Skip to content

Bump the gradle group with 8 updates #157

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 3, 2025
Merged

Bump the gradle group with 8 updates #157

merged 1 commit into from
Nov 3, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 1, 2025

Bumps the gradle group with 8 updates:

Package From To
io.grpc:grpc-protobuf 1.75.0 1.76.0
io.grpc:grpc-stub 1.75.0 1.76.0
io.grpc:grpc-netty-shaded 1.75.0 1.76.0
build.buf:protovalidate 1.0.0 1.0.1
com.google.protobuf:protobuf-java 4.32.1 4.33.0
com.google.protobuf:protobuf-java-util 4.32.1 4.33.0
com.google.api.grpc:proto-google-common-protos 2.61.3 2.62.0
com.google.code.gson:gson 2.11.0 2.13.2

Updates io.grpc:grpc-protobuf from 1.75.0 to 1.76.0

Release notes

Sourced from io.grpc:grpc-protobuf's releases.

v1.76.0

Bug Fixes

  • xds: ClusterResolverLb has been converted to use XdsDepManager, which finishes the changes for gRFC A74 xDS Config Tears. This change should resolve some unnecessary reconnections introduced in v1.75.0 when using weighted_round_robin and maybe other policies.
  • netty: Remove Netty version detection since grpc-netty-shaded can't reliably determine its Netty version when multiple copies of Netty are present (even when shaded). This fixes the resurfacing of the Netty 4.1.111 corruption fixed in 1.65.0. That version fixed grpc-netty, but v1.75.0 upgraded grpc-netty-shaded to Netty 4.1.111 and exposed the Netty version detection problem. This fixes corruption, so the error messages range wildly, but one of them is "RESOURCE_EXHAUSTED: gRPC message exceeds maximum size"
  • compiler: A fix has been implemented for the blockingV2 stub to mangle generated method names that conflict with java.lang.Object methods.
  • servlet: A race condition in AsyncServletOutputStreamWriter has been fixed to prevent threads from getting stuck.
  • servlet: An issue where AsyncContext.complete() was called multiple times, causing an IllegalStateException, has been resolved.
  • binder: The REMOTE_UID is now required to hold the exact UID passed to the SecurityPolicy.
  • binder: The server will now only accept post-setup transactions from the authorized server UID.
  • util: AdvancedTlsX509TrustManager now errors with a message to say that files don’t exist instead of the previous “Files were unmodified before their initial update. Probably a bug.”
  • android: A fix has been implemented for network change handling on API levels below 24.

Improvements

  • api: Allocations of Attributes.Builder have been reduced. This mostly benefits attributes.toBuilder(), but that’s not expected to be visible in regular workloads.
  • api: An empty array allocation in LoadBalancer.CreateSubchannelArgs.Builder has been avoided. It is a small optimization and is not expected to have any performance impact.
  • servlet: A configurable methodNameResolver has been added to configure the mapping from servlet request paths to gRPC method name
  • servlet: Avoid a race by increasing the AsyncContext timeout by 5 seconds. The gRPC Context timeout should trigger first
  • xds: Pretty-print envoy.service.discovery.v3.Resource in debug logs
  • bazel: The java/proto rules from rules_java/rules_proto are now used instead of native rules.
  • bazel: Unnecessary direct build dependencies were removed from some targets
  • netty: Support for the BCJSSE provider has been added in GrpcSslContexts.
  • netty: Huffman coding in server response headers has been disabled; it was already disabled for client request headers
  • netty: Include allow header for HTTP response code 405
  • okhttp: Include allow header for HTTP response code 405
  • binder: Error descriptions for ServiceConnection callbacks have been improved
  • binder: Apps can now call SecurityPolicy.checkAuthorization() by PeerUid.

New Features

  • stub: Trailers are now propagated in StatusException when thrown by BlockingClientCall.
  • compiler: Support for macOS aarch64 with a universal binary has been added.
  • opentelemetry: grpc.subchannel.* metrics as described in gRFC A94 OTel metrics for Subchannels have been added. grpc.disconnect_error will show as “unknown” until transports implement support
  • binder: A NameResolver for Android's intent: URIs has been introduced.
  • binder: A basic SocketStats with just the local and remote addresses has been added for channelz.

