Gradle plugin for JVM projects written in Java, Kotlin, Groovy, or Scala; and Android projects written in Java or Kotlin. Provides advice for managing dependencies and other applied plugins
Apache License 2.0
1.67k
stars
115
forks
source link
Upgrade Moshi dependency to avoid CVE-2022-3635 #1155
Plugin version 1.31.0
The plugin transitively brings the
okio:2.10.0
dependency that is affected by CVE-2022-3635.In the gradle/gradle build, we bump the
okio
dependency to3.4.0
, and this seems to work. https://github.com/gradle/gradle/blob/b19e8fdce25b3f7973b36f9882d9afdfaa5f0434/build-logic-commons/build-platform/build.gradle.kts#L38-L41