Bump grpc.version from 1.37.1 to 1.38.0 in /lang/java

[dependabot]

Bumps grpc.version from 1.37.1 to 1.38.0.
Updates grpc-core from 1.37.1 to 1.38.0

Release notes

Sourced from grpc-core's releases.

v1.38.0

gRPC Java 1.38.0 Release Notes

API Changes

• services: move classes with protobuf dependency into io.grpc.protobuf.services. Users currently using BinaryLogging, HealthChecking, Channelz should migrate to use the corresponding classes in io.grpc.protobuf.services. (#8056)
• ChannelCredentials and ServerCredentials and are now stable. Notably, this also includes TlsChannelCredentials and TlsServerCredentials that allow mTLS configuration without a direct dependency on Netty. The description of the new API can be found in gRFC L74. These APIs are intended to “replace” the implicit security defaults of channels/servers as well as the usePlaintext() and useTransportSecurity() methods on the channel and server builders. The previous APIs are stable so will not be removed. Over time, documentation and examples will be migrated to the new API

Bug Fixes

• xds: Fixed a bug that xDS users may experience null pointer exception in rare cases (#8087)
• netty: Fixed a bug that client RPCs may fail with a wrong exception with message "Maximum active streams violated for this endpoint" when receiving GOAWAY while MAX_CONCURRENT_STREAMS is reached. After the fix the client RPC should fail with UNAVAILABLE status in such a scenario. (#8020)
• xds: Fixed a bug that xDS LB policies may process and propagate load balancing state update from its child LB policy after itself being shut down. This can be cascaded and result in hard-to-reason behaviors if any one layer of the LB policies does not clean up its internal state after shutdown.

Behavior Changes

• core, grpclb, xds: let leaf LB policies explicitly refresh name resolution when subchannel connection is broken. Custom LoadBalancer implementations should refresh name resolution (with Helper.refreshNameResolution()) when seeing its created subchannel becomes IDLE or TRANSIENT_FAILURE. Currently the Channel will do it for you and log a warning. But this operation will be removed in the future releases. (#8048)
• netty: Added support for OpenJSSE

Dependencies

• Upgrade Guava to 30.1 (#8100). As part of #4671 grpc-java will drop support for Java 7, with no impact to Android API levels supported. Guava is going through the same process and in this Guava release it warns when used on Java 7. If you are using Java 7 and are impacted, please comment on #4671. The Java 7 check may be noticed by Android builds and fail without language-level desugaring. We expect most users have already enabled language-level desugaring, but if not it would be necessary to add to your build.gradle:

android {
    compileOptions {
        sourceCompatibility JavaVersion.VERSION_1_8
        targetCompatibility JavaVersion.VERSION_1_8
    }
}

• auth: Allow pre- and post-0.25.0 behavior from google-auth-library-java, for Bazel users. google-auth-library-java 0.25.0 changed its behavior for JWT that caused a gRPC test to fail. The failure was benign but prevented Bazel users from using newer versions of the library

Commits

• 51a1c77 Bump version to 1.38.0
• 78a3d68 Update README etc to reference 1.38.0
• 88ca874 buildscripts: switch xds-k8s cluster to 1.20.x
• 65d4bf5 xds: add null reference checks in SslContextProviderSupplier (#8169) (#8171)
• 9055e6d netty: Remove Maven pom.properties from netty-shaded
• f049530 xds: use a standalone Context for xDS control plane RPCs (v1.38.x backport) (...
• 48ea63d grpclb: use a standalone Context for gRPCLB control plane RPCs (v1.38.x backp...
• d2160ea Extend the xDS interop tests timeout to 360 mins (#8133)
• c9e327d xds: extend SslContextProviderSupplier to DowmstreamTlsContext for server sid...
• 27b1641 xds: import envoy (#8145)
• Additional commits viewable in compare view

Updates grpc-stub from 1.37.1 to 1.38.0

Release notes

Sourced from grpc-stub's releases.

v1.38.0

gRPC Java 1.38.0 Release Notes

API Changes

• services: move classes with protobuf dependency into io.grpc.protobuf.services. Users currently using BinaryLogging, HealthChecking, Channelz should migrate to use the corresponding classes in io.grpc.protobuf.services. (#8056)
• ChannelCredentials and ServerCredentials and are now stable. Notably, this also includes TlsChannelCredentials and TlsServerCredentials that allow mTLS configuration without a direct dependency on Netty. The description of the new API can be found in gRFC L74. These APIs are intended to “replace” the implicit security defaults of channels/servers as well as the usePlaintext() and useTransportSecurity() methods on the channel and server builders. The previous APIs are stable so will not be removed. Over time, documentation and examples will be migrated to the new API

Bug Fixes

• xds: Fixed a bug that xDS users may experience null pointer exception in rare cases (#8087)
• netty: Fixed a bug that client RPCs may fail with a wrong exception with message "Maximum active streams violated for this endpoint" when receiving GOAWAY while MAX_CONCURRENT_STREAMS is reached. After the fix the client RPC should fail with UNAVAILABLE status in such a scenario. (#8020)
• xds: Fixed a bug that xDS LB policies may process and propagate load balancing state update from its child LB policy after itself being shut down. This can be cascaded and result in hard-to-reason behaviors if any one layer of the LB policies does not clean up its internal state after shutdown.

