From 01c5a7e25448f92128b692a8b031677af4758e83 Mon Sep 17 00:00:00 2001
From: Abhinav Gupta <abhinav.gupta@contentstack.com>
Date: Tue, 30 Jul 2024 16:17:43 +0530
Subject: [PATCH] fix: added transitive dependency constraints and updated sdk
 download link

---
 README.md                 |  2 +-
 contentstack/build.gradle | 19 +++++++++++++++++--
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 62856166..47498c8b 100644
--- a/README.md
+++ b/README.md
@@ -41,7 +41,7 @@ Or,
 
 To add the Contentstack Android SDK to your existing project manually, perform the steps given below:
 
-1. [Download the Android SDK](https://docs.contentstack.com/platforms/android/android_sdk_latest)
+1. [Download the Android SDK](https://github.com/contentstack/contentstack-android/archive/refs/heads/master.zip)
    and extract the ZIP file to your local disk.
 2. Add references/dependencies using Eclipse/Android Studio:
 
diff --git a/contentstack/build.gradle b/contentstack/build.gradle
index 3e96408e..9ff1611d 100755
--- a/contentstack/build.gradle
+++ b/contentstack/build.gradle
@@ -160,10 +160,25 @@ dependencies {
     implementation 'com.github.rjeschke:txtmark:0.12'
     // // Retrofit
     implementation("com.squareup.retrofit2:retrofit:2.9.0")
-    implementation 'com.squareup.retrofit2:converter-gson:2.9.0'
+    implementation 'com.squareup.retrofit2:converter-gson'
     // // OkHttp
-    implementation 'com.squareup.okhttp3:okhttp:4.9.3'
+    implementation 'com.squareup.okhttp3:okhttp'
     // implementation 'com.squareup.okhttp3:logging-interceptor:4.9.3'
+
+    constraints {
+        implementation('com.squareup.retrofit2:converter-gson:2.9.0') {
+            because 'gson 2.8.5 used by retrofit has a vulnerability'
+        }
+        implementation('com.google.code.gson:gson@2.8.9') {
+            because 'gson 2.8.5 used by retrofit has a vulnerability'
+        }
+        implementation('com.squareup.okhttp3:okhttp:4.9.3') {
+            because 'kotlin stdlib 1.4.10 used by okhttp has a vulnerability'
+        }
+        implementation('org.jetbrains.kotlin:kotlin-stdlib@1.6.0') {
+            because 'kotlin stdlib 1.4.10 used by okhttp has a vulnerability'
+        }
+    }
 }
 tasks.register('clearJar', Delete) { delete 'build/libs/contentstack.jar' }
 tasks.register('unzip', Copy) {