deps: Update Non-major dependencies

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
com.google.api.grpc:proto-google-common-protos	2.66.0 → 2.70.0
com.google.api:gax-grpc	2.75.0 → 2.79.0
io.grpc:grpc-bom	1.79.0 → 1.81.0
com.google.cloud:google-cloud-alloydb-connectors-bom	0.64.0 → 0.69.0
com.google.cloud:google-cloud-alloydb-bom	0.75.0 → 0.80.0
com.google.cloud:google-cloud-shared-dependencies	3.57.0 → 3.61.0
com.google.errorprone:error_prone_annotations (source)	2.48.0 → 2.49.0
com.google.errorprone:error_prone_core (source)	2.48.0 → 2.49.0
org.postgresql:postgresql (source)	42.7.10 → 42.7.11

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

googleapis/sdk-platform-java (com.google.api.grpc:proto-google-common-protos)

v2.68.0

Compare Source

Features

• Add client request duration metric. (#​4132) (6a76397)
• Add more attributes to golden signals metrics. (#​4135) (59d0624)
• gax-httpjson: add HttpJsonErrorParser utility (#​4137) (a1b7565)
• generator: add extra allowed modules that will not be removed from the monorepo if they are present (#​4124) (774fe6e)
• o11y: introduce gcp.client.repo and gcp.client.artifact attributes (#​4120) (105f644)
• o11y: Introduce rpc.system.name and rpc.method in gRPC (#​4121) (7ab6d2e)
• o11y: introduce server.port attribute (#​4128) (56aa343)

Bug Fixes

• add null checks for ApiTracerFactory in ClientContext (#​4122) (4b3dbe2)
• Decrease log level for directpath warnings outside GCE (#​4139) (c9651e7)
• gax-grpc: add pick_first fallback to direct path service config (#​4143) (b150fe9)
• Populate method level attributes in metrics recording (#​4149) (7b7e6c9)
• suppress warnings in generated projects for non-idiomatic durations (#​4119) (4206e6e)
• Use ServiceName + MethodName as the regex for Otel (#​2543) (b9ae73f)

Documentation

• hermetic_build: fix config field name in readme (#​4130) (a0c8f67)

v2.67.0

Compare Source

Features

• observability: introduce minimal tracing implementation (#​4105) (e4e5e89)

Dependencies

• Upgrade Google-Auth-Library to v1.43.0 (#​4114) (825298b)
• Upgrade grpc to 1.76.3 (#​4106) (c6555f5)

grpc/grpc-java (io.grpc:grpc-bom)

v1.81.0

Compare Source

v1.80.0

Compare Source

API Changes

• core: Added PickResult.copyWithSubchannel() and PickResult.copyWithStreamTracerFactory() to simplify updating PickResult while preserving metadata. Load balancing policies should now ensure ForwardingSubchannel decorators are unwrapped before being returned in a pick result. (#​12658) (eae16b2)

Bug Fixes

• core: Fixed the retry backoff jitter range to [0.8, 1.2] to align with the gRPC A6 specification. Retries will now occur more consistently around the calculated backoff interval. (#​12639) (024fdd0)
  core: Fixed a race condition in RetriableStream where inFlightSubStreams counting could become inconsistent during concurrent retry and deadline events. This ensures that client calls (such as blockingUnaryCall) do not hang indefinitely and correctly receive a close signal. (#​12649) (73abb48)

