Skip to content

fix: bump okio transitive dependency to avoid CVE #211

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 6, 2023
Merged

fix: bump okio transitive dependency to avoid CVE #211

merged 1 commit into from
Sep 6, 2023

Conversation

@padamstx
Copy link
Contributor

@padamstx padamstx commented Sep 6, 2023
edited
Loading

Fixes: #210

@padamstx
fix: bump okio transitive dependency to avoid CVE
95df20d 
Signed-off-by: Phil Adams <phil_adams@us.ibm.com>
@padamstx padamstx self-assigned this Sep 6, 2023
@padamstx padamstx requested a review from pyrooka September 6, 2023 15:02
pyrooka
pyrooka approved these changes Sep 6, 2023
View reviewed changes
Copy link
Member

@pyrooka pyrooka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@padamstx padamstx merged commit 12b367c into main Sep 6, 2023
@padamstx padamstx deleted the fix-cve branch September 6, 2023 15:17
ibm-devx-sdk pushed a commit that referenced this pull request Sep 6, 2023
@semantic-release-bot
chore(release): 9.18.5 release notes
8af3be3 
## [9.18.5](9.18.4...9.18.5) (2023-09-06)

### Bug Fixes

* bump okio transitive dependency to avoid CVE ([#211](#211)) ([12b367c](12b367c))
@ibm-devx-sdk
Copy link
Contributor

🎉 This PR is included in version 9.18.5 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

ricellis added a commit that referenced this pull request Oct 17, 2023
@ricellis
Revert "fix: bump okio transitive dependency to avoid CVE (#211)"
4f3fceb 
This reverts commit 12b367c.

Signed-off-by: Rich Ellis <ricellis@users.noreply.github.com>
padamstx pushed a commit that referenced this pull request Oct 18, 2023
@ricellis
fix: bump okhttp to 4.12.0 (#216)
5644504 
* Revert "fix: bump okio transitive dependency to avoid CVE (#211)"

This reverts commit 12b367c.

Signed-off-by: Rich Ellis <ricellis@users.noreply.github.com>

* build(deps): upgrade okhttp to 4.12.0

Signed-off-by: Rich Ellis <ricellis@users.noreply.github.com>

---------

Signed-off-by: Rich Ellis <ricellis@users.noreply.github.com>
ibm-devx-sdk pushed a commit that referenced this pull request Oct 18, 2023
@semantic-release-bot
chore(release): 9.18.7 release notes
8ad7c65 
## [9.18.7](9.18.6...9.18.7) (2023-10-18)

### Bug Fixes

* bump okhttp to 4.12.0 ([#216](#216)) ([5644504](5644504)), closes [#211](#211)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pyrooka pyrooka pyrooka approved these changes

Assignees

@padamstx padamstx

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Okio package vulnerable to - CVE-2023-3635

3 participants

@padamstx @ibm-devx-sdk @pyrooka