Bump grpc-protobuf from 1.34.1 to 1.35.0

[dependabot-preview]

Bumps grpc-protobuf from 1.34.1 to 1.35.0.

Release notes

Sourced from grpc-protobuf's releases.

v1.35.0

gRPC Java 1.35.0 Release Notes

Bug Fixes

• core: Fix CompositeChannelCredentials to no longer use CallCredentials for OOB channels. OOB channels are available for load balancing policies to use to communicate with an LB server. It is mainly used by gRPC-LB. This resolves the incompatibility of the 1.34.0 release with googleapis.com.
• alts: Limit number of concurrent handshakes to 32. ALTS uses blocking RPCs for handshakes. If the handshake server has a limit to number of concurrent handshakes this can produce a deadlock. Limiting to 32 should workaround the problem for the majority of the cases. A later fix will allow handshake RPCs to be asynchronous
• xds: Fix missed class relocations for generated code. grpc-xds previously exposed generated code for multiple 3rd-party protobuf generated code classes outside of the io.grpc package. They are now shaded to avoid colliding with other users of the classes
• xds: Fix a user visible stack trace showing java.util.NoSuchElementException when the environment variable GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT was set and the application contains an xDS configured gRPC server. The exception was benign and was seen when the connection was dropped before an SslContextProvider was available.
• xds: decouple xds channel creation and bootstrapping. This fixes the bug caused by the lifecycle mismatch between XdsClient and its channel to the xDS server. Cheating a new XdsClient (previous one shutdown due to no Channel using it) would create and use a new xDS channel.

Dependencies

• Guava updated to 30.0-android
• Animal Sniffer annotations updated to 1.19
• Error Prone annotations updated to 2.4.0
• Perfmark updated to 0.23.0
• compiler: Linux artifacts now built using CentOS 7. Previously CentOS 6 was used, but that distribution is discontinued and no longer available in our build infrastructure
• netty: Upgrade to Netty 4.1.52 and tcnative 2.0.34. Note that this Netty release enables TLSv1.3 support. mTLS failures with TLSv1.3 will have different error messages than in TLSv1.2
• auth,alts: google-auth-library-java updated to 0.22.2
• census: OpenCensus updated to 0.28.0
• protobuf: googleapi’s common protos updated to 2.0.1
• okhttp: Okio updated to 1.17.5
• xds: re2j updated to 1.5
• xds: bouncycastle updated to 1.67
• gradle: bumped protobuf-gradle-plugin version to 0.8.14
• android, cronet: upgraded the latest support Android version to 29

Acknowledgments

@amnox @horizonzy @wanyingd1996

Commits

• 6db928a Bump version to 1.35.0
• ced1ec0 Update README etc to reference 1.35.0
• ff2c2c7 xds: fix LB policy address and balancing state update propagations (v1.35.x b...
• 735939b xds: fix regression for deleting EDS resources referenced by unchanged CDS re...
• b50f51c api: fix LoadBalancer javadoc
• 73fe68e xds: support getting logical DNS and aggregate cluster configurations from CD...
• 64d2bf1 android, cronet, android-interop-testing: bump Android versions (#7740)
• 8359d0b netty: Upgrade to Netty 4.1.52 and tcnative 2.0.34
• cddc1a5 xds: decouple xds channel creation and bootstrapping (#7764)
• 67ad786 xds: fix typo in a log message (#7762)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

One of your CI runs failed on this pull request, so Dependabot won't merge it.

• LSP tests - java v & windows-latest

Dependabot will still automatically merge this pull request if you amend it and your tests pass.