google-maps-services-java
google-maps-services-java copied to clipboard
fix: Downgrade OkHttp 5.0.0-alpha.7 -> 4.10.0
This change partially reverts the upgrade performed in #829, and is an alternative fix for #816. OkHttp 4.10.0 depends on Kotlin 1.6.20, which is not vulnerable to CVE-2020-29582.
This downgrade also resolves #832.
See:
- https://square.github.io/okhttp/changelogs/changelog_4x/#version-4100
- https://nvd.nist.gov/vuln/detail/CVE-2020-29582
A release with this change would help us, as our build enforces requireUpperBoundDeps
. If we explicitly downgrade OkHttp to avoid an alpha release (which we don't want to use in production) then the maven-enforcer-plugin
complains.
:tada: This PR is included in version 2.1.1 :tada:
The release is available on:
-
v2.1.1
- GitHub release
Your semantic-release bot :package::rocket: