Changelog
*Sourced from [okhttp's changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md).*
> ## Version 3.13.0
>
> _2019-02-04_
>
> * **This release bumps our minimum requirements to Java 8+ or Android 5+.** Cutting off old
> devices is a serious change and we don't do it lightly! [This post][require_android_5] explains
> why we're doing this and how to upgrade.
>
> The OkHttp 3.12.x branch will be our long-term branch for Android 2.3+ (API level 9+) and Java
> 7+. These platforms lack support for TLS 1.2 and should not be used. But because upgrading is
> difficult we will backport critical fixes to the 3.12.x branch through December 31, 2020.
>
> * **TLSv1 and TLSv1.1 are no longer enabled by default.** Major web browsers are working towards
> removing these versions altogether in early 2020. If your servers aren't ready yet you can
> configure OkHttp 3.13 to allow TLSv1 and TLSv1.1 connections:
>
> ```
> OkHttpClient client = new OkHttpClient.Builder()
> .connectionSpecs(Arrays.asList(ConnectionSpec.COMPATIBLE_TLS))
> .build();
> ```
>
> * New: You can now access HTTP trailers with `Response.trailers()`. This method may only be called
> after the entire HTTP response body has been read.
>
> * New: Upgrade to Okio 1.17.3. If you're on Kotlin-friendly Okio 2.x this release requires 2.2.2
> or newer.
>
> ```kotlin
> implementation("com.squareup.okio:okio:1.17.3")
> ```
>
> * Fix: Don't miss cancels when sending HTTP/2 request headers.
> * Fix: Don't miss whole operation timeouts when calls redirect.
> * Fix: Don't leak connections if web sockets have malformed responses or if `onOpen()` throws.
> * Fix: Don't retry when request bodies fail due to `FileNotFoundException`.
> * Fix: Don't crash when URLs have IPv4-mapped IPv6 addresses.
> * Fix: Don't crash when building `HandshakeCertificates` on Android API 28.
> * Fix: Permit multipart file names to contain non-ASCII characters.
> * New: API to get MockWebServer's dispatcher.
> * New: API to access headers as `java.time.Instant`.
> * New: Fail fast if a `SSLSocketFactory` is used as a `SocketFactory`.
> * New: Log the TLS handshake in `LoggingEventListener`.
Commits
- [`d556615`](https://github.com/square/okhttp/commit/d55661544bc95d5850f393809d26c3c8b5ee670f) [maven-release-plugin] prepare release parent-3.13.0
- [`b10e9c8`](https://github.com/square/okhttp/commit/b10e9c8184a4cfa4f018d19abcce79dd9e26f091) Merge pull request [#4590](https://github-redirect.dependabot.com/square/okhttp/issues/4590) from square/jwilson.0204.drop_the_bom
- [`3f890a4`](https://github.com/square/okhttp/commit/3f890a47cc467642512453e1eb3a89f12b2d96b0) Drop the okhttp-bom module
- [`293700e`](https://github.com/square/okhttp/commit/293700eeb266b3d157a0d00e3a34f5671e30eaa5) Merge pull request [#4589](https://github-redirect.dependabot.com/square/okhttp/issues/4589) from square/jwilson.0204.release_glitches
- [`2b5337d`](https://github.com/square/okhttp/commit/2b5337d14ecce5f965ea0d0001f30565f0e1d4a0) Fix some maven problems that are blocking the 3.13 release
- [`bce0e66`](https://github.com/square/okhttp/commit/bce0e669ba85bfd65d7959ef5c0043e024447741) Merge pull request [#4585](https://github-redirect.dependabot.com/square/okhttp/issues/4585) from square/jwilson.0203.mock_duplex_response_body
- [`392165d`](https://github.com/square/okhttp/commit/392165d238632c054c949bf9dde74a04a2f5f77e) Improve testing in MockDuplexResponseBody
- [`668d48c`](https://github.com/square/okhttp/commit/668d48cde940ad684f719abbbb5ff0ddc8554c65) Merge pull request [#4586](https://github-redirect.dependabot.com/square/okhttp/issues/4586) from gjoseph/patch-2
- [`d8d0f7d`](https://github.com/square/okhttp/commit/d8d0f7d12b6fe276a18a8eb0a282415fe2b9995a) Actually 2019 ;)
- [`85322d1`](https://github.com/square/okhttp/commit/85322d1ad7984b6846c2d3c7142e02753ece79d0) Update changelog for 3.13 actually expected 2019-02-04
- Additional commits viewable in [compare view](https://github.com/square/okhttp/compare/parent-3.12.1...parent-3.13.0)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
Bumps okhttp from 3.12.1 to 3.13.0.
Changelog
*Sourced from [okhttp's changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md).* > ## Version 3.13.0 > > _2019-02-04_ > > * **This release bumps our minimum requirements to Java 8+ or Android 5+.** Cutting off old > devices is a serious change and we don't do it lightly! [This post][require_android_5] explains > why we're doing this and how to upgrade. > > The OkHttp 3.12.x branch will be our long-term branch for Android 2.3+ (API level 9+) and Java > 7+. These platforms lack support for TLS 1.2 and should not be used. But because upgrading is > difficult we will backport critical fixes to the 3.12.x branch through December 31, 2020. > > * **TLSv1 and TLSv1.1 are no longer enabled by default.** Major web browsers are working towards > removing these versions altogether in early 2020. If your servers aren't ready yet you can > configure OkHttp 3.13 to allow TLSv1 and TLSv1.1 connections: > > ``` > OkHttpClient client = new OkHttpClient.Builder() > .connectionSpecs(Arrays.asList(ConnectionSpec.COMPATIBLE_TLS)) > .build(); > ``` > > * New: You can now access HTTP trailers with `Response.trailers()`. This method may only be called > after the entire HTTP response body has been read. > > * New: Upgrade to Okio 1.17.3. If you're on Kotlin-friendly Okio 2.x this release requires 2.2.2 > or newer. > > ```kotlin > implementation("com.squareup.okio:okio:1.17.3") > ``` > > * Fix: Don't miss cancels when sending HTTP/2 request headers. > * Fix: Don't miss whole operation timeouts when calls redirect. > * Fix: Don't leak connections if web sockets have malformed responses or if `onOpen()` throws. > * Fix: Don't retry when request bodies fail due to `FileNotFoundException`. > * Fix: Don't crash when URLs have IPv4-mapped IPv6 addresses. > * Fix: Don't crash when building `HandshakeCertificates` on Android API 28. > * Fix: Permit multipart file names to contain non-ASCII characters. > * New: API to get MockWebServer's dispatcher. > * New: API to access headers as `java.time.Instant`. > * New: Fail fast if a `SSLSocketFactory` is used as a `SocketFactory`. > * New: Log the TLS handshake in `LoggingEventListener`.Commits
- [`d556615`](https://github.com/square/okhttp/commit/d55661544bc95d5850f393809d26c3c8b5ee670f) [maven-release-plugin] prepare release parent-3.13.0 - [`b10e9c8`](https://github.com/square/okhttp/commit/b10e9c8184a4cfa4f018d19abcce79dd9e26f091) Merge pull request [#4590](https://github-redirect.dependabot.com/square/okhttp/issues/4590) from square/jwilson.0204.drop_the_bom - [`3f890a4`](https://github.com/square/okhttp/commit/3f890a47cc467642512453e1eb3a89f12b2d96b0) Drop the okhttp-bom module - [`293700e`](https://github.com/square/okhttp/commit/293700eeb266b3d157a0d00e3a34f5671e30eaa5) Merge pull request [#4589](https://github-redirect.dependabot.com/square/okhttp/issues/4589) from square/jwilson.0204.release_glitches - [`2b5337d`](https://github.com/square/okhttp/commit/2b5337d14ecce5f965ea0d0001f30565f0e1d4a0) Fix some maven problems that are blocking the 3.13 release - [`bce0e66`](https://github.com/square/okhttp/commit/bce0e669ba85bfd65d7959ef5c0043e024447741) Merge pull request [#4585](https://github-redirect.dependabot.com/square/okhttp/issues/4585) from square/jwilson.0203.mock_duplex_response_body - [`392165d`](https://github.com/square/okhttp/commit/392165d238632c054c949bf9dde74a04a2f5f77e) Improve testing in MockDuplexResponseBody - [`668d48c`](https://github.com/square/okhttp/commit/668d48cde940ad684f719abbbb5ff0ddc8554c65) Merge pull request [#4586](https://github-redirect.dependabot.com/square/okhttp/issues/4586) from gjoseph/patch-2 - [`d8d0f7d`](https://github.com/square/okhttp/commit/d8d0f7d12b6fe276a18a8eb0a282415fe2b9995a) Actually 2019 ;) - [`85322d1`](https://github.com/square/okhttp/commit/85322d1ad7984b6846c2d3c7142e02753ece79d0) Update changelog for 3.13 actually expected 2019-02-04 - Additional commits viewable in [compare view](https://github.com/square/okhttp/compare/parent-3.12.1...parent-3.13.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.