dependabot-preview[bot]
commented
5 years ago Superseded by #120.
Closed dependabot-preview[bot] closed 5 years ago
dependabot-preview[bot]
commented
5 years ago Superseded by #120.
Bumps okhttp from 3.6.0 to 3.11.0.
Changelog
*Sourced from [okhttp's changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md).* > ## Version 3.11.0 > > _2018-07-12_ > > * **OkHttp's new okhttp-tls submodule tames HTTPS and TLS.** > > `HeldCertificate` is a TLS certificate and its private key. Generate a certificate with its > builder then use it to sign another certificate or perform a TLS handshake. The > `certificatePem()` method encodes the certificate in the familiar PEM format > (`--- BEGIN CERTIFICATE ---`); the `privateKeyPkcs8Pem()` does likewise for the private key. > > `HandshakeCertificates` holds the TLS certificates required for a TLS handshake. On the server > it keeps your `HeldCertificate` and its chain. On the client it keeps the root certificates > that are trusted to sign a server's certificate chain. `HandshakeCertificates` also works with > mutual TLS where these roles are reversed. > > These classes make it possible to enable HTTPS in MockWebServer in [just a few lines of > code][https_server_sample]. > > * **OkHttp now supports prior knowledge cleartext HTTP/2.** Enable this by setting > `Protocol.H2_PRIOR_KNOWLEDGE` as the lone protocol on an `OkHttpClient.Builder`. This mode > only supports `http:` URLs and is best suited in closed environments where HTTPS is > inappropriate. > > * New: `HttpUrl.get(String)` is an alternative to `HttpUrl.parse(String)` that throws an exception > when the URL is malformed instead of returning null. Use this to avoid checking for null in > situations where the input is known to be well-formed. We've also added `MediaType.get(String)` > which is an exception-throwing alternative to `MediaType.parse(String)`. > * New: The `EventListener` API previewed in OkHttp 3.9 has graduated to a stable API. Use this > interface to track metrics and monitor HTTP requests' size and duration. > * New: `okhttp-dnsoverhttps` is an experimental API for doing DNS queries over HTTPS. Using HTTPS > for DNS offers better security and potentially better performance. This feature is a preview: > the API is subject to change. > * New: `okhttp-sse` is an early preview of Server-Sent Events (SSE). This feature is incomplete > and is only suitable for experimental use. > * New: MockWebServer now supports client authentication (mutual TLS). Call `requestClientAuth()` > to permit an optional client certificate or `requireClientAuth()` to require one. > * New: `RecordedRequest.getHandshake()` returns the HTTPS handshake of a request sent to > `MockWebServer`. > * Fix: Honor the `MockResponse` header delay in MockWebServer. > * Fix: Don't release HTTP/2 connections that have multiple canceled calls. We had a bug where > canceling calls would cause the shared HTTP/2 connection to be unnecessarily released. This > harmed connection reuse. > * Fix: Ensure canceled and discarded HTTP/2 data is not permanently counted against the limited > flow control window. We had a few bugs where window size accounting was broken when streams > were canceled or reset. > * Fix: Recover gracefully if the TLS session returns an unexpected version (`NONE`) or cipher > suite (`SSL_NULL_WITH_NULL_NULL`). > * Fix: Don't change Conscrypt configuration globally. We migrated from a process-wide setting to > configuring only OkHttp's TLS sockets. > ... (truncated)Commits
- [`95ae0cf`](https://github.com/square/okhttp/commit/95ae0cf421c0f9c5521578781952108d1a1e1bdd) [maven-release-plugin] prepare release parent-3.11.0 - [`bbfdfac`](https://github.com/square/okhttp/commit/bbfdfac0064f5fd601e40f4f78d28f823698ccb2) Update the changelog for OkHttp 3.11. - [`d51fd3b`](https://github.com/square/okhttp/commit/d51fd3ba6abcf3790bc0269fe108910848d234b0) Merge pull request [#4127](https://github-redirect.dependabot.com/square/okhttp/issues/4127) from square/concurrent-http2-flow-control - [`2f1be26`](https://github.com/square/okhttp/commit/2f1be26582909b25a4ec19054a67c6047b0a0359) Merge pull request [#4142](https://github-redirect.dependabot.com/square/okhttp/issues/4142) from square/jwilson.0711.deluxe_tags - [`f5905f4`](https://github.com/square/okhttp/commit/f5905f4ef3818d8f211e6ecee9892709a28206d1) Confirm concurrent HTTP/2 requests with empty flow-control window. - [`ce78c4c`](https://github.com/square/okhttp/commit/ce78c4cc22bf330c2d3e7d70f3427568ffc731fc) Merge pull request [#4144](https://github-redirect.dependabot.com/square/okhttp/issues/4144) from square/jwilson.0712.platform_trust - [`7a29af6`](https://github.com/square/okhttp/commit/7a29af6d95f961e1861f54b03525938ce1f5c0d7) Deluxe tags. - [`137e7de`](https://github.com/square/okhttp/commit/137e7de0454f10160370f105ac7d9d2fc5403c84) New API, HandshakeCertificates.addPlatformTrustedCertificates() - [`3788714`](https://github.com/square/okhttp/commit/37887141fe8cc398eff35dc4fbe74c9b4bcdc26c) Rename TlsNode to HandshakeCertificates ([#4141](https://github-redirect.dependabot.com/square/okhttp/issues/4141)) - [`b0ac074`](https://github.com/square/okhttp/commit/b0ac074437ac9c168274120e272cd4b29538a468) Merge pull request [#4139](https://github-redirect.dependabot.com/square/okhttp/issues/4139) from square/jwilson.0711.tls_node - Additional commits viewable in [compare view](https://github.com/square/okhttp/compare/parent-3.6.0...parent-3.11.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.
You can always request more updates by clicking
Bump nowin your Dependabot dashboard.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.