Documentation

  • SECURITY.md: The documentation now describes how to use gcompat with LD_PRELOAD for Alpine.
  • examples: The documentation now explains Bazel BCR releases and the git_override option.

Dependencies

  • Upgraded Guava version to 33.4.8.
  • The org.apache.tomcat:annotations-api dependency has been removed from the examples.

Thanks to

@JoeCqupt

... (truncated)

Commits
  • d0db129 Bump version to 1.76.0
  • aa672ca Update README etc to reference 1.76.0
  • 70b7249 netty: Unconditionally disable adaptive cumulator (#12390)
  • f89d1d8 api: remove nullable from StatusOr value methods (#12338)
  • 040665f examples: Explain Bazel BCR releases and git_override option
  • 4995700 xds: Remove verify TODO for onResult2 error status
  • afe7222 SECURITY.md: Mention gcompat for Alpine (#12365)
  • 1a7042a android: fix network change handling on API levels < 24
  • 8f0db07 api: Avoid allocating empty array in LoadBalancer (#12337)
  • 0c179e3 xds: Convert ClusterResolverLb to XdsDepManager
  • Additional commits viewable in compare view

Updates io.grpc:grpc-stub from 1.75.0 to 1.76.0

Release notes

Sourced from io.grpc:grpc-stub's releases.

v1.76.0

Bug Fixes

  • xds: ClusterResolverLb has been converted to use XdsDepManager, which finishes the changes for gRFC A74 xDS Config Tears. This change should resolve some unnecessary reconnections introduced in v1.75.0 when using weighted_round_robin and maybe other policies.
  • netty: Remove Netty version detection since grpc-netty-shaded can't reliably determine its Netty version when multiple copies of Netty are present (even when shaded). This fixes the resurfacing of the Netty 4.1.111 corruption fixed in 1.65.0. That version fixed grpc-netty, but v1.75.0 upgraded grpc-netty-shaded to Netty 4.1.111 and exposed the Netty version detection problem. This fixes corruption, so the error messages range wildly, but one of them is "RESOURCE_EXHAUSTED: gRPC message exceeds maximum size"
  • compiler: A fix has been implemented for the blockingV2 stub to mangle generated method names that conflict with java.lang.Object methods.
  • servlet: A race condition in AsyncServletOutputStreamWriter has been fixed to prevent threads from getting stuck.
  • servlet: An issue where AsyncContext.complete() was called multiple times, causing an IllegalStateException, has been resolved.
  • binder: The REMOTE_UID is now required to hold the exact UID passed to the SecurityPolicy.
  • binder: The server will now only accept post-setup transactions from the authorized server UID.
  • util: AdvancedTlsX509TrustManager now errors with a message to say that files don’t exist instead of the previous “Files were unmodified before their initial update. Probably a bug.”
  • android: A fix has been implemented for network change handling on API levels below 24.

Improvements

  • api: Allocations of Attributes.Builder have been reduced. This mostly benefits attributes.toBuilder(), but that’s not expected to be visible in regular workloads.
  • api: An empty array allocation in LoadBalancer.CreateSubchannelArgs.Builder has been avoided. It is a small optimization and is not expected to have any performance impact.
  • servlet: A configurable methodNameResolver has been added to configure the mapping from servlet request paths to gRPC method name
  • servlet: Avoid a race by increasing the AsyncContext timeout by 5 seconds. The gRPC Context timeout should trigger first
  • xds: Pretty-print envoy.service.discovery.v3.Resource in debug logs
  • bazel: The java/proto rules from rules_java/rules_proto are now used instead of native rules.
  • bazel: Unnecessary direct build dependencies were removed from some targets
  • netty: Support for the BCJSSE provider has been added in GrpcSslContexts.
  • netty: Huffman coding in server response headers has been disabled; it was already disabled for client request headers
  • netty: Include allow header for HTTP response code 405
  • okhttp: Include allow header for HTTP response code 405
  • binder: Error descriptions for ServiceConnection callbacks have been improved
  • binder: Apps can now call SecurityPolicy.checkAuthorization() by PeerUid.

