Due to the CVE report https://nvd.nist.gov/vuln/detail/CVE-2021-0341 , the library com.squareup.okhttp3:okhttp is no longer managed in middle-thirdparty-bom .

No production code delivered as part of Blueprint uses the okhttp library.

The usage of the okhttp library is a transitive dependency in com.graphql-java:graphql-java-extended-scalars:15.0.0 and is only used by the extended scalar 'url', which is not in used by ootb delivered schemas in HeadlessServer. If adapted or custom schemas use the extended scalar 'url', the invoking property should be tested by the implementers of the corresponding schema. According to https://square.github.io/okhttp/changelogs/upgrading_to_okhttp_4/ a 4.x version can be used in this case.

(CMS-21805)