Update dependencies (#5699)

Update dependencies
- Blockhound 1.0.8.RELEASE -> 1.0.9.RELEASE
- Control Plane 1.0.44 -> 1.0.45
- GraphQL Kotlin 7.0.2 -> 7.1.1
- gRPC Java 1.63.0 -> 1.64.0
- Guava 33.1.0-jre -> 33.2.0-jre
- Jackson 2.17.0 -> 2.17.1
- Kotlin Coroutine 1.8.0 -> 1.8.1
- Kubernetes client 6.11.0 -> 6.12.1
- Mircometer 1.12.4 -> 1.13.0
- Netty 4.1.108.Final -> 4.1.110.Final
- Reactor 3.6.4 -> 3.6.6
- Scala2.13 2.13.13 -> 2.13.14
- Scala Collection compat 2.11.0 -> 2.12.0 
- Spring 6.1.5 -> 6.1.8
- Spring Boot 3.2.4 -> 3.3.0
- Build
  - Errorprone 2.26.1 -> 2.27.1
  - Finagle 23.11.0 -> 24.2.0
  - GraphQL DGS client 8.5.3 -> 8.6.1
  - Jakarta Validation 3.0.2 -> 3.1.0
  - Jakarta WebSocket 2.1.1 -> 2.2.0
  - Jkube 1.15.0 -> 1.16.2
  - Picocli 4.7.5 -> 4.7.6
  - Test containers 1.19.7 -> 1.19.8

