Update

[omeritzics]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on modernizing the application's underlying architecture and user interface. Key changes include updating Android build configurations for better compatibility, refactoring UI components to align with Material Design 3 principles, and streamlining core functionalities like icon loading and translation management. These updates aim to improve maintainability, enhance user experience with a refreshed look, and ensure the app remains current with platform best practices.

Highlights

• Android Build Configuration Updates: The Android project has undergone significant updates, including changes to compileSdk, minSdk, targetSdk, Java/Kotlin versions, and Gradle, ensuring compatibility with the latest Android development standards.
• Package ID Renaming: The Android package ID has been updated from com.omeritzics.updatium to io.github.omeritzics.updatium across various manifest files and build configurations.
• Button Component Refactor: Custom button helper functions have been migrated to use official Flutter TextButton and TextButton.icon widgets, introducing AppTextButton and AppTextButtonWithIcon for consistent Material Design 3 styling.
• Icon Loading System Simplification: The custom icon caching and prefetching system has been removed. Icon loading now prioritizes installed app icons and falls back to direct remote URL fetching, simplifying the icon pipeline.
• Enhanced Material Design 3 Styling: The application's UI has been updated with more expressive Material Design 3 elements, including refined input fields, dropdowns, chip themes, and a pure black theme for AMOLED displays.
• New Translation Management System: A comprehensive translation management system has been introduced, featuring automated tools for detecting missing/unused keys, auto-translation via LibreTranslate, and validation, streamlining localization efforts.
• Removal of In-App Webview: The in-app webview functionality has been removed, simplifying the app's architecture and potentially improving performance.
• Improved App Export/Import: The app export and import functionality has been enhanced with better error handling, progress indicators, and a migration to the docman library for file operations.