Behavior Changes

• core, grpclb, xds: let leaf LB policies explicitly refresh name resolution when subchannel connection is broken. Custom LoadBalancer implementations should refresh name resolution (with Helper.refreshNameResolution()) when seeing its created subchannel becomes IDLE or TRANSIENT_FAILURE. Currently the Channel will do it for you and log a warning. But this operation will be removed in the future releases. (#8048)
• netty: Added support for OpenJSSE

Dependencies

• Upgrade Guava to 30.1 (#8100). As part of #4671 grpc-java will drop support for Java 7, with no impact to Android API levels supported. Guava is going through the same process and in this Guava release it warns when used on Java 7. If you are using Java 7 and are impacted, please comment on #4671. The Java 7 check may be noticed by Android builds and fail without language-level desugaring. We expect most users have already enabled language-level desugaring, but if not it would be necessary to add to your build.gradle:

android {
    compileOptions {
        sourceCompatibility JavaVersion.VERSION_1_8
        targetCompatibility JavaVersion.VERSION_1_8
    }
}

• auth: Allow pre- and post-0.25.0 behavior from google-auth-library-java, for Bazel users. google-auth-library-java 0.25.0 changed its behavior for JWT that caused a gRPC test to fail. The failure was benign but prevented Bazel users from using newer versions of the library

Commits

• 51a1c77 Bump version to 1.38.0
• 78a3d68 Update README etc to reference 1.38.0
• 88ca874 buildscripts: switch xds-k8s cluster to 1.20.x
• 65d4bf5 xds: add null reference checks in SslContextProviderSupplier (#8169) (#8171)
• 9055e6d netty: Remove Maven pom.properties from netty-shaded
• f049530 xds: use a standalone Context for xDS control plane RPCs (v1.38.x backport) (...
• 48ea63d grpclb: use a standalone Context for gRPCLB control plane RPCs (v1.38.x backp...
• d2160ea Extend the xDS interop tests timeout to 360 mins (#8133)
• c9e327d xds: extend SslContextProviderSupplier to DowmstreamTlsContext for server sid...
• 27b1641 xds: import envoy (#8145)
• Additional commits viewable in compare view

Updates grpc-netty from 1.37.1 to 1.38.0

Release notes

Sourced from grpc-netty's releases.

v1.38.0

gRPC Java 1.38.0 Release Notes

API Changes

• services: move classes with protobuf dependency into io.grpc.protobuf.services. Users currently using BinaryLogging, HealthChecking, Channelz should migrate to use the corresponding classes in io.grpc.protobuf.services. (#8056)
• ChannelCredentials and ServerCredentials and are now stable. Notably, this also includes TlsChannelCredentials and TlsServerCredentials that allow mTLS configuration without a direct dependency on Netty. The description of the new API can be found in gRFC L74. These APIs are intended to “replace” the implicit security defaults of channels/servers as well as the usePlaintext() and useTransportSecurity() methods on the channel and server builders. The previous APIs are stable so will not be removed. Over time, documentation and examples will be migrated to the new API

Bug Fixes

• xds: Fixed a bug that xDS users may experience null pointer exception in rare cases (#8087)
• netty: Fixed a bug that client RPCs may fail with a wrong exception with message "Maximum active streams violated for this endpoint" when receiving GOAWAY while MAX_CONCURRENT_STREAMS is reached. After the fix the client RPC should fail with UNAVAILABLE status in such a scenario. (#8020)
• xds: Fixed a bug that xDS LB policies may process and propagate load balancing state update from its child LB policy after itself being shut down. This can be cascaded and result in hard-to-reason behaviors if any one layer of the LB policies does not clean up its internal state after shutdown.

Behavior Changes

• core, grpclb, xds: let leaf LB policies explicitly refresh name resolution when subchannel connection is broken. Custom LoadBalancer implementations should refresh name resolution (with Helper.refreshNameResolution()) when seeing its created subchannel becomes IDLE or TRANSIENT_FAILURE. Currently the Channel will do it for you and log a warning. But this operation will be removed in the future releases. (#8048)
• netty: Added support for OpenJSSE

Dependencies

• Upgrade Guava to 30.1 (#8100). As part of #4671 grpc-java will drop support for Java 7, with no impact to Android API levels supported. Guava is going through the same process and in this Guava release it warns when used on Java 7. If you are using Java 7 and are impacted, please comment on #4671. The Java 7 check may be noticed by Android builds and fail without language-level desugaring. We expect most users have already enabled language-level desugaring, but if not it would be necessary to add to your build.gradle:

android {
    compileOptions {
        sourceCompatibility JavaVersion.VERSION_1_8
        targetCompatibility JavaVersion.VERSION_1_8
    }
}

• auth: Allow pre- and post-0.25.0 behavior from google-auth-library-java, for Bazel users. google-auth-library-java 0.25.0 changed its behavior for JWT that caused a gRPC test to fail. The failure was benign but prevented Bazel users from using newer versions of the library

Commits

• 51a1c77 Bump version to 1.38.0
• 78a3d68 Update README etc to reference 1.38.0
• 88ca874 buildscripts: switch xds-k8s cluster to 1.20.x
• 65d4bf5 xds: add null reference checks in SslContextProviderSupplier (#8169) (#8171)
• 9055e6d netty: Remove Maven pom.properties from netty-shaded
• f049530 xds: use a standalone Context for xDS control plane RPCs (v1.38.x backport) (...
• 48ea63d grpclb: use a standalone Context for gRPCLB control plane RPCs (v1.38.x backp...
• d2160ea Extend the xDS interop tests timeout to 360 mins (#8133)
• c9e327d xds: extend SslContextProviderSupplier to DowmstreamTlsContext for server sid...
• 27b1641 xds: import envoy (#8145)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[iemejia]

LGTM