Changelog
*Sourced from [okhttp's changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md).*
> ## Version 3.13.1
>
> _2019-02-05_
>
> * Fix: Don't crash when using a custom `X509TrustManager` or `SSLSocket` on Android. When we
> removed obsolete code for Android 4.4 we inadvertently also removed support for custom
> subclasses. We've restored that support!
>
>
> ## Version 3.13.0
>
> _2019-02-04_
>
> * **This release bumps our minimum requirements to Java 8+ or Android 5+.** Cutting off old
> devices is a serious change and we don't do it lightly! [This post][require_android_5] explains
> why we're doing this and how to upgrade.
>
> The OkHttp 3.12.x branch will be our long-term branch for Android 2.3+ (API level 9+) and Java
> 7+. These platforms lack support for TLS 1.2 and should not be used. But because upgrading is
> difficult we will backport critical fixes to the 3.12.x branch through December 31, 2020.
>
> * **TLSv1 and TLSv1.1 are no longer enabled by default.** Major web browsers are working towards
> removing these versions altogether in early 2020. If your servers aren't ready yet you can
> configure OkHttp 3.13 to allow TLSv1 and TLSv1.1 connections:
>
> ```
> OkHttpClient client = new OkHttpClient.Builder()
> .connectionSpecs(Arrays.asList(ConnectionSpec.COMPATIBLE_TLS))
> .build();
> ```
>
> * New: You can now access HTTP trailers with `Response.trailers()`. This method may only be called
> after the entire HTTP response body has been read.
>
> * New: Upgrade to Okio 1.17.3. If you're on Kotlin-friendly Okio 2.x this release requires 2.2.2
> or newer.
>
> ```kotlin
> implementation("com.squareup.okio:okio:1.17.3")
> ```
>
> * Fix: Don't miss cancels when sending HTTP/2 request headers.
> * Fix: Don't miss whole operation timeouts when calls redirect.
> * Fix: Don't leak connections if web sockets have malformed responses or if `onOpen()` throws.
> * Fix: Don't retry when request bodies fail due to `FileNotFoundException`.
> * Fix: Don't crash when URLs have IPv4-mapped IPv6 addresses.
> * Fix: Don't crash when building `HandshakeCertificates` on Android API 28.
> * Fix: Permit multipart file names to contain non-ASCII characters.
> * New: API to get MockWebServer's dispatcher.
> * New: API to access headers as `java.time.Instant`.
> ... (truncated)
Commits
- [`d28d2ce`](https://github.com/square/okhttp/commit/d28d2cec21641b61f3d34e05dd52f43a717c2d32) [maven-release-plugin] prepare release parent-3.13.1
- [`c93cb5a`](https://github.com/square/okhttp/commit/c93cb5a24d47d1659b11cf6a2e1c8153b94ff582) Merge pull request [#4593](https://github-redirect.dependabot.com/square/okhttp/issues/4593) from square/jwilson.0205.restore_custom_tls
- [`ad8d809`](https://github.com/square/okhttp/commit/ad8d8099a5e475475ddce44cde1b5e1d360990c4) Restore support for custom trust managers on Android
- [`ffbe3ca`](https://github.com/square/okhttp/commit/ffbe3ca5009a443ece2802c49bb366eefbac5906) Bump docs to 3.13.0
- [`5ecd590`](https://github.com/square/okhttp/commit/5ecd590c8c0cd7833ed378c8702d3a228817b4e8) [maven-release-plugin] prepare for next development iteration
- [`d556615`](https://github.com/square/okhttp/commit/d55661544bc95d5850f393809d26c3c8b5ee670f) [maven-release-plugin] prepare release parent-3.13.0
- [`b10e9c8`](https://github.com/square/okhttp/commit/b10e9c8184a4cfa4f018d19abcce79dd9e26f091) Merge pull request [#4590](https://github-redirect.dependabot.com/square/okhttp/issues/4590) from square/jwilson.0204.drop_the_bom
- [`3f890a4`](https://github.com/square/okhttp/commit/3f890a47cc467642512453e1eb3a89f12b2d96b0) Drop the okhttp-bom module
- [`293700e`](https://github.com/square/okhttp/commit/293700eeb266b3d157a0d00e3a34f5671e30eaa5) Merge pull request [#4589](https://github-redirect.dependabot.com/square/okhttp/issues/4589) from square/jwilson.0204.release_glitches
- [`2b5337d`](https://github.com/square/okhttp/commit/2b5337d14ecce5f965ea0d0001f30565f0e1d4a0) Fix some maven problems that are blocking the 3.13 release
- Additional commits viewable in [compare view](https://github.com/square/okhttp/compare/parent-3.6.0...parent-3.13.1)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
Bumps okhttp from 3.6.0 to 3.13.1.
Changelog
*Sourced from [okhttp's changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md).* > ## Version 3.13.1 > > _2019-02-05_ > > * Fix: Don't crash when using a custom `X509TrustManager` or `SSLSocket` on Android. When we > removed obsolete code for Android 4.4 we inadvertently also removed support for custom > subclasses. We've restored that support! > > > ## Version 3.13.0 > > _2019-02-04_ > > * **This release bumps our minimum requirements to Java 8+ or Android 5+.** Cutting off old > devices is a serious change and we don't do it lightly! [This post][require_android_5] explains > why we're doing this and how to upgrade. > > The OkHttp 3.12.x branch will be our long-term branch for Android 2.3+ (API level 9+) and Java > 7+. These platforms lack support for TLS 1.2 and should not be used. But because upgrading is > difficult we will backport critical fixes to the 3.12.x branch through December 31, 2020. > > * **TLSv1 and TLSv1.1 are no longer enabled by default.** Major web browsers are working towards > removing these versions altogether in early 2020. If your servers aren't ready yet you can > configure OkHttp 3.13 to allow TLSv1 and TLSv1.1 connections: > > ``` > OkHttpClient client = new OkHttpClient.Builder() > .connectionSpecs(Arrays.asList(ConnectionSpec.COMPATIBLE_TLS)) > .build(); > ``` > > * New: You can now access HTTP trailers with `Response.trailers()`. This method may only be called > after the entire HTTP response body has been read. > > * New: Upgrade to Okio 1.17.3. If you're on Kotlin-friendly Okio 2.x this release requires 2.2.2 > or newer. > > ```kotlin > implementation("com.squareup.okio:okio:1.17.3") > ``` > > * Fix: Don't miss cancels when sending HTTP/2 request headers. > * Fix: Don't miss whole operation timeouts when calls redirect. > * Fix: Don't leak connections if web sockets have malformed responses or if `onOpen()` throws. > * Fix: Don't retry when request bodies fail due to `FileNotFoundException`. > * Fix: Don't crash when URLs have IPv4-mapped IPv6 addresses. > * Fix: Don't crash when building `HandshakeCertificates` on Android API 28. > * Fix: Permit multipart file names to contain non-ASCII characters. > * New: API to get MockWebServer's dispatcher. > * New: API to access headers as `java.time.Instant`. > ... (truncated)Commits
- [`d28d2ce`](https://github.com/square/okhttp/commit/d28d2cec21641b61f3d34e05dd52f43a717c2d32) [maven-release-plugin] prepare release parent-3.13.1 - [`c93cb5a`](https://github.com/square/okhttp/commit/c93cb5a24d47d1659b11cf6a2e1c8153b94ff582) Merge pull request [#4593](https://github-redirect.dependabot.com/square/okhttp/issues/4593) from square/jwilson.0205.restore_custom_tls - [`ad8d809`](https://github.com/square/okhttp/commit/ad8d8099a5e475475ddce44cde1b5e1d360990c4) Restore support for custom trust managers on Android - [`ffbe3ca`](https://github.com/square/okhttp/commit/ffbe3ca5009a443ece2802c49bb366eefbac5906) Bump docs to 3.13.0 - [`5ecd590`](https://github.com/square/okhttp/commit/5ecd590c8c0cd7833ed378c8702d3a228817b4e8) [maven-release-plugin] prepare for next development iteration - [`d556615`](https://github.com/square/okhttp/commit/d55661544bc95d5850f393809d26c3c8b5ee670f) [maven-release-plugin] prepare release parent-3.13.0 - [`b10e9c8`](https://github.com/square/okhttp/commit/b10e9c8184a4cfa4f018d19abcce79dd9e26f091) Merge pull request [#4590](https://github-redirect.dependabot.com/square/okhttp/issues/4590) from square/jwilson.0204.drop_the_bom - [`3f890a4`](https://github.com/square/okhttp/commit/3f890a47cc467642512453e1eb3a89f12b2d96b0) Drop the okhttp-bom module - [`293700e`](https://github.com/square/okhttp/commit/293700eeb266b3d157a0d00e3a34f5671e30eaa5) Merge pull request [#4589](https://github-redirect.dependabot.com/square/okhttp/issues/4589) from square/jwilson.0204.release_glitches - [`2b5337d`](https://github.com/square/okhttp/commit/2b5337d14ecce5f965ea0d0001f30565f0e1d4a0) Fix some maven problems that are blocking the 3.13 release - Additional commits viewable in [compare view](https://github.com/square/okhttp/compare/parent-3.6.0...parent-3.13.1)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.