Bump google.golang.org/grpc from 1.51.0 to 1.57.0

[dependabot]

Bumps google.golang.org/grpc from 1.51.0 to 1.57.0.

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.57.0

API Changes

• resolver: remove deprecated Target.Scheme and Target.Authority. Use URL.Scheme and URL.Host instead, respectively (#6363)

Behavior Changes

• client: percent-encode the default authority for the channel (#6428)
• xds: require EDS service name to be set in a CDS cluster with an 'xdstp' resource name (gRFC A47) (#6438)

New Features

• reflection: support the v1 reflection service and update Register to register both v1alpha and v1 (#6329)
• xds: add support for string matcher in RBAC header matching (#6419)
• alts: add support for GRPC_ALTS_MAX_CONCURRENT_HANDSHAKES env var (#6267)
• balancer/weightedroundrobin: de-experimentalize name of LB policy (#6477)

Bug Fixes

• status: status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil (#6374)
  • Special Thanks: @​atollena
• server: fix bug preventing TCP user timeout from being set on the connection when TLS is used (#6321)
  • Special Thanks: @​tobotg
• client: eliminate connection churn during an address update that differs only in balancer attributes (#6439)
• clusterresolver: handle EDS nacks, resource-not-found errors, and DNS Resolver errors correctly (#6436, #6461)
• xds/ringhash: cache connectivity state of subchannels inside picker to avoid rare races (#6351)

Release 1.56.2

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

• client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

• client: support channel idleness using WithIdleTimeout dial option (#6263)
  • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
• client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
• xds: Add support for Custom LB Policies (gRFC A52) (#6224)
• xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
• client: add support for pickfirst address shuffling (gRFC A62) (#6311)
• xds: Add support for String Matcher Header Matcher in RDS (#6313)
• xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • Special Thanks: @​s-matyukevich
• xds: enable RLS in xDS by default (#6343)
• orca: add support for application_utilization field and missing range checks on several metrics setters
• balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
• authz: add conversion of json to RBAC Audit Logging config (#6192)
• authz: add support for stdout logger (#6230 and #6298)

... (truncated)

Commits

• 87bf02a Change version to 1.57.0 (#6448)
• 6b64be9 resolver/weighted_round_robin: remove experimental suffix from name
• 9489082 github: replace deprecated command with environment file (#6417)
• d1868a5 clusterresolver: add logs for dns discovery mechanism error cases (#6444)
• 8e9c8f8 grpc: do not use balancer attributes during address comparison (#6439)
• db32c5b Fix preloader mode in benchmarks (#6359)
• f0280f9 xds: require EDS service name in new-style CDS clusters (gRFC A47) (#6438)
• bf5b7ae clusterresolver: handle EDS nacks and resource-not-found errors correctly (#6...
• fc0aa46 client: encode the authority by default (#6428)
• 11feb0a resolver: delete Target.Scheme and Target.Authority (#6363)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[jpellizzari]

Is this a new thing we are doing with automatically bumping deps? This type of thing always causes chaos in my experience.

With something like bumping a grpc library, the surface area for issues is pretty massive.

[enekofb]

@jpellizzari

We have dependabot for security updates but not for dependency updates (at least not in scope at this stage). This PR was raised in the process of tunning the configuration

For example, security alert with valid PR and merged #3901

Unless @yitsushi has verified it and it is good to go ... i would say to close it

[yitsushi]

I didn't do extensive tests, pulled the changes, let tilt update stuff, log in on the ui and see the first page that loads. But in that case a more verbose check may be helpful.

.

[enekofb]

closing as seems stale based on the comments

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.