Since we already finished v26.1 upgrade in https://github.com/grpc/grpc/pull/35796
<!--
If you know who should review your pull request, please assign it to that
person, otherwise the pull request would get assigned randomly.
If your pull request is for a specific language, please add the appropriate
lang label.
-->
Closes#36230
PiperOrigin-RevId: 623960260
Updated `push_testing_images.sh` to add an additional tag, `infrastructure-public-image-HASH` to a new image to be excluded from the GCP Vulnerability scanner.
To reviewer:
- Only `tools/dockerfile/push_testing_images.sh` has an interesting change (adding a new tag)
- Clang 6 and 17 don't have an actual change other than clean-up which is to test if the script is working.
Closes#36341
PiperOrigin-RevId: 623944712
When updating protobuf, ensure upb and utf8_range versions match the updated protobuf version.
Internal b/332754839
Closes#36332
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36332 from veblush:fix-protobuf-at-head e13e7bc57a
PiperOrigin-RevId: 623878964
<!--
If you know who should review your pull request, please assign it to that
person, otherwise the pull request would get assigned randomly.
If your pull request is for a specific language, please add the appropriate
lang label.
-->
Closes#36333
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36333 from yijiem:bump_dev_version_202404101721 0a7cc5b4b7
PiperOrigin-RevId: 623878150
Change was created by the release automation script. See go/grpc-release.
Closes#36293
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36293 from yijiem:bump_core_version_202404081658 b306ec1e69
PiperOrigin-RevId: 623338846
<!--
If you know who should review your pull request, please assign it to that
person, otherwise the pull request would get assigned randomly.
If your pull request is for a specific language, please add the appropriate
lang label.
-->
Closes#36305
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36305 from ginayeh:go_release 6eb1f2cdc1
PiperOrigin-RevId: 623317762
Typo introduced in: https://github.com/grpc/grpc/pull/34450
<!--
If you know who should review your pull request, please assign it to
that
person, otherwise the pull request would get assigned randomly.
If your pull request is for a specific language, please add the
appropriate
lang label.
-->
- Added Visual C++ 2022 test to Windows C/C++ test set
- Windows potability test is now running two tests
- CMake / Ninja / Visual C++ 2019 on x86
- CMake / MSBuild / Visual C++ 2022 on x64
Closes#36236
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36236 from veblush:vc2022 100085366f
PiperOrigin-RevId: 623244062
### NOTE
* We shouldn't merge this PR until GCP cloud functions drops support for Python 3.7 ([Currently scheduled for GCF](https://cloud.google.com/functions/docs/runtime-support#python))
As part of supporting Python 3.12, we're now officially drop support for Python 3.7.
This PR:
* Changed supported Python version from 3.7 to 3.8 in README.
* Replaced distribution test image from `debian:buster` to `debian:bullseye` since the default Python version in buster is 3.7.
<!--
If you know who should review your pull request, please assign it to that
person, otherwise the pull request would get assigned randomly.
If your pull request is for a specific language, please add the appropriate
lang label.
-->
Closes#34450
PiperOrigin-RevId: 622899511
Rolling this (https://github.com/grpc/grpc/pull/36153) back as master branch is failing in mac with the following error
```
+ python3 workspace_python_macos_opt_native/tools/run_tests/run_tests.py -t -j 4 -x run_tests/python_macos_opt_native/sponge_log.xml --report_suite_name python_macos_opt_native -l python -c opt --iomgr_platform native --max_time 3600 --report_multi_target
Traceback (most recent call last):
File "/Volumes/BuildData/tmpfs/altsrc/github/grpc/workspace_python_macos_opt_native/tools/run_tests/run_tests.py", line 50, in
from python_utils.upload_test_results import upload_results_to_bq
File "/Volumes/BuildData/tmpfs/altsrc/github/grpc/workspace_python_macos_opt_native/tools/run_tests/python_utils/upload_test_results.py", line 30, in
import big_query_utils
File "/Volumes/BuildData/tmpfs/altsrc/github/grpc/workspace_python_macos_opt_native/tools/gcp/utils/big_query_utils.py", line 21, in
from apiclient import discovery
File "/Users/kbuilder/.local/lib/python3.10/site-packages/apiclient/__init__.py", line 3, in
from googleapiclient import channel, discovery, errors, http, mimeparse, model
File "/Users/kbuilder/.local/lib/python3.10/site-packages/googleapiclient/discovery.py", line 64, in
from googleapiclient import _auth, mimeparse
File "/Users/kbuilder/.local/lib/python3.10/site-packages/googleapiclient/_auth.py", line 34, in
import oauth2client.client
File "/Users/kbuilder/.local/lib/python3.10/site-packages/oauth2client/client.py", line 45, in
from oauth2client import crypt
File "/Users/kbuilder/.local/lib/python3.10/site-packages/oauth2client/crypt.py", line 45, in
from oauth2client import _openssl_crypt
File "/Users/kbuilder/.local/lib/python3.10/site-packages/oauth2client/_openssl_crypt.py", line 16, in
from OpenSSL import crypto
File "/Users/kbuilder/.local/lib/python3.10/site-packages/OpenSSL/__init__.py", line 8, in
from OpenSSL import crypto, SSL
File "/Users/kbuilder/.local/lib/python3.10/site-packages/OpenSSL/crypto.py", line 1556, in
class X509StoreFlags(object):
File "/Users/kbuilder/.local/lib/python3.10/site-packages/OpenSSL/crypto.py", line 1575, in X509StoreFlags
NOTIFY_POLICY = _lib.X509_V_FLAG_NOTIFY_POLICY
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_NOTIFY_POLICY'. Did you mean: 'X509_V_FLAG_EXPLICIT_POLICY'?
