You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@servicecomb.apache.org by GitBox <gi...@apache.org> on 2022/05/20 06:45:30 UTC

[GitHub] [servicecomb-java-chassis] dependabot[bot] opened a new pull request, #2960: Bump okhttp from 3.14.2 to 4.7.2

dependabot[bot] opened a new pull request, #2960:
URL: https://github.com/apache/servicecomb-java-chassis/pull/2960

   Bumps [okhttp](https://github.com/square/okhttp) from 3.14.2 to 4.7.2.
   <details>
   <summary>Changelog</summary>
   <p><em>Sourced from <a href="https://github.com/square/okhttp/blob/parent-4.7.2/CHANGELOG.md">okhttp's changelog</a>.</em></p>
   <blockquote>
   <h2>Version 4.7.2</h2>
   <p><em>2020-05-20</em></p>
   <ul>
   <li>Fix: Don't crash inspecting whether the host platform is JVM or Android. With 4.7.0 and 4.7.1 we
   had a crash <code>IllegalArgumentException: Not a Conscrypt trust manager</code> because we depended on
   initialization order of companion objects.</li>
   </ul>
   <h2>Version 4.7.1</h2>
   <p><em>2020-05-18</em></p>
   <ul>
   <li>Fix: Pass the right arguments in the trust manager created for <code>addInsecureHost()</code>. Without the
   fix insecure hosts crash with an <code>IllegalArgumentException</code> on Android.</li>
   </ul>
   <h2>Version 4.7.0</h2>
   <p><em>2020-05-17</em></p>
   <ul>
   <li>
   <p>New: <code>HandshakeCertificates.Builder.addInsecureHost()</code> makes it easy to turn off security in
   private development environments that only carry test data. Prefer this over creating an
   all-trusting <code>TrustManager</code> because only hosts on the allowlist are insecure. From
   [our DevServer sample][dev_server]:</p>
   <pre lang="kotlin"><code>val clientCertificates = HandshakeCertificates.Builder()
       .addPlatformTrustedCertificates()
       .addInsecureHost(&quot;localhost&quot;)
       .build()
   <p>val client = OkHttpClient.Builder()
   .sslSocketFactory(clientCertificates.sslSocketFactory(), clientCertificates.trustManager)
   .build()
   </code></pre></p>
   </li>
   <li>
   <p>New: Add <code>cacheHit</code>, <code>cacheMiss</code>, and <code>cacheConditionalHit()</code> events to <code>EventListener</code>. Use
   these in logs, metrics, and even test cases to confirm your cache headers are configured as
   expected.</p>
   </li>
   <li>
   <p>New: Constant string <code>okhttp3.VERSION</code>. This is a string like &quot;4.5.0-RC1&quot;, &quot;4.5.0&quot;, or
   &quot;4.6.0-SNAPSHOT&quot; indicating the version of OkHttp in the current runtime. Use this to include
   the OkHttp version in custom <code>User-Agent</code> headers.</p>
   </li>
   <li>
   <p>Fix: Don't crash when running as a plugin in Android Studio Canary 4.1. To enable
   platform-specific TLS features OkHttp must detect whether it's running in a JVM or in Android.
   The upcoming Android Studio runs in a JVM but has classes from Android and that confused OkHttp!</p>
   </li>
   <li>
   <p>Fix: Include the header <code>Accept: text/event-stream</code> for SSE calls. This header is not added if</p>
   </li>
   </ul>
   <!-- raw HTML omitted -->
   </blockquote>
   <p>... (truncated)</p>
   </details>
   <details>
   <summary>Commits</summary>
   <ul>
   <li><a href="https://github.com/square/okhttp/commit/4c595553fbcbfc316d24a74197aa753dbc05da9f"><code>4c59555</code></a> Prepare for release 4.7.2.</li>
   <li><a href="https://github.com/square/okhttp/commit/b733d293cd58fb125033bd6009c484d96502399c"><code>b733d29</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/square/okhttp/issues/6073">#6073</a> from yschimke/android_init_ordering</li>
   <li><a href="https://github.com/square/okhttp/commit/1d183cb0015bfb0788dde1fbce8f4a6d1cd7109c"><code>1d183cb</code></a> Fix Android init ordering</li>
   <li><a href="https://github.com/square/okhttp/commit/9c173d2ad3f4fb2585e9c7fedb314f6f653bb9c0"><code>9c173d2</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/square/okhttp/issues/6071">#6071</a> from yschimke/android_tests_safe_on_23</li>
   <li><a href="https://github.com/square/okhttp/commit/d1490698a320895c89da7577b05a7d730e353203"><code>d149069</code></a> Make the Android tests pass on &lt;= 23</li>
   <li><a href="https://github.com/square/okhttp/commit/6fcabb1ec3644102e7a3082f18223c188c021c84"><code>6fcabb1</code></a> Prepare next development version.</li>
   <li><a href="https://github.com/square/okhttp/commit/186ec88aff706f31724210f0b73f88e942e7fb11"><code>186ec88</code></a> Prepare for release 4.7.1.</li>
   <li><a href="https://github.com/square/okhttp/commit/67f77be6b098efa0a8271b557891130eb7d83f5f"><code>67f77be</code></a> Fix for insecureHost on Android (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6063">#6063</a>)</li>
   <li><a href="https://github.com/square/okhttp/commit/370ebcffe67ef552e30e866bd622da5291a6f5b3"><code>370ebcf</code></a> Prepare next development version.</li>
   <li><a href="https://github.com/square/okhttp/commit/ef7c5f358e2ac8dad806952c70c7af9061a6f7af"><code>ef7c5f3</code></a> Prepare for release 4.7.0.</li>
   <li>Additional commits viewable in <a href="https://github.com/square/okhttp/compare/parent-3.14.2...parent-4.7.2">compare view</a></li>
   </ul>
   </details>
   <br />
   
   
   [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.squareup.okhttp3:okhttp&package-manager=maven&previous-version=3.14.2&new-version=4.7.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   <details>
   <summary>Dependabot commands and options</summary>
   <br />
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
   
   
   </details>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] Shoothzj commented on pull request #2960: Bump okhttp from 3.14.2 to 4.7.2

Posted by GitBox <gi...@apache.org>.

Shoothzj commented on PR #2960:
URL: https://github.com/apache/servicecomb-java-chassis/pull/2960#issuecomment-1133880675

   @dependabot ignore this minor version


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] dependabot[bot] commented on pull request #2960: Bump okhttp from 3.14.2 to 4.7.2

Posted by GitBox <gi...@apache.org>.

dependabot[bot] commented on PR #2960:
URL: https://github.com/apache/servicecomb-java-chassis/pull/2960#issuecomment-1133880681

   OK, I won't notify you about version 4.7.x again, unless you re-open this PR or update to a 4.7.x release yourself.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] dependabot[bot] closed pull request #2960: Bump okhttp from 3.14.2 to 4.7.2

Posted by GitBox <gi...@apache.org>.

dependabot[bot] closed pull request #2960: Bump okhttp from 3.14.2 to 4.7.2
URL: https://github.com/apache/servicecomb-java-chassis/pull/2960


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org