chore(deps): bump grpc-stub from 1.38.0 to 1.49.0

[dependabot]

Bumps grpc-stub from 1.38.0 to 1.49.0.

Release notes

Sourced from grpc-stub's releases.

v1.49.0

New Features

• okhttp: Add OkHttpServerBuilder. The server can be used directly, but is not yet available via ServerBuilder.forPort() and Grpc.newServerBuilderForPort(). It passes our tests, but has seen no real-world use. It is also lacking connection management features
• okhttp: Add support for byte-based private keys via TlsChannelCredentials and TlsServerCredentials
• core: New outlier detection load balancer
• googleapis: google-c2p resolver is now stabilized

Bug Fixes

• core: Fix retry causing memory leak for canceled RPCs. (#9360)
• core: Use SyncContext for InProcess transport callbacks to avoid deadlocks. This fixes the long-standing issue #3084 which prevented using directExecutor() in some tests using streaming RPCs
• core: Disable retries with in-process transport by default (#9361). In-process does not compute message sizes so can retain excessive amounts of memory
• bazel: Use valid target name for services and xds when overriding Maven targets (#9422). This fixes an error of the form no such target '@io_grpc_grpc_java//services:services' for services and missing ORCA classes for xds. The wrong target names were introduced in 1.47.0
• xds: channel_id hash policy now uses a random per-channel id instead of an incrementing one. The incrementing id was the same for every process of a binary, which was not the intention (#9453)
• core: Fix a bug that the server stream should not deliver halfClose() when the call is immediately canceled. The bug causes a bad message INTERNAL, desc: Half-closed without a request at server call. (#9362)
• xds: Remove shaded orca proto dependency in ORCA api. The shading was broken and couldn't really be used. (#9366)

Behavior Changes

• gcp-observability: Interceptors are now injected in more situations, including for non-Netty transports and when using transport-specific APIs like NettyChannelBuilder. (#9309 #9312 #9424)
• gcp-observability: custom tags now extended to metrics and traces (#9402 #9407)
• gcp-observability: excludes RPCs into Google Cloud Ops backend for instrumentation (#9436)
• xds: xdsNameResolver now matches channel overrideAuthority in virtualHost matching (#9405)

Acknowledgement

@​benjaminp @​j-min5u

v1.48.1

New Features

ORCA provides APIs to inject custom metrics at a gRPC server, and consume them at a gRPC client. It implements A51: Custom Backend Metrics Support. We changed the ORCA APIs; they had broken shading and couldn't really be used, so we fixed them in the patch release.

Bug Fixes

• core: Fix a bug that the server stream should not deliver halfClose() when the call is immediately canceled. The bug causes a bad message INTERNAL, desc: Half-closed without a request at server call. (#9362)
• core: Fix retry causing memory leak for cancelled RPCs. (#9415)
• core: Disable retry by default for in-process transport's channel.(#9368)

v1.48.0

Bug Fixes

• Removed the Class-Path manifest entry from jars generated with the gradle shadow plugin (#9270). This should prevent “[WARNING] [path] bad path element” compilation warnings
• Fix Channelz HTTP/2 window reporting. Previously the sender and receiver windows were reversed
• Service config parse failures should be UNAVAILABLE, not INVALID_ARGUMENT (#9346). This bug could cause RPCs to fail with INVALID_ARGUMENT if the service config was invalid when the channel started. RPCs were not failed if the channel had previously received no config or a valid config. Channels using xds were not exposed to this issue

New Features

• xds: implement ignore_resource_deletion server feature as defined in the gRFC A53: Option for Ignoring xDS Resource Deletion. (#9339)
• bazel: Support maven_install's strict_visibility=True by including direct dependencies explicitly

Improvements

• Changed the debug strings for many Attributes.Keys to reference the API of the key. This should make it easier to find the API the key is exposed when using attributes.toString()
• api: Document Attributes.Key uses reference equality. This is to make it clear the behavior is on purpose, and mirrors other Key types in the API
• api: Explain security constraints of EquivalentAddressGroup.ATTR_AUTHORITY_OVERRIDE, to avoid misuse by NameResolvers (#9281)

... (truncated)

Commits

• dfbdfe8 Bump version to 1.49.0
• 780a4a3 Update README etc to reference 1.49.0
• 342690e core: Enable outlier detection by default. (#9479)
• 6aea9a9 buildscripts: Add outlier_detection_test interop test. (#9461)
• 050e615 xds: Fix outlier detection env flag name. (#9462)
• b8b06dd core: [outlier detection] Get addresses from subchannel args. (#9468)
• 3ebdfc7 core: [outlier detection] eject/uneject states to delegate listener. (#9469) ...
• 184fdaa core: OutlierDetectionLoadBalancer to pass child LB config. (#9467) (#9474)
• ac20c19 xds: Configure outlier detection. (#9456)
• c7307ec Outlier detection load balancer (#9447)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #84.