New Features

  • stub: Trailers are now propagated in StatusException when thrown by BlockingClientCall.
  • compiler: Support for macOS aarch64 with a universal binary has been added.
  • opentelemetry: grpc.subchannel.* metrics as described in gRFC A94 OTel metrics for Subchannels have been added. grpc.disconnect_error will show as “unknown” until transports implement support
  • binder: A NameResolver for Android's intent: URIs has been introduced.
  • binder: A basic SocketStats with just the local and remote addresses has been added for channelz.

Documentation

  • SECURITY.md: The documentation now describes how to use gcompat with LD_PRELOAD for Alpine.
  • examples: The documentation now explains Bazel BCR releases and the git_override option.

Dependencies

  • Upgraded Guava version to 33.4.8.
  • The org.apache.tomcat:annotations-api dependency has been removed from the examples.

Thanks to

@JoeCqupt

... (truncated)

Commits
  • d0db129 Bump version to 1.76.0
  • aa672ca Update README etc to reference 1.76.0
  • 70b7249 netty: Unconditionally disable adaptive cumulator (#12390)
  • f89d1d8 api: remove nullable from StatusOr value methods (#12338)
  • 040665f examples: Explain Bazel BCR releases and git_override option
  • 4995700 xds: Remove verify TODO for onResult2 error status
  • afe7222 SECURITY.md: Mention gcompat for Alpine (#12365)
  • 1a7042a android: fix network change handling on API levels < 24
  • 8f0db07 api: Avoid allocating empty array in LoadBalancer (#12337)
  • 0c179e3 xds: Convert ClusterResolverLb to XdsDepManager
  • Additional commits viewable in compare view

Updates io.grpc:grpc-netty-shaded from 1.75.0 to 1.76.0

Release notes

Sourced from io.grpc:grpc-netty-shaded's releases.

v1.76.0

Bug Fixes

  • xds: ClusterResolverLb has been converted to use XdsDepManager, which finishes the changes for gRFC A74 xDS Config Tears. This change should resolve some unnecessary reconnections introduced in v1.75.0 when using weighted_round_robin and maybe other policies.
  • netty: Remove Netty version detection since grpc-netty-shaded can't reliably determine its Netty version when multiple copies of Netty are present (even when shaded). This fixes the resurfacing of the Netty 4.1.111 corruption fixed in 1.65.0. That version fixed grpc-netty, but v1.75.0 upgraded grpc-netty-shaded to Netty 4.1.111 and exposed the Netty version detection problem. This fixes corruption, so the error messages range wildly, but one of them is "RESOURCE_EXHAUSTED: gRPC message exceeds maximum size"
  • compiler: A fix has been implemented for the blockingV2 stub to mangle generated method names that conflict with java.lang.Object methods.
  • servlet: A race condition in AsyncServletOutputStreamWriter has been fixed to prevent threads from getting stuck.
  • servlet: An issue where AsyncContext.complete() was called multiple times, causing an IllegalStateException, has been resolved.
  • binder: The REMOTE_UID is now required to hold the exact UID passed to the SecurityPolicy.
  • binder: The server will now only accept post-setup transactions from the authorized server UID.
  • util: AdvancedTlsX509TrustManager now errors with a message to say that files don’t exist instead of the previous “Files were unmodified before their initial update. Probably a bug.”
  • android: A fix has been implemented for network change handling on API levels below 24.

Improvements

  • api: Allocations of Attributes.Builder have been reduced. This mostly benefits attributes.toBuilder(), but that’s not expected to be visible in regular workloads.
  • api: An empty array allocation in LoadBalancer.CreateSubchannelArgs.Builder has been avoided. It is a small optimization and is not expected to have any performance impact.
  • servlet: A configurable methodNameResolver has been added to configure the mapping from servlet request paths to gRPC method name
  • servlet: Avoid a race by increasing the AsyncContext timeout by 5 seconds. The gRPC Context timeout should trigger first
  • xds: Pretty-print envoy.service.discovery.v3.Resource in debug logs
  • bazel: The java/proto rules from rules_java/rules_proto are now used instead of native rules.
  • bazel: Unnecessary direct build dependencies were removed from some targets
  • netty: Support for the BCJSSE provider has been added in GrpcSslContexts.
  • netty: Huffman coding in server response headers has been disabled; it was already disabled for client request headers
  • netty: Include allow header for HTTP response code 405
  • okhttp: Include allow header for HTTP response code 405
  • binder: Error descriptions for ServiceConnection callbacks have been improved
  • binder: Apps can now call SecurityPolicy.checkAuthorization() by PeerUid.

