Skip to content

fix cve#91

Merged
arvindkrishnakumar-okta merged 1 commit intomasterfrom
cve_fix
Sep 29, 2022
Merged

fix cve#91
arvindkrishnakumar-okta merged 1 commit intomasterfrom
cve_fix

Conversation

@arvindkrishnakumar-okta
Copy link
Copy Markdown
Contributor

@arvindkrishnakumar-okta arvindkrishnakumar-okta commented Sep 29, 2022
edited
Loading

com.squareup.okhttp3:okhttp:jar:4.10.0 pulls in old version 3.0.0 that contains a CVE.

[INFO] +- com.okta.commons:okta-http-okhttp:jar:1.3.2-SNAPSHOT:compile
[INFO] |  +- com.squareup.okhttp3:okhttp:jar:4.10.0:compile
[INFO] |  |  +- com.squareup.okio:okio-jvm:jar:3.0.0:compile
[INFO] |  |  |  +- org.jetbrains.kotlin:kotlin-stdlib-jdk8:jar:1.5.31:compile
[INFO] |  |  |  |  \- org.jetbrains.kotlin:kotlin-stdlib-jdk7:jar:1.5.31:compile
[INFO] |  |  |  \- org.jetbrains.kotlin:kotlin-stdlib-common:jar:1.7.20:compile
[INFO] |  |  \- org.jetbrains.kotlin:kotlin-stdlib:jar:1.7.20:compile
[INFO] |  |     \- org.jetbrains:annotations:jar:13.0:compile
[INFO] |  \- org.slf4j:jcl-over-slf4j:jar:1.7.36:compile

We want to bring in the latest - https://mvnrepository.com/artifact/com.squareup.okio/okio-jvm/3.2.0

@arvindkrishnakumar-okta arvindkrishnakumar-okta merged commit 567f25b into master Sep 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jaynewstrom-okta jaynewstrom-okta jaynewstrom-okta approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@arvindkrishnakumar-okta @jaynewstrom-okta