Close #5697

dependencies.toml

@@ -7,48 +7,49 @@ apache-httpclient4 = "4.5.14"
 asm = "9.7"
 assertj = "3.25.3"
 awaitility = "4.2.1"
-blockhound = "1.0.8.RELEASE"
+blockhound = "1.0.9.RELEASE"
 bouncycastle = "1.70"
 brave5 = "5.18.1"
 brave6 = "6.0.3"
 brotli4j = "1.16.0"
+# Don"t upgrade bucket4j to 8.x that requires Java 11. The module name also has been changed to "com.bucket4j"
 bucket4j = "7.6.0"
 # Don"t upgrade Caffeine to 3.x that requires Java 11.
 caffeine = "2.9.3"
 cglib = "3.3.0"
 checkerframework = "2.5.6"
 checkstyle = "10.3.2"
-controlplane = "1.0.44"
+controlplane = "1.0.45"
 curator = "5.6.0"
 dagger = "2.51.1"
-dgs = "8.5.3"
+dgs = "8.6.1"
 dropwizard1 = "1.3.29"
 dropwizard2 = "2.1.12"
 dropwizard-metrics = "4.2.25"
-errorprone = "2.26.1"
+errorprone = "2.27.1"
 errorprone-gradle-plugin = "3.1.0"
 eureka = "2.0.2"
 fastutil = "8.5.13"
-finagle = "23.11.0"
+finagle = "24.2.0"
 findbugs = "3.0.2"
 futures-completable = "0.3.6"
 futures-extra = "4.3.3"
 gax-grpc = "2.46.1"
 # Don"t upgrade graphql-java to 21.0 that requires Java 11
 graphql-java = "20.4"
-graphql-kotlin = "7.0.2"
-grpc-java = "1.63.0"
+graphql-kotlin = "7.1.1"
+grpc-java = "1.64.0"
 grpc-kotlin = "1.4.1"
-guava = "33.1.0-jre"
+guava = "33.2.0-jre"
 hamcrest = "2.2"
 hbase = "1.2.6"
 hibernate-validator6 = "6.2.5.Final"
 hibernate-validator8 = "8.0.1.Final"
 j2objc = "3.0.0"
-jackson = "2.17.0"
+jackson = "2.17.1"
 jakarta-inject = "2.0.1"
-jakarta-validation = "3.0.2"
-jakarta-websocket = "2.1.1"
+jakarta-validation = "3.1.0"
+jakarta-websocket = "2.2.0"
 java-websocket = "1.5.6"
 javax-annotation = "1.3.2"
 javax-inject = "1"
@@ -65,7 +66,7 @@ jetty12 = "12.0.8"
 jetty93 = "9.3.30.v20211001"
 jetty94 = "9.4.54.v20240208"
 jetty-alpn-api = "1.1.3.v20160715"
-jkube = "1.15.0"
+jkube = "1.16.2"
 jmh-core = "1.37"
 jmh-gradle-plugin = "0.7.2"
 joor = "0.9.15"
@@ -79,10 +80,10 @@ junit-pioneer = "1.9.1"
 jwt = "4.4.0"
 kafka = "3.7.0"
 kotlin = "1.9.23"
-kotlin-coroutine = "1.8.0"
+kotlin-coroutine = "1.8.1"
 krotodc = "1.1.1"
-ktlint-gradle-plugin = "12.1.0"
-kubernetes-client = "6.11.0"
+ktlint-gradle-plugin = "12.1.1"
+kubernetes-client = "6.12.1"
 logback12 = "1.2.13"
 logback13 = "1.3.14"
 logback14 = "1.4.14"
@@ -93,8 +94,8 @@ micrometer13 = "1.3.20"
 # Don't uprade mockito to 5.x.x that requires Java 11
 mockito = "4.11.0"
 monix = "3.4.1"
-munit = "0.7.29"
-netty = "4.1.108.Final"
+munit = "1.0.0"
+netty = "4.1.110.Final"
 netty-incubator-transport-native-io_uring = "0.0.25.Final"
 nexus-publish = "2.0.0"
 node-gradle-plugin = "7.0.2"
@@ -105,7 +106,7 @@ okhttp4 = "4.12.0" # For testing
 opensaml = "3.4.6"
 osdetector = "1.7.3"
 # Used for kubernetes-chaos-tests
-picocli = "4.7.5"
+picocli = "4.7.6"
 proguard = "7.4.2"
 prometheus = "0.16.0"
 # Ensure that we use the same Protobuf version as what gRPC depends on.
@@ -117,7 +118,7 @@ protobuf-gradle-plugin = "0.8.19"
 protobuf-jackson = "2.5.0"
 reactive-grpc = "1.2.4"
 reactive-streams = "1.0.4"
-reactor = "3.6.4"
+reactor = "3.6.6"
 reactor-kotlin = "1.2.2"
 # Upgrade once https://github.com/ronmamo/reflections/issues/279 is fixed.
 reflections = "0.9.11"
@@ -132,23 +133,24 @@ rxjava2 = "2.2.21"
 rxjava3 = "3.1.8"
 sangria = "4.1.0"
 sangria-slowlog = "3.0.0"
-scala-collection-compat = "2.11.0"
+scala-collection-compat = "2.12.0"
 scala-java8-compat = "1.0.2"
 scala212 = "2.12.19"
-scala213 = "2.13.13"
+scala213 = "2.13.14"
 scala3 = "3.4.1"
 scalafmt-gradle-plugin = "1.16.2"
 scalapb = "0.11.15"
 scalapb-json = "0.12.1"
 shadow-gradle-plugin = "7.1.2"
+# Don"t upgrade to 8.x that requires Java 11.
 shibboleth-utilities = "7.5.2"
 snappy = "1.1.10.5"
 slf4j = "1.7.36"
 slf4j2 = "2.0.12"
-spring6 = "6.1.5"
+spring6 = "6.1.8"
 spring-boot2 = "2.7.18"
-spring-boot3 = "3.2.4"
-testcontainers = "1.19.7"
+spring-boot3 = "3.3.0"
+testcontainers = "1.19.8"
 thrift09 = { strictly = "0.9.3-1" }
 thrift012 = { strictly = "0.12.0" }
 thrift013 = { strictly = "0.13.0" }

grpc/src/test/java/com/linecorp/armeria/server/grpc/ServerCallListenerCompatibilityTest.java

