Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Narrow dependency_validator range to avoid NNBD issue #136

Merged
merged 2 commits into from
Jul 15, 2022
Merged

Narrow dependency_validator range to avoid NNBD issue #136

merged 2 commits into from
Jul 15, 2022

Conversation

sourcegraph-wk
Copy link

We recently discovered that if a package resolves to dependency_validator >=3.0.0
and build_config <1.0.0, running the dependency_validator tool will fail
during precompilation due to null safety.

We are merging a fix to dependency_validator, but unfortunately it won't
prevent consumers from resolving to the v3.x versions that still have the
issue. This PR addresses the issue for consumers by narrowing the range to
no longer include dependency_validator v3.

Note: We originally widened this range as a part of the effort to upgrade
our ecosystem to analyzer v1, but it is not strictly necessary. Consumers
of dependency_validator v2 can still successfully resolve to analyzer v1.

For more info, reach out to #support-frontend-architecture on Slack.

Created by Sourcegraph batch change Workiva/narrow_dependency_validator_range.

@aviary2-wf
Copy link

Security Insights

No security relevant content was detected by automated scans.

Action Items

  • Review PR for security impact; comment "security review required" if needed or unsure
  • Verify aviary.yaml coverage of security relevant code

Questions or Comments? Reach out on Slack: #support-infosec.

evanweible-wf
evanweible-wf reviewed Jul 11, 2022
View reviewed changes
pubspec.yaml
build_runner: ^2.1.2
build_test: ^2.1.3
build_web_compilers: ^3.0.0
dependency_validator: ^3.2.2
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this package is far enough upstream, we're able to upgrade to v3.2.2 which is the version with the fix for the NNBD issue. The rest of the dependency upgrades here are only for dev dependencies, which mean they don't impact downstream consumers.

@evanweible-wf evanweible-wf requested review from a team and kealjones-wk and removed request for a team July 11, 2022 22:21
kealjones-wk
kealjones-wk approved these changes Jul 15, 2022
View reviewed changes
Copy link
Contributor

@kealjones-wk kealjones-wk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+10 (Most CI is passing, the failing CI steps for "stable" dart is also failing on master in the same way so the failures are unrelated to this pr)

@kealjones-wk
Copy link
Contributor

@Workiva/release-management-p

rmconsole-wf
rmconsole-wf approved these changes Jul 15, 2022
View reviewed changes
Copy link

@rmconsole-wf rmconsole-wf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 from RM

@rmconsole7-wk rmconsole7-wk merged commit 3968d3f into master Jul 15, 2022
@rmconsole7-wk rmconsole7-wk deleted the batch/fea/narrow_dependency_validator_range branch July 15, 2022 18:55
@rmconsole-readonly-wk rmconsole-readonly-wk mentioned this pull request Oct 6, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evanweible-wf evanweible-wf evanweible-wf left review comments

@kealjones-wk kealjones-wk kealjones-wk approved these changes

@rmconsole-wf rmconsole-wf rmconsole-wf approved these changes

Assignees
No one assigned
Labels
Merge Requirements Met RM Ready
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@sourcegraph-wk @aviary2-wf @kealjones-wk @evanweible-wf @rmconsole-wf @rmconsole7-wk