New Features

  • stub: Trailers are now propagated in StatusException when thrown by BlockingClientCall.
  • compiler: Support for macOS aarch64 with a universal binary has been added.
  • opentelemetry: grpc.subchannel.* metrics as described in gRFC A94 OTel metrics for Subchannels have been added. grpc.disconnect_error will show as “unknown” until transports implement support
  • binder: A NameResolver for Android's intent: URIs has been introduced.
  • binder: A basic SocketStats with just the local and remote addresses has been added for channelz.

Documentation

  • SECURITY.md: The documentation now describes how to use gcompat with LD_PRELOAD for Alpine.
  • examples: The documentation now explains Bazel BCR releases and the git_override option.

Dependencies

  • Upgraded Guava version to 33.4.8.
  • The org.apache.tomcat:annotations-api dependency has been removed from the examples.

Thanks to

@JoeCqupt

... (truncated)

Commits
  • d0db129 Bump version to 1.76.0
  • aa672ca Update README etc to reference 1.76.0
  • 70b7249 netty: Unconditionally disable adaptive cumulator (#12390)
  • f89d1d8 api: remove nullable from StatusOr value methods (#12338)
  • 040665f examples: Explain Bazel BCR releases and git_override option
  • 4995700 xds: Remove verify TODO for onResult2 error status
  • afe7222 SECURITY.md: Mention gcompat for Alpine (#12365)
  • 1a7042a android: fix network change handling on API levels < 24
  • 8f0db07 api: Avoid allocating empty array in LoadBalancer (#12337)
  • 0c179e3 xds: Convert ClusterResolverLb to XdsDepManager
  • Additional commits viewable in compare view

Updates io.grpc:grpc-stub from 1.75.0 to 1.76.0

Release notes

Sourced from io.grpc:grpc-stub's releases.

v1.76.0

Bug Fixes

  • xds: ClusterResolverLb has been converted to use XdsDepManager, which finishes the changes for gRFC A74 xDS Config Tears. This change should resolve some unnecessary reconnections introduced in v1.75.0 when using weighted_round_robin and maybe other policies.
  • netty: Remove Netty version detection since grpc-netty-shaded can't reliably determine its Netty version when multiple copies of Netty are present (even when shaded). This fixes the resurfacing of the Netty 4.1.111 corruption fixed in 1.65.0. That version fixed grpc-netty, but v1.75.0 upgraded grpc-netty-shaded to Netty 4.1.111 and exposed the Netty version detection problem. This fixes corruption, so the error messages range wildly, but one of them is "RESOURCE_EXHAUSTED: gRPC message exceeds maximum size"
  • compiler: A fix has been implemented for the blockingV2 stub to mangle generated method names that conflict with java.lang.Object methods.
  • servlet: A race condition in AsyncServletOutputStreamWriter has been fixed to prevent threads from getting stuck.
  • servlet: An issue where AsyncContext.complete() was called multiple times, causing an IllegalStateException, has been resolved.
  • binder: The REMOTE_UID is now required to hold the exact UID passed to the SecurityPolicy.
  • binder: The server will now only accept post-setup transactions from the authorized server UID.
  • util: AdvancedTlsX509TrustManager now errors with a message to say that files don’t exist instead of the previous “Files were unmodified before their initial update. Probably a bug.”
  • android: A fix has been implemented for network change handling on API levels below 24.