```
Closes#36255
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36255 from veblush:rb-36153 79c86e160e
PiperOrigin-RevId: 621886345
See #36176. The only difference is a temporary shim for Secure credentials types, which was already discussed and approved separately.
Closes#36242
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36242 from drfloob:reland/36176 f07bebe289
PiperOrigin-RevId: 621879911
Bumps [cryptography](https://github.com/pyca/cryptography) from 3.4.6 to 42.0.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p>
<blockquote>
<p>42.0.4 - 2024-02-20</p>
<pre><code>
* Fixed a null-pointer-dereference and segfault that could occur when creating
a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
definitions in :rfc:`2633` :rfc:`3370`.
<p>.. _v42-0-3:</p>
<p>42.0.3 - 2024-02-15
</code></pre></p>
<ul>
<li>Fixed an initialization issue that caused key loading failures for some
users.</li>
</ul>
<p>.. _v42-0-2:</p>
<p>42.0.2 - 2024-01-30</p>
<pre><code>
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol objects in
``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
``X25519PrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
``X448PrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
and ``DHPrivateKey``
:meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.
<p>.. _v42-0-1:</p>
<p>42.0.1 - 2024-01-24
</code></pre></p>
<ul>
<li>Fixed an issue with incorrect keyword-argument naming with <code>EllipticCurvePrivateKey</code>
:meth:<code>~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign</code>.</li>
<li>Resolved compatibility issue with loading certain RSA public keys in
:func:<code>~cryptography.hazmat.primitives.serialization.load_pem_public_key</code>.</li>
</ul>
<p>.. _v42-0-0:</p>
<p>42.0.0 - 2024-01-22</p>
<pre><code>
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="fe18470f7d"><code>fe18470</code></a> Bump for 42.0.4 release (<a href="https://redirect.github.com/pyca/cryptography/issues/10445">#10445</a>)</li>
<li><a href="aaa2dd06ed"><code>aaa2dd0</code></a> Fix ASN.1 issues in PKCS#7 and S/MIME signing (<a href="https://redirect.github.com/pyca/cryptography/issues/10373">#10373</a>) (<a href="https://redirect.github.com/pyca/cryptography/issues/10442">#10442</a>)</li>
<li><a href="7a4d012991"><code>7a4d012</code></a> Fixes <a href="https://redirect.github.com/pyca/cryptography/issues/10422">#10422</a> -- don't crash when a PKCS#12 key and cert don't match (<a href="https://redirect.github.com/pyca/cryptography/issues/10423">#10423</a>) ...</li>
<li><a href="df314bb182"><code>df314bb</code></a> backport actions m1 switch to 42.0.x (<a href="https://redirect.github.com/pyca/cryptography/issues/10415">#10415</a>)</li>
<li><a href="c49a7a5271"><code>c49a7a5</code></a> changelog and version bump for 42.0.3 (<a href="https://redirect.github.com/pyca/cryptography/issues/10396">#10396</a>)</li>
<li><a href="396bcf64c5"><code>396bcf6</code></a> fix provider loading take two (<a href="https://redirect.github.com/pyca/cryptography/issues/10390">#10390</a>) (<a href="https://redirect.github.com/pyca/cryptography/issues/10395">#10395</a>)</li>
<li><a href="0e0e46f5f7"><code>0e0e46f</code></a> backport: initialize openssl's legacy provider in rust (<a href="https://redirect.github.com/pyca/cryptography/issues/10323">#10323</a>) (<a href="https://redirect.github.com/pyca/cryptography/issues/10333">#10333</a>)</li>
<li><a href="2202123b50"><code>2202123</code></a> changelog and version bump 42.0.2 (<a href="https://redirect.github.com/pyca/cryptography/issues/10268">#10268</a>)</li>
<li><a href="f7032bdd40"><code>f7032bd</code></a> bump openssl in CI (<a href="https://redirect.github.com/pyca/cryptography/issues/10298">#10298</a>) (<a href="https://redirect.github.com/pyca/cryptography/issues/10299">#10299</a>)</li>
<li><a href="002e886f16"><code>002e886</code></a> Fixes <a href="https://redirect.github.com/pyca/cryptography/issues/10294">#10294</a> -- correct accidental change to exchange kwarg (<a href="https://redirect.github.com/pyca/cryptography/issues/10295">#10295</a>) (<a href="https://redirect.github.com/pyca/cryptography/issues/10296">#10296</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/pyca/cryptography/compare/3.4.6...42.0.4">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/grpc/grpc/network/alerts).
