This is a security update that fixes a sandbox escape where a
malicious application can execute code outside the sandbox
by controlling the environment of the "flatpak run" command
when spawning a sub-sandbox.
See the advisory for details:
GHSA-4ppf-fxf6-vxg2
$ sha256sum flatpak-1.8.5.tar.xz
338dc47398ef0b9bd95d14b6a321f6ee4d9ae53fdb06dc0f8901d6440319d47c flatpak-1.8.5.tar.xz