fix: update dependency io.grpc:grpc-bom to v1.77.0

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
io.grpc:grpc-bom	1.76.0 -> 1.77.0

---

Release Notes

grpc/grpc-java (io.grpc:grpc-bom)

v1.77.0

Compare Source

API Changes

• binder: Remove experimental BinderChannelBuilder.bindAsUser() method, deprecated since 1.69 (#​12401) (f96ce06)

Bug Fixes

• api: Fix name resolver bridge listener handling for address resolution errors for custom name resolvers (#​12441) (acbbf86). This fixes regression introduced in v1.68.1 causing a “IllegalStateException: No value present.” exception
• core: Fix NullPointerException during address update with Happy Eyeballs (5e8af56). This should not impact many people as the code is disabled by default, behind two experimental environment variables
• okhttp: Fix bidirectional keep-alive causing spurious GOAWAY (6fc3fd0). This fixes the grpc-okhttp server incorrectly closing the connection with GOAWAY: too_many_pings
• xds: SslContext updates handling when using system root certs (#​12340) (63fdaac). Since FileWatcherCertificateProvider isn't used when using system root trust store, the SslContext update for the handshake that depended on it wasn't happening. This fix creates a separate CertificateProvider for handling system root certs that doesn't rely on the FileWatcherCertificateProvider.
• xds: Make cluster selection interceptor run before other filters (#​12381) (82f9b8e). This is needed when there is GcpAuthenticationFilter in the filter chain to make available the cluster resource in CallOptions.
• xds: Handle wildcards in DNS SAN exact matching (#​12345) (5b876cc)
• android: Fix UdsChannelBuilder with WiFi Proxy (349a35a)
• binder: Avoid potential deadlock when canceling AsyncSecurityPolicy futures (#​12283) (4725ced)
• binder: Fix a BinderServerTransport crash in the rare shutdown-before-start case (#​12440) (91f3f4d)

Improvements

• Improve status messages by including causal error details in config parsing errors for outlier detection and xds’s wrr locality policies (86e8b56)
• xds: Detect negative ref count for xds client (21696cd). A negative reference count could cause NullPointerExceptions, so when too many unrefs are detected it produces a SEVERE warning and prevents the reference count from going negative
• xds: Support deprecated xDS TLS fields for Istio compat (#​12435) (53cd1a2). This fixes a regression with Istio introduced in v1.73.0. This gives time for Istio’s new xDS field support to roll out
• googleapis: Allow wrapping NameResolver to inject XdsClient (#​12450) (27d1508). This allows googleapis to inject an xDS bootstrap to use with its channels even if one is already specified in the environment variable or system property. When the code was originally written there was a single global XdsClient, but since gRFC A71 Xds Fallback each target string has its own XdsClient and thus can have its own bootstrap
• alts: Allow overriding metadata server address with env variable (9ac12ef) (498f717)
• binder: Let the server know when the client fails to authorize it. (#​12445) (599a0a1) This avoids the server needing to wait for the handshake timeout before realizing the handshake failed

New Features

• opentelemetry: Implement otel retry metrics from gRFC A96 (#​12064) (d380191)
• opentelemetry: propagate baggage to server metrics for custom attributes (#​12389) (155308d)
• xds: Allow EC Keys in SPIFFE Bundle Map parsing (#​12399) (559e3ba)
• xds: Enable authority rewriting (gRFC A81), system root cert support (gRFC A82), GCP authentication filter (gRFC A83), and SNI (gRFC A101) (#​12499) (246c2b1). Authority rewriting requires the control plane to be labeled trusted_xds_server in the bootstrap. System root cert support and SNI require using XdsChannelCredentials
• rls: Add route lookup reason to request whether it is due to a cache miss or stale cache entry (#​12442) (795ce02)

Dependencies

• compiler: C++ protobuf used by codegen upgraded to 26.1 (#​12330) (55aefd5)
• alts: Remove dep on grpclb (b769f96). ALTS is no longer used with grpclb, so this removes dead code
• Upgrade netty to 4.1.127.Final (b37ee67)

Thanks to

@​panchenko
@​benjaminp
@​HyunSangHan
@​becomeStar
@​ZachChuba
@​oliviamariacodes
@​kssumin
@​laz-canva

v1.76.1

Compare Source

Bug Fixes

• core: Fix NullPointerException during address update with Happy Eyeballs (5e8af56). This should not impact many people as the code is disabled by default, behind two experimental environment variables

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[gemini-code-assist]

Summary of Changes

Hello @renovate-bot, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request updates the io.grpc:grpc-bom dependency to version 1.77.0. This upgrade brings a comprehensive set of bug fixes, performance enhancements, and new features, particularly in areas like xDS configuration, OpenTelemetry integration, and core gRPC functionalities, ensuring improved stability and expanded capabilities for applications utilizing gRPC.

Highlights

• gRPC BOM Update: Upgraded the io.grpc:grpc-bom dependency from v1.76.0 to v1.77.0, incorporating the latest stability and feature enhancements from the gRPC project.
• Critical Bug Fixes: Addressed several critical issues, including a regression causing IllegalStateException in name resolver bridge listener handling, NullPointerException during address updates with Happy Eyeballs, and a fix for GOAWAY: too_many_pings with OkHttp bidirectional keep-alive.
• xDS Enhancements: Introduced significant improvements and new features for xDS, such as SslContext updates, correct cluster selection interceptor ordering, support for deprecated TLS fields for Istio compatibility, and enabling several gRFCs (A81, A82, A83, A101) for advanced xDS functionalities.
• OpenTelemetry Integration: Added new OpenTelemetry features, including the implementation of retry metrics from gRFC A96 and the propagation of baggage to server metrics for custom attributes.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates the io.grpc:grpc-bom dependency from version 1.76.0 to 1.77.0. This is a minor update that, according to the release notes, includes several bug fixes and improvements. The release notes mention one breaking API change involving the removal of an experimental method, BinderChannelBuilder.bindAsUser(). Based on the provided code, this method does not appear to be in use, so this dependency upgrade should be safe to merge.