Upgrade okhttp to avoid warnings for CVE-2018-20200

[renholm]

We have managed to work around it by managing the dependencies, but we would of course like to avoid that in the long run. Thanks in advance!

[quanpod]

Acknowledging the request - adding @ehrmann / @garylee1

[ehrmann]

We'd actually want to do something like specify the version as 1.+ and pin the version to the oldest-supported version with version locking. This way, we won't start using new features that would break builds for developers, but we'll remove the need to manage some transitive dependencies.