Changelog
*Sourced from [okhttp's changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md).*
> ## Version 3.12.0
>
> _2018-11-16_
>
> * **OkHttp now supports TLS 1.3.** This requires either Conscrypt or Java 11+.
>
> * **Proxy authenticators are now asked for preemptive authentication.** OkHttp will now request
> authentication credentials before creating TLS tunnels through HTTP proxies (HTTP `CONNECT`).
> Authenticators should identify preemptive authentications by the presence of a challenge whose
> scheme is "OkHttp-Preemptive".
>
> * **OkHttp now offers full-operation timeouts.** This sets a limit on how long the entire call may
> take and covers resolving DNS, connecting, writing the request body, server processing, and
> reading the full response body. If a call requires redirects or retries all must complete within
> one timeout period.
>
> Use `OkHttpClient.Builder.callTimeout()` to specify the default duration and `Call.timeout()` to
> specify the timeout of an individual call.
>
> * New: Return values and fields are now non-null unless otherwise annotated.
> * New: `LoggingEventListener` makes it easy to get basic visibility into a call's performance.
> This class is in the `logging-interceptor` artifact.
> * New: `Headers.Builder.addUnsafeNonAscii()` allows non-ASCII values to be added without an
> immediate exception.
> * New: Headers can be redacted in `HttpLoggingInterceptor`.
> * New: `Headers.Builder` now accepts dates.
> * New: OkHttp now accepts `java.time.Duration` for timeouts on Java 8+ and Android 26+.
> * New: `Challenge` includes all authentication parameters.
> * New: Upgrade to BouncyCastle 1.60, Conscrypt 1.4.0, and Okio 1.15.0. We don't yet require
> Kotlin-friendly Okio 2.x but OkHttp works fine with that series.
>
> ```kotlin
> implementation("org.bouncycastle:bcprov-jdk15on:1.60")
> implementation("org.conscrypt:conscrypt-openjdk-uber:1.4.0")
> implementation("com.squareup.okio:okio:1.15.0")
> ```
>
> * Fix: Handle dispatcher executor shutdowns gracefully. When there aren't any threads to carry a
> call its callback now gets a `RejectedExecutionException`.
> * Fix: Don't permanently cache responses with `Cache-Control: immutable`. We misunderstood the
> original `immutable` proposal!
> * Fix: Change `Authenticator`'s `Route` parameter to be nullable. This was marked as non-null but
> could be called with null in some cases.
> * Fix: Don't create malformed URLs when `MockWebServer` is reached via an IPv6 address.
> * Fix: Don't crash if the system default authenticator is null.
> * Fix: Don't crash generating elliptic curve certificates on Android.
> * Fix: Don't crash doing platform detection on RoboVM.
> * Fix: Don't leak socket connections when web socket upgrades fail.
Commits
- [`7f63a35`](https://github.com/square/okhttp/commit/7f63a35ab1a8344279d2e84e07884a45f45f0690) [maven-release-plugin] prepare release parent-3.12.0
- [`9e195fa`](https://github.com/square/okhttp/commit/9e195fa37d0e1a48fdb2c7d8457a4177238c66fe) Update changelog for OkHttp 3.12.
- [`2198975`](https://github.com/square/okhttp/commit/2198975a425c57e1211cc366a42f0465776469b1) Merge pull request [#4388](https://github-redirect.dependabot.com/square/okhttp/issues/4388) from square/jwilson.1114.use_ec_not_ecdsa
- [`d062472`](https://github.com/square/okhttp/commit/d062472253f4936c2e9aae2d858290e692295f05) Specify "EC" to generate eliptic curve keys, not ECDSA
- [`1f7e796`](https://github.com/square/okhttp/commit/1f7e796e6e658df34a98276b2092a81de118937d) Cleanup HttpLoggingInterceptor ([#4346](https://github-redirect.dependabot.com/square/okhttp/issues/4346))
- [`ef34a41`](https://github.com/square/okhttp/commit/ef34a41d09fbcc8e03c179cb9b121c918f671f88) Add a LoggingEventListener and use it in okcurl ([#4353](https://github-redirect.dependabot.com/square/okhttp/issues/4353))
- [`8a01554`](https://github.com/square/okhttp/commit/8a01554770d10062bb9d24176a8166e88412fbe2) Merge pull request [#4376](https://github-redirect.dependabot.com/square/okhttp/issues/4376) from square/jwilson.1107.preemptive_auth
- [`5a316c0`](https://github.com/square/okhttp/commit/5a316c0b403809558d9a2227a4d8820642ec34f5) Preemptive auth for proxy CONNECT
- [`568a91c`](https://github.com/square/okhttp/commit/568a91c44a118b2c2ba62d310a331582c567b24a) Merge pull request [#4381](https://github-redirect.dependabot.com/square/okhttp/issues/4381) from square/jwilson.1112.weaken_immutable
- [`764b31b`](https://github.com/square/okhttp/commit/764b31b3e2367dcadacc08b818739b065b1c4bef) Relax handling of Cache-Control: immutable
- Additional commits viewable in [compare view](https://github.com/square/okhttp/compare/parent-3.11.0...parent-3.12.0)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
Bumps okhttp from 3.11.0 to 3.12.0.
