build(deps): Bump grpc-bom from 1.47.0 to 1.48.0

[dependabot]

Bumps grpc-bom from 1.47.0 to 1.48.0.

Release notes

Sourced from grpc-bom's releases.

v1.48.0

Bug Fixes

• Removed the Class-Path manifest entry from jars generated with the gradle shadow plugin (#9270). This should prevent “[WARNING] [path] bad path element” compilation warnings
• Fix Channelz HTTP/2 window reporting. Previously the sender and receiver windows were reversed
• Service config parse failures should be UNAVAILABLE, not INVALID_ARGUMENT (#9346). This bug could cause RPCs to fail with INVALID_ARGUMENT if the service config was invalid when the channel started. RPCs were not failed if the channel had previously received no config or a valid config. Channels using xds were not exposed to this issue

New Features

• xds: implement ignore_resource_deletion server feature as defined in the gRFC A53: Option for Ignoring xDS Resource Deletion. (#9339)
• bazel: Support maven_install's strict_visibility=True by including direct dependencies explicitly

Improvements

• Changed the debug strings for many Attributes.Keys to reference the API of the key. This should make it easier to find the API the key is exposed when using attributes.toString()
• api: Document Attributes.Key uses reference equality. This is to make it clear the behavior is on purpose, and mirrors other Key types in the API
• api: Explain security constraints of EquivalentAddressGroup.ATTR_AUTHORITY_OVERRIDE, to avoid misuse by NameResolvers (#9281)
• testing: GrpcCleanupRule now extends ExternalResource. This makes it usable with JUnit 5
• core: Clear ConfigSelector when the channel enters panic mode (#9272). This prevents hanging RPCs if panic mode is entered very early in the channel lifetime and makes panic mode more predictable when xds is in use. Panic mode is a Channel feature used when a bug causes an unrecoverable error
• xds: clusterresolver reuses child policy names for the same locality to avoid subchannel connection churns (#9287)
• xds: Fail RPCs with error details when resources are deleted instead of “NameResolver returned no usable address errors” (#9337)
• xds: Support least_request LB in LoadBalancingPolicy (#9262)
• xds: weighted target to delay picker updates while updating children (#9306)
• compiler: support protoc compiling on loongarch_64 and ppc64le platform (#9178 #9284)
• core: Avoid unnecessary flushes for unary responses. It optimizes the response flow (#9273)
• binder: Add security Policy for verifying signature using sha-256 hash (#9305)
• core: Use the offload executor in CallCredentials rather than the executor from CallOptions (#9313)
• xds: delete the permanent error logic in processing LDS updates in XdsServerWrapper (#9268)
• xds: when delegate server throws on start communicate the error to statusListener (#9277)

Dependencies

• Bump Guava to 31.1
• Bump protobuf to 3.21.1 (#9311)
• Bump Error Prone annotations to 2.14.0
• Bump Animal Sniffer annotations to 1.21
• Bump Netty to 4.1.77.Final and netty_tcnative to 2.0.53.Final
• protobuf: Bump com.google.api.grpc:proto-google-common-protos to 2.9.0
• alts: Bump Conscrypt to 2.5.2
• xds: Bump RE2J to 1.6
• xds: Remove unused org.bouncycastle:bcpkix-jdk15on dependency
• xds: Update xDS protos (#9223)

Acknowledgements

@​mirlord @​zhangwenlong8911 @​adilansari @​amirhadadi @​jader-eero @​jvolkman @​sumitd2

Commits

• ed58a2c Bump version to 1.48.0
• 6ffba86 Update README etc to reference 1.48.0
• 3f47a6e buildscripts: Fix kube contexts in the xds LB tests (#9389)
• 826a7c9 Revert "Fix for ipv6 link local with scope (#9326)"
• 5991239 interop-testing: Hack runtimeOnly deps to be available at runtime (1.48.x bac...
• fb2d5cf xds: implement ignore_resource_deletion server feature (#9339)
• bdc27cd Service config parse failures should be UNAVAILABLE
• 258ac60 Bump Bazel deps missed in fb314d3
• 97b6a65 Bump versions for assorted dependencies
• 0b3a0b4 Fix for ipv6 link local with scope (#9326)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Test Results

  47 files    47 suites   1m 57s ⏱️
111 tests 111 ✔️ 0 💤 0 ❌
356 runs  356 ✔️ 0 💤 0 ❌

Results for commit 823c60b.