this post was submitted on 02 May 2024

397 points (92.7% liked)

Programmer Humor

27175 readers

1268 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

397

STOP DOING DEPENDENCY INJECTION (sopuli.xyz)

submitted 2 years ago by bort@sopuli.xyz to c/programmer_humor@programming.dev

74 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] frazorth@feddit.uk 2 points 2 years ago

Gradle, with it's transitive dependency modifications is a huge pain in this area.

It used to be that if a library ended up having a flaw then it would be flagged and we would get the dependency updated. These days security block the "security risk" and you have to replace your dependencies dependency. Fingers crossed you can get it to actually test all the code paths.

If an second level project gets a flaw, and it's used indirectly then we should really look at getting the import updated so that we know it works. If that import is abandoned then we should not be updating that second level dependency, either adopt and fix the first level dependency or look at an alternative.