From c8cad193dc028d82702e62883588179e4fc7297c Mon Sep 17 00:00:00 2001
From: Maruthi Vemuri <mavemuri@cisco.com>
Date: Thu, 7 Sep 2023 17:26:20 +0000
Subject: [PATCH] hotfix: pin okio to 3.5.0 for CVE-2023-3635
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

 ✓  mavemuri@mavemuri-ndb-bld  ~/apic-cves  japi-compliance-checker -lib okio okio-3.0.0.jar okio-3.5.0.jar
Preparing, please wait ...
WARNING: set #1 version number to 3.0.0 (use --v1=NUM option to change it)
Using Java 11.0.14.1
Reading classes 3.0.0 ...
WARNING: empty dump
WARNING: set #2 version number to 3.5.0 (use --v2=NUM option to change it)
Reading classes 3.5.0 ...
WARNING: empty dump
Comparing classes ...
Creating compatibility report ...
Binary compatibility: 100%
Source compatibility: 100%
Total binary compatibility problems: 0, warnings: 0
Total source compatibility problems: 0, warnings: 0
---
 pom.xml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/pom.xml b/pom.xml
index 93080f7d..ce666983 100644
--- a/pom.xml
+++ b/pom.xml
@@ -23,6 +23,7 @@
         <protobuf.version>3.24.2</protobuf.version>
         <testcontainers.version>1.19.0</testcontainers.version>
         <kafka-libs.version>7.4.1</kafka-libs.version>
+        <okio.version>3.5.0</okio.version>
     </properties>
 
     <scm>
@@ -121,6 +122,16 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>com.squareup.okio</groupId>
+            <artifactId>okio</artifactId>
+            <version>${okio.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.squareup.okio</groupId>
+            <artifactId>okio-jvm</artifactId>
+            <version>${okio.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.avro</groupId>
             <artifactId>avro</artifactId>