Skip to content

Update dependency com.android.tools.build:gradle to v8 - autoclosed#1689

Closed
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/com.android.tools.build-gradle-8.x
Closed

Update dependency com.android.tools.build:gradle to v8 - autoclosed#1689
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/com.android.tools.build-gradle-8.x

Conversation

@renovate

@renovate renovate Bot commented Apr 13, 2023

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
com.android.tools.build:gradle (source) 7.4.2 β†’ 8.13.2 age confidence

Configuration

πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/com.android.tools.build-gradle-8.x branch 7 times, most recently from 444e93c to 681ad8c Compare April 16, 2023 08:01
@leotm leotm added the agp Android Gradle Plugin label Apr 17, 2023
@renovate renovate Bot force-pushed the renovate/com.android.tools.build-gradle-8.x branch 2 times, most recently from 5f753f7 to 039005c Compare April 18, 2023 23:29
@renovate renovate Bot force-pushed the renovate/com.android.tools.build-gradle-8.x branch from 039005c to 56ad218 Compare May 1, 2023 19:30
@renovate renovate Bot force-pushed the renovate/com.android.tools.build-gradle-8.x branch 15 times, most recently from 8c0291b to ddd5b87 Compare May 10, 2023 10:13
@renovate renovate Bot force-pushed the renovate/com.android.tools.build-gradle-8.x branch 4 times, most recently from 3a5b63b to 697a648 Compare May 22, 2023 18:56
@renovate renovate Bot force-pushed the renovate/com.android.tools.build-gradle-8.x branch 16 times, most recently from 98d82b7 to 8e65d38 Compare August 1, 2023 19:27
@renovate renovate Bot force-pushed the renovate/com.android.tools.build-gradle-8.x branch 4 times, most recently from 4fe5bef to fa1888c Compare August 10, 2023 18:51
@renovate renovate Bot force-pushed the renovate/com.android.tools.build-gradle-8.x branch from fa1888c to 7cbbf3c Compare August 22, 2023 04:58
@renovate renovate Bot force-pushed the renovate/com.android.tools.build-gradle-8.x branch from 7cbbf3c to db4322c Compare September 28, 2023 20:06
@renovate renovate Bot force-pushed the renovate/com.android.tools.build-gradle-8.x branch from db4322c to eeaa8cc Compare November 7, 2023 23:06
@renovate renovate Bot force-pushed the renovate/com.android.tools.build-gradle-8.x branch from eeaa8cc to 4ea5c74 Compare November 16, 2023 20:23
@renovate renovate Bot force-pushed the renovate/com.android.tools.build-gradle-8.x branch from 4ea5c74 to 3fdd110 Compare November 30, 2023 18:29
@renovate renovate Bot force-pushed the renovate/com.android.tools.build-gradle-8.x branch from 3fdd110 to 06cf3e7 Compare January 3, 2024 19:07
@renovate renovate Bot force-pushed the renovate/com.android.tools.build-gradle-8.x branch from 06cf3e7 to 1ef03d5 Compare January 23, 2024 19:12
@renovate renovate Bot force-pushed the renovate/com.android.tools.build-gradle-8.x branch from 1ef03d5 to d4d1bb2 Compare February 29, 2024 19:48
@socket-security

socket-security Bot commented Nov 28, 2025

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "β–Ά" to expand/collapse)
Warn Critical
Critical CVE: npm cipher-base is missing type checks, leading to hash rewind and passing on crafted data

CVE: GHSA-cpq7-6gpm-g9rc cipher-base is missing type checks, leading to hash rewind and passing on crafted data (CRITICAL)

Affected versions: < 1.0.5

Patched version: 1.0.5

From: ? β†’ npm/cipher-base@1.0.4

β„Ή Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/cipher-base@1.0.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

agp Android Gradle Plugin

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant