build(deps): bump grpc-bom from 1.21.1 to 1.42.1

[dependabot]

Bumps grpc-bom from 1.21.1 to 1.42.1.

Release notes

Sourced from grpc-bom's releases.

v1.42.0

In this release we drop support for Android API level 18 or lower (Jelly Bean or earlier), following Google Play Service’s discontinued updates for Jelly Bean (API levels 16, 17 & 18).

API Changes

• xds: Added XdsServerBuilder.overrideBootstrapForTest() to provide bootstrap override for testing purposes. This way, the test does not need to use the shared environment variable for bootstrap injection. (#8575)
• api: Stabilize the Status.asException(Metadata) method. (#8520)

Bug Fixes

• netty: Requests with Connection header are malformed. This is required per HTTP/2. The server now rejects such requests. To improve debuggability for clients, Metadata.Key will log if creating a key for “Connection”
• grpclb: Fix “IllegalStateException: already in fallback” channel panic, by not starting fallback timer if already in fallback (#8646). This builds on the fix in 1.38.1. The bug was introduced in 1.38.0.
• core, netty, okhttp: Fix AbstractManagedChannelImplBuilder#maxInboundMessageSize(int) ABI (#8607). Solves the issue with NettyChannelBuilder.maxInboundMessageSize(int) and OkHttpChannelBuilder.maxInboundMessageSize(int) not working in rare cases when pre-1.33 builds combined with post-1.33. See issue #8313 for the details.

New Features

• binder: A new transport with channel and server builders which support cross-process and cross-application communication on Android. BinderChannel is production ready and in use by several Google applications, though the APIs are still experimental and subject to change. It does not currently support rpc-level flow control for streaming RPCs. See gRFC L73 for background.
• xds: implemented rbac filter per A41 xDS RBAC. This is the first HTTP filter supported on server-side.
• stub: add ServerCallStreamObserver.setOnCloseHandler(Runnable). Notified when gRPC has completed processing the RPC. (#8452)

Behavior Changes

• core: gRPC-Java library discards any Content-Length header set by the application because in most cases this header is blindly forwarded from some other source and is incorrect for gRPC payload.
• netty: Use Host header on server-side if :authority is not present
• rls: the cache_size in route lookup config is limited to 5M
• core: changed the level mapping ChannelLogger uses for java.util.logging.Level (#8531). It is now possible to enable Java logging for Channelz’s INFO without also enabling DEBUG (previously they were both FINEST).

Dependencies

• Compatibility with the upcoming Bazel 5 added. This required dropping support for Bazel 1-3. Bazel 4 or later is required (#7598)
• netty: bump netty to 4.1.63.Final and tcnative to 2.0.38.Final. (#8167)

Improvements

• core: io.grpc.util.AdvancedTlsX509KeyManager and AdvancedTlsX509TrustManager support loading configuration from static files. (#8525)
• core: io.grpc.util.CertificateUtils.getPrivateKey() now supports RSA and EC key algorithms

v1.41.1

Bug Fixes

• grpclb: Fix “IllegalStateException: already in fallback” channel panic, by not starting fallback timer if already in fallback (#8646). This builds on the fix in 1.38.1. The bug was introduced in 1.38.0.

v1.41.0

API Changes

• stub: Mark Stub-based MetadataUtils methods deprecated (#8395). The interceptor-based versions have been stable for a long time and are preferred

Bug Fixes

• census: Fixed a data race in CensusStatsModule which in rare cases may cause NullPointerException (#8459)
• xds: Fixed a bug in SharedCallCounterMap which in rare cases may cause NullPointerException (#8397)
• core: ServerCall.isCancelled() and ServerCallStreamObserver.isCancelled() implementations no longer incorrectly return true at the end of every RPC (#8408)
• core: ManagedChannel no longer immediately exits idle mode after an enterIdle() call when it has any calls in progress
• netty-shaded: Modify the shading operation to transform native-image resources so they correctly reference shaded class names (#7540)
• netty-shaded: Rename native-image resources to avoid collisions with Netty’s copy, which were modified starting in 1.39.0
• rls: avoid NullPointerException in RLS in certain circumstances when calling channel.getState(true) or if a parent load balancer requests a connection (#8379)

New Features

... (truncated)

Commits

• 408ffe8 Bump version to 1.42.1
• 09dad1e Update README etc to reference 1.42.1
• 96068a1 Copy macOS x86 artifacts to aarch during upload (#8680)
• a25472e xds: fix xdsClient resource not exist for invalid resource, fix xdsServerWrap...
• c818289 xds: remove filter chain uuid name generator (#8663) (#8688)
• f1e4898 netty: Add system property to disable Connection header check
• e056859 kokoro: Increase xds-k8s timeout to 3 hours
• 6c5ad59 kokoro: Enable xds authz_test
• c95bc83 Bump version to 1.42.1-SNAPSHOT
• b9b3706 Bump version to 1.42.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[viezly]

Pull request by bot. No need to analyze

[dependabot]

Superseded by #176.