Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Raise More Max Versions #764

Merged
merged 1 commit into from
Jun 26, 2022
Merged

Conversation

sourcegraph-wk
Copy link

Summary

Frontend Frameworks is updating more dependencies! More details at
https://wiki.atl.workiva.net/display/CP/Dependency+Upgrades

This updates the maximum for the following packages (leaving the minimum unchanged)

pubspec_codemod raise-max build_runner 3.0.0 --recursive
pubspec_codemod raise-max crypto 4.0.0 --recursive
pubspec_codemod raise-max dart_style 3.0.0 --recursive
pubspec_codemod raise-max dependency_validator 4.0.0 --recursive
pubspec_codemod raise-max io 2.0.0 --recursive
pubspec_codemod raise-max mime 2.0.0 --recursive
pubspec_codemod raise-max quiver 4.0.0 --recursive
pubspec_codemod raise-max stream_transform 3.0.0 --recursive
pubspec_codemod raise-max tuple 3.0.0 --recursive
pubspec_codemod raise-max uuid 4.0.0 --recursive
pubspec_codemod raise-max yaml 4.0.0 --recursive

How do we know these ranges are safe?

  • build_runner, dart_style, and dependency_validator are all only used for their executables and shouldn't introduce any breaking changes. Note that as your package resolves to newer versions of dart_style, it's possible that you may need to commit some updated formatting changes.

  • crypto v3 is the NNBD migration and has one breaking change, which is to remove a newInstance() method on some classes. We have no usages of this method.

  • io v1, mime v1, stream_transform v2, and tuple v2 are all NNBD migrations.

  • quiver v3 has breaking changes, so we ran a batch change with a dependency override to verify compatibility. We did identify one package affected by these breaking changes, which has already been remediated.

  • uuid v2 and v3 have some breaking changes, so we ran a batch change with a dependency override to verify compatibility We identified and fixed 1 test that was affected by the uuid change.

  • yaml v3 has one breaking change, which is that optional sourceUrl param in the loadYaml function is now typed as Uri instead of dynamic (previously it allowed String, as well). We have already addressed our own usages of this parameter to use Uris.

While we're confident these newer versions should be safe to consume, we can't say for sure. Please reach out to us if you encounter any issues that you think may be related.

For more info, reach out to #support-frontend-architecture on Slack.

Created by Sourcegraph batch change Workiva/raise_more_max_versions.

@aviary3-wk
Copy link

Security Insights

No security relevant content was detected by automated scans.

Action Items

  • Review PR for security impact; comment "security review required" if needed or unsure
  • Verify aviary.yaml coverage of security relevant code

Questions or Comments? Reach out on Slack: #support-infosec.

@robbecker-wf
Copy link
Member

QA+1 CI passes

@robbecker-wf
Copy link
Member

@Workiva/release-management-p

Copy link

@rmconsole-wf rmconsole-wf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 from RM

@rmconsole5-wk rmconsole5-wk merged commit 3bdc8aa into master Jun 26, 2022
@rmconsole5-wk rmconsole5-wk deleted the batch/cplat/raise_more_max_versions branch June 26, 2022 00:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants