CVE-2023-3635: related to dependency com.squareup.okio:okio-jvm:3.0.0

[johnowl]

Expected behavior

Have no security warnings in my application because microsoft-graph-core is using a vulnerable dependency. There is already a new version without the vulnerability.

Actual behavior

The dependency is vulnerable to a certain attack, according to https://nvd.nist.gov/vuln/detail/CVE-2023-3635

Steps to reproduce the behavior

N/A

[ramsessanchez]

Hi @johnowl , thanks for this catch! Will be updating the okhttp3 dependency which takes a dependency on the okio package.