@@ -139,14 +139,7 @@ void errorUnaryCall(List<ReleasableHolder<TestServiceBlockingStub>> clients) thr
                     client.unaryCall(SimpleRequest.newBuilder().setPayload(payload).build());
                 } catch (Throwable ex) {
                     final StatusRuntimeException statusException = (StatusRuntimeException) ex;
-                    // Armeria returns a RESOURCE_EXHAUSTED when maxInboundMessageSize is exceeded
-                    // whereas upstream returns a CANCELLED. Armeria's behavior seems to make more
-                    // sense so leaving as is.
-                    if (i == 0) {
-                        assertThat(statusException.getStatus().getCode()).isEqualTo(Code.CANCELLED);
-                    } else {
-                        assertThat(statusException.getStatus().getCode()).isEqualTo(Code.RESOURCE_EXHAUSTED);
-                    }
+                    assertThat(statusException.getStatus().getCode()).isEqualTo(Code.RESOURCE_EXHAUSTED);
                 }
                 Thread.sleep(1000);
                 // Waits 1 second for events to be fully collected.
@@ -263,14 +256,7 @@ void errorStreamCall(List<ReleasableHolder<TestServiceBlockingStub>> clients) th
                     }
                 } catch (Throwable ex) {
                     final StatusRuntimeException statusException = (StatusRuntimeException) ex;
-                    // Armeria returns a RESOURCE_EXHAUSTED when maxInboundMessageSize is exceeded
-                    // whereas upstream returns a CANCELLED. Armeria's behavior seems to make more
-                    // sense so leaving as is.
-                    if (i == 0) {
-                        assertThat(statusException.getStatus().getCode()).isEqualTo(Code.CANCELLED);
-                    } else {
-                        assertThat(statusException.getStatus().getCode()).isEqualTo(Code.RESOURCE_EXHAUSTED);
-                    }
+                    assertThat(statusException.getStatus().getCode()).isEqualTo(Code.RESOURCE_EXHAUSTED);
                 }
                 // Waits 1 second for events to be fully collected.
                 Thread.sleep(1000);

spring/boot2-webflux-autoconfigure/build.gradle

@@ -83,6 +83,7 @@ task generateSources(type: Copy) {
         exclude '**/AbstractServerHttpRequestVersionSpecific.java'
         exclude '**/package-info.java'
         exclude '**/org.springframework.boot.autoconfigure.AutoConfiguration.imports'
+        exclude '**/TlsUtil.java'
     }
 
     into "${project.ext.genSrcDir}"

spring/boot2-webflux-autoconfigure/src/main/java/com/linecorp/armeria/spring/web/reactive/TlsUtil.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright 2024 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package com.linecorp.armeria.spring.web.reactive;
+
+import java.security.KeyStore;
+import java.util.function.Supplier;
+
+import org.springframework.boot.web.server.SslStoreProvider;
+
+import com.linecorp.armeria.common.util.Exceptions;
+import com.linecorp.armeria.internal.spring.ArmeriaConfigurationUtil;
+import com.linecorp.armeria.server.ServerBuilder;
+import com.linecorp.armeria.spring.Ssl;
+
+final class TlsUtil {
+
+    static void configureTls(ServerBuilder sb, Ssl ssl,
+                             ArmeriaReactiveWebServerFactory factory) {
+        final SslStoreProvider sslStoreProvider = factory.getSslStoreProvider();
+        final Supplier<KeyStore> keyStoreSupplier;
+        final Supplier<KeyStore> trustStoreSupplier;
+        if (sslStoreProvider != null) {
+            keyStoreSupplier = () -> {
+                try {
+                    return sslStoreProvider.getKeyStore();
+                } catch (Exception e) {
+                    return Exceptions.throwUnsafely(e);
+                }
+            };
+            trustStoreSupplier = () -> {
+                try {
+                    return sslStoreProvider.getTrustStore();
+                } catch (Exception e) {
+                    return Exceptions.throwUnsafely(e);
+                }
+            };
+        } else {
+            keyStoreSupplier = null;
+            trustStoreSupplier = null;
+        }
+        ArmeriaConfigurationUtil.configureTls(sb, ssl, keyStoreSupplier, trustStoreSupplier);
+    }
+
+    private TlsUtil() {}
+}

spring/boot3-webflux-autoconfigure/src/main/java/com/linecorp/armeria/spring/web/reactive/ArmeriaReactiveWebServerFactory.java