Changelog

• .flutter
  • Updated Flutter submodule commit to a newer version.
• BUTTON_MIGRATION_GUIDE.md
  • Added a new migration guide for button components, detailing the transition from custom helpers to official Flutter widgets.
• README.md
  • Updated download badges and added a new 'Features' section with details on improved design, additional features, and localization. The disclaimer text was also updated to highlight the official download source.
• android/app/build.gradle.kts
  • Updated Android namespace to 'io.github.omeritzics.updatium'.
  • Increased compileSdk and targetSdk to 36.
  • Increased minSdk to 26.
  • Updated Java sourceCompatibility and targetCompatibility to VERSION_21.
  • Updated Kotlin jvmToolchain to 21.
• android/app/src/debug/AndroidManifest.xml
  • Updated package name to 'io.github.omeritzics.updatium'.
• android/app/src/main/AndroidManifest.xml
  • Updated package name to 'io.github.omeritzics.updatium'.
  • Added tools:replace attributes to the provider tag for android:authorities and android:resource.
  • Updated meta-data name for notification icon to reflect the new package ID.
• android/app/src/main/kotlin/com/omeritzics/updatium/MainActivity.kt
  • Renamed file to io/github/omeritzics/updatium/MainActivity.kt.
  • Updated package declaration to 'io.github.omeritzics.updatium'.
• android/app/src/main/res/xml/file_paths.xml
  • Updated external-path to use the new package ID 'io.github.omeritzics.updatium'.
• android/app/src/profile/AndroidManifest.xml
  • Updated package name to 'io.github.omeritzics.updatium'.
• android/build.gradle.kts
  • Updated compileSdkVersion to 36 for all subprojects.
  • Added logic to configure Android extensions for subprojects after evaluation.
• android/gradle.properties
  • Added android.compileSdk=36.
• android/gradle/wrapper/gradle-wrapper.properties
  • Updated Gradle distribution URL to version 9.3.1.
• android/settings.gradle.kts
  • Updated Kotlin Android plugin version to 2.3.10.
• assets/graphics/icon.svg
  • Removed Inkscape-specific metadata and inkscape:collect attributes, simplifying the SVG structure.
• assets/translations/README.md
  • Added a new README detailing the translation management system, including GitHub Actions workflow, local management scripts, and guidelines.
• assets/translations/ar.json
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/bs.json
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/ca.json
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/cs.json
  • Added 'noAppsSubtext' translation key.
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/da.json
  • Added 'noAppsSubtext' translation key.
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/de.json
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/en-EO.json
  • Added 'noAppsSubtext' translation key.
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/en.json
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/eo.po
  • Added a new Esperanto translation file.
• assets/translations/es.json
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/et.json
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/fa.json
  • Added 'noAppsSubtext' translation key.
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/fr.json
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/gl.json
  • Added 'noAppsSubtext' translation key.
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Removed 'crowdsourcedConfigsLabel' and 'crowdsourcedConfigsShort' keys.
  • Updated disclaimer text.
• assets/translations/he.json
  • Updated translations for 'noReleaseFound', 'noVersionFound', 'githubPATLabel', 'filterReleaseTitlesByRegEx', 'appSourceURL', 'importedAppsIdDisclaimer', 'followSystemThemeExplanation', 'authorName', 'nameAuthor', 'appsRemoved', 'versionCorrectionDisabled', 'filterAPKsByRegEx', 'onlyWorksWithNonVersionDetectApps', 'exemptFromBackgroundUpdates', 'filterVersionsByRegEx', 'appsPossiblyUpdatedNotifChannel', 'partialAPKHash', 'APKLinkHash', 'invertRegEx', 'selfHostedNote', 'badDownload', 'beforeNewInstallsShareToAppVerifier', 'appVerifierInstructionToast', 'stayOneVersionBehind', 'useFirstApkOfVersion', 'zippedApkFilterRegEx', 'tooManyRequestsTryAgainInMinutes' plural forms, 'xAndNMoreUpdatesAvailable' plural forms, 'xAndNMoreUpdatesInstalled' plural forms, 'xAndNMoreUpdatesFailed' plural forms, 'xAndNMoreUpdatesPossiblyInstalled' plural forms.
  • Added 'certificateHash' plural key.
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/hu.json
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/id.json
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/it.json
  • Added 'noAppsSubtext' translation key.
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/ja.json
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/ko.json
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/ml.json
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/nl.json
  • Added 'noAppsSubtext' translation key.
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/pl.json
  • Added 'noAppsSubtext' translation key.
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/pt-BR.json
  • Added 'noAppsSubtext' translation key.
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/pt.json
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/ru.json
  • Added 'noAppsSubtext' translation key.
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/standardize.mjs
  • Modified to conditionally import the translate package and use process.env.LIBRETRANSLATE_URL for auto-translation.
• assets/translations/sv.json
  • Added 'noAppsSubtext' translation key.
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/tr.json
  • Added 'noAppsSubtext' translation key.
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Removed 'crowdsourcedConfigsLabel' and 'crowdsourcedConfigsShort' keys.
  • Updated disclaimer text.
• assets/translations/uk.json
  • Added 'noAppsSubtext' translation key.
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/update-translations.sh
  • Added a new shell script for managing translation files, including checking, updating, auto-translating, validating, and removing unused keys.
• assets/translations/vi.json
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/zh-Hant-TW.json
  • Added 'noAppsSubtext' translation key.
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• assets/translations/zh.json
  • Added 'noAppsSubtext' translation key.
  • Added new translation keys for export and network errors.
  • Removed 'showWebInAppView' key.
  • Updated disclaimer text.
• lib/app_sources/github.dart
  • Added name property to the GitHub AppSource constructor.
  • Made the sortMethod dropdown not required in the settings.
• lib/app_sources/gitlab.dart
  • Added name property to the GitLab AppSource constructor.
• lib/components/app_button.dart
  • Removed custom AppTextButton widget.
• lib/components/button_helpers.dart
  • Added new file introducing AppTextButton and AppTextButtonWithIcon widgets, wrapping Flutter's official TextButton components.
  • Deprecated old appTextButton() and appTextButtonWithIcon() helper functions for backward compatibility.
