Update apollo graphQL 3.X to use com.squareup.okio:okio:3.9.0

[snijsure]

Version

3.8.3

Summary

Currently apolllo runtime has dependency on com.squareup.okio:okio:3.2.0

That version of okio has this CVE - https://nvd.nist.gov/vuln/detail/CVE-2023-3635

Can this okio dependency updated to version 3.9.0 where this CVE is fixed?

|    |    |    |    |    +--- com.apollographql.apollo3:apollo-runtime:3.7.5
|    |    |    |    |    |    \--- com.apollographql.apollo3:apollo-runtime-jvm:3.7.5
|    |    |    |    |    |         +--- com.squareup.okhttp3:okhttp:4.9.3 -> 4.11.0 (*)
|    |    |    |    |    |         +--- com.apollographql.apollo3:apollo-api:3.7.5
|    |    |    |    |    |         |    \--- com.apollographql.apollo3:apollo-api-jvm:3.7.5
**|    |    |    |    |    |         |         +--- com.squareup.okio:okio:3.2.0 (*)**
|    |    |    |    |    |         |         +--- com.benasher44:uuid:0.3.1
|    |    |    |    |    |         |         |    \--- com.benasher44:uuid-jvm:0.3.1
|    |    |    |    |    |         |         |         +--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.5.30 -> 1.9.22 (*)
|    |    |    |    |    |         |         |         \--- org.jetbrains.kotlin:kotlin-stdlib-common:1.5.30 -> 1.9.22 (*)
|    |    |    |    |    |         |         \--- com.apollographql.apollo3:apollo-annotations:3.7.5
|    |    |    |    |    |         |              \--- com.apollographql.apollo3:apollo-annotations-jvm:3.7.5
|    |    |    |    |    |         |                   +--- org.jetbrains.kotlin:kotlin-stdlib:1.6.21 -> 1.9.22 (*)
|    |    |    |    |    |         |                   \--- org.jetbrains:annotations:23.0.0

Steps to reproduce the behavior

No response

Logs

(Your logs here)

[BoD]

Hi! Thanks for reporting. The bump to 3.9.0 is here.

In the meantime, you can add the okio 3.9.0 dependency to your project and Gradle will use that one.