chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.75.0

[dependabot]

Bumps google.golang.org/grpc from 1.58.2 to 1.75.0.

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.75.0

Behavior Changes

• xds: Remove support for GRPC_EXPERIMENTAL_XDS_FALLBACK environment variable. Fallback support can no longer be disabled. (#8482)
• stats: Introduce DelayedPickComplete event, a type alias of PickerUpdated. (#8465)
  • This (combined) event will now be emitted only once per call, when a transport is successfully selected for the attempt.
  • OpenTelemetry metrics will no longer have multiple "Delayed LB pick complete" events in Go, matching other gRPC languages.
  • A future release will delete the PickerUpdated symbol.
• credentials: Properly apply grpc.WithAuthority as the highest-priority option for setting authority, above the setting in the credentials themselves. (#8488)
  • Now that this WithAuthority is available, the credentials should not be used to override the authority.
• round_robin: Randomize the order in which addresses are connected to in order to spread out initial RPC load between clients. (#8438)
• server: Return status code INTERNAL when a client sends more than one request in unary and server streaming RPC. (#8385)
  • This is a behavior change but also a bug fix to bring gRPC-Go in line with the gRPC spec.

New Features

• dns: Add an environment variable (GRPC_ENABLE_TXT_SERVICE_CONFIG) to provide a way to disable TXT lookups in the DNS resolver (by setting it to false). By default, TXT lookups are enabled, as they were previously. (#8377)

Bug Fixes

• xds: Fix regression preventing empty node IDs in xDS bootstrap configuration. (#8476)
  • Special Thanks: @​davinci26
• xds: Fix possible panic when certain invalid resources are encountered. (#8412)
  • Special Thanks: @​wooffie
• xdsclient: Fix a rare panic caused by processing a response from a closed server. (#8389)
• stats: Fix metric unit formatting by enclosing non-standard units like call and endpoint in curly braces to comply with UCUM and gRPC OpenTelemetry guidelines. (#8481)
• xds: Fix possible panic when clusters are removed from the xds configuration. (#8428)
• xdsclient: Fix a race causing "resource doesn not exist" when rapidly subscribing and unsubscribing to the same resource. (#8369)
• client: When determining the authority, properly percent-encode (if needed, which is unlikely) when the target string omits the hostname and only specifies a port (grpc.NewClient(":<port-number-or-name>")). (#8488)

Release 1.74.2

New Features

• grpc: introduce new DialOptions and ServerOptions (WithStaticStreamWindowSize, WithStaticConnWindowSize, StaticStreamWindowSize, StaticConnWindowSize) that force fixed window sizes for all HTTP/2 connections. By default, gRPC uses dynamic sizing of these windows based upon a BDP estimation algorithm. The existing options (WithInitialWindowSize, etc) also disable BDP estimation, but this behavior will be changed in a following release. (#8283)

API Changes

• balancer: add ExitIdle method to Balancer interface. Earlier, implementing this method was optional. (#8367)

Behavior Changes

• xds: Remove the GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST environment variable that allows disabling the least request balancer with xDS. Least request was made available by default with xDS in v1.72.0. (#8248)
  • Special Thanks: @​atollena
• server: allow 0s grpc-timeout header values, which older gRPC-Java versions could send. This restores the behavior of grpc-go before v1.73.0. (#8439)

Bug Fixes

• googledirectpath: avoid logging the error message Attempt to set a bootstrap configuration... when creating multiple directpath channels. (#8419)

Performance Improvements

... (truncated)

Commits

• b9788ef Change version to 1.75.0 (#8493)
• 2bd74b2 credentials: fix behavior of grpc.WithAuthority and credential handshake prec...
• 9fa3267 xds: remove xds client fallback environment variable (#8482)
• 62ec29f grpc: Fix cardinality violations in non-client streaming RPCs. (#8385)
• 85240a5 stats: change non-standard units to annotations (#8481)
• ac13172 update deps (#8478)
• 0a895bc examples/opentelemetry: use experimental metrics in example (#8441)
• 8b61e8f xdsclient: do not process updates from closed server channels (#8389)
• 7238ab1 Allow empty nodeID (#8476)
• 9186ebd cleanup: use slices.Equal to simplify code (#8472)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Greptile Summary

This PR is a comprehensive dependency update initiated by Dependabot that brings significant changes to the zero-examples project. The most notable updates include:

Go Version Upgrade: The project's Go version has been upgraded from 1.18 to 1.23.0, which brings access to the latest language features, performance improvements, and security patches from several Go releases.

gRPC Major Update: The google.golang.org/grpc package has been updated from version 1.58.2 to 1.75.0, representing a significant jump that includes multiple behavior changes, new features, and bug fixes. Key changes in this gRPC update include:

• Removal of experimental xDS fallback environment variables
• Introduction of DelayedPickComplete events for better OpenTelemetry metrics alignment
• Improved authority handling with grpc.WithAuthority
• Enhanced round-robin load balancing with randomized connection ordering
• Fixes for various xDS client panics and race conditions
• Better compliance with gRPC specifications for unary and server streaming RPCs

OpenTelemetry Updates: OpenTelemetry packages have been significantly updated from v1.14.0 to v1.37.0, with the addition of new metric packages, aligning the project with the latest observability standards.

Ecosystem-wide Updates: The PR includes updates to numerous other dependencies including golang.org/x packages (crypto, oauth2, sync, sys, term, text), Google's genproto and protobuf packages, and various testing and utility libraries.

This type of comprehensive dependency maintenance is essential for keeping the zero-examples project current with security patches, bug fixes, and modern Go ecosystem standards. The changes integrate with the existing zero-examples codebase by maintaining compatibility with the go-zero framework while providing access to improved gRPC functionality and modern Go features.

Confidence score: 3/5

• This PR requires careful review due to major version jumps in critical dependencies like gRPC and the Go runtime
• Score reflects the significant nature of the updates, particularly the gRPC behavior changes and Go version upgrade that could impact existing functionality
• Pay close attention to any files that use gRPC directly or depend on specific Go 1.18 features that may have changed

[greptile-apps]

_{1 file reviewed, no comments}

_{Edit Code Review Bot Settings | Greptile}

[dependabot]

Superseded by #527.