diff --git a/Gemfile b/Gemfile
index 8c493896f08923c0776def466085674f5e15613d..83cfb7bbf14356dcaca981076f3031c3e72c8c8e 100644
--- a/Gemfile
+++ b/Gemfile
@@ -283,7 +283,7 @@ gem 'rack-proxy', '~> 0.6.0'
 gem 'sassc-rails', '~> 2.1.0'
 gem 'uglifier', '~> 2.7.2'
 
-gem 'addressable', '~> 2.5.2'
+gem 'addressable', '~> 2.7'
 gem 'font-awesome-rails', '~> 4.7'
 gem 'gemojione', '~> 3.3'
 gem 'gon', '~> 6.2'
@@ -419,7 +419,7 @@ group :test do
   gem 'guard-rspec'
 end
 
-gem 'octokit', '~> 4.9'
+gem 'octokit', '~> 4.15'
 
 gem 'mail_room', '~> 0.10.0'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 13e1e4ac8285c4724f73daebdd1d79c2ac824cc3..f55fb554c4a8a040170449e142d02713f70c67a4 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -55,8 +55,8 @@ GEM
     adamantium (0.2.0)
       ice_nine (~> 0.11.0)
       memoizable (~> 0.4.0)
-    addressable (2.5.2)
-      public_suffix (>= 2.0.2, < 4.0)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
     aes_key_wrap (1.0.1)
     akismet (3.0.0)
     apollo_upload_server (2.0.0.beta.3)
@@ -650,7 +650,8 @@ GEM
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    octokit (4.9.0)
+    octokit (4.15.0)
+      faraday (>= 0.9)
       sawyer (~> 0.8.0, >= 0.5.3)
     omniauth (1.9.0)
       hashie (>= 3.4.6, < 3.7.0)
@@ -762,7 +763,7 @@ GEM
       pry (~> 0.10)
     pry-rails (0.3.6)
       pry (>= 0.10.4)
-    public_suffix (3.1.1)
+    public_suffix (4.0.3)
     pyu-ruby-sasl (0.0.3.3)
     raabro (1.1.6)
     rack (2.0.7)
@@ -961,9 +962,9 @@ GEM
       sprockets (> 3.0)
       sprockets-rails
       tilt
-    sawyer (0.8.1)
-      addressable (>= 2.3.5, < 2.6)
-      faraday (~> 0.8, < 1.0)
+    sawyer (0.8.2)
+      addressable (>= 2.3.5)
+      faraday (> 0.8, < 2.0)
     scss_lint (0.56.0)
       rake (>= 0.9, < 13)
       sass (~> 3.5.3)
@@ -1130,7 +1131,7 @@ DEPENDENCIES
   acme-client (~> 2.0.2)
   activerecord-explain-analyze (~> 0.1)
   acts-as-taggable-on (~> 6.0)
-  addressable (~> 2.5.2)
+  addressable (~> 2.7)
   akismet (~> 3.0)
   apollo_upload_server (~> 2.0.0.beta3)
   asana (~> 0.9)
@@ -1272,7 +1273,7 @@ DEPENDENCIES
   net-ssh (~> 5.2)
   nokogiri (~> 1.10.5)
   oauth2 (~> 1.4)
-  octokit (~> 4.9)
+  octokit (~> 4.15)
   omniauth (~> 1.8)
   omniauth-auth0 (~> 2.0.0)
   omniauth-authentiq (~> 0.3.3)
diff --git a/changelogs/unreleased/sh-update-octokit.yml b/changelogs/unreleased/sh-update-octokit.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d57a03e03c7af2cb704fc889ff45e38d1de8a2aa
--- /dev/null
+++ b/changelogs/unreleased/sh-update-octokit.yml
@@ -0,0 +1,5 @@
+---
+title: Upgrade octokit and its dependencies
+merge_request: 22946
+author:
+type: other
diff --git a/ee/app/models/project_services/github_service/status_notifier.rb b/ee/app/models/project_services/github_service/status_notifier.rb
index 63ab16b7764543e22ffbefe87eabbb81c15674e9..b42bd780f88e8621fc390a4399da2e5e09c17cac 100644
--- a/ee/app/models/project_services/github_service/status_notifier.rb
+++ b/ee/app/models/project_services/github_service/status_notifier.rb
@@ -5,7 +5,7 @@ class StatusNotifier
     def initialize(access_token, repo_path, api_endpoint: nil)
       @access_token = access_token
       @repo_path = repo_path
-      @api_endpoint = api_endpoint.presence
+      @api_endpoint = api_endpoint.presence || ::Octokit::Default.api_endpoint
     end
 
     def notify(ref, state, params = {})
diff --git a/lib/gitlab/github_import/client.rb b/lib/gitlab/github_import/client.rb
index 826b35d685cccf5f2cf90c0a979efff08737885c..22803c5cd71ad514d54c8c7fd22cc538cb176a90 100644
--- a/lib/gitlab/github_import/client.rb
+++ b/lib/gitlab/github_import/client.rb
@@ -189,7 +189,7 @@ def custom_api_endpoint
       end
 
       def default_api_endpoint
-        OmniAuth::Strategies::GitHub.default_options[:client_options][:site]
+        OmniAuth::Strategies::GitHub.default_options[:client_options][:site] || ::Octokit::Default.api_endpoint
       end
 
       def verify_ssl
diff --git a/lib/gitlab/legacy_github_import/client.rb b/lib/gitlab/legacy_github_import/client.rb
index b23efd64dee2913d4cd7c66d9b490b797bf5af13..34634d20a16c3057555667d619e984cf68ff1cea 100644
--- a/lib/gitlab/legacy_github_import/client.rb
+++ b/lib/gitlab/legacy_github_import/client.rb
@@ -80,7 +80,7 @@ def api_endpoint
         if host.present? && api_version.present?
           "#{host}/api/#{api_version}"
         else
-          github_options[:site]
+          github_options[:site] || ::Octokit::Default.api_endpoint
         end
       end