Sourced from dependency_validator's releases.

4.0.0

Info

Build: (waiting for build to complete) Skynet Results: (waiting for Skynet results) Pipeline: (waiting for pipeline to start) This major release includes the following changes:

Miscellaneous

• #110 FEDX-687 : GHA OSS changes to dependency_validator
  • FEDX-687 GHA OSS changes
• #111 FEA-3682: v4
  • FEA-3682 v4
• #113 RM-215560 Release dependency_validator 4.0.0
  • RM-215560 RELEASE dependency_validator 4.0.0

Notes created on Monday, April 29 03:51 PM UTC

Sourced from dependency_validator's changelog.

4.0.0

• Breaking Change: Added "non-dev packages that are only used within bin/" check to cover this edge case. This is enabled by default, and will break the execution of dependency_validator if it occurs within the codebase. Resolution is to either ignore the dependency, or demote the dependency to a dev_dep
• Fixed bug where uris declared within comments and strings would register as dependency "usages"

3.2.2

• Raise dependency minimums to ensure all dependencies are null-safe.

3.2.0

• Feature: Added option allow_pins for disabling/enabling checks for pins. Pins not allowed by default.

3.1.2

• Return non-zero exit code from executable when incorrect args are used

3.1.0

• Deprecate static configuration in pubspec.yaml (because pub publish warns about unrecognized keys) and instead read it from a dart_dependency_validator.yaml file when possible.

3.0.0

• Breaking: removed the public package:dependency_validator/dependency_validator.dart entrypoint. It was only intended for this package to provide an executable and the Dart APIs don't need to be public.
• Null safety.

2.0.1

• Fix a path issue on Windows.

2.0.0

• Breaking Change: Excluded paths and ignored packages must now be configured statically in your project's pubspec.yaml instead of via command-line arguments. See the README for more information.

• Detect packages with one or more executables and consider them to be used. In other words, you no longer need to ignore packages that are only used for their executable(s).

• Detect packages that provide one or more builders that are configured to be auto-applied by the [dart build system][dart-build] and consider them to be used. In other words, you no longer need to ignore packages that are only used for their builder(s).

... (truncated)

• 8ea28d6 Merge pull request #113 from Workiva/release_dependency_validator_4.0.0
• 2fd328c dependency_validator_4.0.0
• 8a63716 Merge pull request #111 from Workiva/v4
• b78ea59 lower bound
• 4f041fa dont fail fast
• d700104 diff sdk
• 2a2a427 test v4 with stable
• 5280615 actually verify functionality in test
• a30aabc fixed broken tests
• c19a0a6 Merge branch 'ast_parsing_validation' into v4
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)