds: Pass grpc.xds.cluster label to tracer
• 1edc4d8 xds: Parsing xDS Cluster Metadata (#11741)
• 4222f77 xds:Move creating the retry timer in handleRpcStreamClosed to as late as poss...
• 6c12c2b xds: Remember nonces for unknown types
• 4a0f707 xds: Avoid depending on io.grpc.xds.Internal* classes
• 1cf1927 xds: Preserve nonce when unsubscribing type
• 9a712c3 xds: Make XdsClient.ResourceStore package-private
• Additional commits viewable in compare view

Updates io.grpc:grpc-stub from 1.68.2 to 1.70.0

Release notes

Sourced from io.grpc:grpc-stub's releases.

v1.69.1

Bug Fixes

• okhttp: Improve certificate handling by rejecting non-ASCII subject alternative names and hostnames as seen in CVE-2021-0341 (#11749) (a0982ca0a). Hostnames are considered trusted and CAs are required to use punycode for non-ASCII hostnames, so this is expected to provide defense-in-depth. See also the related GoSecure blog post and the AOSP fix
• xds: Preserve nonce when unsubscribing last watcher of a particular type so that new discovery requests of that type are handled correctly (1cf1927d1). This (along with 6c12c2bd2) fixes a nonce-handling regression introduced in 1.66.0 that could cause resources to appear to not exist until re-creating the ADS stream. Triggering the behavior required specific config changes. It is easiest to trigger when clusters use EDS and routes are changed from one cluster to another. The error “found 0 leaf (logical DNS or EDS) clusters for root cluster” might then be seen
• xds: Remember nonces for unknown types (6c12c2bd2)
• xds: Unexpected types in the bootstrap’s server_features should be ignored (e8ff6da2c). They were previously required to be strings
• xds: Fixed unsupported unsigned 32 bits issue for circuit breaker (#11735) (f8f613984). This fixes clients treating large max_requests as “no requests” and failing all requests
• xds: Remove xds authority label from metric registration (#11760) (6516c7387). This fixes the error “Incorrect number of required labels provided. Expected: 4” introduced in 1.69.0

v1.69.0

v1.69.0

New Features

• api: Allow LoadBalancers to specify an authority per-RPC.(#11631) (c167ead85) CallOptions.withAuthority() has higher precedence.
• netty: Add soft Metadata size limit enforcement. (#11603) (735b3f3fe) The soft limit is a lower size limit that fails an increasing percentage of RPCs as the Metadata size approaches the upper limit. This can be used as an “early warning” that the Metadata size is growing too large
• alts: support altsCallCredentials in GoogleDefaultChannelCredentials (#11634) (ba8ab796e)
• xds: Add grpc.xds_client metrics, as documented by OpenTelemetry Metrics (#11661) (20d09cee5). grpc.xds.authority is not yet available

Bug Fixes

• api: When forwarding from Listener onAddresses to Listener2 continue to use onResult (#11666) (dae078c0a). This fixes a 1.68.1 "IllegalStateException: Not called from the SynchronizationContext" regression (#11662) that could be seen in certain custom NameResolvers
• okhttp: If the frame handler thread is null do not schedule it on the executor (ef1fe8737). This fixes a 1.68.1 NullPointerException regression when a custom transportExecutor was provided to the channel and it did not have enough threads to run new tasks

Improvements

• api: Add java.time.Duration overloads to CallOptions, AbstractStub methods that take TimeUnit and a time value (#11562) (766b92379)
• core: Make timestamp usage in Channelz use nanos from Java.time.Instant when available (#11604) (9176b5528). This increases the timestamp precision from milliseconds
• okhttp: Fix for ipv6 link local with scope (#11725) (e98e7445b)
• binder: Let AndroidComponentAddress specify a target UserHandle (#11670) (e58c998a4)
• servlet: Deframe failures should be logged on the server as warnings (#11645) (a5db67d0c)
• s2a: Rename the Bazel target s2av2_credentials to s2a (29dd9bad3). The target s2a had been referenced by IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS but didn’t previously exist
• services: Make channelz work with proto lite (#11685) (b1703345f). This compatibility is on the source level. There is not a pre-built binary on Maven Central that supports proto lite
• services: Deprecate ProtoReflectionService (#11681) (921f88ae3). The class implements the deprecated v1alpha of the reflection protocol. Prefer ProtoReflectionServiceV1, which implements the v1 version of the reflection protocol

