Google Git
Sign in
dart/pub/refs/heads/master
commit
720988bb173f7852e5f79a3a2f4f248f1fa6a6dd
[log]
author
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Tue Jun 02 16:13:08 2026 +0000
committer
GitHub <noreply@github.com>
Tue Jun 02 16:13:08 2026 +0000
tree
8c02acc061e0a9e4a3ef7bd185d43a8f28a4796c
parent
e099d9a11aba0a3e53f04c0d326453ab426af805 [diff]
Bump the github-actions group across 1 directory with 3 updates (#4834)

Bumps the github-actions group with 3 updates in the / directory: [actions/stale](https://github.com/actions/stale), [actions/checkout](https://github.com/actions/checkout) and [dart-lang/setup-dart](https://github.com/dart-lang/setup-dart).

Updates `actions/stale` from 10.2.0 to 10.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/stale/releases">actions/stale's releases</a>.</em></p>
<blockquote>
<h2>v10.3.0</h2>
<h2>What's Changed</h2>
<h3>Bug Fix</h3>
<ul>
<li>Enhancement: ignore stale labeling events by <a href="https://github.com/shamoon"><code>@​shamoon</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1311">actions/stale#1311</a></li>
</ul>
<h3>Dependency Updates</h3>
<ul>
<li>Upgrade dependencies (<code>@​actions/core</code>, <code>@​octokit/plugin-retry</code>, <a href="https://github.com/typescript-eslint"><code>@​typescript-eslint</code></a>) by <a href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1335">actions/stale#1335</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/shamoon"><code>@​shamoon</code></a> made their first contribution in <a href="https://redirect.github.com/actions/stale/pull/1311">actions/stale#1311</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/stale/compare/v10...v10.3.0">https://github.com/actions/stale/compare/v10...v10.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/actions/stale/commit/eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899"><code>eb5cf3a</code></a> chore: upgrade dependencies and bump version to 10.3.0 (<a href="https://redirect.github.com/actions/stale/issues/1335">#1335</a>)</li>
<li><a href="https://github.com/actions/stale/commit/db5d06a4c82d5e94513c09c406638111df61f63e"><code>db5d06a</code></a> Enhancement: ignore stale labeling events (<a href="https://redirect.github.com/actions/stale/issues/1311">#1311</a>)</li>
<li>See full diff in <a href="https://github.com/actions/stale/compare/b5d41d4e1d5dceea10e7104786b73624c18a190f...eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899">compare view</a></li>
</ul>
</details>
<br />

Updates `actions/checkout` from 6.0.2 to 6.0.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p>
<blockquote>
<h2>v6.0.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Update changelog by <a href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2357">actions/checkout#2357</a></li>
<li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li>
<li>Fix checkout init for SHA-256 repositories by <a href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li>
<li>Update changelog for v6.0.3 by <a href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2446">actions/checkout#2446</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/yaananth"><code>@​yaananth</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6...v6.0.3">https://github.com/actions/checkout/compare/v6...v6.0.3</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v6.0.3</h2>
<ul>
<li>Fix checkout init for SHA-256 repositories by <a href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li>
<li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a href="https://github.com/yaananth"><code>@​yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li>
</ul>
<h2>v6.0.2</h2>
<ul>
<li>Fix tag handling: preserve annotations and explicit fetch-tags by <a href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li>
</ul>
<h2>v6.0.1</h2>
<ul>
<li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li>
</ul>
<h2>v6.0.0</h2>
<ul>
<li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
</ul>
<h2>v5.0.1</h2>
<ul>
<li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<h2>v5.0.0</h2>
<ul>
<li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
</ul>
<h2>v4.3.1</h2>
<ul>
<li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li>
</ul>
<h2>v4.3.0</h2>
<ul>
<li>docs: update README.md by <a href="https://github.com/motss"><code>@​motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@​mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@​benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li>
<li>Update README.md by <a href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li>
<li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li>
</ul>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@​jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@​jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependency updates by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10"><code>df4cb1c</code></a> Update changelog for v6.0.3 (<a href="https://redirect.github.com/actions/checkout/issues/2446">#2446</a>)</li>
<li><a href="https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824"><code>1cce339</code></a> Fix checkout init for SHA-256 repositories (<a href="https://redirect.github.com/actions/checkout/issues/2439">#2439</a>)</li>
<li><a href="https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231"><code>900f221</code></a> fix: expand merge commit SHA regex and add SHA-256 test cases (<a href="https://redirect.github.com/actions/checkout/issues/2414">#2414</a>)</li>
<li><a href="https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98"><code>0c366fd</code></a> Update changelog (<a href="https://redirect.github.com/actions/checkout/issues/2357">#2357</a>)</li>
<li>See full diff in <a href="https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10">compare view</a></li>
</ul>
</details>
<br />

