Update `react-native-webrtc`

[licaon-kter]

......to fix CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx

Wait on upstream: https://github.com/react-native-webrtc/react-native-webrtc/issues/1480

[balzack]

thanks for the heads up

[balzack]

I'm about to publish a release with the updated react-native-webrtc, but I am seeing this error in my local build:

2024-03-12 19:38:34,445 ERROR: Unused scanignore path: app/mobile/node_modules/react-native-webrtc 2024-03-12 19:38:34,445 ERROR: Could not build app com.databag: Can't build due to 1 error while scanning

The build succeeds without that line, but I don't understand why that line is no longer needed. Should I submit a PR to remove that scanignore?

[licaon-kter]

Do that, will look at the CI output then.

[balzack]

Should I remove the scanignore on the last built version in the yml ...or publish a new release, allow the build to fail, and do the PR on that failed version yml?

[licaon-kter]

Don't edit an already built version. Open a MR with a new build block, or if on autoupdate and if updated, with a one-line fix.

[balzack]

I opened a MR with a new build block. I apologize if I missed something obvious. Thank you for your help.

[balzack]

@licaon-kter is there any concern with me adding http support:

  android:usesCleartextTraffic="true"

Several people have requested that I support IP based addressing for communication over their LAN. The above line would need to be added to the AndroidManifest.xml

[licaon-kter]

It's not, but it's discouraged... :(

[balzack]

Sounds good. I will leave it off and inform the users that it's not supported. If they really really want it, I can make an APK available for them. Thanks for keeping fdroid awesome!

[licaon-kter]

I mean, self-signed does not work? That's half way there, not cleartext but no need for CAs and etc.

[balzack]

I think that might work, but I don't imagine it's easy to load the self-signed cert into the phone OS to establish trust with that server.