From b8d54aa1a48f6e45d29ad33beda5cd6f5695fec8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 9 Mar 2021 09:46:27 -0800
Subject: [PATCH] Bump okhttp from 3.14.1 to 4.9.1 (#2006)

Summary:
Bumps [okhttp](https://github.com/square/okhttp) from 3.14.1 to 4.9.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/square/okhttp/blob/master/CHANGELOG.md">okhttp's changelog</a>.</em></p>
<blockquote>
<h2>Version 4.9.1</h2>
<p><em>2021-01-30</em></p>
<ul>
<li>Fix: Work around a crash in Android 10 and 11 that may be triggered when two threads
concurrently close an SSL socket. This would have appeared in crash logs as
<code>NullPointerException: bio == null</code>.</li>
</ul>
<h2>Version 4.9.0</h2>
<p><em>2020-09-11</em></p>
<p><strong>With this release, <code>okhttp-tls</code> no longer depends on Bouncy Castle and doesn't install the
Bouncy Castle security provider.</strong> If you still need it, you can do it yourself:</p>
<pre><code>Security.addProvider(BouncyCastleProvider())
</code></pre>
<p>You will also need to configure this dependency:</p>
<pre><code>dependencies {
  implementation &quot;org.bouncycastle:bcprov-jdk15on:1.65&quot;
}
</code></pre>
<ul>
<li>Upgrade: [Kotlin 1.4.10][kotlin_1_4_10]. We now use Kotlin 1.4.x [functional
interfaces][fun_interface] for <code>Authenticator</code>, <code>Interceptor</code>, and others.</li>
<li>Upgrade: Build with Conscrypt 2.5.1.</li>
</ul>
<h2>Version 4.8.1</h2>
<p><em>2020-08-06</em></p>
<ul>
<li>Fix: Don't crash in <code>HeldCertificate.Builder</code> when creating certificates on older versions of
Android, including Android 6. We were using a feature of <code>SimpleDateFormat</code> that wasn't
available in those versions!</li>
</ul>
<h2>Version 4.8.0</h2>
<p><em>2020-07-11</em></p>
<ul>
<li>New: Change <code>HeldCertificate.Builder</code> to use its own ASN.1 certificate encoder. This is part
of our effort to remove the okhttp-tls module's dependency on Bouncy Castle. We think Bouncy
Castle is great! But it's a large dependency (6.5 MiB) and its security provider feature
impacts VM-wide behavior.</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/square/okhttp/commit/63dcd95bfa2345bb3f3d4abc6b6dbf36cfb08aaf"><code>63dcd95</code></a> Prepare for release 4.9.1.</li>
<li><a href="https://github.com/square/okhttp/commit/d2e28ab672d5734a76f97f48174a3e6e8339e183"><code>d2e28ab</code></a> Silently ignore 'bio == null' NullPointerExceptions (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6534">#6534</a>)</li>
<li><a href="https://github.com/square/okhttp/commit/cbeaf8f955fff9caa5652ccc6c1393ec8b993799"><code>cbeaf8f</code></a> Prepare for release 4.9.0.</li>
<li><a href="https://github.com/square/okhttp/commit/8fd74a7482effe1ca8847a28b29262415dbb7faa"><code>8fd74a7</code></a> Conscrypt 2.5.1 Upgrade (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6263">#6263</a>)</li>
<li><a href="https://github.com/square/okhttp/commit/2bd749dd9d703bcfb25a33914afbbd03374cff9c"><code>2bd749d</code></a> Kotlin 1.4.10 Upgrade (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6264">#6264</a>)</li>
<li><a href="https://github.com/square/okhttp/commit/0164696a8a6eb94ff81529be0436d0d53d44b449"><code>0164696</code></a> Fix build on windows (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6257">#6257</a>)</li>
<li><a href="https://github.com/square/okhttp/commit/e4c3b28c39a00c93b8f82288f1e659dbef304ce5"><code>e4c3b28</code></a> Fix HttpUrl documentation (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6259">#6259</a>)</li>
<li><a href="https://github.com/square/okhttp/commit/8c2f383f14e354a45d0f9f16f5b0fa35b7244a51"><code>8c2f383</code></a> Document interceptor throwing modes (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6235">#6235</a>)</li>
<li><a href="https://github.com/square/okhttp/commit/a76c40a9356191fc2aa589dbd2612c0260592776"><code>a76c40a</code></a> Kotlin 1.4 dependency upgrade and language features (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/5947">#5947</a>)</li>
<li><a href="https://github.com/square/okhttp/commit/1589741a9008ec3745f4dfc4bc89e9ce57495dc9"><code>1589741</code></a> Fix Caching documentation. (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6247">#6247</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/square/okhttp/compare/parent-3.14.1...parent-4.9.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.squareup.okhttp3:okhttp&package-manager=gradle&previous-version=3.14.1&new-version=4.9.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

 ---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Pull Request resolved: https://github.com/facebook/flipper/pull/2006

Reviewed By: nikoant

Differential Revision: D26888990

Pulled By: passy

fbshipit-source-id: d84e67fefcc0ed12cc20423b5fdd77fb9423ba77
---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index bcd85b142..736f8de50 100644
--- a/build.gradle
+++ b/build.gradle
@@ -99,7 +99,7 @@ ext.deps = [
         junit              : 'junit:junit:4.13.2',
         hamcrest           : 'org.hamcrest:hamcrest-library:1.3',
         mockito            : 'org.mockito:mockito-core:2.26.0',
-        okhttp3            : 'com.squareup.okhttp3:okhttp:3.14.1',
+        okhttp3            : 'com.squareup.okhttp3:okhttp:4.9.1',
         leakcanary         : 'com.squareup.leakcanary:leakcanary-android:1.6.3',
         leakcanary2        : 'com.squareup.leakcanary:leakcanary-android:2.6',
         testCore           : 'androidx.test:core:1.1.0',