Improvements

• api: Trigger R8's ServiceLoader optimization to reduce necessary configuration when using R8 Full Mode (470219f). This allows gRPC to avoid reflection, and the need to specify -keeps for various class’s constructors.
  Upgrade to protobuf 33.4 (#​12615) (50c18f1)
• cronet: Introduced CRONET_READ_BUFFER_SIZE_KEY to allow customizing the read buffer size per-stream via CallOptions. Increasing the buffer size from the 4KB default can significantly improve performance for large messages by reducing JNI and context-switching overhead. (31fdb6c)
• api: Moved FlagResetRule to api/testFixtures and updated ManagedChannelRegistry to honor the GRPC_ENABLE_RFC3986_URIS feature flag. This ensures that target parsing is consistent across the library when the new URI parser is enabled. (#​12608)
• api: Updated NameResolverRegistry to natively support io.grpc.Uri. This is a foundational change that allows gRPC's name resolution system to handle URIs parsed with the new RFC 3986-compliant parser, ensuring more robust target handling. (#​12609) (9903488)
• xds: Removed the GRPC_EXPERIMENTAL_XDS_SNI feature flag. SNI determination via xDS is now always enabled and follows gRFC A101, where SNI is derived from xDS configurations like auto_host_sni or UpstreamTlsContext.sni. This ensures that no SNI is sent if not explicitly configured, unless the legacy channel authority fallback is enabled. (#​12625) (ac44e96)

New Features

• core: pick_first shuffling now a weighted shuffle and observes weights from EDS (34dd290). This finishes the gRFC A113 pick_first: Weighted Random Shuffling support
• netty: Added RFC 3986 support to the unix: name resolver. This enables proper parsing of Unix domain socket URIs, including correct handling of query and fragment components in both hierarchical (e.g., unix:///path) and opaque (e.g., unix:/path) formats. (#​12659)

Thanks to

• @​becomeStar
• @​aymanm-google
• @​PetitBaguette
• @​stagegrowth
• @​wcchoi
• @​Gyuhyeok99

googleapis/google-cloud-java (com.google.cloud:google-cloud-alloydb-connectors-bom)

v0.69.0

Compare Source

11-01-2018 10:50 PDT

Bigtable

• Bigtable: Add integration test to test nonexistent row handling (#​3870)

BigQuery

• BigQuery: Add support for retreiving labels (#​3879)
• Fixes BigQuery getTableId with empty projectId (#​3808). (#​3873)

Datastore

• Added project ID in validation failure #​3292 (#​3875)

Spanner

• Fix: writeAtLeastOnce should use a ReadWriteSession (#​3882)

Video Intelligence

• Regenerate video-intelligence client (#​3865)

Dependencies

• Added explicit dependencies for surefile-junit4 in order to fix testing in offline mode. (#​3820)
• Cleanup: Stop bundling test-jars (#​3874)

Internal / Testing Changes

• Fix search folder for BQDT synth output (#​3878)
• Bump next snapshot (#​3862)

v0.68.0: 0.68.0

Compare Source

Bigtable

• Exists method added (#​3769)
• Bigtable: non-functional improvements relating to error handling (#​3809)
• bigtable: updated_documentation (#​3833)

Pub/Sub

• pubsub: remove TODO (#​3845)
• Pubsub: Set default maxInboundMessageSize to 20MB (#​3844)
• setMaxInboundMessageSize in Pubsub exmaple (#​3825)
• pubsub: reject expired and duplicate messages (#​3743)
• Re-generate library using google-cloud-clients/google-cloud-pubsub/synth.py (#​3824)

Storage

• WIP: Storage: Deprecate DeleteRules and add LifecycleRules to accommodate SetStorageClass actions (#​3795)
• Add assumptions to storage integration tests (#​3813)

Dependencies

• Grpc (#​3733)

Documentation

• Fix [cloud-nio] link (#​3835) - docs: Update javadoc for network client (#​3832)
• Fix container analysis link (#​3814)
• Add android note (#​3631)

Internal / Testing Changes

• Add codecov (#​3842)
• Bumping gax, using gax-bom (#​3841)
• Add compute synth (#​3830)
• Update CODEOWNERS. (#​3831)
• Make testDownloadPublicBlobWithoutAuthentication skippable with an environment variable (#​3828)
• Bump next snapshot (#​3810)
• Add issue/pr templates (#​3794)
• Add Kokoro release scripts (#​3818)

v0.66.0: 0.66.0

Compare Source

10-05-2018 16:44 PDT

BigQuery

• add null check to JobInfo.fromPb(Job) and .toPb() (#​3770)

