[!WARNING]
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
square/okhttp (com.squareup.okhttp3:okhttp-dnsoverhttps)
### [`v5.0.0-alpha.14`](https://togithub.com/square/okhttp/blob/HEAD/CHANGELOG.md#Version-500-alpha14)
*2024-04-17*
- Breaking: Move coroutines extensions to okhttp3.coroutines. Previously this artifact shared the
`okhttp3` package name with our core module, which is incompatible with the Java Platform Module
System.
- Fix in okhttp-coroutines: Publish a valid artifact. The coroutines JAR file in 5.0.0-alpha.13
was corrupt and should not be used.
### [`v5.0.0-alpha.13`](https://togithub.com/square/okhttp/blob/HEAD/CHANGELOG.md#Version-500-alpha13)
*2024-04-16*
- Breaking: Tag unstable new APIs as `@ExperimentalOkHttpApi`. We intend to release OkHttp 5.0
without stabilizing these new APIs first.
Do not use these experimental APIs in modules that may be executed using a version of OkHttp
different from the version that the module was compiled with. Do not use them in published
libraries. Do not use them if you aren't willing to track changes to them.
- Breaking: Drop support for Kotlin Multiplatform.
We planned to support multiplatform in OkHttp 5.0, but after building it, we weren't happy with
the implementation trade-offs. We can't use our HTTP client engine on Kotlin/JS, and we weren't
prepared to build a TLS API for Kotlin/Native.
We'd prefer a multiplatform HTTP client API that's backed by OkHttp on Android and JVM, and
other engines on other platforms. \[Ktor] does this pretty well today!
- Breaking: Use `kotlin.time.Duration` in APIs like `OkHttpClient.Builder.callTimeout()`. This
update also drops support for the `DurationUnit` functions introduced in earlier alpha releases
of OkHttp 5.
- Breaking: Reorder the parameters in the Cache constructor that was introduced in 5.0.0-alpha.3.
- New: `Request.Builder.cacheUrlOverride()` customizes the cache key used for a request. This can
be used to make canonical URLs for the cache that omit insignificant query parameters or other
irrelevant data.
This feature may be used with `POST` requests to cache their responses. In such cases the
request body is not used to determine the cache key, so you must manually add cache-relevant
data to the override URL. For example, you could add a `request-body-sha256` query parameter so
requests with the same POST data get the same cache entry.
- New: `HttpLoggingInterceptor.redactQueryParams()` configures the query parameters to redact
in logs. For best security, don't put sensitive information in query parameters.
- New: `ConnectionPool.setPolicy()` configures a minimum connection pool size for a target
address. Use this to proactively open HTTP connections.
Connections opened to fulfill this policy are subject to the connection pool's
`keepAliveDuration` but do not count against the pool-wide `maxIdleConnections` limit.
This feature increases the client's traffic and the load on the server. Talking to your server's
operators before adopting it.
- New in okhttp-android: `HttpLoggingInterceptor.androidLogging()` and
`LoggingEventListener.androidLogging()` write HTTP calls or events to Logcat.
- New: `OkHttpClient.webSocketCloseTimeout` configures how long a web socket connection will wait
for a graceful shutdown before it performs an abrupt shutdown.
- Fix: Honor `RequestBody.isOneShot()` in `MultipartBody`
- Fix in `okhttp-coroutines`: Don't leak response bodies in `executeAsync()`. We had a bug where
we didn't call `Response.close()` if the coroutine was canceled before its response was
returned.
- Upgrade: \[Okio 3.9.0]\[okio\_3\_9\_0].
- Upgrade: \[Kotlin 1.9.23]\[kotlin\_1\_9\_23].
- Upgrade: \[Unicode® IDNA 15.1.0]\[idna\_15\_1\_0]
### [`v5.0.0-alpha.12`](https://togithub.com/square/okhttp/blob/HEAD/CHANGELOG.md#Version-500-alpha12)
*2023-12-17*
We took too long to cut this release and there's a lot of changes in it. We've been busy.
