Skip to content

Bump the java group in /java with 2 updates #1320

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rodaine merged 1 commit into from
Oct 13, 2025
Merged

Bump the java group in /java with 2 updates #1320

rodaine merged 1 commit into from
Oct 13, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 13, 2025

Bumps the java group in /java with 2 updates: io.grpc:grpc-bom and org.jacoco:jacoco-maven-plugin.

Updates io.grpc:grpc-bom from 1.75.0 to 1.76.0

Release notes

Sourced from io.grpc:grpc-bom's releases.

v1.76.0

Bug Fixes

  • xds: ClusterResolverLb has been converted to use XdsDepManager, which finishes the changes for gRFC A74 xDS Config Tears. This change should resolve some unnecessary reconnections introduced in v1.75.0 when using weighted_round_robin and maybe other policies.
  • compiler: A fix has been implemented for the blockingV2 stub to mangle generated method names that conflict with java.lang.Object methods.
  • servlet: A race condition in AsyncServletOutputStreamWriter has been fixed to prevent threads from getting stuck.
  • servlet: An issue where AsyncContext.complete() was called multiple times, causing an IllegalStateException, has been resolved.
  • binder: The REMOTE_UID is now required to hold the exact UID passed to the SecurityPolicy.
  • binder: The server will now only accept post-setup transactions from the authorized server UID.
  • util: AdvancedTlsX509TrustManager now errors with a message to say that files don’t exist instead of the previous “Files were unmodified before their initial update. Probably a bug.”
  • android: A fix has been implemented for network change handling on API levels below 24.

Improvements

  • api: Allocations of Attributes.Builder have been reduced. This mostly benefits attributes.toBuilder(), but that’s not expected to be visible in regular workloads.
  • api: An empty array allocation in LoadBalancer.CreateSubchannelArgs.Builder has been avoided. It is a small optimization and is not expected to have any performance impact.
  • servlet: A configurable methodNameResolver has been added to configure the mapping from servlet request paths to gRPC method name
  • servlet: Avoid a race by increasing the AsyncContext timeout by 5 seconds. The gRPC Context timeout should trigger first
  • xds: Pretty-print envoy.service.discovery.v3.Resource in debug logs
  • bazel: The java/proto rules from rules_java/rules_proto are now used instead of native rules.
  • bazel: Unnecessary direct build dependencies were removed from some targets
  • netty: Support for the BCJSSE provider has been added in GrpcSslContexts.
  • netty: Huffman coding in server response headers has been disabled; it was already disabled for client request headers
  • netty: Include allow header for HTTP response code 405
  • okhttp: Include allow header for HTTP response code 405
  • binder: Error descriptions for ServiceConnection callbacks have been improved
  • binder: Apps can now call SecurityPolicy.checkAuthorization() by PeerUid.

New Features

  • stub: Trailers are now propagated in StatusException when thrown by BlockingClientCall.
  • compiler: Support for macOS aarch64 with a universal binary has been added.
  • opentelemetry: grpc.subchannel.* metrics as described in gRFC A94 OTel metrics for Subchannels have been added. grpc.disconnect_error will show as “unknown” until transports implement support
  • binder: A NameResolver for Android's intent: URIs has been introduced.
  • binder: A basic SocketStats with just the local and remote addresses has been added for channelz.

Documentation

  • SECURITY.md: The documentation now describes how to use gcompat with LD_PRELOAD for Alpine.
  • examples: The documentation now explains Bazel BCR releases and the git_override option.

Dependencies

  • Upgraded Guava version to 33.4.8.
  • The org.apache.tomcat:annotations-api dependency has been removed from the examples.

Thanks to

@JoeCqupt @Sangamesh1997

... (truncated)

Commits
  • d0db129 Bump version to 1.76.0
  • aa672ca Update README etc to reference 1.76.0
  • 70b7249 netty: Unconditionally disable adaptive cumulator (#12390)
  • f89d1d8 api: remove nullable from StatusOr value methods (#12338)
  • 040665f examples: Explain Bazel BCR releases and git_override option
  • 4995700 xds: Remove verify TODO for onResult2 error status
  • afe7222 SECURITY.md: Mention gcompat for Alpine (#12365)
  • 1a7042a android: fix network change handling on API levels < 24
  • 8f0db07 api: Avoid allocating empty array in LoadBalancer (#12337)
  • 0c179e3 xds: Convert ClusterResolverLb to XdsDepManager
  • Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.14

New Features

  • JaCoCo now officially supports Java 25 (GitHub #1950).
  • Experimental support for Java 26 class files (GitHub #1870).
  • Branches added by the Kotlin compiler for default argument number 33 or higher are filtered out during generation of report (GitHub #1655).
  • Part of bytecode generated by the Kotlin compiler for elvis operator that follows safe call operator is filtered out during generation of report (GitHub #1814, #1954).
  • Part of bytecode generated by the Kotlin compiler for more cases of chained safe call operators is filtered out during generation of report (GitHub #1956).
  • Part of bytecode generated by the Kotlin compiler for invocations of suspendCoroutineUninterceptedOrReturn intrinsic is filtered out during generation of report (GitHub #1929).
  • Part of bytecode generated by the Kotlin compiler for suspending lambdas with parameters is filtered out during generation of report (GitHub #1945).
  • Part of bytecode generated by the Kotlin compiler for suspending functions and lambdas with suspension points that return inline value class is filtered out during generation of report (GitHub #1871).
  • Part of bytecode generated by the Kotlin Compose compiler plugin for pausable composition is filtered out during generation of report (GitHub #1911).
  • Methods generated by the Kotlin serialization compiler plugin are filtered out (GitHub #1885, #1970, #1971).

Fixed bugs

  • Fixed handling of implicit else clause of when with String subject in Kotlin (GitHub #1813, #1940).
  • Fixed handling of implicit default clause of switch by String in Java when compiled by ECJ (GitHub #1813, #1940). Fixed handling of exceptions in chains of safe call operators in Kotlin (GitHub #1819).

Non-functional Changes

  • JaCoCo now depends on ASM 9.9 (GitHub #1965).
Commits
  • 2eb2483 Prepare release v0.8.14
  • de76181 KotlinSerializableFilter should filter more methods (#1971)
  • 89c4bd5 Fix NPE in KotlinSerializableFilter (#1970)
  • 0981128 Migrate release staging to the Central Publisher Portal (#1968)
  • d07bc6b Add filter for bytecode generated by Kotlin serialization compiler plugin (#1...
  • 5e35fd5 Upgrade maven-dependency-plugin to 3.9.0 (#1966)
  • c2fe5cc Upgrade ASM to 9.9 (#1965)
  • b0f8e23 KotlinSafeCallOperatorFilter should filter "unoptimized" safe call followed b...
  • c7bd3f4 Upgrade spotless-maven-plugin to 3.0.0 (#1961)
  • faa289d KotlinSafeCallOperatorFilter should not be affected by presence of pseudo ins...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the java group in /java with 2 updates
36915ce 
Bumps the java group in /java with 2 updates: [io.grpc:grpc-bom](https://github.com/grpc/grpc-java) and [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco).


Updates `io.grpc:grpc-bom` from 1.75.0 to 1.76.0
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](grpc/grpc-java@v1.75.0...v1.76.0)

Updates `org.jacoco:jacoco-maven-plugin` from 0.8.13 to 0.8.14
- [Release notes](https://github.com/jacoco/jacoco/releases)
- [Commits](jacoco/jacoco@v0.8.13...v0.8.14)

---
updated-dependencies:
- dependency-name: io.grpc:grpc-bom
  dependency-version: 1.76.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java
- dependency-name: org.jacoco:jacoco-maven-plugin
  dependency-version: 0.8.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: java
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added Dependencies Updates a dependency Java Java/JVM language support labels Oct 13, 2025
@rodaine rodaine merged commit 552d005 into main Oct 13, 2025
8 checks passed
@rodaine rodaine deleted the dependabot/maven/java/java-06f7ba78f2 branch October 13, 2025 13:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rodaine rodaine rodaine approved these changes

Assignees

No one assigned

Labels

Dependencies Updates a dependency Java Java/JVM language support

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rodaine