You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The repo contain pre-built binary gradle-wrapper.jar at: android/gradle/wrapper/gradle-wrapper.jar
and related gradle-wrapper scripts at: android/gradlew android/gradlew.bat
As they inserted into the repo directly (as source) without package manager, a verification step is needed to ensure a malicious change wasn't introduced to them, see:
The repo contain pre-built binary
gradle-wrapper.jarat:android/gradle/wrapper/gradle-wrapper.jarand related gradle-wrapper scripts at:
android/gradlewandroid/gradlew.batAs they inserted into the repo directly (as source) without package manager, a verification step is needed to ensure a malicious change wasn't introduced to them, see:
Verifying Gradle Wrappers with GitHub Actions
https://blog.gradle.org/gradle-wrapper-checksum-verification-github-action
https://docs.gradle.org/current/userguide/gradle_wrapper.html#wrapper_checksum_verification
To fix this issue, Gradle developed the "Gradle Wrapper Validation" Github action:
https://github.com/marketplace/actions/gradle-wrapper-validation
Which may add in the future verification for scripts as well, see open issue: "Validate gradlew scripts"
gradle/wrapper-validation-action#16
The text was updated successfully, but these errors were encountered: