Config option to allow pinned packages #84
Conversation
Security InsightsNo security relevant content was detected by automated scans. Action Items
Questions or Comments? Reach out on Slack: #support-infosec. |
README.md
Outdated
| @@ -39,6 +39,8 @@ things in a `dart_dependency_validator.yaml` file in the root of your package: | |||
| ```yaml | |||
| # dart_dependency_validator.yaml | |||
|
|
|||
| # Set true if you use pinned dependencies | |||
| ignored_pinned_packages: true | |||
There was a problem hiding this comment.
What would you think about naming this allow_pins? Given that this config will be in a file specific to dependency_validator, it should be clear from context that it's referring to pinned dependencies/packages, and I'd like to avoid the word "ignore" here because we're not entirely ignoring dependencies that are pinned, we're just disabling checks for pins. We would still flag other types of dependency warnings.
There was a problem hiding this comment.
ok, originally wanted use 'allow' for this
test/executable_test.dart
Outdated
| ''')) | ||
| ]).create(); | ||
| result = checkProject('${d.sandbox}/dependency_pins'); | ||
| expect(result.exitCode, 1); |
There was a problem hiding this comment.
I think we should update this test to run on a project with a pubspec that has a dependency pin but no other issues, and then verify that the exit code is 0. Would probably also need to add a file that uses the dependency so it doesn't fail on an unused dependency
ivk1800
force-pushed
the
ignored_pinned_packages
branch
from
4663e71 to
551f54f
Compare
evanweible-wf
changed the title
|
QA +1
@Workiva/release-management-p |
|
RM +1 |
Motivation
fix #83
some projects using pinned packages because:
Changes
add new option for
dart_dependency_validator.yamlRelease Notes
allow_pinsto tell dependency_validator to not fail on any pinned packagesCloses #83