JakeWharton
commented
3 months ago We are not upgrading OkHttp at this time. See https://github.com/square/retrofit/issues/4020#issuecomment-1870586604 for the plan.
You are welcome to upgrade the version of OkHttp in your builds.
The latest version of retrofit currently uses com.squareup.okhttp3 version 3.14.9 which flags an Information Exposure Vulnerability in Snyk: https://security.snyk.io/vuln/SNYK-JAVA-COMSQUAREUPOKHTTP3-2958044
Upgrading the version to 4.9.2 will fix the issue, as stated in the Snyk link.