Dependencies

• Upgrade proto-google-common-protos to 2.48.0 (1993e68b0)
• Upgrade google-auth-library to 1.24.1 (1993e68b0)
• Upgrade error_prone_annotations to 2.30.0 (1993e68b0)
• Upgrade Guava to 33.3.1-android (1993e68b0)
• Upgrade opentelemetry-api to 1.43.0 (1993e68b0)
• xds: Remove Bazel dependency on xds v2 (664f1fcf8). This had been done for the Maven Central binaries in 1.63.0, but had been missed for Bazel builds

Documentation

• binder: Update error codes doc for new "Safer Intent" rules. (#11639) (fe350cfd5)
• examples: Use xds-enabled server and xds credentials in example-gcp-csm-observability (#11706) (a79982c7f)

... (truncated)

Commits

• 22a42c8 Bump version to 1.70.0
• e015a74 Update README etc to reference 1.70.0
• 4412054 xds: Rename grpc.xds.cluster to grpc.lb.backend_service
• 7dada7d xds: Pass grpc.xds.cluster label to tracer
• 1edc4d8 xds: Parsing xDS Cluster Metadata (#11741)
• 4222f77 xds:Move creating the retry timer in handleRpcStreamClosed to as late as poss...
• 6c12c2b xds: Remember nonces for unknown types
• 4a0f707 xds: Avoid depending on io.grpc.xds.Internal* classes
• 1cf1927 xds: Preserve nonce when unsubscribing type
• 9a712c3 xds: Make XdsClient.ResourceStore package-private
• Additional commits viewable in compare view

Updates io.grpc:grpc-netty from 1.68.2 to 1.70.0

Release notes

Sourced from io.grpc:grpc-netty's releases.

v1.69.1

Bug Fixes

• okhttp: Improve certificate handling by rejecting non-ASCII subject alternative names and hostnames as seen in CVE-2021-0341 (#11749) (a0982ca0a). Hostnames are considered trusted and CAs are required to use punycode for non-ASCII hostnames, so this is expected to provide defense-in-depth. See also the related GoSecure blog post and the AOSP fix
• xds: Preserve nonce when unsubscribing last watcher of a particular type so that new discovery requests of that type are handled correctly (1cf1927d1). This (along with 6c12c2bd2) fixes a nonce-handling regression introduced in 1.66.0 that could cause resources to appear to not exist until re-creating the ADS stream. Triggering the behavior required specific config changes. It is easiest to trigger when clusters use EDS and routes are changed from one cluster to another. The error “found 0 leaf (logical DNS or EDS) clusters for root cluster” might then be seen
• xds: Remember nonces for unknown types (6c12c2bd2)
• xds: Unexpected types in the bootstrap’s server_features should be ignored (e8ff6da2c). They were previously required to be strings
• xds: Fixed unsupported unsigned 32 bits issue for circuit breaker (#11735) (f8f613984). This fixes clients treating large max_requests as “no requests” and failing all requests
• xds: Remove xds authority label from metric registration (#11760) (6516c7387). This fixes the error “Incorrect number of required labels provided. Expected: 4” introduced in 1.69.0

v1.69.0

v1.69.0

New Features

• api: Allow LoadBalancers to specify an authority per-RPC.(#11631) (c167ead85) CallOptions.withAuthority() has higher precedence.
• netty: Add soft Metadata size limit enforcement. (#11603) (735b3f3fe) The soft limit is a lower size limit that fails an increasing percentage of RPCs as the Metadata size approaches the upper limit. This can be used as an “early warning” that the Metadata size is growing too large
• alts: support altsCallCredentials in GoogleDefaultChannelCredentials (#11634) (ba8ab796e)
• xds: Add grpc.xds_client metrics, as documented by OpenTelemetry Metrics (#11661) (20d09cee5). grpc.xds.authority is not yet available

Bug Fixes

• api: When forwarding from Listener onAddresses to Listener2 continue to use onResult (#11666) (dae078c0a). This fixes a 1.68.1 "IllegalStateException: Not called from the SynchronizationContext" regression (#11662) that could be seen in certain custom NameResolvers
• okhttp: If the frame handler thread is null do not schedule it on the executor (ef1fe8737). This fixes a 1.68.1 NullPointerException regression when a custom transportExecutor was provided to the channel and it did not have enough threads to run new tasks

Improvements

• api: Add java.time.Duration overloads to CallOptions, AbstractStub methods that take TimeUnit and a time value (#11562) (766b92379)
• core: Make timestamp usage in Channelz use nanos from Java.time.Instant when available (#11604) (9176b5528). This increases the timestamp precision from milliseconds
• okhttp: Fix for ipv6 link local with scope (#11725) (e98e7445b)
• binder: Let AndroidComponentAddress specify a target UserHandle (#11670) (e58c998a4)
• servlet: Deframe failures should be logged on the server as warnings (#11645) (a5db67d0c)
• s2a: Rename the Bazel target s2av2_credentials to s2a (29dd9bad3). The target s2a had been referenced by IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS but didn’t previously exist
• services: Make channelz work with proto lite (#11685) (b1703345f). This compatibility is on the source level. There is not a pre-built binary on Maven Central that supports proto lite
• services: Deprecate ProtoReflectionService (#11681) (921f88ae3). The class implements the deprecated v1alpha of the reflection protocol. Prefer ProtoReflectionServiceV1, which implements the v1 version of the reflection protocol

Dependencies

• Upgrade proto-google-common-protos to 2.48.0 (1993e68b0)
• Upgrade google-auth-library to 1.24.1 (1993e68b0)
• Upgrade error_prone_annotations to 2.30.0 (1993e68b0)
• Upgrade Guava to 33.3.1-android (1993e68b0)
• Upgrade opentelemetry-api to 1.43.0 (1993e68b0)
• xds: Remove Bazel dependency on xds v2 (664f1fcf8). This had been done for the Maven Central binaries in 1.63.0, but had been missed for Bazel builds

Documentation

• binder: Update error codes doc for new "Safer Intent" rules. (#11639) (fe350cfd5)
• examples: Use xds-enabled server and xds credentials in example-gcp-csm-observability (#11706) (a79982c7f)

... (truncated)

Commits

• 22a42c8 Bump version to 1.70.0
• e015a74 Update README etc to reference 1.70.0
• 4412054 xds: Rename grpc.xds.cluster to grpc.lb.backend_service
• 7dada7d xds: Pass grpc.xds.cluster label to tracer
• 1edc4d8 xds: Parsing xDS Cluster Metadata (#11741)
• 4222f77 xds:Move creating the retry timer in handleRpcStreamClosed to as late as poss...
• 6c12c2b xds: Remember nonces for unknown types
• 4a0f707 xds: Avoid depending on io.grpc.xds.Internal* classes
• 1cf1927 xds: Preserve nonce when unsubscribing type
• 9a712c3 xds: Make XdsClient.ResourceStore package-private
• Additional commits viewable in compare view

Updates io.grpc:grpc-services from 1.68.2 to 1.70.0

Release notes

Sourced from io.grpc:grpc-services's releases.

v1.69.1

Bug Fixes

• okhttp: Improve certificate handling by rejecting non-ASCII subject alternative names and hostnames as seen in CVE-2021-0341 (#11749) (a0982ca0a). Hostnames are considered trusted and CAs are required to use punycode for non-ASCII hostnames, so this is expected to provide defense-in-depth. See also the related GoSecure blog post and the AOSP fix
• xds: Preserve nonce when unsubscribing last watcher of a particular type so that new discovery requests of that type are handled correctly (1cf1927d1). This (along with 6c12c2bd2) fixes a nonce-handling regression introduced in 1.66.0 that could cause resources to appear to not exist until re-creating the ADS stream. Triggering the behavior required specific config changes. It is easiest to trigger when clusters use EDS and routes are changed from one cluster to another. The error “found 0 leaf (logical DNS or EDS) clusters for root cluster” might then be seen
• xds: Remember nonces for unknown types (6c12c2bd2)
• xds: Unexpected types in the bootstrap’s server_features should be ignored (e8ff6da2c). They were previously required to be strings
• xds: Fixed unsupported unsigned 32 bits issue for circuit breaker (#11735) (f8f613984). This fixes clients treating large max_requests as “no requests” and failing all requests
• xds: Remove xds authority label from metric registration (#11760) (6516c7387). This fixes the error “Incorrect number of required labels provided. Expected: 4” introduced in 1.69.0

v1.69.0

v1.69.0

New Features

• api: Allow LoadBalancers to specify an authority per-RPC.(#11631) (c167ead85) CallOptions.withAuthority() has higher precedence.
• netty: Add soft Metadata size limit enforcement. (#11603) (735b3f3fe) The soft limit is a lower size limit that fails an increasing percentage of RPCs as the Metadata size approaches the upper limit. This can be used as an “early warning” that the Metadata size is growing too large
• alts: support altsCallCredentials in GoogleDefaultChannelCredentials (#11634) (ba8ab796e)
• xds: Add grpc.xds_client metrics, as documented by OpenTelemetry Metrics (#11661) (20d09cee5). grpc.xds.authority is not yet available

Bug Fixes

• api: When forwarding from Listener onAddresses to Listener2 continue to use onResult (#11666) (dae078c0a). This fixes a 1.68.1 "IllegalStateException: Not called from the SynchronizationContext" regression (#11662) that could be seen in certain custom NameResolvers
...

Description has been truncated

[dependabot]

Superseded by #253.