Merge pull request #275 from dfederschmidt/okio_upgrade

chore: force okio version and upgrade okhttp3 to latest stable release
splunk · Sep 8, 2023 · 53aff54 · 53aff54
2 parents cf59a50 + 4f16aa0
commit 53aff54
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/pom.xml b/pom.xml
@@ -220,7 +220,19 @@
         <dependency>
             <groupId>com.squareup.okhttp3</groupId>
             <artifactId>okhttp</artifactId>
-            <version>4.9.3</version>
+            <version>4.11.0</version>
+            <exclusions>
+            <exclusion>
+                <artifactId>okio</artifactId>
+                <groupId>com.squareup.okio</groupId>
+            </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <!-- Force okio 3.5.0 until okhttp3 5.0.0 is released. Mitigates CVE-2023-3635 -->
+            <groupId>com.squareup.okio</groupId>
+            <artifactId>okio</artifactId>
+            <version>3.5.0</version>
         </dependency>
 
         <dependency>