• lib/components/cached_app_icon.dart
  • Removed custom CachedAppIcon widget and its variants.
• lib/components/enhanced_app_icon.dart
  • Removed custom EnhancedAppIcon widget and its variants.
• lib/components/generated_form.dart
  • Updated GeneratedFormDropdown to include a required property.
  • Refactored InputDecoration for text fields and dropdowns to use labelText and filled: true for a more Material Design 3 expressive style.
  • Replaced DropdownButtonFormField with MenuAnchor for dropdowns.
• lib/components/generated_form_modal.dart
  • Updated import from app_button.dart to button_helpers.dart.
• lib/custom_errors.dart
  • Updated import from app_button.dart to button_helpers.dart.
• lib/examples/icon_cache_example.dart
  • Removed example file.
• lib/examples/icon_prefetcher_example.dart
  • Removed example file.
• lib/examples/refactored_icon_pipeline_example.dart
  • Removed example file.
• lib/examples/updated_app_catalogue_example.dart
  • Removed example file.
• lib/main.dart
  • Added flutter/foundation.dart import.
  • Replaced print statements with debugPrint for better logging in debug mode.
  • Added // ignore: invalid_use_of_visible_for_testing_member for FlutterForegroundTask.isInitialized.
  • Updated metaDataName for notification icon to reflect the new package ID.
  • Modified Material You color scheme application to directly use dynamic colors without harmonized().
  • Expanded pure black theme customization to include more surface, container, and outline colors for better AMOLED compatibility.
  • Adjusted shadow color opacity using withValues(alpha: ...).
  • Updated InputDecorationTheme for expressive input fields with new border radii, border sides, padding, and text styles.
  • Added dropdownMenuTheme for consistent expressive styling of dropdowns.
  • Updated selectedTileColor for ListTileTheme and selectionColor for TextSelectionTheme.
  • Updated chipTheme background color.
  • Removed specific color properties from ProgressIndicatorThemeData, setting year2023: false.
• lib/pages/add_app.dart
  • Replaced DropdownButtonFormField with MenuAnchor for source override selection, aligning with Material Design 3 guidelines.
• lib/pages/app.dart
  • Removed webview_flutter imports and related in-app webview logic.
  • Removed showOppositeOfPreferredView parameter.
  • Introduced consistent spacing constants.
  • Adjusted styling for app name and author text.
  • Updated BoxDecoration color logic for highlightTouchTargets to include pure black theme considerations.
  • Increased maxLines for app URL display to 2.
  • Replaced CachedAppIcon usage with custom _buildSimpleIcon and _buildFallbackIcon methods for direct icon fetching and display.
  • Removed the 'open app settings' button.
• lib/pages/apps.dart
  • Removed CachedAppIcon import.
  • Introduced consistent spacing constants.
  • Added mounted check before calling showError in checkUpdates catch block.
  • Refactored app list item trailing widgets to use FilledButton.tonal for install/update actions and Text for 'updated' status.
  • Updated getAppIcon to use a GestureDetector and _buildSimpleGridIcon for icon display.
  • Removed getVersionText and getChangesButtonString helper functions.
  • Adjusted transparent color calculation using toARGB32().
  • Updated ListTile styling for selected items, adding a border and adjusting selectedTileColor.
  • Refactored getSingleAppGridTile to use a Container instead of Card.outlined and updated its styling.
  • Implemented responsive grid configuration for SliverGrid based on screen width.
  • Moved filter and view toggle buttons to SliverAppBar actions.
  • Added _buildSimpleGridIcon and _buildFallbackIcon methods for efficient icon display in the app list.
• lib/pages/home.dart
  • Updated import from app_button.dart to button_helpers.dart.
• lib/pages/import_export.dart
  • Set importInProgress to true earlier when picking files for import.
  • Added exportInProgress check to disable the export button when an export is already in progress.
  • Improved error handling for URL import logic and ensured importInProgress is reset.
• lib/pages/security_disclaimer.dart
  • Updated Container background color to colorScheme.surface.withValues(alpha: 0.1) for consistency with Material Design 3.
• lib/pages/settings.dart
  • Updated import from app_button.dart to button_helpers.dart.
  • Added an 'About' dialog accessible via a FloatingActionButton, displaying app information and links.
  • Adjusted the size and border radius of the color picker trailing widget.
  • Replaced DropdownButtonFormField with MenuAnchor for sort order, sort column, and locale selections, enhancing Material Design 3 consistency.
  • Replaced SliderTheme with a simpler Slider widget.
  • Removed the showAppWebpage setting.
  • Updated Android SDK check for system font usage from 34 to 36.
  • In _LogsDialogState, added selectedDays state and replaced DropdownButtonFormField with MenuAnchor for log filtering.
• lib/providers/apps_provider.dart
  • Updated import from app_button.dart to button_helpers.dart.
  • Replaced shared_storage library with docman for document file operations.
  • Added exportInProgress flag to manage export state.
  • Updated Android SDK check for silent app installation from 31 to 36.
  • Refactored updateAppIcon to prioritize installed app icons, then fetch from remote URLs using http.get, removing reliance on IconCache.
  • Updated exportAppsAndSettings to use docman for file creation and deletion, added exportInProgress state management, and improved error handling with new translation keys.
  • Updated the 'continue' button text in _APKOriginWarningDialogState to 'yes' for consistency.
• lib/providers/notifications_provider.dart
  • Updated import from app_button.dart to button_helpers.dart.
• lib/providers/settings_provider.dart
  • Replaced shared_storage library with docman for document file operations.
  • Updated updatiumId package name to 'io.github.omeritzics.updatium'.
  • Removed showAppWebpage getter and setter.
  • Updated getExportDir to use docman for checking directory accessibility.
  • Updated pickExportDir to use DocMan.pick.directory() for selecting export directories.
• lib/providers/source_provider.dart
  • Added AppsProvider import.
  • Modified importAppsFromUrls to include existing app URLs in alreadyAddedUrls to prevent duplicate imports.
• lib/services/icon_prefetcher.dart
  • Updated comment for icon download to clarify it uses IconCache.
• lib/services/unified_icon_service.dart
  • Added saveIcon method to explicitly save icon data to cache, primarily for installed app icons.
• pubspec.lock
  • Updated android_package_manager git URL and uuid package version.
  • Added docman and keyboard_detection packages.
  • Removed webview_flutter and its transitive dependencies.
• pubspec.yaml
  • Updated comment for cupertino_icons to reflect its current non-necessity for iOS.
  • Updated android_package_manager git URL and comment.
  • Removed webview_flutter dependency.
  • Added docman and keyboard_detection dependencies.

