Use okio-bom in dependency management to control the version (#269)

* Add okio-bom with version 3.5.0 to dependency management * This fixes a CVE from 3.2.0 related to a type conversion error; see square/okio#1280
kiwiproject · Aug 19, 2023 · ce9a367 · ce9a367
1 parent 0759326
commit ce9a367
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/pom.xml b/pom.xml
@@ -55,6 +55,7 @@
         <!-- Versions for required dependencies -->
         <immutables.version>2.9.3</immutables.version>
         <kiwi-bom.version>2.0.0</kiwi-bom.version>
+        <okio.version>3.5.0</okio.version>
         <retrofit.version>2.9.0</retrofit.version>
 
         <!-- Versions for test dependencies -->
@@ -79,6 +80,14 @@
                 <scope>import</scope>
             </dependency>
 
+            <dependency>
+                <groupId>com.squareup.okio</groupId>
+                <artifactId>okio-bom</artifactId>
+                <version>${okio.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+
             <dependency>
                 <groupId>org.testcontainers</groupId>
                 <artifactId>testcontainers-bom</artifactId>