Changelog
*Sourced from [okhttp's changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md).* > ## Version 3.12.0 > > _2018-11-16_ > > * **OkHttp now supports TLS 1.3.** This requires either Conscrypt or Java 11+. > > * **Proxy authenticators are now asked for preemptive authentication.** OkHttp will now request > authentication credentials before creating TLS tunnels through HTTP proxies (HTTP `CONNECT`). > Authenticators should identify preemptive authentications by the presence of a challenge whose > scheme is "OkHttp-Preemptive". > > * **OkHttp now offers full-operation timeouts.** This sets a limit on how long the entire call may > take and covers resolving DNS, connecting, writing the request body, server processing, and > reading the full response body. If a call requires redirects or retries all must complete within > one timeout period. > > Use `OkHttpClient.Builder.callTimeout()` to specify the default duration and `Call.timeout()` to > specify the timeout of an individual call. > > * New: Return values and fields are now non-null unless otherwise annotated. > * New: `LoggingEventListener` makes it easy to get basic visibility into a call's performance. > This class is in the `logging-interceptor` artifact. > * New: `Headers.Builder.addUnsafeNonAscii()` allows non-ASCII values to be added without an > immediate exception. > * New: Headers can be redacted in `HttpLoggingInterceptor`. > * New: `Headers.Builder` now accepts dates. > * New: OkHttp now accepts `java.time.Duration` for timeouts on Java 8+ and Android 26+. > * New: `Challenge` includes all authentication parameters. > * New: Upgrade to BouncyCastle 1.60, Conscrypt 1.4.0, and Okio 1.15.0. We don't yet require > Kotlin-friendly Okio 2.x but OkHttp works fine with that series. > > ```kotlin > implementation("org.bouncycastle:bcprov-jdk15on:1.60") > implementation("org.conscrypt:conscrypt-openjdk-uber:1.4.0") > implementation("com.squareup.okio:okio:1.15.0") > ``` > > * Fix: Handle dispatcher executor shutdowns gracefully. When there aren't any threads to carry a > call its callback now gets a `RejectedExecutionException`. > * Fix: Don't permanently cache responses with `Cache-Control: immutable`. We misunderstood the > original `immutable` proposal! > * Fix: Change `Authenticator`'s `Route` parameter to be nullable. This was marked as non-null but > could be called with null in some cases. > * Fix: Don't create malformed URLs when `MockWebServer` is reached via an IPv6 address. > * Fix: Don't crash if the system default authenticator is null. > * Fix: Don't crash generating elliptic curve certificates on Android. > * Fix: Don't crash doing platform detection on RoboVM. > * Fix: Don't leak socket connections when web socket upgrades fail.Commits
- [`7f63a35`](https://github.com/square/okhttp/commit/7f63a35ab1a8344279d2e84e07884a45f45f0690) [maven-release-plugin] prepare release parent-3.12.0 - [`9e195fa`](https://github.com/square/okhttp/commit/9e195fa37d0e1a48fdb2c7d8457a4177238c66fe) Update changelog for OkHttp 3.12. - [`2198975`](https://github.com/square/okhttp/commit/2198975a425c57e1211cc366a42f0465776469b1) Merge pull request [#4388](https://github-redirect.dependabot.com/square/okhttp/issues/4388) from square/jwilson.1114.use_ec_not_ecdsa - [`d062472`](https://github.com/square/okhttp/commit/d062472253f4936c2e9aae2d858290e692295f05) Specify "EC" to generate eliptic curve keys, not ECDSA - [`1f7e796`](https://github.com/square/okhttp/commit/1f7e796e6e658df34a98276b2092a81de118937d) Cleanup HttpLoggingInterceptor ([#4346](https://github-redirect.dependabot.com/square/okhttp/issues/4346)) - [`ef34a41`](https://github.com/square/okhttp/commit/ef34a41d09fbcc8e03c179cb9b121c918f671f88) Add a LoggingEventListener and use it in okcurl ([#4353](https://github-redirect.dependabot.com/square/okhttp/issues/4353)) - [`8a01554`](https://github.com/square/okhttp/commit/8a01554770d10062bb9d24176a8166e88412fbe2) Merge pull request [#4376](https://github-redirect.dependabot.com/square/okhttp/issues/4376) from square/jwilson.1107.preemptive_auth - [`5a316c0`](https://github.com/square/okhttp/commit/5a316c0b403809558d9a2227a4d8820642ec34f5) Preemptive auth for proxy CONNECT - [`568a91c`](https://github.com/square/okhttp/commit/568a91c44a118b2c2ba62d310a331582c567b24a) Merge pull request [#4381](https://github-redirect.dependabot.com/square/okhttp/issues/4381) from square/jwilson.1112.weaken_immutable - [`764b31b`](https://github.com/square/okhttp/commit/764b31b3e2367dcadacc08b818739b065b1c4bef) Relax handling of Cache-Control: immutable - Additional commits viewable in [compare view](https://github.com/square/okhttp/compare/parent-3.11.0...parent-3.12.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.