Improvements

  • api: Allocations of Attributes.Builder have been reduced. This mostly benefits attributes.toBuilder(), but that’s not expected to be visible in regular workloads.
  • api: An empty array allocation in LoadBalancer.CreateSubchannelArgs.Builder has been avoided. It is a small optimization and is not expected to have any performance impact.
  • servlet: A configurable methodNameResolver has been added to configure the mapping from servlet request paths to gRPC method name
  • servlet: Avoid a race by increasing the AsyncContext timeout by 5 seconds. The gRPC Context timeout should trigger first
  • xds: Pretty-print envoy.service.discovery.v3.Resource in debug logs
  • bazel: The java/proto rules from rules_java/rules_proto are now used instead of native rules.
  • bazel: Unnecessary direct build dependencies were removed from some targets
  • netty: Support for the BCJSSE provider has been added in GrpcSslContexts.
  • netty: Huffman coding in server response headers has been disabled; it was already disabled for client request headers
  • netty: Include allow header for HTTP response code 405
  • okhttp: Include allow header for HTTP response code 405
  • binder: Error descriptions for ServiceConnection callbacks have been improved
  • binder: Apps can now call SecurityPolicy.checkAuthorization() by PeerUid.

New Features

  • stub: Trailers are now propagated in StatusException when thrown by BlockingClientCall.
  • compiler: Support for macOS aarch64 with a universal binary has been added.
  • opentelemetry: grpc.subchannel.* metrics as described in gRFC A94 OTel metrics for Subchannels have been added. grpc.disconnect_error will show as “unknown” until transports implement support
  • binder: A NameResolver for Android's intent: URIs has been introduced.
  • binder: A basic SocketStats with just the local and remote addresses has been added for channelz.

Documentation

  • SECURITY.md: The documentation now describes how to use gcompat with LD_PRELOAD for Alpine.
  • examples: The documentation now explains Bazel BCR releases and the git_override option.

Dependencies

  • Upgraded Guava version to 33.4.8.
  • The org.apache.tomcat:annotations-api dependency has been removed from the examples.

Thanks to

@JoeCqupt

... (truncated)

Commits
  • d0db129 Bump version to 1.76.0
  • aa672ca Update README etc to reference 1.76.0
  • 70b7249 netty: Unconditionally disable adaptive cumulator (#12390)
  • f89d1d8 api: remove nullable from StatusOr value methods (#12338)
  • 040665f examples: Explain Bazel BCR releases and git_override option
  • 4995700 xds: Remove verify TODO for onResult2 error status
  • afe7222 SECURITY.md: Mention gcompat for Alpine (#12365)
  • 1a7042a android: fix network change handling on API levels < 24
  • 8f0db07 api: Avoid allocating empty array in LoadBalancer (#12337)
  • 0c179e3 xds: Convert ClusterResolverLb to XdsDepManager
  • Additional commits viewable in compare view

Updates io.grpc:grpc-netty-shaded from 1.75.0 to 1.76.0

Release notes

Sourced from io.grpc:grpc-netty-shaded's releases.

v1.76.0

Bug Fixes

  • xds: ClusterResolverLb has been converted to use XdsDepManager, which finishes the changes for gRFC A74 xDS Config Tears. This change should resolve some unnecessary reconnections introduced in v1.75.0 when using weighted_round_robin and maybe other policies.
  • netty: Remove Netty version detection since grpc-netty-shaded can't reliably determine its Netty version when multiple copies of Netty are present (even when shaded). This fixes the resurfacing of the Netty 4.1.111 corruption fixed in 1.65.0. That version fixed grpc-netty, but v1.75.0 upgraded grpc-netty-shaded to Netty 4.1.111 and exposed the Netty version detection problem. This fixes corruption, so the error messages range wildly, but one of them is "RESOURCE_EXHAUSTED: gRPC message exceeds maximum size"
  • compiler: A fix has been implemented for the blockingV2 stub to mangle generated method names that conflict with java.lang.Object methods.
  • servlet: A race condition in AsyncServletOutputStreamWriter has been fixed to prevent threads from getting stuck.
  • servlet: An issue where AsyncContext.complete() was called multiple times, causing an IllegalStateException, has been resolved.
  • binder: The REMOTE_UID is now required to hold the exact UID passed to the SecurityPolicy.
  • binder: The server will now only accept post-setup transactions from the authorized server UID.
  • util: AdvancedTlsX509TrustManager now errors with a message to say that files don’t exist instead of the previous “Files were unmodified before their initial update. Probably a bug.”
  • android: A fix has been implemented for network change handling on API levels below 24.