Ignored Files

• Ignored by pattern: .github/workflows/** (8)
  • .github/workflows/ci.yml
  • .github/workflows/dependency-review.yml
  • .github/workflows/lint.yml
  • .github/workflows/nightly.yml
  • .github/workflows/osv-scanner.yml
  • .github/workflows/qama-unsigned.yml
  • .github/workflows/release.yml
  • .github/workflows/translations.yml

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

🚫 CI Build Failed

The automated build process failed. Please review the build logs and fix the issues before requesting another review.

Next steps:

1. Check the build logs for specific errors
2. Fix the identified issues
3. Push your fixes to this branch
4. The CI will automatically re-run

Once the build passes, this review will be dismissed automatically.

[gemini-code-assist]

Code Review

This pull request introduces a wide range of updates, including a major Android package name change, dependency updates, and significant UI/UX refactoring, such as migrating from DropdownButtonFormField to MenuAnchor and refactoring button and icon components. However, a security audit identified critical vulnerabilities: a Server-Side Request Forgery (SSRF) in the AppsProvider.updateAppIcon method and a Path Traversal vulnerability in the UnifiedIconService.saveIcon method, both stemming from the use of untrusted application metadata. Additionally, there are critical regressions in the icon caching and duplicate app detection logic, and a feature appears to have been unintentionally removed from the categorized app list view.

I am having trouble creating individual review comments. Click here to see my feedback.

lib/services/unified_icon_service.dart (339)

The saveIcon method uses the appId parameter to construct a file path for caching without sanitization. Since appId is derived from untrusted app metadata, an attacker could provide a malicious ID containing path traversal sequences (e.g., ../) to write files outside the intended cache directory. This could allow overwriting sensitive application files. It is recommended to sanitize the appId by removing or encoding path traversal characters before using it in file operations.

lib/providers/source_provider.dart (1335-1340)

Instantiating AppsProvider directly within this method is problematic. This creates a new, separate instance of the provider that is not connected to the widget tree's state. Since the AppsProvider constructor loads its data asynchronously, appsProvider.getAppValues() will likely return an empty list here, causing the duplicate app check to fail.

To resolve this, the list of existing app URLs should be passed as a parameter into getAppsByURLNaive. The calling code, which has access to the correct AppsProvider instance via its context, would then be responsible for supplying this list.

lib/providers/apps_provider.dart (1832)

The updateAppIcon method has a critical Server-Side Request Forgery (SSRF) vulnerability due to performing an unvalidated HTTP GET request using a URL from the App object, which can originate from untrusted sources. This allows for probing the local network or hitting internal services, and the lack of timeout/size limit could lead to a Denial of Service (DoS). Furthermore, this method introduces a regression by not utilizing any caching mechanism, leading to increased network usage and degraded user experience. It is recommended to use the UnifiedIconService for validation, sanitization, and caching, or implement similar protections.

README.md (39-41)

For better accessibility and clarity, consider using more descriptive text for your links instead of just "here". This helps users, especially those using screen readers, understand the link's purpose without needing the surrounding context.

For example, you could change:
... open an issue [here](...)

to:
... [open a new issue](...)

lib/pages/apps.dart (1060-1112)

The grid view functionality within categorized lists seems to have been removed in this change. The code now always defaults to a Column of list tiles, even if the user has grid view enabled in the settings. This creates an inconsistent experience compared to the main app list, which correctly switches between list and grid views.

Was this removal intentional? If not, I'd recommend restoring the conditional logic to use a GridView.builder here to maintain a consistent UI throughout the app.