In theory, yeah. But on a realistic level, that doesn't require monthly updates on what is a pretty obscure app on the scale of things. One or two updates a year that address any known vulnerabilities is fine. Even that assumes that not only has a vulnerability been discovered, but that the developer is aware of it before it gets exploited in the wild.
If there's no known vulnerabilities, there's nothing to patch. If there is one and it hasn't been made public, nobody knows to patch it.
Have there been any vulnerabilities that would effect a lemmy app in the last six months? If so, dawson should be made aware for sure. If not, then there's no update needed to an otherwise functional and stable app. I don't haunt developer forums at all, my dyslexic ass can't do shit in that field, so I wouldn't be aware of any that weren't big enough to make it to the less field specific lemmy communities. I'm not being a smartass, I'm asking because I'm willing to try and get in touch with dawson via his publicly available contact info. He may be a bit erratic in terms of sync changes, but he's always been open to bug reports and such.