Although this release is labeled *alpha*, the only unstable thing in it is our new APIs. This
release has many critical bug fixes and is safe to run in production. We're eager to stabilize our
new APIs so we can get out of alpha.
- New: Support Java 21's virtual threads (‘OpenJDK Project Loom’). We changed OkHttp's internals
to use `Lock` and `Condition` instead of `synchronized` for best resource utilization.
- New: Switch our Internationalized Domain Name (IDN) implementation to \[UTS [#46](https://togithub.com/square/okhttp/issues/46) Nontransitional
Processing]\[uts46]. With this fix, the `ß` code point no longer maps to `ss`. OkHttp now embeds
its own IDN mapping table in the library.
- New: Prefer the client's configured precedence order for TLS cipher suites. (OkHttp used to
prefer the JDK’s precedence order.) This change may cause your HTTP calls to negotiate a
different cipher suite than before! OkHttp's defaults cipher suites are selected for good
security and performance.
- New: `ConnectionListener` publishes events for connects, disconnects, and use of pooled
connections.
- Fix: Immediately update the connection's flow control window instead of waiting for the
receiving stream to process it.
This change may increase OkHttp's memory use for applications that make many concurrent HTTP
calls and that can receive data faster than they can process it. Previously, OkHttp limited
HTTP/2 to 16 MiB of unacknowledged data per connection. With this fix there is a limit of 16 MiB
of unacknowledged data per stream and no per-connection limit.
- Fix: Don't close a `Deflater` while we're still using it to compress a web socket message. We
had a severe bug where web sockets were closed on the wrong thread, which caused
`NullPointerException` crashes in `Deflater`.
- Fix: Don't crash after a web socket fails its connection upgrade. We incorrectly released
the web socket's connections back to the pool before their resources were cleaned up.
- Fix: Don't infinite loop when a received web socket message has self-terminating compressed
data.
- Fix: Don't fail the call when the response code is ‘HTTP 102 Processing’ or ‘HTTP 103 Early
Hints’.
- Fix: Honor interceptors' changes to connect and read timeouts.
- Fix: Recover gracefully when a cached response is corrupted on disk.
- Fix: Don't leak file handles when a cache disk write fails.
- Fix: Don't hang when the public suffix database cannot be loaded. We had a bug where a failure
reading the public suffix database would cause subsequent reads to hang when they should have
crashed.
- Fix: Avoid `InetAddress.getCanonicalHostName()` in MockWebServer. This avoids problems if the
host machine's IP address has additional DNS registrations.
- New: Create a JPMS-compatible artifact for `JavaNetCookieJar`. Previously, multiple OkHttp
artifacts defined classes in the `okhttp3` package, but this is forbidden by the Java module
system. We've fixed this with a new package (`okhttp3.java.net.cookiejar`) and a new artifact,
`com.squareup.okhttp3:okhttp-java-net-cookiehandler`. (The original artifact now delegates to
this new one.)
```kotlin
implementation("com.squareup.okhttp3:okhttp-java-net-cookiehandler:5.0.0-alpha.12")
```
- New: `Cookie.sameSite` determines whether cookies should be sent on cross-site requests. This
is used by servers to defend against Cross-Site Request Forgery (CSRF) attacks.
- New: Log the total time of the HTTP call in `HttpLoggingInterceptor`.
- New: `OkHttpClient.Builder` now has APIs that use `kotlin.time.Duration`.
- New: `mockwebserver3.SocketPolicy` is now a sealed interface. This is one of several
backwards-incompatible API changes that may impact early adopters of this alpha API.
- New: `mockwebserver3.Stream` for duplex streams.
- New: `mockwebserver3.MockResponseBody` for streamed response bodies.
- New: `mockwebserver3.MockResponse` is now immutable, with a `Builder`.
- New: `mockwebserver3.RecordedRequest.handshakeServerNames` returns the SNI (Server Name
Indication) attribute from the TLS handshake.
- Upgrade: \[Kotlin 1.9.21]\[kotlin\_1\_9\_21].
- Upgrade: \[Okio 3.7.0]\[okio\_3\_7\_0].
