Not going back to Jerboa unless the basic feature of searching contents other than just communities is implemented. I find this fundamental feature sorely lacking in Jerboa while every other app around there have this.
\
https://github.com/LemmyNet/jerboa/issues/27
\
Kind of surprising, because this is pretty basic feature, and has been open for over two years.
Update plugin com.android.test to v8.5.0 by @renovate in #1561
Was it properly checked for backdoor injections?
Is there a reason you’re suspicious about that particular dependency, or are you just asking about dependencies in general?
I’m worried about that one specifically. Dependencies in general can be suspicious if they come from untrusted sources but in that case it’s suspicious by being related to testing (like the xz thing was) that shouldn’t even be in a released app anyways.
It’s not included in the final build artifact. It’s a Gradle plugin.
If you have a security concern you should raise this with Google using a minimal working example to demonstrate yourself.
Do you have a genuine concern and can you provide a working example of the attack surface in a repository that you can share?
What’s the context there? We update dependencies very frequently.
The context is the name of the dependency and its very questionable purpose.
I have no idea what this means. Why is the android testing dependency is less secure than all the other android deps we’ve updated?
