build(deps): bump io.grpc:protoc-gen-grpc-java from 1.73.0 to 1.74.0 in /hiero-dependency-versions

[dependabot]

Bumps io.grpc:protoc-gen-grpc-java from 1.73.0 to 1.74.0.

Release notes

Sourced from io.grpc:protoc-gen-grpc-java's releases.

v1.74.0

Behavior Changes

• compiler: Default to @generated=omit (f8700a13a). This omits javax.annotation.Generated from the generated code and makes the org.apache.tomcat:annotations-api compile-only dependency unnecessary (README and examples changes forthcoming; we delayed those changes until the release landed). You can use the option @generated=javax for the previous behavior, but please also file an issue so we can develop alternatives
• compiler: generate blocking v2 unary calls that throw StatusException (#12126) (a16d65591). Previously, the new blocking stub API was identical to the older blocking stub for unary RPCs and used the unchecked StatusRuntimeException. However, feedback demonstrated it was confusing to mix that with the checked StatusException in BlockingClientCall. Now the new blocking stub uses StatusException throughout. grpc-java continues to support the old generated code, but the version of protoc-gen-grpc-java will dictate which API you see. If you support multiple generated code versions, you can use the older blocking v1 stub for unary RPCs

Bug Fixes

• netty: Fix a race that caused RPCs to hang on start when a GOAWAY was received while the RPCs’ headers were being written to the OS (b04c673fd, 15c757398). This was a very old race, not a recent regression. All streams should now properly fail instead of hanging, although in some cases they may be transparently retried
• util: OutlierDetection should use nanoTime, not currentTimeMillis (#12110) (1c4309899). Previously, changes in the wall time would impact its accounting
• xds: Don't allow hostnames in address field in EDS (#12123) (482dc5c1c). Only IP addresses were handled properly, and only IP addresses should be handled per gRFC A27
• xds: In resource handling, call onError() for RDS and EDS NACKs (#12122) (efe9ccc22). Previously the resource was NACKed, but gRPC would continue waiting for the resource until a timeout was reached and claim the control plane didn’t send the resource. Now it will fail quickly with an informative error
• xds: Implement equals in RingHashConfig (a5eaa66cc). Previously all configuration refreshes were considered a new config, which had the potential for causing unexpected inefficiency problems. This was noticed by new code for gRFC A74 xDS Config Tears that is not yet enabled, so there are no known problems that this caused
• LBs should avoid calling LBs after lb.shutdown() (1df2a3305). This fixed pick_first and ring_hash behavior that could cause rare and “random” races in parent load balancers like a NullPointerException in ClusterImplLoadBalancer.createSubchannel(), which had a ring_hash child. This is most likely to help xDS, as it heavily uses hierarchical LB policies

Improvements

• util: Deliver addresses in a random order to shuffle connection creation ordering (f07eb47ca). Previously, connections were created in-order (but non-blocking), so in a fast network the first address could be more likely to connect first given a "microsecond" headstart. That first connection then receives all the buffered RPCs, which could cause temporary, but repeated, load imbalances of the same backend when all clients receive the same list of addresses in the same order. This has been seen in practice, but it is unclear how often it happens. Shuffling has the potential to improve load distribution of new clients when using round_robin, weighted_round_robin, and least_request, which connect simultaneously to multiple addresses
• core: Use lazy message formatting in checkState (#12144) (26bd0eee4). This avoids the potential of unnecessarily formatting an exception as a string when a subchannel fails to connect
• bazel: Migrate java_grpc_library to use DefaultInfo (#12148) (6f69363d9). This adds compatibility for --incompatible_disable_target_default_provider_fields
• binder: Rationalize @​ThreadSafe-ty inside BinderTransport (#12130) (c20642874)
• binder: Cancel checkAuthorization() request if still pending upon termination (#12167) (30d40a617)

Dependencies

• compiler: Upgrade Protobuf C++ to 22.5 (#11961) (46485c8b6). This is used by the pre-built protoc-gen-grpc-java plugin on Maven Central. This should have no visible benefit, but gets us closer to upgrading to Protobuf 27 which added edition 2023 support
• release: Migrate artifacts publishing changed from legacy OSSRH to Central Portal (#12156) (f99b2aaef). We aren’t aware of any visible changes to the results on Maven Central

Commits

• 9d2c895 Bump version to 1.74.0
• b58900e Update README etc to reference 1.74.0
• 15c7573 netty: Associate netty stream eagerly to avoid client hang
• b04c673 Guarantee missing stream promise delivery
• 1df2a33 LBs should avoid calling LBs after lb.shutdown()
• a5eaa66 xds: Implement equals in RingHashConfig
• 393f02b Revert "xds: Convert CdsLb to XdsDepManager"
• 69b8cf5 Revert "xds: Support tracking non-xds resources in XdsDepManager"
• 98e4252 Revert "xds: XdsNR should be subscribing to clusters with XdsDepManager"
• 3b63af4 Revert "xds: Add logical dns cluster support to XdsDepManager"
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[AlfredoG87]

This Dependabot needs more work.

[AlfredoG87]

while looking at this and why is breaking the build, could we just remove it? what is it for?

[AlfredoG87]

LGTM