grpc/grpc-java v1.76.0 on GitHub

xds: ClusterResolverLb has been converted to use XdsDepManager, which finishes the changes for gRFC A74 xDS Config Tears. This change should resolve some unnecessary reconnections introduced in v1.75.0 when using weighted_round_robin and maybe other policies.
compiler: A fix has been implemented for the blockingV2 stub to mangle generated method names that conflict with java.lang.Object methods.
servlet: A race condition in AsyncServletOutputStreamWriter has been fixed to prevent threads from getting stuck.
servlet: An issue where AsyncContext.complete() was called multiple times, causing an IllegalStateException, has been resolved.
binder: The REMOTE_UID is now required to hold the exact UID passed to the SecurityPolicy.
binder: The server will now only accept post-setup transactions from the authorized server UID.
util: AdvancedTlsX509TrustManager now errors with a message to say that files don’t exist instead of the previous “Files were unmodified before their initial update. Probably a bug.”
android: A fix has been implemented for network change handling on API levels below 24.

api: Allocations of Attributes.Builder have been reduced. This mostly benefits attributes.toBuilder(), but that’s not expected to be visible in regular workloads.
api: An empty array allocation in LoadBalancer.CreateSubchannelArgs.Builder has been avoided. It is a small optimization and is not expected to have any performance impact.
servlet: A configurable methodNameResolver has been added to configure the mapping from servlet request paths to gRPC method name
servlet: Avoid a race by increasing the AsyncContext timeout by 5 seconds. The gRPC Context timeout should trigger first
xds: Pretty-print envoy.service.discovery.v3.Resource in debug logs
bazel: The java/proto rules from rules_java/rules_proto are now used instead of native rules.
bazel: Unnecessary direct build dependencies were removed from some targets
netty: Support for the BCJSSE provider has been added in GrpcSslContexts.
netty: Huffman coding in server response headers has been disabled; it was already disabled for client request headers
netty: Include allow header for HTTP response code 405
okhttp: Include allow header for HTTP response code 405
binder: Error descriptions for ServiceConnection callbacks have been improved
binder: Apps can now call SecurityPolicy.checkAuthorization() by PeerUid.

stub: Trailers are now propagated in StatusException when thrown by BlockingClientCall.
compiler: Support for macOS aarch64 with a universal binary has been added.
opentelemetry: grpc.subchannel.* metrics as described in gRFC A94 OTel metrics for Subchannels have been added. grpc.disconnect_error will show as “unknown” until transports implement support
binder: A NameResolver for Android's intent: URIs has been introduced.
binder: A basic SocketStats with just the local and remote addresses has been added for channelz.

SECURITY.md: The documentation now describes how to use gcompat with LD_PRELOAD for Alpine.
examples: The documentation now explains Bazel BCR releases and the git_override option.

Upgraded Guava version to 33.4.8.
The org.apache.tomcat:annotations-api dependency has been removed from the examples.