Bump com.squareup.okio:okio from 3.2.0 to 3.6.0

[dependabot]

Bumps com.squareup.okio:okio from 3.2.0 to 3.6.0.

Changelog

Sourced from com.squareup.okio:okio's changelog.

Version 3.6.0

2023-10-01

• Fix: Don't leak file handles when using metadata functions on ZipFileSystem. We had a bug where we were closing the .zip file, but not a stream inside of it. We would have prevented this bug if only we’d used FakeFileSystem.checkNoOpenFiles() in our tests!
• Fix: Don't build an index of a class loader's resources in ResourceFileSystem.read(). This operation doesn't need this index, and building it is potentially expensive.
• New: Experimentally support Linux on ARM64 for Kotlin/Native targets (linuxArm64). Note that we haven't yet added CI test coverage for this platform.
• Upgrade: [Kotlin 1.9.10][kotlin_1_9_10].

Version 1.17.6

2023-10-01

• Fix: Don't crash decoding GZIP files when the optional extra data (XLEN) is 32 KiB or larger.

Version 3.5.0

2023-08-02

• New: Support the WebAssembly (WASM) platform. Okio's support for WASM is experimental, but improving, just like Kotlin's own support for WASM.
• New: Adapt WebAssembly System Interface (WASI) API's as an Okio FileSystem using WasiFileSystem. This is in the new okio-wasifilesystem module. It requires the [preview1] WASI API. We’ll make backwards-incompatible upgrades to new WASI API versions as they become available.
• Fix: Return relative paths in the NIO adapter FileSystem when required. FileSystem.list() had always returned absolute paths, even when the target directory was supplied as a relative path.
• Fix: Don't crash when reading into an empty array using FileHandle on Kotlin/Native.
• Upgrade: [Kotlin 1.9.0][kotlin_1_9_0].

Version 3.4.0

2023-07-07

• New: Adapt a Java NIO FileSystem (java.nio.file.FileSystem) as an Okio FileSystem using fileSystem.asOkioFileSystem().
• New: Adapt Android’s AssetManager as an Okio FileSystem using AssetFileSystem. This is in the new okio-assetfilesystem module. Android applications should prefer this over FileSystem.RESOURCES as it’s faster to load.
• Fix: Don't crash decoding GZIP files when the optional extra data (XLEN) is 32 KiB or larger.
• Fix: Resolve symlinks in FakeFileSystem.canonicalize().
• Fix: Report the correct createdAtMillis in NodeJsFileSystem file metadata. We were

... (truncated)

Commits

• 0b9ace5 Prepare for release 3.6.0.
• ce4df5e Fix file leak when using metadata functions (#1359)
• 59555b9 Merge pull request #1357 from square/renovate/com.diffplug.spotless-spotless-...
• 95d9933 Update dependency com.diffplug.spotless:spotless-plugin-gradle to v6.22.0
• 8eaacd1 Merge pull request #1329 from square/renovate/macos-13.x
• 3548029 Merge branch 'master' into renovate/macos-13.x
• 792fba4 Merge pull request #1351 from square/renovate/com.diffplug.spotless-spotless-...
• 65343ae Merge pull request #1355 from square/renovate/actions-setup-java-3.x
• 9df5513 Update actions/setup-java action to v3.13.0
• c2de2e8 Merge pull request #1352 from square/renovate/com.willowtreeapps.assertk-asse...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[peril-wordpress-mobile]

	Warnings
⚠️	PR is not assigned to a milestone.

Generated by 🚫 dangerJS

[wpmobilebot]

📲 You can test the changes from this Pull Request in WordPress by scanning the QR code below to install the corresponding build.

	App Name	WordPress
	Flavor	Jalapeno
	Build Type	Debug
	Version	pr19399-8904d7c
	Commit	8904d7c
	Direct Download	wordpress-prototype-build-pr19399-8904d7c.apk

Note: Google Login is not supported on these builds.

[wpmobilebot]

📲 You can test the changes from this Pull Request in Jetpack by scanning the QR code below to install the corresponding build.

	App Name	Jetpack
	Flavor	Jalapeno
	Build Type	Debug
	Version	pr19399-8904d7c
	Commit	8904d7c
	Direct Download	jetpack-prototype-build-pr19399-8904d7c.apk

Note: Google Login is not supported on these builds.

[thomashorta]

Looking at the changelog most of the changes between 3.2.0 and 3.6.0 are fixes or specific enough that shouldn't affect our usage of the lib. It seems the only place directly using okio is the StreamingRequest (here).

Which is used for uploading the user's gravatar image. I compiled the app locally and tested the Jetpack app, changing the user avatar, along with an overall sanity test, and everything seems to be working correctly.

