OkHttp vulnerability issues in Socket.io client dependency

Socket.IO Library has two vulnerabilities which are coming out from the internal OkHttp dependency. I've used the latest socket.io v2.1.0 which is using very old version 3.12.12 of OkHttp. 

Following are the vulnerabilities:

1. [Improper Certificate Validation](https://ossindex.sonatype.org/vulnerability/CVE-2021-0341?component-type=maven&component-name=com.squareup.okhttp3%2Fokhttp&utm_source=ossindex-client&utm_medium=integration&utm_content=1.7.0)

2. [Information Exposure](https://ossindex.sonatype.org/vulnerability/sonatype-2022-4262?component-type=maven&component-name=com.squareup.okhttp3%2Fokhttp&utm_source=ossindex-client&utm_medium=integration&utm_content=1.7.0)


Please give an estimate on when you're planning to fix these vulnerabilities?


PFA the complete vulnerability report,

<img width="1280" alt="Screenshot 2022-10-12 at 4 21 38 AM" src="https://user-images.githubusercontent.com/93917881/195213263-3de583c5-368b-48d7-9eb8-0f29d7923a05.png">


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OkHttp vulnerability issues in Socket.io client dependency #722

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

OkHttp vulnerability issues in Socket.io client dependency #722

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions