From 428a7d418b53cb60c413a7d95187d1a56822b665 Mon Sep 17 00:00:00 2001
From: TobiGr <tobigr@users.noreply.github.com>
Date: Mon, 31 Jul 2023 21:46:45 +0200
Subject: [PATCH] Update com.squareup.okio:okio to 3.4.0

Use okio 3.4.0 explicity to fix vulnerability introduced through okhttp3 (3.3.0).
See https://www.cve.org/CVERecord?id=CVE-2023-3635 for more details on the vulnerability.
---
 app/build.gradle | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/build.gradle b/app/build.gradle
index 6ea465ed5..8e72e7fc1 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -244,6 +244,9 @@ dependencies {
 
     // HTTP client
     implementation "com.squareup.okhttp3:okhttp:4.11.0"
+    // okhttp3:4.11.0 introduces a vulnerability from com.squareup.okio:okio@3.3.0,
+    // remove com.squareup.okio:okio when updating okhttp
+    implementation "com.squareup.okio:okio:3.4.0"
 
     // Media player
     implementation "com.google.android.exoplayer:exoplayer-core:${exoPlayerVersion}"