dependabot[bot] opened a new pull request, #2695: URL: https://github.com/apache/cxf/pull/2695
Bumps [com.squareup.okhttp3:okhttp](https://github.com/square/okhttp) from 4.12.0 to 5.3.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/square/okhttp/blob/master/CHANGELOG.md";>com.squareup.okhttp3:okhttp's changelog</a>.</em></p> <blockquote> <h2>Version 5.3.0</h2> <p><em>2025-10-30</em></p> <ul> <li> <p>New: Add tags to <code>Call</code>, including computable tags. Use this to attach application-specific metadata to a <code>Call</code> in an <code>EventListener</code> or <code>Interceptor</code>. The tag can be read in any other <code>EventListener</code> or <code>Interceptor</code>.</p> <pre lang="kotlin"><code> override fun intercept(chain: Interceptor.Chain): Response { chain.call().tag(MyAnalyticsTag::class) { MyAnalyticsTag(...) } <pre><code>return chain.proceed(chain.request()) </code></pre> <p>} </code></pre></p> </li> <li> <p>New: Support request bodies on HTTP/1.1 connection upgrades.</p> </li> <li> <p>New: <code>EventListener.plus()</code> makes it easier to observe events in multiple listeners.</p> </li> <li> <p>Fix: Don't spam logs with <em>‘Method isLoggable in android.util.Log not mocked.’</em> when using OkHttp in Robolectric and Paparazzi tests.</p> </li> <li> <p>Upgrade: [Kotlin 2.2.21][kotlin_2_2_21].</p> </li> <li> <p>Upgrade: [Okio 3.16.2][okio_3_16_2].</p> </li> <li> <p>Upgrade: [ZSTD-KMP 0.4.0][zstd_kmp_0_4_0]. This update fixes a bug that caused APKs to fail [16 KB ELF alignment checks][elf_alignment].</p> </li> </ul> <h2>Version 5.2.1</h2> <p><em>2025-10-09</em></p> <ul> <li> <p>Fix: Don't crash when calling <code>Socket.shutdownOutput()</code> or <code>shutdownInput()</code> on an <code>SSLSocket</code> on Android API 21 through 23. This method throws an <code>UnsupportedOperationException</code>, so we now catch that and close the underlying stream instead.</p> </li> <li> <p>Upgrade: [Okio 3.16.1][okio_3_16_1].</p> </li> </ul> <h2>Version 5.2.0</h2> <p><em>2025-10-07</em></p> <ul> <li> <p>New: Support [HTTP 101] responses with <code>Response.socket</code>. This mechanism is only supported on HTTP/1.1. We also reimplemented our websocket client to use this new mechanism.</p> </li> <li> <p>New: The <code>okhttp-zstd</code> module negotiates [Zstandard (zstd)][zstd] compression with servers that support it. It integrates a new (unstable) [ZSTD-KMP] library, also from Square. Enable it like this:</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/square/okhttp/commit/0960b47ec28a02e893499d2a7e53bf462a62875e";><code>0960b47</code></a> Prepare for release 5.3.0.</li> <li><a href="https://github.com/square/okhttp/commit/bfb24eb90b3be7fb73541ea02ce8d5dfc4021709";><code>bfb24eb</code></a> Support Request Bodies on HTTP1.1 Connection Upgrades (<a href="https://redirect.github.com/square/okhttp/issues/9159";>#9159</a>)</li> <li><a href="https://github.com/square/okhttp/commit/cf4a86439568e640c39da5e4e73af6565a5510b1";><code>cf4a864</code></a> Update Gradle to v9.2.0 (<a href="https://redirect.github.com/square/okhttp/issues/9171";>#9171</a>)</li> <li><a href="https://github.com/square/okhttp/commit/4e7dbec1ea6c9cf8d80422ac9d44b9b185c749a3";><code>4e7dbec</code></a> Update dependency com.puppycrawl.tools:checkstyle to v12.1.1 (<a href="https://redirect.github.com/square/okhttp/issues/9169";>#9169</a>)</li> <li><a href="https://github.com/square/okhttp/commit/0470853d724ec9e3c68a6ef83a4d1a60a73ef289";><code>0470853</code></a> Add tags to calls, including computable tags (<a href="https://redirect.github.com/square/okhttp/issues/9168";>#9168</a>)</li> <li><a href="https://github.com/square/okhttp/commit/2b70b39827518c0a8b350c77f32f314aa46de7ca";><code>2b70b39</code></a> Catch UnsatisfiedLinkError in AndroidLog (<a href="https://redirect.github.com/square/okhttp/issues/9137";>#9137</a>)</li> <li><a href="https://github.com/square/okhttp/commit/35735556f4ab3400197c6dd6c113c62b8468c58d";><code>3573555</code></a> Update dependency com.github.jnr:jnr-unixsocket to v0.38.24 (<a href="https://redirect.github.com/square/okhttp/issues/9166";>#9166</a>)</li> <li><a href="https://github.com/square/okhttp/commit/af8cf3024ace57dab436a9a289ac986cddf01ea8";><code>af8cf30</code></a> Update actions/upload-artifact action to v5 (<a href="https://redirect.github.com/square/okhttp/issues/9167";>#9167</a>)</li> <li><a href="https://github.com/square/okhttp/commit/478e99cf506e4b63b6db0418f7f7490d734c2239";><code>478e99c</code></a> Build an computeIfAbsent() mechanism for tags (<a href="https://redirect.github.com/square/okhttp/issues/9165";>#9165</a>)</li> <li><a href="https://github.com/square/okhttp/commit/d393c868179ff06f870a98ec3bc161c391414eea";><code>d393c86</code></a> Use Tags in okhttp3.Request (<a href="https://redirect.github.com/square/okhttp/issues/9164";>#9164</a>)</li> <li>Additional commits viewable in <a href="https://github.com/square/okhttp/compare/parent-4.12.0...parent-5.3.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
