0

I have a Flutter project currently in production, and I have seen a while ago two security vulnerabilities pop up in dependabot, see below:

dependabot

I am not really acquainted with native code, so am unsure on how to fix these dependencies.

Apart from waiting for packages owners to update their libraries, is there a way for me to force a minimum version for the Gemfile?

Guillaume Ferron
  • 306
  • 2
  • 8

1 Answers1

0

Found the issue, it was not related to native code, nor to Flutter code. All was tied to Fastlane and its subdependecies (I use firebase_app_distribution and upload_to_browserstack_app_live packages)

In order to fix, for anyone stumbling upon this question, do these steps:

  1. Makes sure to have the latest fast lane version (fast lane update_fastlane)
  2. Update the locally installed gems (bundle update)
  3. Go to each directory that you have Fastlane installed in (android and iOS in my case), and run fastlane update_plugins.

This should upgrade the packages to the latest versions, hopefully that have fixed the security vulnerabilities.

Guillaume Ferron
  • 306
  • 2
  • 8