Upgrade JUnit 4 to 4.13.2 to resolve CVE-2020-15250#1878
Conversation
Upgraded 'androidx.test.ext:junit' from '1.1.1' to '1.1.5', which transitively pulls in the patched 'junit:junit:4.13.2'. Note: We chose '1.1.5' over newer versions (like '1.3.0') to avoid dependency conflicts with the project's older Kotlin (1.3.72) and Gradle (7.4.2) configurations.
There was a problem hiding this comment.
Code Review
This pull request updates test dependencies in the Android integration and UI testing Gradle configurations, upgrading androidx.test.ext:junit to 1.1.5 and junit:junit to 4.13.2. Feedback points out that the comment in the UI testing module incorrectly mentions Kotlin compatibility, as the module does not use Kotlin, and suggests updating the comment to only reference Gradle compatibility.
| // 1.1.5 is used instead of newer versions (e.g. 1.3.0) to maintain compatibility | ||
| // with the project's older Kotlin and Gradle versions. |
There was a problem hiding this comment.
The uitest_android module does not use Kotlin (it only applies the com.android.application plugin and contains Java test files). Mentioning Kotlin in this comment is inaccurate. Please update the comment to only refer to the Gradle version compatibility.
// 1.1.5 is used instead of newer versions (e.g. 1.3.0) to maintain compatibility
// with the project's older Gradle version.
There was a problem hiding this comment.
Ok but like transitively this due to the kotlin version. I think flagging that we upgrade kotlin / gradle we can move past this.
❌ Integration test FAILEDRequested by @AustinBenoit on commit c7b137d
Add flaky tests to go/fpl-cpp-flake-tracker |
Description
Upgraded 'androidx.test.ext:junit' from '1.1.1' to '1.1.5', which transitively pulls in the patched 'junit:junit:4.13.2'.
Note: We chose '1.1.5' over newer versions (like '1.3.0') to avoid dependency conflicts with the project's older Kotlin (1.3.72) and Gradle (7.4.2) configurations.
Testing
Run full set of integration test
Type of Change
Place an
xthe applicable box:Notes
Release Notessection ofrelease_build_files/readme.md.