What's Changed
Fix initial page_cursor by @MV-GH in #1553
Removing renovate schedule. by @dessalines in #1555
Update plugin com.android.test to v8.5.0 by @renovate in #1561
Update plugin com.andro...
There were dozens of dependency upgrades in this release, I have no idea why you think this specific one has security issues. Either way we don’t have time to read through every line of code of every dep update, but here’s the source code: https://android.googlesource.com/platform/tools/base
If you find something, you might want to submit a PR as it would affect not just ours, but a lot of android projects.
deleted by creator
Is there a reason you’re suspicious about that particular dependency, or are you just asking about dependencies in general?
deleted by creator
It’s not included in the final build artifact. It’s a Gradle plugin.
What’s the context there? We update dependencies very frequently.
deleted by creator
I have no idea what this means. Why is the android testing dependency is less secure than all the other android deps we’ve updated?
If you have a security concern you should raise this with Google using a minimal working example to demonstrate yourself.
Do you have a genuine concern and can you provide a working example of the attack surface in a repository that you can share?
What is the “proper” way?
deleted by creator
There were dozens of dependency upgrades in this release, I have no idea why you think this specific one has security issues. Either way we don’t have time to read through every line of code of every dep update, but here’s the source code: https://android.googlesource.com/platform/tools/base
If you find something, you might want to submit a PR as it would affect not just ours, but a lot of android projects.
deleted by creator
Open up an issue for your concerns on the google issue tracker, here it is linked for you: https://android.googlesource.com/platform/tools/base
deleted by creator