Update com.squareup.okio:okio to 3.4.0

Use okio 3.4.0 explicity to fix vulnerability introduced through okhttp3 (3.3.0). See https://www.cve.org/CVERecord?id=CVE-2023-3635 for more details on the vulnerability.
TeamNewPipe · Jul 31, 2023 · 5725ce1 · 5725ce1
1 parent 96a7cc2
commit 5725ce1
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/app/build.gradle b/app/build.gradle
@@ -244,6 +244,9 @@ dependencies {
 
     // HTTP client
     implementation "com.squareup.okhttp3:okhttp:4.11.0"
+    // okhttp3:4.11.0 introduces a vulnerability from com.squareup.okio:okio@3.3.0,
+    // remove com.squareup.okio:okio when updating okhttp
+    implementation "com.squareup.okio:okio@3.4.0"
 
     // Media player
     implementation "com.google.android.exoplayer:exoplayer-core:${exoPlayerVersion}"