Improvements

  • api: Allocations of Attributes.Builder have been reduced. This mostly benefits attributes.toBuilder(), but that’s not expected to be visible in regular workloads.
  • api: An empty array allocation in LoadBalancer.CreateSubchannelArgs.Builder has been avoided. It is a small optimization and is not expected to have any performance impact.
  • servlet: A configurable methodNameResolver has been added to configure the mapping from servlet request paths to gRPC method name
  • servlet: Avoid a race by increasing the AsyncContext timeout by 5 seconds. The gRPC Context timeout should trigger first
  • xds: Pretty-print envoy.service.discovery.v3.Resource in debug logs
  • bazel: The java/proto rules from rules_java/rules_proto are now used instead of native rules.
  • bazel: Unnecessary direct build dependencies were removed from some targets
  • netty: Support for the BCJSSE provider has been added in GrpcSslContexts.
  • netty: Huffman coding in server response headers has been disabled; it was already disabled for client request headers
  • netty: Include allow header for HTTP response code 405
  • okhttp: Include allow header for HTTP response code 405
  • binder: Error descriptions for ServiceConnection callbacks have been improved
  • binder: Apps can now call SecurityPolicy.checkAuthorization() by PeerUid.

New Features

  • stub: Trailers are now propagated in StatusException when thrown by BlockingClientCall.
  • compiler: Support for macOS aarch64 with a universal binary has been added.
  • opentelemetry: grpc.subchannel.* metrics as described in gRFC A94 OTel metrics for Subchannels have been added. grpc.disconnect_error will show as “unknown” until transports implement support
  • binder: A NameResolver for Android's intent: URIs has been introduced.
  • binder: A basic SocketStats with just the local and remote addresses has been added for channelz.

Documentation

  • SECURITY.md: The documentation now describes how to use gcompat with LD_PRELOAD for Alpine.
  • examples: The documentation now explains Bazel BCR releases and the git_override option.

Dependencies

  • Upgraded Guava version to 33.4.8.
  • The org.apache.tomcat:annotations-api dependency has been removed from the examples.

Thanks to

@JoeCqupt

... (truncated)

Commits
  • d0db129 Bump version to 1.76.0
  • aa672ca Update README etc to reference 1.76.0
  • 70b7249 netty: Unconditionally disable adaptive cumulator (#12390)
  • f89d1d8 api: remove nullable from StatusOr value methods (#12338)
  • 040665f examples: Explain Bazel BCR releases and git_override option
  • 4995700 xds: Remove verify TODO for onResult2 error status
  • afe7222 SECURITY.md: Mention gcompat for Alpine (#12365)
  • 1a7042a android: fix network change handling on API levels < 24
  • 8f0db07 api: Avoid allocating empty array in LoadBalancer (#12337)
  • 0c179e3 xds: Convert ClusterResolverLb to XdsDepManager
  • Additional commits viewable in compare view

Updates build.buf:protovalidate from 1.0.0 to 1.0.1

Release notes

Sourced from build.buf:protovalidate's releases.

v1.0.1

What's Changed

New Contributors

Full Changelog: bufbuild/protovalidate-java@v1.0.0...v1.0.1

Commits

Updates com.google.protobuf:protobuf-java from 4.32.1 to 4.33.0

Commits

Updates com.google.protobuf:protobuf-java-util from 4.32.1 to 4.33.0

Updates com.google.protobuf:protobuf-java-util from 4.32.1 to 4.33.0

Updates com.google.api.grpc:proto-google-common-protos from 2.61.3 to 2.62.0

Release notes

Sourced from com.google.api.grpc:proto-google-common-protos's releases.

v2.62.0

2.62.0 (2025-08-19)

Features

  • Set sampledToLocalTracing flag to true for all gRPC MethodDescriptors (#3874) (592e899)
Changelog

Sourced from com.google.api.grpc:proto-google-common-protos's changelog.

