From bfe01a6636752108e2de1dddab328272fdf634bc Mon Sep 17 00:00:00 2001
From: MV Shiva Prasad <okshiva@google.com>
Date: Sun, 28 Dec 2025 06:59:48 +0000
Subject: [PATCH 1/3] Upgrade dependencies

---
 MODULE.bazel                        |  8 +++----
 examples/example-gauth/build.gradle |  2 +-
 examples/example-oauth/build.gradle |  2 +-
 gradle/libs.versions.toml           | 34 ++++++++++++++---------------
 repositories.bzl                    |  6 ++---
 5 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 42568eef6fd..8804c9e99d3 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -8,14 +8,14 @@ module(
 # GRPC_DEPS_START
 IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.android:annotations:4.1.1.4",
-    "com.google.api.grpc:proto-google-common-protos:2.63.1",
-    "com.google.auth:google-auth-library-credentials:1.40.0",
-    "com.google.auth:google-auth-library-oauth2-http:1.40.0",
+    "com.google.api.grpc:proto-google-common-protos:2.63.2",
+    "com.google.auth:google-auth-library-credentials:1.41.0",
+    "com.google.auth:google-auth-library-oauth2-http:1.41.0",
     "com.google.auto.value:auto-value-annotations:1.11.0",
     "com.google.auto.value:auto-value:1.11.0",
     "com.google.code.findbugs:jsr305:3.0.2",
     "com.google.code.gson:gson:2.12.1",
-    "com.google.errorprone:error_prone_annotations:2.44.0",
+    "com.google.errorprone:error_prone_annotations:2.45.0",
     "com.google.guava:failureaccess:1.0.1",
     "com.google.guava:guava:33.5.0-android",
     "com.google.re2j:re2j:1.8",
diff --git a/examples/example-gauth/build.gradle b/examples/example-gauth/build.gradle
index 3ec28dd8785..ecd03182cfc 100644
--- a/examples/example-gauth/build.gradle
+++ b/examples/example-gauth/build.gradle
@@ -30,7 +30,7 @@ dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     implementation "io.grpc:grpc-auth:${grpcVersion}"
-    implementation "com.google.auth:google-auth-library-oauth2-http:1.40.0"
+    implementation "com.google.auth:google-auth-library-oauth2-http:1.41.0"
     implementation "com.google.api.grpc:grpc-google-cloud-pubsub-v1:0.1.24"
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 }
diff --git a/examples/example-oauth/build.gradle b/examples/example-oauth/build.gradle
index 7f6e1c425d8..e8c649f424a 100644
--- a/examples/example-oauth/build.gradle
+++ b/examples/example-oauth/build.gradle
@@ -29,7 +29,7 @@ dependencies {
     implementation "io.grpc:grpc-protobuf:${grpcVersion}"
     implementation "io.grpc:grpc-stub:${grpcVersion}"
     implementation "io.grpc:grpc-auth:${grpcVersion}"
-    implementation "com.google.auth:google-auth-library-oauth2-http:1.40.0"
+    implementation "com.google.auth:google-auth-library-oauth2-http:1.41.0"
 
     runtimeOnly "io.grpc:grpc-netty-shaded:${grpcVersion}"
 