</details>
Closes#36153
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36153 from grpc:dependabot/pip/tools/internal_ci/helper_scripts/cryptography-42.0.4 7a8a0d3528
PiperOrigin-RevId: 621637071
This paves the way for removing `GetEndpoint()` from the transport API, which is a prereq for removing `grpc_endpoint_shutdown()`.
Closes#36237
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36237 from markdroth:endpoint_filter_cleanup_rbac 46a41400e0
PiperOrigin-RevId: 621537397
Soon we'll want to wind back some of the custom header ordering rules that we enforce in gRPC to make some workflow issues easier. As a first step, remove the `port_platform.h` as first header requirement -- where we need it, CI will show a problem -- and removing it lets us remove one of the bigger ordering constraints we have.
Closes#36234
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36234 from ctiller:port-platform-requirement 93eb96a7b4
PiperOrigin-RevId: 621327253
These tests are slow and can timeout, this diff increase the number of concurrent jobs to 4 and 8, which may help avoid timeouts.
These parameters are also configured differently in [many other tests](https://github.com/search?q=repo%3Agrpc%2Fgrpc+inner_jobs&type=code).
```
2024-03-10 07:00:56,453 START: run_tests_c_macos_dbg_native
2024-03-10 07:06:44,335 PASSED: run_tests_c_macos_dbg_native [time=347.9sec, retries=0:0]
2024-03-10 07:06:44,335 START: run_tests_c_macos_opt_native
2024-03-10 07:12:54,717 PASSED: run_tests_c_macos_opt_native [time=370.4sec, retries=0:0]
2024-03-10 07:12:54,717 START: run_tests_c++_macos_dbg_native
2024-03-10 09:19:00,785 PASSED: run_tests_c++_macos_dbg_native [time=7566.1sec, retries=0:0]
2024-03-10 09:19:00,788 START: run_tests_c++_macos_opt_native
ERROR: Aborting VM command due to timeout of 14400 seconds
```
Closes#36190
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36190 from HannahShiSFB:basic-c-cpp-macos-jobs c026a6afbc
PiperOrigin-RevId: 621306368
Ref: b/332425004
Adding a workaround for x86 builds that run into trouble with using an installed abseil library.
Closes#36220
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36220 from yashykt:FixPortabilityLinux 672ccdb3ff
PiperOrigin-RevId: 621259080
This was a concept that I thought we'd need, but as work has continued it's clear that the right api is CallDestination (or variants thereof)
Closes#36226
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36226 from ctiller:call_factory c30a893f3a
PiperOrigin-RevId: 621255162
Also addressing a TODO from previous PRs where `authority` is not being populated in the `ChannelScope`.
Closes#36189
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36189 from yashykt:OTelChannelScope e76f9ce0ca
PiperOrigin-RevId: 621231764
Forked from #35957
This PR refactors the credentials types to remove Secure and Insecure Channel and Call credentials types. We standardize on a `c_creds()` accessor method for all credentials types, which can now be treated uniformly. This notably removes special-case handling of insecure credentials.
The special code-paths for insecure creds are no longer necessary in the wake of #25586.
