(v1) Update Okio to resolve CVE-2023-3635 (#562)

jimmyjames · web-flow · commit 82d96994da1c · 2023-09-21T20:51:26.000-05:00
diff --git a/build.gradle b/build.gradle
@@ -63,12 +63,17 @@ test {
 }
 
 ext {
-    okhttpVersion = '4.10.0'
+    okhttpVersion = '4.11.0'
     hamcrestVersion = '2.2'
 }
 
 dependencies {
-    implementation "com.squareup.okhttp3:okhttp:${okhttpVersion}"
+    // TODO remove direct dependency when OkHttp 4.12.0 is released
+    implementation ("com.squareup.okhttp3:okhttp:${okhttpVersion}") {
+      exclude group: 'com.squareup.okhttp3', module: 'okio'
+    }
+    implementation "com.squareup.okio:okio:3.5.0"
+
     implementation "com.squareup.okhttp3:logging-interceptor:${okhttpVersion}"
     implementation "com.fasterxml.jackson.core:jackson-databind:2.13.4.2"
     implementation "com.auth0:java-jwt:3.19.4"
