Drop OkHttp dependency

Ref sbt/sbt#6912

Problem
-------
There's apparently a security issue with OkHttp 3.x,
which I am not really sure how applicable it is to our usage
of OkHttp but it is there.

Solution
--------
Since most of OkHttp-specic usage within LM is for Apache Ivy
downloading, I am going to drop this.
Since `sbt.librarymanagement.Http.http` is a public API,
I am substituting this with Apache HTTP backed implementation.

build.sbt

@@ -89,6 +89,7 @@ val mimaSettings = Def settings (
     "1.3.0",
     "1.4.0",
     "1.5.0",
+    "1.6.0",
   ) map (
       version =>
         organization.value %% moduleName.value % version
@@ -353,6 +354,15 @@ lazy val lmIvy = (project in file("ivy"))
         "sbt.internal.librarymanagement.CustomPomParser.versionRangeFlag"
       ),
       exclude[MissingClassProblem]("sbt.internal.librarymanagement.FixedParser*"),
+      exclude[MissingClassProblem]("sbt.internal.librarymanagement.ivyint.GigahorseUrlHandler*"),
+      exclude[MissingClassProblem]("sbt.internal.librarymanagement.JavaNetAuthenticator"),
+      exclude[MissingClassProblem]("sbt.internal.librarymanagement.CustomHttp*"),
+      exclude[DirectMissingMethodProblem]("sbt.internal.librarymanagement.IvySbt.http"),
+      exclude[DirectMissingMethodProblem]("sbt.internal.librarymanagement.IvySbt.this"),
+      exclude[DirectMissingMethodProblem]("sbt.librarymanagement.ivy.IvyPublisher.apply"),
+      exclude[DirectMissingMethodProblem](
+        "sbt.librarymanagement.ivy.IvyDependencyResolution.apply"
+      ),
     ),
   )
 

core/src/main/scala/sbt/librarymanagement/Http.scala

@@ -1,6 +1,6 @@
 package sbt.librarymanagement
 
-import gigahorse._, support.okhttp.Gigahorse
+import gigahorse._, support.apachehttp.Gigahorse
 import scala.concurrent.duration.DurationInt
 
 object Http {

ivy/src/main/scala/sbt/internal/librarymanagement/Ivy.scala

@@ -7,7 +7,6 @@ import java.io.File
 import java.net.URI
 import java.util.concurrent.Callable
 
-import okhttp3.OkHttpClient
 import org.apache.ivy.Ivy
 import org.apache.ivy.core.IvyPatternHelper
 import org.apache.ivy.core.cache.{ CacheMetadataOptions, DefaultRepositoryCacheManager }
@@ -50,17 +49,13 @@ import ivyint.{
   CachedResolutionResolveEngine,
   ParallelResolveEngine,
   SbtDefaultDependencyDescriptor,
-  GigahorseUrlHandler
 }
 import sjsonnew.JsonFormat
 import sjsonnew.support.murmurhash.Hasher
 
 final class IvySbt(
     val configuration: IvyConfiguration,
-    val http: OkHttpClient
 ) { self =>
-  def this(configuration: IvyConfiguration) = this(configuration, CustomHttp.defaultHttpClient)
-
   /*
    * ========== Configuration/Setup ============
    * This part configures the Ivy instance by first creating the logger interface to ivy, then IvySettings, and then the Ivy instance.
@@ -90,7 +85,6 @@ final class IvySbt(
   }
 
   private lazy val basicUrlHandler: URLHandler = new BasicURLHandler
-  private lazy val gigahorseUrlHandler: URLHandler = new GigahorseUrlHandler(http)
 
   private lazy val settings: IvySettings = {
     val dispatcher: URLHandlerDispatcher = URLHandlerRegistry.getDefault match {
@@ -106,8 +100,8 @@ final class IvySbt(
         disp
     }
 
-    val urlHandler: URLHandler =
-      if (configuration.updateOptions.gigahorse) gigahorseUrlHandler else basicUrlHandler
+    // Ignore configuration.updateOptions.gigahorse due to sbt/sbt#6912
+    val urlHandler: URLHandler = basicUrlHandler
 
     // Only set the urlHandler for the http/https protocols so we do not conflict with any other plugins
     // that might register other protocol handlers.

ivy/src/main/scala/sbt/internal/librarymanagement/IvyCache.scala

@@ -112,7 +112,7 @@ class IvyCache(val ivyHome: Option[File]) {
       .withResolvers(Vector(local))
       .withLock(lock)
       .withLog(log)
-    (new IvySbt(conf, CustomHttp.defaultHttpClient), local)
+    (new IvySbt(conf), local)
   }
 
   /** Creates a default jar artifact based on the given ID.*/