Closes#36176
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36176 from drfloob:fork/35957/creds-API fd64d59c23
PiperOrigin-RevId: 621008166
It looks like we're settling on moving this functionality into the channel itself - so removing the filter makes sense (especially since it had some significant bugs)
Closes#36213
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36213 from ctiller:x-ex 3040dcec95
PiperOrigin-RevId: 620996358
Protobuf for Ruby bumped the major version to 4. [package](https://rubygems.org/gems/google-protobuf) so the Ruby gemspec should be updated to have 4 instead of 3.
But gRPC's other dependencies don't work with Protobuf 4.x so I fixed the version of google-protobuf for gRPC Ruby to 3.25 which was the last version gRPC used.
Closes#36215
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36215 from veblush:ruby-protobuf 171a6d63bc
PiperOrigin-RevId: 620987535
Instead, build a library and re-use that across compilations.
This still invokes a link step per target, and we'll want to deal with that at some point too, but at least this makes some progress to not being as wasteful with our compilation resources.
Additionally: remove bm_pollset -- it was having some problems compiling, and we really don't need it anymore.
Closes#36197
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36197 from ctiller:maintain-this-shite 9955026e23
PiperOrigin-RevId: 620946543
Remove rolled out experiments v3_compression_filter, v3_server_auth_filter; Extend WIP v3_channel_idle_filter for a bit, and extend work_serializer_clears_time_cache until OSS issues with work_serializer_dispatch are resolved.
Closes#36166
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36166 from ctiller:updat3 2c7223f63b
PiperOrigin-RevId: 619057925
<!--
If you know who should review your pull request, please assign it to that
person, otherwise the pull request would get assigned randomly.
If your pull request is for a specific language, please add the appropriate
lang label.
-->
Closes#36070
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36070 from yijiem:grpc-metrics 72653727b1
PiperOrigin-RevId: 618529035
These two things are different (event engine being a context has nothing to do with the ability to get a default event engine).
Lumping them into the same header means that things that want the context also need to want the default event engine declarations, which in turn pull in CoreConfiguration -- which ultimately means that nothing that is depended on by CoreConfiguration can consume the event engine context, which is undesirable (and causing dependency loops in current work).
Also includes an impressive number of cleanups to `grpc_base` because I ran `fix_build_deps` on that target as part of this.
Closes#36148
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36148 from ctiller:context-isnt-default--default-isnt-context a4fdad9621
PiperOrigin-RevId: 617961015
Reproduced with :
- bazel-bootstrap 3.5.1+ds-3 (pulling bazel 6.4.0)
- setting CC to gcc and CXX to g++ otherwise bazel does not detect it
- overall, using debian 11 using default gcc/g++ versions 10.2.1
When using --config=dbg, a warning name produces an error at the beginning of the compilation :
`cc1plus: error: '-Werror=return-stack-address':
no option '-Wreturn-stack-address';
did you mean '-Wreturn-local-addr'?`
Fixed the error following the compiler advice for GCC
PLEASE NOTE : I guess `return-stack-address` might be related to CLANG
and `return-local-addr` is the GCC equivalent. I do not know CLANG,
nor am i good enough with bazel to know how to make this option flexible
(so any help will be appreciated)
Closes#36040
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36040 from nipil:fix_compile_dbg_option 7ade99de76
PiperOrigin-RevId: 617281605
This commit does the following 3 things for Android bazel rules, which depends on each other
1. Update NDK to 26.2.11394342 (and a few other Android things)
2. Use rules_android_ndk instead of builtin `native.android_ndk_repository`
* `third_party/android/android_configure.bzl` was a workaround for users who don't set `$ANDROID_NDK_HOME` env var. Now with rules_android_ndk, we can declare repo without registering the toolchain. Instead users who need NDK toolchain should use `--extra_toolchains` to manually register the toolchain, as shown in README.md.
3. Migrate to platforms. See https://bazel.build/concepts/platforms
* Currently we declares android platforms that is needed for binder transport APK. Later gRPC repo can gradually migrate to platforms for other platforms.
* The value of `crosstool_top` will still be `//external:android/crosstool` (which is the default value), so existings android `config_settings` will still work. We should migrate them to match with `@platforms//os:android` constraint later.
The platforms migration needs Bazel 7.0 to work so we also override bazel version in testing scripts.
Closes#36116
PiperOrigin-RevId: 617244655
AJ Heller
Xuan Wang
Esun Kim
Yash Tibrewal
Yijie Ma
Gina Yeh
Eugene Ostroukhov
Sergii Tkachenko
Arvind Bright
yifeizhuang
dependabot[bot]
Mark D. Roth
Craig Tiller
Hannah Shi
nipil
Ming-Chuan