build(deps): bump grpc-bom from 1.21.1 to 1.40.1

[dependabot]

Bumps grpc-bom from 1.21.1 to 1.40.1.

Release notes

Sourced from grpc-bom's releases.

v1.40.0

API Changes

• api: Removed deprecated method ClientStreamTracer.Factory.newClientStreamTracer(CallOptions callOptions, Metadata headers).
• api: Deprecated ClientStreamTracer.StreamInfo.getTransportAttrs() and ClientStreamTracer.StreamInfo.Builder.setTransportAttrs().
• api: Added new method ClientStreamTracer.streamCreated(Attributes transportAttrs, Metadata headers).
• core: Stabilized ManagedChannelBuilder.enableRetry() and ManagedChannelBuilder.disableRetry().

Bug Fixes

• core: Fix a flow control issue if retry is enabled (#8401).
• core: Fix a race between client call cancel() and start() if retry is enabled (#8386).
• xds: Fix the race condition in SslContextProviderSupplier's updateSslContext and close (#8294).
• xds: If “server_listener_resource_name_template” is not set or xds_v3 is not in use, log an error and fail XdsServer start() instead of NPE.
• netty: The Netty server produces plain-text error messages for non-gRPC clients. The error pages’ Content-Type incorrectly had encoding=utf-8. It now has charset=utf-8.

New Features

• compiler: Added GrpcGenerated annotation with CLASS retention to the top-level generated class. This can be used by annotation processors to detect or ignore the generated code.
• api: Added ServerCallExecutorSupplier experimental API. This allows for a per-service/method executor to handle the server call based on each RPC call information at runtime. (#8266).
• xds: Added xDS retry support (gRFC-A44).

Behavior Changes

• core: The gRPC built-in retry feature is enabled by default. (Users can call ManagedChannelBuilder.disableRetry() to turn off retry if they do not want this feature, for example if they have already implemented an application level retry.) ManagedChannelBuilder.enableRetry() will no longer have the side that disables Census stats and tracing as in previous versions.

Dependencies

• xds: Envoy proto updated to commit 62ca8bd (#8346).

Improvements

• api: Clarify the ServerCallHandler API contract in Javadoc (#8339).
• netty: Allow transparent retries for servers that lack graceful two-stage GOAWAY connection shutdown, such as nginx and gRPC C core. This refined a workaround introduced in 1.34.0 for a Netty header processing GOAWAY bug fixed in 4.1.54.Final, but that we are giving time for the fix to work its way through the ecosystem (#8359).
• testing: Make more obvious in Javadoc that GrpcServerRule has been replaced.
• api: Use map in nameResoverRegistry. This makes scheme matching more clear and explicit in name resolver API.(#8323).

v1.39.0

API Changes

• Static methods in Builders that always throw are now annotated @​DoNotCall. This annotation can be noticed by ErrorProne and inform you of a mistake at compile time instead of runtime. This applies to static methods like InProcessServerBuilder.forPort(int) which are inherited from base classes like ServerBuilder/ManagedChannelBuilder yet are a bug if used.
• api, core: Support zero copy into protobuf. New APIs have been added to support the custom implementation of a zero-copy Protobuf deserialization marshaller. The HasByteBuffer API exposes ByteBuffers underlying the InputStream being passed to the Marshaller and the Detachable API allows custom Marshaller to take over the ownership of buffers for performing delayed deserialization.
• NettyChannelBuilder supports SocketAddress with ChannelCredentials.

Bug Fixes

• netty: Remove Maven pom.properties from netty-shaded jar. The properties don’t add much value and mainly confuse tools in a shaded jar.
• netty-shaded: Modify the shading operation to transform native-image resources so they correctly reference shaded class names (#7540)
• xds: Shut down the scheduledExecutorService in the CertificateProvider when it is shutdown.
• xds: Close the SslContexrProviderSupplier when a CDS LoadBalancer is shut down to prevent leakage.
• xds, grpclb: Use a standalone Context for control plane RPCs. The existing behavior of implicitly using the Context in ThreadLocal can cause control plane RPCs to be cancelled prematurely, in cases the data plane RPC is made within a gRPC service to another service. To avoid being impacted by data plane RPC lifecycle, the fix creates standalone Context for control plane RPCs.
• xds: cluster_resolver LB policy should wait until all clusters are resolved before propagating endpoints to child LB policy. Previously, the cluster_resolver LB policy propagated partially resolved results (endpoints for a subset of clusters) to its child LB policy, which can cause RPCs to be sent to less favored clusters before endpoints of more favored clusters are discovered.

... (truncated)

Commits

• 24d5f2f Bump version to 1.40.1
• 659ecac Update README etc to reference 1.40.1
• c31e6dd xds: enable ring hash by default (#8442)
• ee03277 xds: fix RingHash LB null pointer issue
• 9e1cf6d Extend the xds_url_map job's timeout to 90 minutes
• a6f7e6e Bump version to 1.40.1-SNAPSHOT
• 474a035 Bump version to 1.40.0
• e8956be Update README etc to reference 1.40.0
• 2e2e41e xds: enable xDS retry by default (#8403)
• 37d7654 core: enable retry by default (#8402)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #154.