dependabot[bot] opened a new pull request, #2885: URL: https://github.com/apache/servicecomb-java-chassis/pull/2885
Bumps [okhttp](https://github.com/square/okhttp) from 3.14.2 to 4.9.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/square/okhttp/blob/master/CHANGELOG.md";>okhttp's changelog</a>.</em></p> <blockquote> <h1>Change Log</h1> <h2>Version 5.0.0-alpha.7</h2> <p><em>2022-04-26</em></p> <p><strong>This release introduces new Kotlin-friendly APIs.</strong> When we migrated OkHttp from Java to Kotlin in OkHttp 4.0, we kept our Java-first APIs. With 5.0 we're continuing to support Java and adding additional improvements for Kotlin users. In this alpha we're excited to skip-the-builder for requests and remove a common source of non-null assertions (<code>!!</code>) on the response body.</p> <p>The alpha releases in the 5.0.0 series have production-quality code and an unstable API. We expect to make changes to the APIs introduced in 5.0.0-alpha.X. These releases are safe for production use and 'alpha' strictly signals that we're still experimenting with some new APIs. If you're eager for the fixes or features below, please upgrade.</p> <ul> <li> <p>New: Named and default parameters constructor for <code>Request</code>:</p> <pre><code>val request = Request( url = "https://cash.app/".toHttpUrl(), ) </code></pre> </li> <li> <p>New: <code>Response.body</code> is now non-null. This was generally the case in OkHttp 4.x, but the Kotlin type declaration was nullable to support rare cases like the body on <code>Response.cacheResponse</code>, <code>Response.networkResponse</code>, and <code>Response.priorResponse</code>. In such cases the body is now non-null, but attempts to read its content will fail.</p> </li> <li> <p>New: Kotlin-specific APIs for request tags. Kotlin language users can lookup tags with a type parameter only, like <code>request.tag<MyTagClass>()</code>.</p> </li> <li> <p>New: MockWebServer has improved support for HTTP/1xx responses. Once you've migrated to the new <code>mockwebserver3</code> package, there's a new field, <code>MockResponse.informationalResponses</code>.</p> </li> <li> <p>Fix: Don't interpret trailers as headers after an HTTP/100 response. This was a bug only when the HTTP response body itself is empty.</p> </li> <li> <p>Fix: Don't crash when a fast fallback call has both a deferred connection and a held connection.</p> </li> <li> <p>Fix: <code>OkHttpClient</code> no longer implements <code>Cloneable</code>. It never should have; the class is immutable. This is left over from OkHttp 2.x (!) when that class was mutable. We're using the 5.x upgrade as an opportunity to remove very obsolete APIs.</p> </li> <li> <p>Fix: Recover gracefully when Android's <code>NativeCrypto</code> crashes with <code>"ssl == null"</code>. This occurs when OkHttp retrieves ALPN state on a closed connection.</p> </li> <li> <p>Upgrade: [Kotlin 1.6.21][kotlin_1_6_21].</p> </li> <li> <p>Upgrade: [Okio 3.1.0][okio_3_1_0].</p> </li> </ul> <h2>Version 5.0.0-alpha.6</h2> <p><em>2022-03-14</em></p> <ul> <li>Fix: Don't attempt to close pooled connections. We saw occasional fast fallback calls crash in</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/square/okhttp/commit/0a27e9ff30c6129f4fdeb1f99c07c9b009bcc537";><code>0a27e9f</code></a> Prepare for release 4.9.3.</li> <li><a href="https://github.com/square/okhttp/commit/97a8f6cac287b11352e6688e9a7e9180b145a9ad";><code>97a8f6c</code></a> Confirm we can read a response that completed before RST_STREAM (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6293";>#6293</a>) (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6914";>#6914</a>)</li> <li><a href="https://github.com/square/okhttp/commit/b1a39f48e55ecd197e306e1b25f1133836caa4e2";><code>b1a39f4</code></a> Prepare next development version.</li> <li><a href="https://github.com/square/okhttp/commit/3edf17ca8a5048912d19e84d0fc2a7941a97c07d";><code>3edf17c</code></a> Prepare for release 4.9.2.</li> <li><a href="https://github.com/square/okhttp/commit/262b3cde9f6354a31d4d4862bef5a81590687ad7";><code>262b3cd</code></a> Handle strict module handling on JDK17 (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6707";>#6707</a>) (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6742";>#6742</a>)</li> <li><a href="https://github.com/square/okhttp/commit/f574ea2f5259d9040f264ddeb582fb1ce563f10c";><code>f574ea2</code></a> Cherry pick fix for CVE-2021-0341 onto 4.9.x (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6741";>#6741</a>)</li> <li><a href="https://github.com/square/okhttp/commit/1fd7c0afdc2cee9ba982b07d49662af7f60e1518";><code>1fd7c0a</code></a> Make it more difficult to accidentally log sensitive headers (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6551";>#6551</a>) (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6740";>#6740</a>)</li> <li><a href="https://github.com/square/okhttp/commit/b0397cc7a9f755ef8ab1e00c8114531f802f35a6";><code>b0397cc</code></a> 4.9.x GitHub builds update (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6732";>#6732</a>)</li> <li><a href="https://github.com/square/okhttp/commit/eb5a8343eab9ba4ec933e8fb80d3f8a0e4eacbcd";><code>eb5a834</code></a> Prepare next development version.</li> <li><a href="https://github.com/square/okhttp/commit/63dcd95bfa2345bb3f3d4abc6b6dbf36cfb08aaf";><code>63dcd95</code></a> Prepare for release 4.9.1.</li> <li>Additional commits viewable in <a href="https://github.com/square/okhttp/compare/parent-3.14.2...parent-4.9.3";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
