• GolfNovemberUniform
    link
    fedilink
    arrow-up
    2
    arrow-down
    2
    ·
    edit-2
    4 months ago

    I’m worried about that one specifically. Dependencies in general can be suspicious if they come from untrusted sources but in that case it’s suspicious by being related to testing (like the xz thing was) that shouldn’t even be in a released app anyways.

    • pingveno
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      It’s not included in the final build artifact. It’s a Gradle plugin.