2.62.0 (2025-08-19)

Features

  • Set sampledToLocalTracing flag to true for all gRPC MethodDescriptors (#3874) (592e899)

2.61.0 (2025-08-04)

Features

  • mtls: Add support for X.509-based mTLS-transport in Java GAX lib (#3852) (2d02344)

Bug Fixes

  • improve error messaging for LRO CancellationException (#3873) (9cae675)
  • make generation config update logs verbose (#3764) (9b1a34b)

2.60.2 (2025-07-22)

Dependencies

  • update arrow.version to 17.0.0, auth deps to 1.37.1 and http-client deps to 1.47.1 (#3863) (b5bb3ca)

2.60.1 (2025-07-08)

Bug Fixes

  • hermetic-build: use public maven metadata for latest version inference (#3853) (0be1e96)

2.60.0 (2025-06-23)

Features

Dependencies

  • update google auth library dependencies to v1.37.1 (#3846) (ea1d9e5)
  • update google http client dependencies to v1.47.1 (#3848) (a9a39d7)

2.59.2 (2025-06-17)

... (truncated)

Commits

Updates com.google.code.gson:gson from 2.11.0 to 2.13.2

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.13.2

The main changes in this release are just newer dependencies.

What's Changed

New Contributors

Full Changelog: google/gson@gson-parent-2.13.1...gson-parent-2.13.2

Gson 2.13.1

What's Changed

New Contributors

Full Changelog: google/gson@gson-parent-2.13.0...gson-parent-2.13.1

Gson 2.13.0

What's Changed

  • A bug in deserializing collections has been fixed. Previously, if you did something like this:

    gson.fromJson(jsonString, new TypeToken<ImmutableList<String>>() {})

    then the inferred type would be ImmutableList<String>, but Gson actually gave you an ArrayList<String>. Usually that would lead to an immediate ClassCastException, but in some circumstances the code might sometimes succeed despite the wrong type. Now you will see an exception like this:

    com.google.gson.JsonIOException: Abstract classes can't be instantiated!
Adjust the R8 configuration or register an InstanceCreator or a TypeAdapter for this type.
Class name: com.google.common.collect.ImmutableList

    because Gson now really is trying to create an ImmutableList through its constructor, but that isn't possible. Either change the requested type (in the TypeToken) to List<String>, or register a TypeAdapter or JsonDeserializer for ImmutableList.

  • The internal classes $Gson$Types and $Gson$Preconditions have been renamed to remove the $ characters. Since these are internal classes (as signaled not only by the package name but by the $ characters), client code should not be affected. If your code was depending on these classes then we suggest making a copy of the class (subject to the license) rather than depending on the new names.

Full Changelog: google/gson@gson-parent-2.12.1...gson-parent-2.13.0

Gson 2.12.1

The only difference between this release and 2.12.0 is that OSGi declarations in the Gson jar now specify that com.google.errorprone.annotations is an optional dependency, not a required one. If you do not use OSGi then there is no effective change.

... (truncated)

Commits
  • 686fad7 [maven-release-plugin] prepare release gson-parent-2.13.2
  • c2d252a Switch to using central-publishing-maven-plugin. (#2900)
  • 69cb755 Bump the github-actions group with 5 updates (#2894)
  • ea552c2 Bump the maven group across 1 directory with 3 updates (#2898)
  • fdc616d Set top-level permissions for CodeQL workflow (#2889)
  • 9334715 Create scorecard.yml (#2888)
  • f7de5c2 Bump the maven group with 8 updates (#2885)
  • 8c23cd3 Update sources to satisfy a new Error Prone check. (#2887)
  • 5eab3ed Bump the github-actions group with 2 updates (#2886)
  • 5f5c200 Bump the maven group across 1 directory with 10 updates (#2872)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the gradle group with 8 updates
6420f0a 
Bumps the gradle group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [io.grpc:grpc-protobuf](https://github.com/grpc/grpc-java) | `1.75.0` | `1.76.0` |
| [io.grpc:grpc-stub](https://github.com/grpc/grpc-java) | `1.75.0` | `1.76.0` |
| [io.grpc:grpc-netty-shaded](https://github.com/grpc/grpc-java) | `1.75.0` | `1.76.0` |
| [build.buf:protovalidate](https://github.com/bufbuild/protovalidate-java) | `1.0.0` | `1.0.1` |
| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `4.32.1` | `4.33.0` |
| com.google.protobuf:protobuf-java-util | `4.32.1` | `4.33.0` |
| [com.google.api.grpc:proto-google-common-protos](https://github.com/googleapis/sdk-platform-java) | `2.61.3` | `2.62.0` |
| [com.google.code.gson:gson](https://github.com/google/gson) | `2.11.0` | `2.13.2` |