@@ -25,12 +25,10 @@
 import java.lang.reflect.Field;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
-import java.security.KeyStore;
 import java.util.Arrays;
 import java.util.List;
 import java.util.concurrent.CompletableFuture;
 import java.util.function.Consumer;
-import java.util.function.Supplier;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -42,7 +40,6 @@
 import org.springframework.boot.web.server.Compression;
 import org.springframework.boot.web.server.Http2;
 import org.springframework.boot.web.server.Ssl;
-import org.springframework.boot.web.server.SslStoreProvider;
 import org.springframework.boot.web.server.WebServer;
 import org.springframework.core.ResolvableType;
 import org.springframework.core.env.Environment;
@@ -59,8 +56,6 @@
 import com.linecorp.armeria.common.SessionProtocol;
 import com.linecorp.armeria.common.annotation.Nullable;
 import com.linecorp.armeria.common.metric.MeterIdPrefixFunction;
-import com.linecorp.armeria.common.util.Exceptions;
-import com.linecorp.armeria.internal.spring.ArmeriaConfigurationUtil;
 import com.linecorp.armeria.server.Route;
 import com.linecorp.armeria.server.Server;
 import com.linecorp.armeria.server.ServerBuilder;
@@ -209,7 +204,7 @@ public WebServer getWebServer(HttpHandler httpHandler) {
                 logger.warn("Both Armeria and Spring TLS configuration exist. " +
                             "Armeria TLS configuration is used.");
             } else {
-                configureTls(sb, toArmeriaSslConfiguration(springSsl));
+                TlsUtil.configureTls(sb, toArmeriaSslConfiguration(springSsl), this);
             }
             springSessionProtocol = SessionProtocol.HTTPS;
         } else {
@@ -297,32 +292,6 @@ private static boolean isArmeriaCompressionEnabled(@Nullable ArmeriaSettings arm
         return false;
     }
 
-    private void configureTls(ServerBuilder sb, com.linecorp.armeria.spring.Ssl ssl) {
-        final SslStoreProvider provider = getSslStoreProvider();
-        final Supplier<KeyStore> keyStoreSupplier;
-        final Supplier<KeyStore> trustStoreSupplier;
-        if (provider != null) {
-            keyStoreSupplier = () -> {
-                try {
-                    return provider.getKeyStore();
-                } catch (Exception e) {
-                    return Exceptions.throwUnsafely(e);
-                }
-            };
-            trustStoreSupplier = () -> {
-                try {
-                    return provider.getTrustStore();
-                } catch (Exception e) {
-                    return Exceptions.throwUnsafely(e);
-                }
-            };
-        } else {
-            keyStoreSupplier = null;
-            trustStoreSupplier = null;
-        }
-        ArmeriaConfigurationUtil.configureTls(sb, ssl, keyStoreSupplier, trustStoreSupplier);
-    }
-
     private MeterIdPrefixFunction meterIdPrefixFunctionOrDefault() {
         final MeterIdPrefixFunction f = findBean(MeterIdPrefixFunction.class);
         return f != null ? f : MeterIdPrefixFunction.ofDefault("armeria.server");

spring/boot3-webflux-autoconfigure/src/main/java/com/linecorp/armeria/spring/web/reactive/TlsUtil.java

@@ -0,0 +1,64 @@
+/*
+ * Copyright 2024 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package com.linecorp.armeria.spring.web.reactive;
+
+import java.security.KeyStore;
+import java.util.function.Supplier;
+
+import org.springframework.boot.ssl.SslBundle;
+import org.springframework.boot.web.server.WebServerSslBundle;
+
+import com.linecorp.armeria.common.util.Exceptions;
+import com.linecorp.armeria.internal.spring.ArmeriaConfigurationUtil;
+import com.linecorp.armeria.server.ServerBuilder;
+import com.linecorp.armeria.spring.Ssl;
+
+final class TlsUtil {
+
+    static void configureTls(ServerBuilder sb, Ssl ssl,
+                             ArmeriaReactiveWebServerFactory factory) {
+        if (!ssl.isEnabled()) {
+            return;
+        }
+        final org.springframework.boot.web.server.Ssl springSsl = factory.getSsl();
+        final Supplier<KeyStore> keyStoreSupplier;
+        final Supplier<KeyStore> trustStoreSupplier;
+        if ((springSsl.getCertificate() != null && springSsl.getCertificatePrivateKey() != null) || // PEM
+            ssl.getKeyStore() != null || "PKCS11".equals(ssl.getKeyStoreType())) { // JSK
+            final SslBundle sslBundle = WebServerSslBundle.get(springSsl, factory.getSslBundles());
+            keyStoreSupplier = () -> {
+                try {
+                    return sslBundle.getStores().getKeyStore();
+                } catch (Exception e) {
+                    return Exceptions.throwUnsafely(e);
+                }
+            };
+            trustStoreSupplier = () -> {
+                try {
+                    return sslBundle.getStores().getTrustStore();
+                } catch (Exception e) {
+                    return Exceptions.throwUnsafely(e);
+                }
+            };
+        } else {
+            keyStoreSupplier = null;
+            trustStoreSupplier = null;
+        }
+        ArmeriaConfigurationUtil.configureTls(sb, ssl, keyStoreSupplier, trustStoreSupplier);
+    }
+
+    private TlsUtil() {}
+}