chore: force okio version and upgrade okhttp3 to latest stable release #275
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The following PR upgrades
okhttp3
to the latest available stable version. Due to a CVE released for the transitive dependencyokio
. Unfortunately, no stable version ofokhttp3
exists that we can upgrade to.This PR excludes
okio
from the dependency resolution ofokhttp3
and adds it as a direct dependency instead.According to square/okhttp#7944 this is the recommendation by the maintainers. There is no timeline for a 4.12.x release to mitigate this yet.
This is what the updated depdendency tree looks like