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 9cf74e270cb..7cbcc7ac206 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -49,11 +49,11 @@ errorprone-core = "com.google.errorprone:error_prone_core:2.31.0"
 # 2.11.0+ requires JDK 11+ (See https://github.com/google/error-prone/releases/tag/v2.11.0)
 # checkForUpdates: errorprone-corejava8:2.10.+
 errorprone-corejava8 = "com.google.errorprone:error_prone_core:2.10.0"
-google-api-protos = "com.google.api.grpc:proto-google-common-protos:2.63.1"
-google-auth-credentials = "com.google.auth:google-auth-library-credentials:1.40.0"
-google-auth-oauth2Http = "com.google.auth:google-auth-library-oauth2-http:1.40.0"
+google-api-protos = "com.google.api.grpc:proto-google-common-protos:2.63.2"
+google-auth-credentials = "com.google.auth:google-auth-library-credentials:1.41.0"
+google-auth-oauth2Http = "com.google.auth:google-auth-library-oauth2-http:1.41.0"
 # Release notes: https://cloud.google.com/logging/docs/release-notes
-google-cloud-logging = "com.google.cloud:google-cloud-logging:3.23.8"
+google-cloud-logging = "com.google.cloud:google-cloud-logging:3.23.9"
 # 2.13.0 requires error_prone_annotations:2.37.0, but we are stuck with 2.36.0
 # checkForUpdates: gson:2.12.+
 gson = "com.google.code.gson:gson:2.12.1"
@@ -71,11 +71,11 @@ javax-servlet-api = "javax.servlet:javax.servlet-api:4.0.1"
 # 12.0.0+ require Java 17+
 # checkForUpdates: jetty-client:11.+
 jetty-client = "org.eclipse.jetty:jetty-client:11.0.26"
-jetty-http2-server = "org.eclipse.jetty.http2:jetty-http2-server:12.1.4"
+jetty-http2-server = "org.eclipse.jetty.http2:jetty-http2-server:12.1.5"
 # 10.0.25+ uses uses @Deprecated(since=/forRemoval=) from Java 9
 # checkForUpdates: jetty-http2-server10:10.0.24
 jetty-http2-server10 = "org.eclipse.jetty.http2:http2-server:10.0.24"
-jetty-servlet = "org.eclipse.jetty.ee10:jetty-ee10-servlet:12.1.4"
+jetty-servlet = "org.eclipse.jetty.ee10:jetty-ee10-servlet:12.1.5"
 # checkForUpdates: jetty-servlet10:10.0.24
 jetty-servlet10 = "org.eclipse.jetty:jetty-servlet:10.0.24"
 jsr305 = "com.google.code.findbugs:jsr305:3.0.2"
@@ -93,17 +93,17 @@ mockito-android = "org.mockito:mockito-android:4.4.0"
 mockito-core = "org.mockito:mockito-core:4.4.0"
 # Need to decide when we require users to absorb the breaking changes in 4.2
 # checkForUpdates: netty-codec-http2:4.1.+
-netty-codec-http2 = "io.netty:netty-codec-http2:4.1.127.Final"
+netty-codec-http2 = "io.netty:netty-codec-http2:4.1.130.Final"
 # checkForUpdates: netty-handler-proxy:4.1.+
-netty-handler-proxy = "io.netty:netty-handler-proxy:4.1.127.Final"
+netty-handler-proxy = "io.netty:netty-handler-proxy:4.1.130.Final"
 # Keep the following references of tcnative version in sync whenever it's updated:
 #   SECURITY.md
 netty-tcnative = "io.netty:netty-tcnative-boringssl-static:2.0.74.Final"
 netty-tcnative-classes = "io.netty:netty-tcnative-classes:2.0.74.Final"
 # checkForUpdates: netty-transport-epoll:4.1.+
-netty-transport-epoll = "io.netty:netty-transport-native-epoll:4.1.127.Final"
+netty-transport-epoll = "io.netty:netty-transport-native-epoll:4.1.130.Final"
 # checkForUpdates: netty-unix-common:4.1.+
-netty-unix-common = "io.netty:netty-transport-native-unix-common:4.1.127.Final"
+netty-unix-common = "io.netty:netty-transport-native-unix-common:4.1.130.Final"
 okhttp = "com.squareup.okhttp:okhttp:2.7.5"
 # okio 3.5+ uses Kotlin 1.9+ which requires Android Gradle Plugin 9+
 # checkForUpdates: okio:3.4.+
@@ -113,11 +113,11 @@ opencensus-contrib-grpc-metrics = { module = "io.opencensus:opencensus-contrib-g
 opencensus-exporter-stats-stackdriver = { module = "io.opencensus:opencensus-exporter-stats-stackdriver", version.ref = "opencensus" }
 opencensus-exporter-trace-stackdriver = { module = "io.opencensus:opencensus-exporter-trace-stackdriver", version.ref = "opencensus" }
 opencensus-impl = { module = "io.opencensus:opencensus-impl", version.ref = "opencensus" }
-opentelemetry-api = "io.opentelemetry:opentelemetry-api:1.56.0"
-opentelemetry-exporter-prometheus = "io.opentelemetry:opentelemetry-exporter-prometheus:1.56.0-alpha"
-opentelemetry-gcp-resources = "io.opentelemetry.contrib:opentelemetry-gcp-resources:1.51.0-alpha"
-opentelemetry-sdk-extension-autoconfigure = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.56.0"
-opentelemetry-sdk-testing = "io.opentelemetry:opentelemetry-sdk-testing:1.56.0"
+opentelemetry-api = "io.opentelemetry:opentelemetry-api:1.57.0"
+opentelemetry-exporter-prometheus = "io.opentelemetry:opentelemetry-exporter-prometheus:1.57.0-alpha"
+opentelemetry-gcp-resources = "io.opentelemetry.contrib:opentelemetry-gcp-resources:1.52.0-alpha"
+opentelemetry-sdk-extension-autoconfigure = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure:1.57.0"
+opentelemetry-sdk-testing = "io.opentelemetry:opentelemetry-sdk-testing:1.57.0"
 perfmark-api = "io.perfmark:perfmark-api:0.27.0"
 # Not upgrading to 4.x as it is not yet ABI compatible.
 # https://github.com/protocolbuffers/protobuf/issues/17247
@@ -136,9 +136,9 @@ signature-android = "net.sf.androidscents.signature:android-api-level-21:5.0.1_r
 signature-java = "org.codehaus.mojo.signature:java18:1.0"
 # 11.0.0+ require Java 17+
 # checkForUpdates: tomcat-embed-core:10.+
-tomcat-embed-core = "org.apache.tomcat.embed:tomcat-embed-core:10.1.49"
+tomcat-embed-core = "org.apache.tomcat.embed:tomcat-embed-core:10.1.50"
 # checkForUpdates: tomcat-embed-core9:9.+
-tomcat-embed-core9 = "org.apache.tomcat.embed:tomcat-embed-core:9.0.112"
+tomcat-embed-core9 = "org.apache.tomcat.embed:tomcat-embed-core:9.0.113"
 truth = "com.google.truth:truth:1.4.5"
 # checkForUpdates: undertow-servlet22:2.2.+
 undertow-servlet22 = "io.undertow:undertow-servlet:2.2.38.Final"
diff --git a/repositories.bzl b/repositories.bzl
index 43b7fcfe1ed..547a89ecbd4 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -12,9 +12,9 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 # GRPC_DEPS_START
 IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.android:annotations:4.1.1.4",
-    "com.google.api.grpc:proto-google-common-protos:2.63.1",
-    "com.google.auth:google-auth-library-credentials:1.40.0",
-    "com.google.auth:google-auth-library-oauth2-http:1.40.0",
+    "com.google.api.grpc:proto-google-common-protos:2.63.2",
+    "com.google.auth:google-auth-library-credentials:1.41.0",
+    "com.google.auth:google-auth-library-oauth2-http:1.41.0",
     "com.google.auto.value:auto-value-annotations:1.11.0",
     "com.google.auto.value:auto-value:1.11.0",
     "com.google.code.findbugs:jsr305:3.0.2",