The only thing that gets me a bit worried about this update though is the fact that it transitively updates the kotlin standard libs versions to 1.9.10. It isn't a big leap from what we are currently using but still.

Since the app is running properly (as far as I tested) I am confident that the new version doesn't introduce breaking changes, but I'm not sure what's the preferred approach here, @ParaskP7 . Should we just merge this?

[ParaskP7]

Thanks so much for checking this update @thomashorta ! 🙇 ❤️

Looking at the changelog most of the changes between 3.2.0 and 3.6.0 are fixes or specific enough that shouldn't affect our usage of the lib. It seems the only place directly using okio is the StreamingRequest (here).

Which is used for uploading the user's gravatar image. I compiled the app locally and tested the Jetpack app, changing the user avatar, along with an overall sanity test, and everything seems to be working correctly.

That's right, last time I did this update my testing was all about the Me Screen (see here).

The only thing that gets me a bit worried about this update though is the fact that it transitively updates the kotlin standard libs versions to 1.9.10. It isn't a big leap from what we are currently using but still.

Ah, this is a bummer, and I really recommend doing the Kotlin 1.9.10 first and then rebase this PR, check and and complete this update. I followed the same pattern here, that is, while handling all such updates, which were updating Kotlin transitively.

FYI: Maybe someone from JP/WPAndroid should take care of updating Kotlin to the latest 1.9.10 and Compose Compiler to 1.5.3 , which is pointing to the latest Kotlin version as well. 🤔

PS: The sooner this Kotlin + Compose Compiler update is done the better. This is because more and more dependency updates will start depending on a newer version of Kotlin, which will make it harder for us to update them without transitively updating Kotlin as well, which, in its turn might cause compile, or even runtime regressions. 🤷

Since the app is running properly (as far as I tested) I am confident that the new version doesn't introduce breaking changes, but I'm not sure what's the preferred approach here, @ParaskP7 . Should we just merge this?

My preferred and suggested approach is to handle this Kotlin and as such a Compose Compiler update first, and only them try and update any library that is transitively updating Kotlin for us. 😊

[thomashorta]

@ParaskP7 I see, this seems a bit more complex than anticipated. I created an issue to look into that as soon as I can, which should hopefully be sometime next week.

#19464

[ParaskP7]

👋 @thomashorta !

@ParaskP7 I see, this seems a bit more complex than anticipated.

Indeed...

I created an issue to look into that as soon as I can, which should hopefully be sometime next week. #19464

Awesome, thanks so much for creating this issue! 🙇 ❤️ 🥇

[thomashorta]

@dependabot rebase

[wpmobilebot]

	1 Warning
⚠️	PR is not assigned to a milestone.

Generated by 🚫 Danger

[wpmobilebot]

Found 1 violations:

The PR caused the following dependency changes:

 +--- project :libs:analytics
 |    \--- com.automattic:Automattic-Tracks-Android:3.3.0
 |         \--- com.squareup.okhttp3:okhttp:4.9.0 -> 4.11.0
-|              \--- com.squareup.okio:okio:3.2.0 -> 3.3.0
-|                   \--- com.squareup.okio:okio-jvm:3.3.0
-|                        +--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.8.0 -> 1.9.10 (*)
-|                        \--- org.jetbrains.kotlin:kotlin-stdlib-common:1.8.0 -> 1.9.10
+|              \--- com.squareup.okio:okio:3.2.0 -> 3.6.0
+|                   \--- com.squareup.okio:okio-jvm:3.6.0
+|                        +--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.9.10 (*)
+|                        \--- org.jetbrains.kotlin:kotlin-stdlib-common:1.9.10
 +--- project :libs:editor
 |    \--- com.facebook.react:react-android:0.71.11
-|         \--- com.squareup.okio:okio:2.9.0 -> 3.3.0 (*)
+|         \--- com.squareup.okio:okio:2.9.0 -> 3.6.0 (*)
-+--- com.squareup.okio:okio:3.2.0 -> 3.3.0 (*)
++--- com.squareup.okio:okio:3.6.0 (*)
 +--- com.airbnb.android:lottie:6.1.0
-|    \--- com.squareup.okio:okio:{require 1.17.5; reject _} -> 3.3.0 (*)
+|    \--- com.squareup.okio:okio:{require 1.17.5; reject _} -> 3.6.0 (*)
 \--- io.coil-kt:coil-compose:2.4.0
      \--- io.coil-kt:coil-compose-base:2.4.0
           \--- io.coil-kt:coil-base:2.4.0
-               \--- com.squareup.okio:okio:3.3.0 (*)
+               \--- com.squareup.okio:okio:3.3.0 -> 3.6.0 (*)

Please review and act accordingly

[thomashorta]

Now that Kotlin was updated to 1.9.10 in our repo the dependency changes for this PR look good and everything still works fine. I'm approving and merging it.