Updates `io.grpc:grpc-protobuf` from 1.75.0 to 1.76.0
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](grpc/grpc-java@v1.75.0...v1.76.0)

Updates `io.grpc:grpc-stub` from 1.75.0 to 1.76.0
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](grpc/grpc-java@v1.75.0...v1.76.0)

Updates `io.grpc:grpc-netty-shaded` from 1.75.0 to 1.76.0
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](grpc/grpc-java@v1.75.0...v1.76.0)

Updates `io.grpc:grpc-stub` from 1.75.0 to 1.76.0
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](grpc/grpc-java@v1.75.0...v1.76.0)

Updates `io.grpc:grpc-netty-shaded` from 1.75.0 to 1.76.0
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](grpc/grpc-java@v1.75.0...v1.76.0)

Updates `build.buf:protovalidate` from 1.0.0 to 1.0.1
- [Release notes](https://github.com/bufbuild/protovalidate-java/releases)
- [Commits](bufbuild/protovalidate-java@v1.0.0...v1.0.1)

Updates `com.google.protobuf:protobuf-java` from 4.32.1 to 4.33.0
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `com.google.protobuf:protobuf-java-util` from 4.32.1 to 4.33.0

Updates `com.google.protobuf:protobuf-java-util` from 4.32.1 to 4.33.0

Updates `com.google.api.grpc:proto-google-common-protos` from 2.61.3 to 2.62.0
- [Release notes](https://github.com/googleapis/sdk-platform-java/releases)
- [Changelog](https://github.com/googleapis/sdk-platform-java/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/sdk-platform-java/commits/v2.62.0)

Updates `com.google.code.gson:gson` from 2.11.0 to 2.13.2
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](google/gson@gson-parent-2.11.0...gson-parent-2.13.2)

---
updated-dependencies:
- dependency-name: io.grpc:grpc-protobuf
  dependency-version: 1.76.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: io.grpc:grpc-stub
  dependency-version: 1.76.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: io.grpc:grpc-netty-shaded
  dependency-version: 1.76.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: io.grpc:grpc-stub
  dependency-version: 1.76.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: io.grpc:grpc-netty-shaded
  dependency-version: 1.76.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: build.buf:protovalidate
  dependency-version: 1.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gradle
- dependency-name: com.google.protobuf:protobuf-java
  dependency-version: 4.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: com.google.protobuf:protobuf-java-util
  dependency-version: 4.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: com.google.protobuf:protobuf-java-util
  dependency-version: 4.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: com.google.api.grpc:proto-google-common-protos
  dependency-version: 2.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
- dependency-name: com.google.code.gson:gson
  dependency-version: 2.13.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gradle
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Nov 1, 2025
@dependabot dependabot bot requested a review from a team as a code owner November 1, 2025 07:02
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Nov 1, 2025
tstirrat15
tstirrat15 approved these changes Nov 3, 2025
View reviewed changes
Copy link
Contributor

@tstirrat15 tstirrat15 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tstirrat15 tstirrat15 added this pull request to the merge queue Nov 3, 2025
Merged via the queue into main with commit 1b1fe63 Nov 3, 2025
8 checks passed
@tstirrat15 tstirrat15 deleted the dependabot/gradle/gradle-17223fd4c9 branch November 3, 2025 11:42
@github-actions github-actions bot locked and limited conversation to collaborators Nov 3, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@tstirrat15 tstirrat15 tstirrat15 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tstirrat15