Skip to content

Commit 2ffd99c

Browse files
Copilotmohitc1
andauthored
Update Moshi to 1.15.2 to resolve okio CVE-2023-3635, Fixes AB#3534792 (#3005)
- [x] Update `moshiVersion` and `moshiAdaptersVersion` from `1.14.0` to `1.15.2` in `gradle/versions.gradle` - [x] Remove the now-unnecessary okio version constraint from `common/build.gradle` - [x] Add changelog entry with correct PR number suffix (#3005) - [x] Run code review and security checks Fixes [AB#3534792](https://identitydivision.visualstudio.com/fac9d424-53d2-45c0-91b5-ef6ba7a6bf26/_workitems/edit/3534792) <!-- START COPILOT CODING AGENT TIPS --> --- ✨ Let Copilot coding agent [set things up for you](https://github.com/AzureAD/microsoft-authentication-library-common-for-android/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot) — coding agent works faster and does higher quality work when set up for your repo. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: mohitc1 <22034758+mohitc1@users.noreply.github.com>
1 parent 0cef742 commit 2ffd99c

3 files changed

Lines changed: 3 additions & 8 deletions

File tree

changelog.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ vNext
22
----------
33
- [MINOR] Remove LruCache from SharedPreferencesFileManager (#2910)
44
- [MINOR] Edge TB: Claims (#2925)
5+
- [PATCH] Update Moshi to 1.15.2 to resolve okio CVE-2023-3635 vulnerability (#3005)
56

67
Version 24.0.1
78
----------

common/build.gradle

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -239,12 +239,6 @@ dependencies {
239239
implementation "com.google.android.libraries.identity.googleid:googleid:$rootProject.ext.GoogleIdVersion"
240240
implementation "com.github.stephenc.jcip:jcip-annotations:$rootProject.ext.jcipAnnotationVersion"
241241

242-
constraints {
243-
implementation ("com.squareup.okio:okio:3.4.0") {
244-
because "Versions previous to 3.4.0 are associated with a signed to unsigned conversion error vulnerability. See this CVE: https://github.com/advisories/GHSA-w33c-445m-f8w7"
245-
}
246-
}
247-
248242
compileOnly "com.github.spotbugs:spotbugs-annotations:$rootProject.ext.spotBugsAnnotationVersion"
249243

250244
compileOnly "org.projectlombok:lombok:$rootProject.ext.lombokVersion"

gradle/versions.gradle

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,8 +47,8 @@ ext {
4747
daggerVersion = "2.31.2"
4848
daggerCompilerVersion = "2.31.2"
4949
msal4jVersion = "1.20.1"
50-
moshiVersion = "1.14.0"
51-
moshiAdaptersVersion = "1.14.0"
50+
moshiVersion = "1.15.2"
51+
moshiAdaptersVersion = "1.15.2"
5252
openpojoVersion = "0.9.1"
5353
equalsVerifierVersion = "3.6.1"
5454
jsonGeneratorVersion = "0.4.7"

0 commit comments

Comments
 (0)