MINOR: [Java] Bump io.grpc:grpc-bom from 1.63.0 to 1.65.0 in /java

[dependabot]

Bumps io.grpc:grpc-bom from 1.63.0 to 1.65.0.

Release notes

Sourced from io.grpc:grpc-bom's releases.

v1.65.0

grpc-netty in this release is compatible with Netty 4.1.111; it fixes the incompatibility that caused data corruption. grpc-netty-shaded is still using Netty 4.1.100.

New Features

• New module grpc-gcp-csm-observability (df8cfe9dd)

Improvements

• api: Add ClientStreamTracer.inboundHeaders(Metadata) (960012d76). This is the same as the existing inboundHeaders(), but is provided the Metadata
• api: Fix various typos in the documentation (#11144) (6ec744f2a)
• core: When queuing RPCs, don’t request picks from the LB twice (8844cf7b8). This could be viewed as a small performance optimization, but mainly reduces the amount of race-handling code
• util: Improve AdvancedTlsX509KeyManager’s documentation, verification, and testing. (#11139) (781b4c457) This change shows @ExperimentalApi being removed, but it was re-added in 3c97245 before the release
• examples: Fix broken command in reflection readme (#11131) (c31dbf48a)
• binder: Add a connection timeout (#11255) (791f894e2)

Bug fixes

• core: Exit idle mode when delayed transport is in use (fea577c80). This was a long-standing race that could cause RPCs to hang, but was very unlikely to be hit. Avoiding the double-picking (8844cf7b8) made the race more visible
• netty: Fix Netty composite buffer merging to be compatible with Netty 4.1.111 (#11294) (0fea7dd). The previous behavior easily caused data corruption
• okhttp: Workaround SSLSocket not noticing socket is closed (a28357e19). Previously, shutting down when a new connection was being established could result in the server never becoming terminated
• inprocess: Fix listener race if transport is shutdown while starting (e4e7f3a06). This issue was unlikely to be hit outside of specialized tests
• services: restore //services:binarylog bazel target (#11292) (d57f271). This fixes a regression introduced in 1.62.2
• binder: Wait for all server transports to terminate before returning the security policy executor to the object pool (#11240) (34ee600dc)
• binder: Reject further SETUP_TRANSPORT requests post-BinderServer shutdown (#11260) (1670e97f7)
• bazel: Include missing com_google_protobuf_javalite in MODULE.bazel (#11147) (f995c121e)

Thanks to

@​hakusai22 @​firov @​mateusazis @​Mir3605 @​niloc132

v1.64.1

What's Changed

• netty:Fix Netty composite buffer merging to be compatible with Netty 4.1.111 (1.64.x backport) by @​larry-safran in grpc/grpc-java#11303

v1.64.0

Avoid upgrading your application to Netty 4.1.111, as there is a possible corruption. Still investigating. See grpc/grpc-java#11284 .

API Changes

• compiler: the option jakarta_omit was renamed @generated=omit (#11086) (8a21afcc9)

New Features

• New API LoadBalancer.getChannelTarget() (4561bb5b8)
• opentelemetry: Publish new module grpc-opentelemetry (5ba1a5563). The feature is still missing documentation and an example. It only supports metrics; tracing and logs will be future enhancements. See gRFC A66
• bazel: Add support for bzlmod (#11046) (d1890c0ac)
• bazel: Replace usages of the old compatibility maven targets with @maven targets (00649913b)
• okhttp: Support serverBuilder.maxConcurrentCallsPerConnection (Fixes #11062). (#11063) (805072339)
• xds: Experimental metrics recording in WRR LB (06df25b65, 35a171bc1, 2897b3939), to be exported by grpc-opentelemetry if explicitly enabled in GrpcOpenTelemetry. See gRFC A78
• rls: Experimental metrics recording in RLS LB (a9fb272b7, a1d19327f, 813331837), to be exported by grpc-opentelemetry if explicitly enabled in GrpcOpenTelemetry

... (truncated)

Commits

• 6296726 Bump version to 1.65.0
• 4d25c34 Update README etc to reference 1.65.0
• fb761a1 services: restore //services:binarylog bazel target (#11292)
• 3c97245 util: Add ExperimentalApi to AdvancedTlsX509KeyManager
• c11b560 Remove unused imports from CSM Observability example (#11307) (#11310)
• 4824eaf all:Add GCP CSM Observability (#11305) (#11308)
• d6ce8c5 examples: Add gRPC OpenTelemetry example (v1.65.x backport) (#11309)
• b9927b0 netty:Fix Netty composite buffer merging to be compatible with Netty 4.1.111 ...
• 71eca4e opentelemetry: Add explicit histogram buckets for per-call metrics (#11281) (...
• f54cdf0 examples: Add GCP CSM Observability example (v1.65.x backport) (#11286)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[vibhatha]

@lidavidm I think we encountered this issue earlier as well. We shouldn't upgrade at this moment right?

[danepitkin]

This change is currently included in the proposed Java 8 deprecation PR: #43139

[laurentgo]

I think I add to update grpc to address some module declaration issue but I now realize that it may causing some integration test issues. I'll try and check

Switching from maven-assembly-plugin to maven-shade-plugin allows to use transformers for service manifests and solves the issue

[lidavidm]

We can close this in favor of the other PR then?

[danepitkin]

grpc was updated in a separate PR.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.