maint(deps): bump io.grpc:grpc-netty-shaded from 1.56.0 to 1.57.0

[dependabot[bot]]

Bumps io.grpc:grpc-netty-shaded from 1.56.0 to 1.57.0.

Release notes

Sourced from io.grpc:grpc-netty-shaded's releases.

v1.57.0

gRPC Java 1.57.0 Release Notes

This release accidentally broke Java 8: NoSuchMethodError for some ByteBuffer methods. The issue is tracked in grpc/grpc-java#10432

API Changes

• Use fully qualified java.lang.String in all cases in generated code. This fixes compilation if a protobuf message is named “String”.
• Stabilize two io.grpc.Status methods (asRuntimeException & trailersFromThrowable)
• Stabilize io.grpc.ManagedChannelBuilder.useTransportSecurity (#10244)
• Stabilize io.grpc.util.MutableHandlerRegistry (#10348)

Behavior Changes

• xds: Handle loops and duplicates in xds Aggregate clusters
• core: Change delay for hedging retry after a non-fatal error to be 0 to match the gRFC (A6).
• api: CheckedForwardingClientCall now passes trailers from the caught exception
• xds: require EDS service name in CDS resources with an xdstp name
• xds: Use Rule order instead of RuleChain
• Wrap other name resolver types in a RetryingNameResolver . Previously, if authority was not overridden, then some name resolvers (such as grpclb) had no retry.
• xds: Environment variable "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" is no longer respected, so xDS security cannot be disabled any more (#10243)
• context, api: Package io.grpc is now consolidated into a single artifact grpc-api by moving classes from grpc-context to grpc-api. grpc-context now has a dependency on grpc-api (but excludes other dependencies of grpc-api) so any application previously using only grpc-context will now also bring in grpc-api. This fixes #3522 which was the major issue preventing support of Java modules. We are not done fixing support, as some artifacts need to be split and Automatic-Module-Name needs to be added. The next release is likely to be more stable for modules.

New Features

• binder: Add UserHandle and BinderChannelCredentials to support cross-user communication (#10197)
• xds,orca: LRS named metrics support

Improvements

• core: Resolve isAndroid only once on class loading. This can improve channel creation performance on Android.
• xds: Pick a subchannel with new static stride scheduler in WeightedRoundRobinLoadBalancer

Bug Fixes

• xds: Fix the server sending a GOAWAY when an LDS update with no changes other than ordering is received.
• netty: Fix NPE when a header with errors is received with endStream=true. This was causing logs to be filled with errors when health checkers didn’t specify a content type.
• okhttp: Fix the Socket data race when shutdown/closed during connecting that was causing a significant delay

Dependencies

• Upgraded Netty to 4.1.93-Final
• Update guava dependency to 32.0.1 to address CVE-2023-2976

Acknowledgements

• Benjamin Peterson
• Masakuni Oishi
• Philip K. Warren

... (truncated)

Commits

• cde208a Bump version to 1.57.0
• 61ad5f4 Update README etc to reference 1.57.0
• 4d75056 Revert "Release v1.57.0 (#10417)" (#10419)
• d23e39e Release v1.57.0 (#10417)
• 22de216 Handle header with errors and endStream = true (#10384) (#10414)
• c96b7d5 Downgrade Netty to 4.1.93-Final
• 37351c6 fixed StaticStrideScheduler looping too many times (#10370)
• 78cf1c3 core: Apply RetryingNameResolver in ManagedChannelImpl (#10371)
• 4fa2814 services, xds, orca: LRS named metrics support (#10282)
• 8dbd47c Sort the policies in a rule by policy name when parsing from proto. (#10334)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[slearman15]

Will this PR and https://github.com/honeycombio/honeycomb-opentelemetry-java/pull/438 be reviewed soon? Both the Guava and the gRPC versions in main contain vulnerabilities and need to be updated.

[dependabot[bot]]

Superseded by #443.