Fix Vulnerability in grpc-okhttp Dependency (CVE-2023-3635)

[msemitkin]

The java-grpc-prometheus library utilizes grpc-okhttp, which in turn relies on the okio library. The okio library, specifically version 2.10.0, contains a critical security vulnerability identified as CVE-2023-3635. This vulnerability has been assigned a CVSS score of 7.5 and falls under the CWE categories 195 (Signed to Unsigned Conversion Error) and 681 (Incorrect Conversion between Numeric Types).

The vulnerability arises from the mishandling of exceptions in the GzipSource class within the okio library. When parsing a malformed gzip buffer, an exception may not be properly handled, potentially leading to a denial of service for applications utilizing grpc-okhttp, including the java-grpc-prometheus library.

Addressing this vulnerability is essential to maintain the integrity and security of systems relying on the java-grpc-prometheus library. Your attention to this matter is greatly appreciated.