'rexml and addressable security vulnerabilities in Flutter
I have a Flutter project currently in production, and I have seen a while ago two security vulnerabilities pop up in dependabot, see below:
I am not really acquainted with native code, so am unsure on how to fix these dependencies.
Apart from waiting for packages owners to update their libraries, is there a way for me to force a minimum version for the Gemfile?
Solution 1:[1]
Found the issue, it was not related to native code, nor to Flutter code. All was tied to Fastlane and its subdependecies (I use firebase_app_distribution and upload_to_browserstack_app_live packages)
In order to fix, for anyone stumbling upon this question, do these steps:
- Makes sure to have the latest fast lane version (
fast lane update_fastlane) - Update the locally installed gems (
bundle update) - Go to each directory that you have Fastlane installed in (android and iOS in my case), and run
fastlane update_plugins.
This should upgrade the packages to the latest versions, hopefully that have fixed the security vulnerabilities.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Guillaume Ferron |