How to handle libraries that are not explicitly added by me, but pulled by other SPMs that I use in my project? For example Firebase SPM pulls other packages like Abseil, nanopb etc. Do I need to handle those, and make sure they contain privacy manifests, or is Firebase package "responsible" for those?
No 3rd party is responsible for anyhting.
You as an app developer are responsible for the code you are shipping. That is why you also have to add the privacy manifest yourself if it's not provided by a 3rd party.
Same to me.
When I upgraded Firebase to 10.23.0 via spm, the nanopb version it supports does not include the privacy manifest file.
Would like to know how to handle this situation?
url: "https://github.com/firebase/nanopb.git",
"2.30909.0" ..< "2.30911.0"
),