Skip to content

update dependencies #445

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
TomTasche merged 1 commit into from
Dec 2, 2025
Merged

update dependencies #445

TomTasche merged 1 commit into from
Dec 2, 2025

Conversation

@TomTasche
Copy link
Member

@TomTasche TomTasche commented Dec 2, 2025

No description provided.

@TomTasche TomTasche merged commit 766389d into main Dec 2, 2025
1 of 2 checks passed
@TomTasche TomTasche deleted the update-dependencies-251202 branch December 2, 2025 12:17
@claude
Copy link

claude bot commented Dec 2, 2025
edited
Loading

Claude finished @TomTasche's task —— View job

Todo List:

  • Read and analyze the changed files
  • Review dependency updates for compatibility and security
  • Provide comprehensive review feedback

PR Review: Update Dependencies

I've reviewed the dependency updates in PR #445. Here's my feedback:

📋 Summary

This PR updates key dependencies across the Android project, including NDK version, Android SDK versions, and various AndroidX/Google libraries. While the updates appear reasonable, there are some areas that need attention.

🔍 Code Quality & Best Practices

Positive Aspects:

  • ✅ Good practice updating to the latest stable versions of core dependencies
  • ✅ Consistent version updates across related libraries (e.g., all AndroidX test libraries updated together)
  • ✅ Firebase BOM pattern used correctly for managing Firebase dependencies

Areas for Improvement:

  1. Missing PR Description: The PR lacks a description of what was updated and why. This makes it harder to review and understand the changes in the future.

  2. NDK Version Change: The NDK version was updated from 26.3.11579264 to 28.1.13356709 (app/build.gradle:11). This is a significant jump that could introduce compatibility issues with native code.

  3. Removed Property: The android.defaults.buildfeatures.buildconfig=true property was removed from gradle.properties. While this is now set explicitly in app/build.gradle:119, the removal should have been documented.

🐛 Potential Bugs or Issues

  1. NDK Compatibility: The NDK version jump from 26.x to 28.x could potentially break native code compilation. Did you verify that all native dependencies (Conan packages, CMake configurations) work correctly with the new NDK?

  2. Gradle Plugin Version: The Android Gradle Plugin was updated to 8.13.1 (build.gradle:2), which is quite recent. Ensure this is compatible with your CI/CD environment and all developer machines.

⚡ Performance Considerations

  1. Compilation Performance: The newer NDK and Gradle plugin versions should provide better build performance, but initial builds might be slower as developers need to download new toolchains.

  2. App Size: Some dependency updates might affect the final APK/AAB size. Consider checking the size difference before and after these updates.

🔒 Security Concerns

  1. Positive Security Updates:

    • ✅ AndroidX libraries updated to latest versions with security patches
    • ✅ Google Play Services updated to 24.3.0 which includes security fixes
    • ✅ Firebase BOM updated to 34.1.0 with latest security patches

  2. Recommendations:

    • Consider running a dependency vulnerability scan to ensure no known CVEs exist in the updated versions
    • The Firebase Crashlytics plugin (3.0.6) might have newer versions available - verify if this is the latest

🧪 Test Coverage

  1. Missing Test Information: The PR doesn't indicate whether tests were run after the dependency updates. Given the scope of changes:

    • Were instrumented tests run on different Android versions?
    • Was the native code compilation tested across all supported architectures?
    • Were release builds tested to ensure ProGuard/R8 rules still work correctly?

  2. AndroidManifest Changes: The manifest file shows simplification (removing <uses-library> entries). Were these libraries truly unused, or might their removal affect certain device configurations?

📝 Additional Recommendations

  1. Gradual Updates: For future dependency updates, consider updating in smaller batches (e.g., AndroidX separately from build tools) to make it easier to identify issues.

  2. Documentation: Add a changelog or update notes explaining:

    • Why each dependency was updated
    • Any breaking changes developers should be aware of
    • Migration steps if needed

  3. Verification Steps: Consider adding a checklist for dependency updates:

    • Run full test suite
    • Build all product flavors
    • Test on minimum and target SDK devices
    • Verify native code compilation
    • Check APK size changes

  4. Version Alignment: Good job keeping related dependencies aligned (e.g., all androidx.test libraries at compatible versions).

Overall, while the dependency updates appear to follow good practices, the lack of context and testing information makes it difficult to fully assess the safety of these changes. Future dependency update PRs would benefit from more detailed descriptions and explicit testing confirmation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TomTasche