bumping okhttp to the latest 4.x release #18
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Dependency maven:com.squareup.okhttp3:okhttp:4.7.2 is vulnerable
Upgrade to 4.9.2
CVE-2023-0833, Score: 5.5
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the "OKHttp" component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions. This vulnerability affects com.squareup.okhttp3:okhttp package versions through 4.9.1, 4.10.0-RC1, and 5.0.0-alpha.1 through 5.0.0-alpha.2.
Read More: https://devhub.checkmarx.com/cve-details/CVE-2023-0833?utm_source=jetbrains&utm_medium=referral