Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use Okio 3.4.0 explicitly to fix a vulnerability #10281

Merged
merged 1 commit into from
Jul 31, 2023
Merged

Use Okio 3.4.0 explicitly to fix a vulnerability #10281

merged 1 commit into from
Jul 31, 2023

Conversation

TobiGr
Copy link
Member

@TobiGr TobiGr commented Jul 31, 2023

What is it?

  • Bugfix (user facing)
  • Feature (user facing)
  • Codebase improvement (dev facing)
  • Meta improvement to the project (dev facing)

Description of the changes in your PR

Use okio 3.4.0 explicity to fix vulnerability introduced through okhttp3 (3.3.0).
See https://www.cve.org/CVERecord?id=CVE-2023-3635 for more details on the vulnerability.

Fixes the following issue(s)

Fixes failing snyk security check.

APK testing

The APK can be found by going to the "Checks" tab below the title. On the left pane, click on "CI", scroll down to "artifacts" and click "app" to download the zip file which contains the debug APK of this PR. You can find more info and a video demonstration on this wiki page.

Due diligence

@TobiGr TobiGr added the dependency Issues and PRs related to dependencies label Jul 31, 2023
@TobiGr
Update com.squareup.okio:okio to 3.4.0
428a7d4 
Use okio 3.4.0 explicity to fix vulnerability introduced through okhttp3 (3.3.0).
See https://www.cve.org/CVERecord?id=CVE-2023-3635 for more details on the vulnerability.
@sonarcloud
Copy link

sonarcloud bot commented Jul 31, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@TobiGr TobiGr merged commit 6b3f51e into dev Jul 31, 2023
5 checks passed
@TobiGr TobiGr deleted the okio branch July 31, 2023 21:31
This was referenced Jul 31, 2023
Merged
Closed
@J-Stutzmann J-Stutzmann mentioned this pull request Aug 2, 2023
Merged
5 tasks
@AudricV AudricV changed the title Update com.squareup.okio:okio to 3.4.0 Use Okio 3.4.0 explicity Aug 2, 2023
@AudricV AudricV changed the title Use Okio 3.4.0 explicity Use Okio 3.4.0 explicity to fix a vulnerability Aug 2, 2023
@AudricV AudricV changed the title Use Okio 3.4.0 explicity to fix a vulnerability Use Okio 3.4.0 explicitly to fix a vulnerability Aug 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Stypox Stypox Stypox approved these changes

Assignees
No one assigned
Labels
dependency Issues and PRs related to dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TobiGr @Stypox