During upgrade to react-native 0.59.9 we're adding the following pods: - DoubleConversion - glog - Folly
(We're adding these to solve some build problems after the upgrade as recommended in a number of places including https://github.com/facebook/react-native/issues/23886 )
The problem is code in those pods is now being flagged as insecure in many cases by our static code analysis tool 'Checkmarx'. Most of the issues raised are in the form: "The buffer allocated by [variable] in [file in pods directory] does not correctly account for the actual size of the value, resulting in an incorrect allocation that is off by one."
Will the code in these pods only be used during the build? (We don't reference them from our own react-native app). Even if that is the case, would the pods still add a risk just by being part of our App?
Please don't think I'm trying to say any of these pods are unsafe - merely that our analysis tool is flagging them now that we've added them to our app. If they are not a running part of the final app then perhaps this is not a problem?