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
5.0.0-alpha.11->5.0.0-alpha.145.0.0-alpha.11->5.0.0-alpha.145.0.0-alpha.11->5.0.0-alpha.14Release Notes
square/okhttp (com.squareup.okhttp3:okhttp-dnsoverhttps)
### [`v5.0.0-alpha.14`](https://togithub.com/square/okhttp/blob/HEAD/CHANGELOG.md#Version-500-alpha14) *2024-04-17* - Breaking: Move coroutines extensions to okhttp3.coroutines. Previously this artifact shared the `okhttp3` package name with our core module, which is incompatible with the Java Platform Module System. - Fix in okhttp-coroutines: Publish a valid artifact. The coroutines JAR file in 5.0.0-alpha.13 was corrupt and should not be used. ### [`v5.0.0-alpha.13`](https://togithub.com/square/okhttp/blob/HEAD/CHANGELOG.md#Version-500-alpha13) *2024-04-16* - Breaking: Tag unstable new APIs as `@ExperimentalOkHttpApi`. We intend to release OkHttp 5.0 without stabilizing these new APIs first. Do not use these experimental APIs in modules that may be executed using a version of OkHttp different from the version that the module was compiled with. Do not use them in published libraries. Do not use them if you aren't willing to track changes to them. - Breaking: Drop support for Kotlin Multiplatform. We planned to support multiplatform in OkHttp 5.0, but after building it, we weren't happy with the implementation trade-offs. We can't use our HTTP client engine on Kotlin/JS, and we weren't prepared to build a TLS API for Kotlin/Native. We'd prefer a multiplatform HTTP client API that's backed by OkHttp on Android and JVM, and other engines on other platforms. \[Ktor] does this pretty well today! - Breaking: Use `kotlin.time.Duration` in APIs like `OkHttpClient.Builder.callTimeout()`. This update also drops support for the `DurationUnit` functions introduced in earlier alpha releases of OkHttp 5. - Breaking: Reorder the parameters in the Cache constructor that was introduced in 5.0.0-alpha.3. - New: `Request.Builder.cacheUrlOverride()` customizes the cache key used for a request. This can be used to make canonical URLs for the cache that omit insignificant query parameters or other irrelevant data. This feature may be used with `POST` requests to cache their responses. In such cases the request body is not used to determine the cache key, so you must manually add cache-relevant data to the override URL. For example, you could add a `request-body-sha256` query parameter so requests with the same POST data get the same cache entry. - New: `HttpLoggingInterceptor.redactQueryParams()` configures the query parameters to redact in logs. For best security, don't put sensitive information in query parameters. - New: `ConnectionPool.setPolicy()` configures a minimum connection pool size for a target address. Use this to proactively open HTTP connections. Connections opened to fulfill this policy are subject to the connection pool's `keepAliveDuration` but do not count against the pool-wide `maxIdleConnections` limit. This feature increases the client's traffic and the load on the server. Talking to your server's operators before adopting it. - New in okhttp-android: `HttpLoggingInterceptor.androidLogging()` and `LoggingEventListener.androidLogging()` write HTTP calls or events to Logcat. - New: `OkHttpClient.webSocketCloseTimeout` configures how long a web socket connection will wait for a graceful shutdown before it performs an abrupt shutdown. - Fix: Honor `RequestBody.isOneShot()` in `MultipartBody` - Fix in `okhttp-coroutines`: Don't leak response bodies in `executeAsync()`. We had a bug where we didn't call `Response.close()` if the coroutine was canceled before its response was returned. - Upgrade: \[Okio 3.9.0]\[okio\_3\_9\_0]. - Upgrade: \[Kotlin 1.9.23]\[kotlin\_1\_9\_23]. - Upgrade: \[Unicode® IDNA 15.1.0]\[idna\_15\_1\_0] ### [`v5.0.0-alpha.12`](https://togithub.com/square/okhttp/blob/HEAD/CHANGELOG.md#Version-500-alpha12) *2023-12-17* We took too long to cut this release and there's a lot of changes in it. We've been busy. Although this release is labeled *alpha*, the only unstable thing in it is our new APIs. This release has many