You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@servicecomb.apache.org by GitBox <gi...@apache.org> on 2022/05/16 09:26:42 UTC

[GitHub] [servicecomb-java-chassis] dependabot[bot] opened a new pull request, #2900: Bump okhttp from 3.14.2 to 4.8.1

dependabot[bot] opened a new pull request, #2900:
URL: https://github.com/apache/servicecomb-java-chassis/pull/2900

   Bumps [okhttp](https://github.com/square/okhttp) from 3.14.2 to 4.8.1.
   <details>
   <summary>Changelog</summary>
   <p><em>Sourced from <a href="https://github.com/square/okhttp/blob/parent-4.8.1/CHANGELOG.md">okhttp's changelog</a>.</em></p>
   <blockquote>
   <h2>Version 4.8.1</h2>
   <p><em>2020-08-06</em></p>
   <ul>
   <li>Fix: Don't crash in <code>HeldCertificate.Builder</code> when creating certificates on older versions of
   Android, including Android 6. We were using a feature of <code>SimpleDateFormat</code> that wasn't
   available in those versions!</li>
   </ul>
   <h2>Version 4.8.0</h2>
   <p><em>2020-07-11</em></p>
   <ul>
   <li>
   <p>New: Change <code>HeldCertificate.Builder</code> to use its own ASN.1 certificate encoder. This is part
   of our effort to remove the okhttp-tls module's dependency on Bouncy Castle. We think Bouncy
   Castle is great! But it's a large dependency (6.5 MiB) and its security provider feature
   impacts VM-wide behavior.</p>
   </li>
   <li>
   <p>New: Reduce contention for applications that make a very high number of concurrent requests.
   Previously OkHttp used its connection pool as a lock when making changes to connections and
   calls. With this change each connection is locked independently.</p>
   </li>
   <li>
   <p>Upgrade: [Okio 2.7.0][okio_2_7_0].</p>
   <pre lang="kotlin"><code>implementation(&quot;com.squareup.okio:okio:2.7.0&quot;)
   </code></pre>
   </li>
   <li>
   <p>Fix: Avoid log messages like &quot;Didn't find class org.conscrypt.ConscryptHostnameVerifier&quot; when
   detecting the TLS capabilities of the host platform.</p>
   </li>
   <li>
   <p>Fix: Don't crash in <code>HttpUrl.topPrivateDomain()</code> when the hostname is malformed.</p>
   </li>
   <li>
   <p>Fix: Don't attempt Brotli decompression if the response body is empty.</p>
   </li>
   </ul>
   <h2>Version 4.7.2</h2>
   <p><em>2020-05-20</em></p>
   <ul>
   <li>Fix: Don't crash inspecting whether the host platform is JVM or Android. With 4.7.0 and 4.7.1 we
   had a crash <code>IllegalArgumentException: Not a Conscrypt trust manager</code> because we depended on
   initialization order of companion objects.</li>
   </ul>
   <h2>Version 4.7.1</h2>
   <p><em>2020-05-18</em></p>
   <ul>
   <li>Fix: Pass the right arguments in the trust manager created for <code>addInsecureHost()</code>. Without the</li>
   </ul>
   <!-- raw HTML omitted -->
   </blockquote>
   <p>... (truncated)</p>
   </details>
   <details>
   <summary>Commits</summary>
   <ul>
   <li><a href="https://github.com/square/okhttp/commit/fc6c29c4f93a7604fb0fee88be4bbc91dde6551d"><code>fc6c29c</code></a> Prepare for release 4.8.1.</li>
   <li><a href="https://github.com/square/okhttp/commit/506e8405a2c0c13ac85edac52ad69c7a14453220"><code>506e840</code></a> Implement DER constraints on date formats (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6213">#6213</a>)</li>
   <li><a href="https://github.com/square/okhttp/commit/a70e992c3f7d9adea544c40cc2a4640d28f45cc3"><code>a70e992</code></a> Prepare for release 4.8.0.</li>
   <li><a href="https://github.com/square/okhttp/commit/cf367d93391e7a7ce0063e8b2f4fb03b46ef3706"><code>cf367d9</code></a> Add defensive checks for malformed ASN.1 DER (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6180">#6180</a>)</li>
   <li><a href="https://github.com/square/okhttp/commit/0e0f3a2d8d95278bf362eaeb08f13516e383fafd"><code>0e0f3a2</code></a> Push OkHttp 3.14.x into the sea. It is no longer supported. (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6179">#6179</a>)</li>
   <li><a href="https://github.com/square/okhttp/commit/7c9cfd6b28dc9eeed9739e0c9ae3146bac01ae92"><code>7c9cfd6</code></a> Fix typo (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6178">#6178</a>)</li>
   <li><a href="https://github.com/square/okhttp/commit/4bfa33e09a4e472f8d8df402507d5bc0c4d3a416"><code>4bfa33e</code></a> Upgrade to Okio 2.7.0 (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6175">#6175</a>)</li>
   <li><a href="https://github.com/square/okhttp/commit/c4cbb57a46c4158a58d992b8bc4689ed5fd437ad"><code>c4cbb57</code></a> Don't crash on unknown GeneralName types. (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6170">#6170</a>)</li>
   <li><a href="https://github.com/square/okhttp/commit/19e9a8ffd342e734bc1863779bee71561fe68aa2"><code>19e9a8f</code></a> Drop support for indefinite length in DER (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6166">#6166</a>)</li>
   <li><a href="https://github.com/square/okhttp/commit/c04b57edacf8a3ee5dab70c1553e0d881b570edd"><code>c04b57e</code></a> Add limits to what length values DerReader supports (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6164">#6164</a>)</li>
   <li>Additional commits viewable in <a href="https://github.com/square/okhttp/compare/parent-3.14.2...parent-4.8.1">compare view</a></li>
   </ul>
   </details>
   <br />
   
   
   [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.squareup.okhttp3:okhttp&package-manager=maven&previous-version=3.14.2&new-version=4.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
   
   Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
   
   [//]: # (dependabot-automerge-start)
   [//]: # (dependabot-automerge-end)
   
   ---
   
   <details>
   <summary>Dependabot commands and options</summary>
   <br />
   
   You can trigger Dependabot actions by commenting on this PR:
   - `@dependabot rebase` will rebase this PR
   - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
   - `@dependabot merge` will merge this PR after your CI passes on it
   - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
   - `@dependabot cancel merge` will cancel a previously requested merge and block automerging
   - `@dependabot reopen` will reopen this PR if it is closed
   - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
   - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
   - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
   - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
   
   
   </details>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] dependabot[bot] closed pull request #2900: Bump okhttp from 3.14.2 to 4.8.1

Posted by GitBox <gi...@apache.org>.

dependabot[bot] closed pull request #2900: Bump okhttp from 3.14.2 to 4.8.1
URL: https://github.com/apache/servicecomb-java-chassis/pull/2900


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] dependabot[bot] commented on pull request #2900: Bump okhttp from 3.14.2 to 4.8.1

Posted by GitBox <gi...@apache.org>.

dependabot[bot] commented on PR #2900:
URL: https://github.com/apache/servicecomb-java-chassis/pull/2900#issuecomment-1127441526

   OK, I won't notify you about version 4.8.x again, unless you re-open this PR or update to a 4.8.x release yourself.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-java-chassis] Shoothzj commented on pull request #2900: Bump okhttp from 3.14.2 to 4.8.1

Posted by GitBox <gi...@apache.org>.

Shoothzj commented on PR #2900:
URL: https://github.com/apache/servicecomb-java-chassis/pull/2900#issuecomment-1127441481

   @dependabot ignore this minor version


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@servicecomb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org