Assigned
Status Update
No update yet.
Comments
ca...@google.com
Thank you for posting.
We are currently looking into this and will get back to you as soon as we have an update.
ca...@google.com
Thanks for your suggestion!
We'll be reviewing this for further consideration. Please star this issue to get updates and leave comments for additional information. Please note that starring the issue also provides our product team with valuable feedback on the importance of the issue to our customers.
Description
----------------
Please update okhttp dependency. The okhttp 2.7.2 that used it Places SDK (since v3.3.0) is outdated in 2016. The package is moved to another namespace (com.squareup.okhttp:okhttp => com.squareup.okhttp3:okhttp) and can't be automatically replaced by Gradle during a build. Adding Places SDK as a dependency enforces every project that using it to consume this outdated and vulnerable okhttp version.
What steps will reproduce the problem?
1. add Places SDK to your project.
2. try to build
3. see com.squareup.okhttp:okhttp:2.7.2 is downloaded instead of 'com.squareup.okhttp3:okhttp:4.XX.XX'
Affected all versions of Places SDK since 3.3.0 until the most recent 4.12.0.
We are unable to update our Places SDK to 3+ or 4+ because of this issue.