Update okhttp3 - Githubissues

newrelic / newrelic-telemetry-sdk-java

Java library for sending telemetry data to New Relic

Apache License 2.0

41 stars 37 forks source link

Update okhttp3 #309

Closed Meridiano1984 closed 11 months ago

Meridiano1984 commented 1 year ago

Hi, you are using squareup.okhttp3:okhttp@4.10.0 this library depends on com.squareup.okio:okio-jvm@3.0.0. This version of okio-jvm has a vulnerability according to snyk: https://security.snyk.io/vuln/SNYK-JAVA-COMSQUAREUPOKIO-5820002.

Could you update squareup.okhttp3 to get rid of this vulnerability? I will be very grateful

workato-integration[bot] commented 1 year ago

https://issues.newrelic.com/browse/NR-152482

meiao commented 1 year ago

Currently there is no (stable) newer version of okhttp. If you are using Java 11+, you can use the telemetry-http-java11 dependency instead of the okhttp one.

implementation("com.newrelic.telemetry:telemetry-core:0.15.0")
implementation("com.newrelic.telemetry:telemetry-http-java11:0.15.0")

Meridiano1984 commented 1 year ago

ok, thank you for your response.

meiao commented 11 months ago

Fixed by #311