Cloud Spanner

• Cloud Spanner DML & PDML Release (#​3781)

Cloud Firestore

• Add listDocuments() API (#​3759)
• Don't raise empty Snapshots on resets (#​3750)

Documentation

• Remove CircleCI status, coveralls, and version eye badges (#​3771)

Internal / Testing Changes

• Add synthtool scripts (#​3765)
• Bump to next snapshot version (#​3768)

v0.65.0: 0.65.0

Compare Source

Assets

• Regenerated data models

Firestore

• Deprecate getCollections in favor of listCollections (#​3758)

Storage

• Adding Bucket Lock (#​3727)

Tasks

• Regenerated data models

Testing

• Expanded test coverage for spanner (#​3702)

Documentation

• Fix link to automl (#​3748)
• Fix NIO sample typo (#​3762)

google/error-prone (com.google.errorprone:error_prone_annotations)

v2.49.0: Error Prone 2.49.0

This release includes several changes to Matcher APIs, and removed some deprecated or problematic APIs:

• Remove deprecated MethodMatchers.withSignature API, which relies on fragile toString behaviour. Alternatives for matching on method signatures with varargs and type parameters were added in a98a1c5.
• Removed variableType(Matcher) API. Matchers.variableType(Matcher) uses VariableTree#getType to match variable types, which own't work for lambda parameters with inferred types after JDK-8268850. The recommended replacement is variableType(TypePredicate).
• Make enclosingPackage return an optional. Module elements are not enclosed by a package, checks using enclosingPackage shouldn't assume an enclosing package exists when processing arbitrary elements.
• New FieldMatchers API, similar to MethodMatchers (1dd9c3a).

New checks:

• AssertThrowsBlockToExpression: Discourage unnecessary block lambdas in assertThrows.
• AssertThrowsMinimizer: Suggest minimizing the amount of logic in assertThrows.
• MemorySegmentReferenceEquality: Discourage using reference equality for MemorySegments.
• PreferThrowsTag: Recommends using @throws instead of the legacy @exception javadoc tag.
• RecordAccessorInCompactConstructor: detect record accessors inside the compact canonical ctors, which read uninitialized fields.

Closed issues: #​2283, #​3503, #​5210, #​5289, #​5548, #​5548, #​5554, #​5609, #​5614, #​5656

Full changelog: google/error-prone@v2.48.0...v2.49.0

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.7.11

Security

• fix: Limit SCRAM PBKDF2 iterations accepted from the server.
  pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins.
  See the Security Advisory for more detail.
  The following CVE-2026-42198 has been issued.

Added

• feat: implement require_auth connection property, aligning with libpq behavior PR #​3895

Changed

• chore: replace Appveyor CI with ikalnytskyi/action-setup-postgres PR #​3966
• chore: upgrade Gradle to v9 PR #​3978

Fixed

• fix: ensure extended protocol messages end with Sync message PR #​3728
• fix: enable cursor-based fetching in extended protocol when transaction started via SQL command PR #​3996
• fix: retry with SSL on IOException when sslMode=ALLOW PR #​3973
• fix: make sure the driver honours connectTimeout when retrying the connection PR #​3968
• fix: allow fallback to non-SSL connection when sslMode=prefer and sslResponseTimeout kicks in PR #​3968
• fix: catch SecurityException from setContextClassLoader on ForkJoinPool workers PR #​3962
• fix: use compareTo for LogSequenceNumber comparison to handle unsigned values correctly PR #​3961
• fix: release COPY lock on IOException to prevent connection hang PR #​3957
• fix: return jsonb as PGObject instead of String PR #​3956
• fix: align SSL key file permission check with libpq PR #​3952
• fix: guard connection closed flag with a reentrant lock to protect against concurrent close PR #​3905

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.