TechQA.

rexml and addressable security vulnerabilities in Flutter

76 views Asked by At

I have a Flutter project currently in production, and I have seen a while ago two security vulnerabilities pop up in dependabot, see below:

dependabot

I am not really acquainted with native code, so am unsure on how to fix these dependencies.

Apart from waiting for packages owners to update their libraries, is there a way for me to force a minimum version for the Gemfile?

flutter rexml dependabot addressable-gem
Original Q&A
1

There are 1 answers

0
Guillaume Ferron On BEST ANSWER

Found the issue, it was not related to native code, nor to Flutter code. All was tied to Fastlane and its subdependecies (I use firebase_app_distribution and upload_to_browserstack_app_live packages)

In order to fix, for anyone stumbling upon this question, do these steps:

  1. Makes sure to have the latest fast lane version (fast lane update_fastlane)
  2. Update the locally installed gems (bundle update)
  3. Go to each directory that you have Fastlane installed in (android and iOS in my case), and run fastlane update_plugins.

This should upgrade the packages to the latest versions, hopefully that have fixed the security vulnerabilities.

Related Questions in FLUTTER

Related Questions in REXML

Related Questions in DEPENDABOT

Related Questions in ADDRESSABLE-GEM

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions