What's Changed
Fix initial page_cursor by @MV-GH in #1553
Removing renovate schedule. by @dessalines in #1555
Update plugin com.android.test to v8.5.0 by @renovate in #1561
Update plugin com.andro...
There were dozens of dependency upgrades in this release, I have no idea why you think this specific one has security issues. Either way we don’t have time to read through every line of code of every dep update, but here’s the source code: https://android.googlesource.com/platform/tools/base
If you find something, you might want to submit a PR as it would affect not just ours, but a lot of android projects.
Reading through the code of the dependency is not required. What is required is reading through the merge request to see if the dependency isn’t used for malicious or wasteful purposes. Checking on the authenticity of the dependency is a good idea too.
It’s not the dependency itself that concerns me. It’s the usage of it in the app. As we already know, it’s easy to insert trojan code in testing procedures.
What is the “proper” way?
Check the code for suspicious lines and then check the compiled app for network traffic etc
There were dozens of dependency upgrades in this release, I have no idea why you think this specific one has security issues. Either way we don’t have time to read through every line of code of every dep update, but here’s the source code: https://android.googlesource.com/platform/tools/base
If you find something, you might want to submit a PR as it would affect not just ours, but a lot of android projects.
Reading through the code of the dependency is not required. What is required is reading through the merge request to see if the dependency isn’t used for malicious or wasteful purposes. Checking on the authenticity of the dependency is a good idea too.
Open up an issue for your concerns on the google issue tracker, here it is linked for you: https://android.googlesource.com/platform/tools/base
It’s not the dependency itself that concerns me. It’s the usage of it in the app. As we already know, it’s easy to insert trojan code in testing procedures.