MINOR: [Java] Bump io.grpc:grpc-bom from 1.65.0 to 1.68.0 in /java

[dependabot]

Bumps io.grpc:grpc-bom from 1.65.0 to 1.68.0.

Release notes

Sourced from io.grpc:grpc-bom's releases.

v1.66.0

gRPC Java 1.66.0 Release Notes

API Changes

• stub: Support setting onReadyThreshold through AbstractStub. (#11320) (25a8b7c50)
• util: Stabilize AdvancedTlsX509TrustManager, an X509ExtendedTrustManager that allows users to configure advanced TLS features, such as root certificate reloading and peer cert custom verification. (658cbf6cf)
• util: Align AdvancedTlsX509{Key and Trust}Manager. (#11385)
• util: Add GracefulSwitchLoadBalancer config (ebed04798) and mark switchTo() deprecated. (85e0a01ec). GracefulSwitchLoadBalancer now receives its configuration like a regular load balancer.
• binder: Introduce AllowSecurityPolicy to allow calling code to not have to wait on async/slow implementations. BinderTransport now submits async implementations to an executor. (#11272) (7fee6a3fe)
• api: Add convenience method in ServerBuilder for adding a list of service implementations to the handler registry together. (#11285) (85ed05300)

Improvements

• examples: Improve example Bazel WORKSPACE to demonstrate referencing grpc-xds. (5ec0187e2)
• examples: Include Bazel bzlmod configuration (36e687f9d). There are now examples for both non-bzlmod and bzlmod.
• core: Fixes to PickFirstLeafLoadBalancer
  • Eliminate NPE after recovering from a temporary name resolution failure. (#11298)
  • Deduplicate addresses. (#11342, #11345)
• core: Change default to use the new pick first load balancer (PickFirstLeafLoadBalancer). (#11348)
• core: Use retryThrottling from defaultServiceConfig when the name resolver config doesn't provide this config. (#11274) (062ebb4d7)
• netty: Enable use of Netty 4.1.111 by avoiding the optimization provided by NettyAdaptiveCumulator if Netty is on version 4.1.111 or later. (#11367)
• binder: Set a default connect timeout of 60 seconds. (#11359) (21dec3092)
• binder: Make BinderServer own ServerAuthInterceptor's executor that helps avoid leaks. (#11293) (15ad9f546)
• services:: Added ProtoReflectionServiceV1 for the v1 reflection protocol. The preexisting ProtoReflectionService implements the v1alpha reflection protocol. (#11237) (0aa976c4e)

Bug Fixes

• binder: Add missing synchronization to prevent races when calling awaitTermination(). (#11277) (14fd81f59)
• util: Fix AdvancedTlsX509TrustManager validation on servers when using SSLSocket. Previously it would try to use a null SSLEngine . (dcb1c018c)

Dependencies

• compiler: Upgrade from CentOS 7 to AlmaLinux 8 for the pre-compiled Linux protoc-gen-grpc-java (71eb5fb9f). This adds a runtime dependency on libstdc++
• Upgrade animal-sniffer-annotations to 1.24 (a97738518)
• Upgrade error_prone_annotations to 2.28.0 (a97738518)
• Upgrade proto-google-common-protos to 2.41.0 (a97738518)
• Upgrade google-auth-library to 1.23.0 (a97738518)
• Upgrade gson to 2.11.0 (a97738518)
• Upgrade guava to 33.2.1 (a97738518)
• Upgrade opentelemetry to 1.40.0 (a97738518)
• Upgrade perfmark-api to 0.27.0 (a97738518)
• Upgrade protobuf-java to 3.25.3 (a97738518)
• xds: Remove unused opencensus-proto dependency (e7c3803b5)
• bazel: Replace @com_github_cncf_udpa usage with preexisting @com_github_cncf_xds; delete @com_github_cncf_udpa repo alias for xds (6dd6ca9f9)
• bazel: Upgrade envoyproxy/data-plane-api to 1611a730 (c540993aa). The version used by Gradle had been updated in 1.62.0 (68334a01), but the bazel version had not
• bazel: Use com_google_protobuf instead of com_google_protobuf_javalite (7a25e6895). Bazel’s protobuf rules no longer use the old com_google_protobuf_javalite repository name
• bazel: Don't require protobuf to be in maven_install (d3c2f5a2d). Protobuf’s targets are generally just used directly; this fixed the only place that used maven’s artifact() syntax

Thanks to

@​hlx502 @​erm-g

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[vibhatha]

@lidavidm we cannot do this upgrade at this moment, right?

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.