deps: bump OkHttp to 3.14.9

[manusa]

Description

deps: bump OkHttp to 3.14.9

Type of change

• Bug fix (non-breaking change which fixes an issue)
• Feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change
• Chore (non-breaking change which doesn't affect codebase;
  test, version modification, documentation, etc.)

Checklist

• Code contributed by me aligns with current project license: Apache 2.0
• I Added CHANGELOG entry regarding this change
• I have implemented unit tests to cover my changes
• I have added/updated the javadocs and other documentation accordingly
• No new bugs, code smells, etc. in SonarCloud report
• I tested my code in Kubernetes
• I tested my code in OpenShift

[oscerd]

We need a 3.14.9 bundle too.

[manusa]

We need a 3.14.9 bundle too.

I upgraded the ServiceMix bundle dependency to 3.14.1_2, but it's based on 3.14.1. I'm unsure of the behavior this might cause.

[oscerd]

It might work, but some of the problems will show up only in OSGi runtime at runtime.. The best solution is going ahead with this PR. We'll need to add a 3.14.9 bundle to the next Servicemix bundles release and then upgrade here.

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[mkdev0101]

Any plans to upgrade to 4.10.x which has fix for CVE PRISMA-2022-0239 (square/okhttp#6738) ?

[rohanKanojia]

@mkdev0101 : OkHttp v4 is based on kotlin which we want to avoid. Please read #4290 (comment) for more details

[manusa]

Bundle version has been updated too (3.14.9_1)

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[manusa]

Considering Quarkus no longer depends on the OkHttp client (at least for production), we should move forward to use OkHttp 4 instead.

Closing this PR and #5134 in favor of #2632