Forced dependency versions and excluded dependencies

[ArnyminerZ]

Got rid of unnecessary transitive dependencies and forced the required ones to their respective latest versions.

Both lang3 and commons-codec are required, but I've forced them to use the latest version. Everything seems to work fine.

[ArnyminerZ]

I don't know if this will solve any of the security issues reported since most of them are related to bouncycastle, which I don't even know if we are using, since it doesn't show up in the dependency inspector in Android Studio.

[sunkup]

Looks okay to me. At least I don't see the security warnings right now :)

[rfc2822]

When running the instrumented tests on Android 7 (we set the minimum SDK to Android 6; I run the tests manually to see whether there are errors on Java<8 Android versions), I get 3 errors:

java.lang.AbstractMethodError: 'public abstract int java.io.Reader.read(char[],int,int) throws java.io.IOException' cannot be called

No virtual method getLongVersionCode()J in class Landroid/content/pm/PackageInfo; or its super classes (declaration of 'android.content.pm.PackageInfo' appears in /system/framework/framework.jar)
at at.bitfire.ical4android.JtxICalObjectTest.check_GEOFENCE_RADIUS

No virtual method getLongVersionCode()J in class Landroid/content/pm/PackageInfo; or its super classes (declaration of 'android.content.pm.PackageInfo' appears in /system/framework/framework.jar)
at at.bitfire.ical4android.JtxICalObjectTest.check_XSTATUS(JtxICalObjectTest.kt:142)

We should find out where these errors come from. I think the jtx board errors use a too new API that is only required for the tests, we could adapt that.

The ICalPreprocessorTest error is an "AbstractMethodError", no idea where it comes from. I think it's because mockk requires Android P for mocking objects. Please have a look at the mockk documentation and then annotate the test so that it isn't run on Android P.

[ArnyminerZ]

The issue in IcalPreprocessorTest I think comes from mockk, since mockmObject is not supported on Android < P.

I think we can either ignore this test in Android < P with something like

assumeTrue(
    "Can only run on API Level 24 or newer because mockkObject doesn't support Android < P (SDK 28)",
    Build.VERSION.SDK_INT >= 24
)

which shouldn't be a problem I think, or modify somehow the code to use the verify function without the need of mockkObject.

The first thing that comes to my mind to do this is to make all preprocessors open classes, and reference them through something like

@set:VisibleForTesting
var FixInvalidDayOffsetPreprocessor = FixInvalidDayOffsetPreprocessorImpl()

open class FixInvalidDayOffsetPreprocessorImpl : StreamPreprocessor() {
    // ...
}

And then override fixString with something like:

object FixInvalidDayOffsetPreprocessorTestImpl : StreamPreprocessor() {
    var called: Boolean = false

    fun reset() {
        called = false
    }

    override fun fixString(original: String): String {
        val result = super.fixString(original)
        called = true
        return result
    }
}

And use it somehow in the test with something like

@Test
fun testPreprocessStream_appliesStreamProcessors() {
    try {
        FixInvalidDayOffsetPreprocessor = FixInvalidDayOffsetPreprocessorTestImpl.also { it.reset() }
        FixInvalidUtcOffsetPreprocessor = FixInvalidUtcOffsetPreprocessorTestImpl.also { it.reset() }

        ICalPreprocessor.preprocessStream(StringReader(""))

        assertTrue(FixInvalidDayOffsetPreprocessorTestImpl.called)
        assertTrue(FixInvalidUtcOffsetPreprocessorTestImpl.called)
    } finally {
        FixInvalidDayOffsetPreprocessor = FixInvalidDayOffsetPreprocessorImpl()
        FixInvalidUtcOffsetPreprocessor = FixInvalidUtcOffsetPreprocessorImpl()
    }
}

It should work (not sure about the syntax, I've written it manually). But it's really dirty, and I think not really worth it.

[rfc2822]

Yes, looks good :)