From 6dc2fabd910e640e20421342428f66fe571728df Mon Sep 17 00:00:00 2001
From: MV Shiva Prasad <okshiva@google.com>
Date: Sun, 28 Dec 2025 07:08:54 +0000
Subject: [PATCH 2/3] update in repositories.bzl as well

---
 gradle/libs.versions.toml | 2 +-
 repositories.bzl          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 7cbcc7ac206..3806fa3404e 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -42,7 +42,7 @@ conscrypt = "org.conscrypt:conscrypt-openjdk-uber:2.5.2"
 cronet-api = "org.chromium.net:cronet-api:119.6045.31"
 # checkForUpdates: cronet-embedded:119.6045.31
 cronet-embedded = "org.chromium.net:cronet-embedded:119.6045.31"
-errorprone-annotations = "com.google.errorprone:error_prone_annotations:2.44.0"
+errorprone-annotations = "com.google.errorprone:error_prone_annotations:2.45.0"
 # 2.32.0+ requires Java 17+
 # checkForUpdates: errorprone-core:2.31.+
 errorprone-core = "com.google.errorprone:error_prone_core:2.31.0"
diff --git a/repositories.bzl b/repositories.bzl
index 547a89ecbd4..494e405a0ac 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -19,7 +19,7 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.auto.value:auto-value:1.11.0",
     "com.google.code.findbugs:jsr305:3.0.2",
     "com.google.code.gson:gson:2.12.1",
-    "com.google.errorprone:error_prone_annotations:2.44.0",
+    "com.google.errorprone:error_prone_annotations:2.45.0",
     "com.google.guava:failureaccess:1.0.1",
     "com.google.guava:guava:33.5.0-android",
     "com.google.re2j:re2j:1.8",

From d31d619932a023334bf6247158464558dfa76852 Mon Sep 17 00:00:00 2001
From: MV Shiva Prasad <okshiva@google.com>
Date: Tue, 30 Dec 2025 12:16:58 +0000
Subject: [PATCH 3/3] upgrade netty patch version in bazel files and
 SECURITY.md

---
 MODULE.bazel     | 24 ++++++++++++------------
 SECURITY.md      |  3 ++-
 repositories.bzl | 24 ++++++++++++------------
 3 files changed, 26 insertions(+), 25 deletions(-)

diff --git a/MODULE.bazel b/MODULE.bazel
index 8804c9e99d3..d481db760a9 100644
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -23,20 +23,20 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.truth:truth:1.4.5",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
-    "io.netty:netty-buffer:4.1.127.Final",
-    "io.netty:netty-codec-http2:4.1.127.Final",
-    "io.netty:netty-codec-http:4.1.127.Final",
-    "io.netty:netty-codec-socks:4.1.127.Final",
-    "io.netty:netty-codec:4.1.127.Final",
-    "io.netty:netty-common:4.1.127.Final",
-    "io.netty:netty-handler-proxy:4.1.127.Final",
-    "io.netty:netty-handler:4.1.127.Final",
-    "io.netty:netty-resolver:4.1.127.Final",
+    "io.netty:netty-buffer:4.1.130.Final",
+    "io.netty:netty-codec-http2:4.1.130.Final",
+    "io.netty:netty-codec-http:4.1.130.Final",
+    "io.netty:netty-codec-socks:4.1.130.Final",
+    "io.netty:netty-codec:4.1.130.Final",
+    "io.netty:netty-common:4.1.130.Final",
+    "io.netty:netty-handler-proxy:4.1.130.Final",
+    "io.netty:netty-handler:4.1.130.Final",
+    "io.netty:netty-resolver:4.1.130.Final",
     "io.netty:netty-tcnative-boringssl-static:2.0.74.Final",
     "io.netty:netty-tcnative-classes:2.0.74.Final",
-    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.127.Final",
-    "io.netty:netty-transport-native-unix-common:4.1.127.Final",
-    "io.netty:netty-transport:4.1.127.Final",
+    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.130.Final",
+    "io.netty:netty-transport-native-unix-common:4.1.130.Final",
+    "io.netty:netty-transport:4.1.130.Final",
     "io.opencensus:opencensus-api:0.31.0",
     "io.opencensus:opencensus-contrib-grpc-metrics:0.31.0",
     "io.perfmark:perfmark-api:0.27.0",
diff --git a/SECURITY.md b/SECURITY.md
index c0ef797238f..fa5b85c0e3a 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -398,7 +398,8 @@ grpc-netty version | netty-handler version | netty-tcnative-boringssl-static ver
 1.67.x-1.70.x      | 4.1.110.Final         | 2.0.65.Final
 1.71.x-1.74.x      | 4.1.110.Final         | 2.0.70.Final
 1.75.x-1.76.x      | 4.1.124.Final         | 2.0.72.Final
-1.77.x-            | 4.1.127.Final         | 2.0.74.Final
+1.77.x-1.78.x      | 4.1.127.Final         | 2.0.74.Final
+1.79.x-            | 4.1.130.Final         | 2.0.74.Final
 
 _(grpc-netty-shaded avoids issues with keeping these versions in sync.)_
 
diff --git a/repositories.bzl b/repositories.bzl
index 494e405a0ac..33efebaf5b3 100644
--- a/repositories.bzl
+++ b/repositories.bzl
@@ -27,20 +27,20 @@ IO_GRPC_GRPC_JAVA_ARTIFACTS = [
     "com.google.truth:truth:1.4.5",
     "com.squareup.okhttp:okhttp:2.7.5",
     "com.squareup.okio:okio:2.10.0",  # 3.0+ needs swapping to -jvm; need work to avoid flag-day
-    "io.netty:netty-buffer:4.1.127.Final",
-    "io.netty:netty-codec-http2:4.1.127.Final",
-    "io.netty:netty-codec-http:4.1.127.Final",
-    "io.netty:netty-codec-socks:4.1.127.Final",
-    "io.netty:netty-codec:4.1.127.Final",
-    "io.netty:netty-common:4.1.127.Final",
-    "io.netty:netty-handler-proxy:4.1.127.Final",
-    "io.netty:netty-handler:4.1.127.Final",
-    "io.netty:netty-resolver:4.1.127.Final",
+    "io.netty:netty-buffer:4.1.130.Final",
+    "io.netty:netty-codec-http2:4.1.130.Final",
+    "io.netty:netty-codec-http:4.1.130.Final",
+    "io.netty:netty-codec-socks:4.1.130.Final",
+    "io.netty:netty-codec:4.1.130.Final",
+    "io.netty:netty-common:4.1.130.Final",
+    "io.netty:netty-handler-proxy:4.1.130.Final",
+    "io.netty:netty-handler:4.1.130.Final",
+    "io.netty:netty-resolver:4.1.130.Final",
     "io.netty:netty-tcnative-boringssl-static:2.0.74.Final",
     "io.netty:netty-tcnative-classes:2.0.74.Final",
-    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.127.Final",
-    "io.netty:netty-transport-native-unix-common:4.1.127.Final",
-    "io.netty:netty-transport:4.1.127.Final",
+    "io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.130.Final",
+    "io.netty:netty-transport-native-unix-common:4.1.130.Final",
+    "io.netty:netty-transport:4.1.130.Final",
     "io.opencensus:opencensus-api:0.31.0",
     "io.opencensus:opencensus-contrib-grpc-metrics:0.31.0",
     "io.perfmark:perfmark-api:0.27.0",