critical bug fixes and is safe to run in production. We're eager to stabilize our new APIs so we can get out of alpha. - New: Support Java 21's virtual threads (‘OpenJDK Project Loom’). We changed OkHttp's internals to use `Lock` and `Condition` instead of `synchronized` for best resource utilization. - New: Switch our Internationalized Domain Name (IDN) implementation to \[UTS [#46](https://togithub.com/square/okhttp/issues/46) Nontransitional Processing]\[uts46]. With this fix, the `ß` code point no longer maps to `ss`. OkHttp now embeds its own IDN mapping table in the library. - New: Prefer the client's configured precedence order for TLS cipher suites. (OkHttp used to prefer the JDK’s precedence order.) This change may cause your HTTP calls to negotiate a different cipher suite than before! OkHttp's defaults cipher suites are selected for good security and performance. - New: `ConnectionListener` publishes events for connects, disconnects, and use of pooled connections. - Fix: Immediately update the connection's flow control window instead of waiting for the receiving stream to process it. This change may increase OkHttp's memory use for applications that make many concurrent HTTP calls and that can receive data faster than they can process it. Previously, OkHttp limited HTTP/2 to 16 MiB of unacknowledged data per connection. With this fix there is a limit of 16 MiB of unacknowledged data per stream and no per-connection limit. - Fix: Don't close a `Deflater` while we're still using it to compress a web socket message. We had a severe bug where web sockets were closed on the wrong thread, which caused `NullPointerException` crashes in `Deflater`. - Fix: Don't crash after a web socket fails its connection upgrade. We incorrectly released the web socket's connections back to the pool before their resources were cleaned up. - Fix: Don't infinite loop when a received web socket message has self-terminating compressed data. - Fix: Don't fail the call when the response code is ‘HTTP 102 Processing’ or ‘HTTP 103 Early Hints’. - Fix: Honor interceptors' changes to connect and read timeouts. - Fix: Recover gracefully when a cached response is corrupted on disk. - Fix: Don't leak file handles when a cache disk write fails. - Fix: Don't hang when the public suffix database cannot be loaded. We had a bug where a failure reading the public suffix database would cause subsequent reads to hang when they should have crashed. - Fix: Avoid `InetAddress.getCanonicalHostName()` in MockWebServer. This avoids problems if the host machine's IP address has additional DNS registrations. - New: Create a JPMS-compatible artifact for `JavaNetCookieJar`. Previously, multiple OkHttp artifacts defined classes in the `okhttp3` package, but this is forbidden by the Java module system. We've fixed this with a new package (`okhttp3.java.net.cookiejar`) and a new artifact, `com.squareup.okhttp3:okhttp-java-net-cookiehandler`. (The original artifact now delegates to this new one.) ```kotlin implementation("com.squareup.okhttp3:okhttp-java-net-cookiehandler:5.0.0-alpha.12") ``` - New: `Cookie.sameSite` determines whether cookies should be sent on cross-site requests. This is used by servers to defend against Cross-Site Request Forgery (CSRF) attacks. - New: Log the total time of the HTTP call in `HttpLoggingInterceptor`. - New: `OkHttpClient.Builder` now has APIs that use `kotlin.time.Duration`. - New: `mockwebserver3.SocketPolicy` is now a sealed interface. This is one of several backwards-incompatible API changes that may impact early adopters of this alpha API. - New: `mockwebserver3.Stream` for duplex streams. - New: `mockwebserver3.MockResponseBody` for streamed response bodies. - New: `mockwebserver3.MockResponse` is now immutable, with a `Builder`. - New: `mockwebserver3.RecordedRequest.handshakeServerNames` returns the SNI (Server Name Indication) attribute from the TLS handshake. - Upgrade: \[Kotlin 1.9.21]\[kotlin\_1\_9\_21]. - Upgrade: \[Okio 3.7.0]\[okio\_3\_7\_0].Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by Mend Renovate. View repository job log here.