* [fluentd-gcp addon] Bump fluentd-gcp-scaler to v0.5.1 to pick up security fixes.
    * [fluentd-gcp addon] Bump event-exporter to v0.2.4 to pick up security fixes.
    * [fluentd-gcp addon] Bump prometheus-to-sd to v0.5.0 to pick up security fixes.

## Version 4.9.0

_2020-09-11_

**With this release, `okhttp-tls` no longer depends on Bouncy Castle and doesn't install the
Bouncy Castle security provider.** If you still need it, you can do it yourself:

```
Security.addProvider(BouncyCastleProvider())
```

You will also need to configure this dependency:

```
dependencies {
  implementation "org.bouncycastle:bcprov-jdk15on:1.65"

from datetime import datetime, timedelta, timezone
from typing import Union

import jwt
from fastapi import Depends, FastAPI, HTTPException, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from jwt.exceptions import InvalidTokenError
from passlib.context import CryptContext
from pydantic import BaseModel

# to get a string like this run:
# openssl rand -hex 32

from datetime import datetime, timedelta, timezone
from typing import Annotated

import jwt
from fastapi import Depends, FastAPI, HTTPException, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from jwt.exceptions import InvalidTokenError
from passlib.context import CryptContext
from pydantic import BaseModel

# to get a string like this run:
# openssl rand -hex 32

This is very useful when you need to:

* Have shared logic (the same code logic again and again).
* Share database connections.
* Enforce security, authentication, role requirements, etc.
* And many other things...

All these, while minimizing code repetition.

## First Steps

    Alternatively, OkHttp will also use Conscrypt if you install it as your
    preferred security provider. To do so, add the following code to execute
    before you create your `OkHttpClient`.

    ```
    Security.insertProviderAt(
        new org.conscrypt.OpenSSLProvider(), 1);
    ```

    Conscrypt is the bundled security provider on Android so it is not necessary
    to configure it on that platform.

 * as a single request/response exchange.
 *
 * ## Modern TLS
 *
 * There are trade-offs when selecting which options to include when negotiating a secure connection
 * to a remote host. Newer TLS options are quite useful:
 *
 *  * Server Name Indication (SNI) enables one IP address to negotiate secure connections for
 *    multiple domain names.
 *
 *  * Application Layer Protocol Negotiation (ALPN) enables the HTTPS port (443) to be used to

    </div>
  </div>
  <div id="announce-right" style="position: relative;">
    <div class="item">
      <a title="CryptAPI: Your easy to use, secure and privacy oriented payment gateway." style="display: block; position: relative;" href="https://cryptapi.io/" target="_blank">
        <span class="sponsor-badge">sponsor</span>

## Changes since v1.2.0

### Other notable changes

* AWS: Fix problems with >2 security groups ([#23340](https://github.com/kubernetes/kubernetes/pull/23340), [@justinsb](https://github.com/justinsb))

  @J2ktIncompatible
  @GwtIncompatible // threads
  private static boolean trySetName(String threadName, Thread currentThread) {
    /*
     * setName should usually succeed, but the security manager can prohibit it. Is there a way to
     * see if we have the modifyThread permission without catching an exception?
     */
    try {
      currentThread.setName(threadName);
      return true;