Updates `dart-lang/setup-dart` from 1.7.1 to 1.7.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/dart-lang/setup-dart/releases">dart-lang/setup-dart's releases</a>.</em></p>
<blockquote>
<h2>v1.7.2</h2>
<ul>
<li>Update Node.js requirement to Node 24.</li>
<li>Fix open Dependabot alerts by bumping <code>undici</code> to <code>&gt;=6.24.0</code>.</li>
<li>Update GitHub Action dependencies (<code>@actions/core</code>, <code>@actions/exec</code>, <code>@actions/tool-cache</code>, <code>@actions/http-client</code>).</li>
<li>Update workflow actions to their latest versions (<code>actions/checkout</code> v6, <code>setup-flutter</code>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/dart-lang/setup-dart/blob/main/CHANGELOG.md">dart-lang/setup-dart's changelog</a>.</em></p>
<blockquote>
<h2>v1.8.0-wip</h2>
<ul>
<li>Add a problem matcher for <code>dart analyze</code> to automatically create inline annotations on GitHub pull requests.</li>
</ul>
<h2>v1.7.2</h2>
<ul>
<li>Update Node.js requirement to Node 24.</li>
<li>Fix open Dependabot alerts by bumping <code>undici</code> to <code>&gt;=6.24.0</code>.</li>
<li>Update GitHub Action dependencies (<code>@actions/core</code>, <code>@actions/exec</code>, <code>@actions/tool-cache</code>, <code>@actions/http-client</code>).</li>
<li>Update workflow actions to their latest versions (<code>actions/checkout</code> v6, <code>setup-flutter</code>).</li>
</ul>
<h2>v1.7.1</h2>
<ul>
<li>Roll <code>undici</code> dependency to address <a href="https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975">CVE-2025-22150</a>.</li>
<li>Update to the latest npm dependencies.</li>
<li>Recompile the action using the new Dart / JavaScript interop.</li>
</ul>
<h2>v1.7.0</h2>
<ul>
<li>
<p>Install flutter sdk in publishing step, allowing Flutter packages to be
published (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/68">#68</a>[])</p>
<p><a href="https://redirect.github.com/dart-lang/setup-dart/issues/68">#68</a>: <a href="https://redirect.github.com/dart-lang/setup-dart/issues/68">dart-lang/setup-dart#68</a></p>
</li>
</ul>
<h2>v1.6.5</h2>
<ul>
<li>Fix zip path handling on Windows 11 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/118">#118</a>[])</li>
</ul>
<p><a href="https://redirect.github.com/dart-lang/setup-dart/issues/118">#118</a>: <a href="https://redirect.github.com/dart-lang/setup-dart/issues/118">dart-lang/setup-dart#118</a></p>
<h2>v1.6.4</h2>
<ul>
<li>Rebuild JS code.</li>
</ul>
<h2>v1.6.3</h2>
<ul>
<li>Roll <code>undici</code> dependency to address <a href="https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7">CVE-2024-30260</a> and <a href="https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672">CVE-2024-30261</a>.</li>
</ul>
<h2>v1.6.2</h2>
<ul>
<li>Switch to running the workflow on <code>node20`` from </code>node16`. See also
<a href="https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/">Transitioning from Node 16 to Node 20</a>.</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/dart-lang/setup-dart/commit/65eb853c7ba17dde3be364c3d2858773e7144260"><code>65eb853</code></a> chore: prepare v1.7.2 release (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/175">#175</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/6e0ff0bc3a029a9532ae6a86b1ea4906038921bc"><code>6e0ff0b</code></a> Node 24 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/174">#174</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/03a180dbe1de8ea7fb700663cbb7d24ca4bbe82c"><code>03a180d</code></a> Group npm dependency updates (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/172">#172</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/74195ec01a320a45702f5d8d9aaae896f5a0b540"><code>74195ec</code></a> Bump <code>@​actions/exec</code> from 1.1.1 to 3.0.0 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/167">#167</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/41705c951d02aaf00ead5b0423d0808ea495d9b5"><code>41705c9</code></a> Bump <code>@​actions/core</code> from 1.11.1 to 3.0.0 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/168">#168</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/dd42013d4425790a72c8c6107773a99edeefd2a9"><code>dd42013</code></a> Bump <code>@​actions/tool-cache</code> from 2.0.2 to 4.0.0 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/169">#169</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/b36cb5e0e609c7313088a6614db391df98780dce"><code>b36cb5e</code></a> Bump <code>@​actions/http-client</code> from 3.0.0 to 4.0.0 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/170">#170</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/21e68f4d54916e6c2f68f8c290b2aed9b02cbd3e"><code>21e68f4</code></a> Bump actions/checkout from 5 to 6 in the github-actions group (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/162">#162</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/0bdb60234eb044854c1c73fb77b0f063cf290512"><code>0bdb602</code></a> Bump <code>@​actions/http-client</code> from 2.2.3 to 3.0.0 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/160">#160</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/daef289245bc5d4ab7864e0788a58108a9be6c99"><code>daef289</code></a> Bump flutter-actions/setup-flutter in the github-actions group (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/159">#159</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/dart-lang/setup-dart/compare/e51d8e571e22473a2ddebf0ef8a2123f0ab2c02c...65eb853c7ba17dde3be364c3d2858773e7144260">compare view</a></li>
</ul>
</details>
<br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions

</details>
3 files changed
tree: 8c02acc061e0a9e4a3ef7bd185d43a8f28a4796c
  1. .github/
  2. bin/
  3. doc/
  4. lib/
  5. test/
  6. tool/
  7. .gitallowed
  8. .gitignore
  9. .status
  10. .test_config
  11. analysis_options.yaml
  12. AUTHORS
  13. CONTRIBUTING.md
  14. dart_test.yaml
  15. LICENSE
  16. pubspec.lock
  17. pubspec.yaml
  18. README.md
README.md

Build Status

Pub is the package manager for Dart.

Contributing to pub

Thanks for being interested in contributing to pub! Contributing to a new project can be hard: there's a lot of new code and practices to learn. This document is intended to get you up and running as quickly as possible. For more information, see the pub tool documentation.

The first step towards contributing is to contact the pub dev team and let us know what you‘re working on, so we can be sure not to start working on the same thing at the same time. Open an issue letting us know that you’re interested in contributing and what you plan on working on. This will also let us give you specific advice about where to start.

Organization

Pub isn‘t a package, but it’s organized like one. It has four top-level directories:

  • lib/ contains the implementation of pub. Currently, it's all in lib/src/, since there are no libraries intended for public consumption.

  • test/ contains the tests for pub.

  • bin/ contains pub.dart, the entrypoint script that's run whenever a user types “pub” on the command line or runs it in the Dart editor. This is usually run through shell scripts in sdk/bin at the root of the Dart repository.

It's probably easiest to start diving into the codebase by looking at a particular pub command. Each command is encapsulated in files in lib/src/command/.

Running pub

To run pub from the Git repository, run:

dart bin/pub.dart

Testing pub

Before any change is made to pub, all tests should pass. To run a pub test, run:

dart tool/test.dart test/path/to_test.dart

To run all tests at once, run:

dart tool/test.dart

Changes to pub should be accompanied by one or more tests that exercise the new functionality. When adding a test, the best strategy is to find a similar test in test/ and follow the same patterns.

Pub tests come in two basic forms. The first, which is usually used to unit test classes and libraries internal to pub, has many tests in a single file. This is used when each test will take a short time to run. For example, test/version_test.dart contains unit tests for pub's Version class.

The other form, used by most pub tests, is usually used for integration tests of user-visible pub commands. Each test has a file to itself, which is named after the test description. This is used when tests can take a long time to run to avoid having the tests time out when running on the build bots. For example, tests/get/hosted/get_transitive_test.dart tests the resolution of transitive hosted dependencies when using dart pub get/flutter pub get.

Landing your patch

All patches to official Dart packages, including to pub, need to undergo code review before they're submitted. The full process for putting up your patch for review is documented elsewhere.