Google Git
Sign in
dart/shelf.git/refs/heads/master
commit
c4b94d3879e627c0b1fe95d9e1ce5f93ebf122d3
[log] [tgz]
author
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Wed Apr 01 15:08:51 2026 +0000
committer
GitHub <noreply@github.com>
Wed Apr 01 15:08:51 2026 +0000
tree
75350872460db9f012fd55a80a94516b68e90452
parent
4d99e49fa9275bfa348a88c0ce066bfcd335f763 [diff]
Bump the github-actions group with 2 updates (#516)

Bumps the github-actions group with 2 updates: [actions/cache](https://github.com/actions/cache) and [dart-lang/setup-dart](https://github.com/dart-lang/setup-dart).

Updates `actions/cache` from 5.0.3 to 5.0.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p>
<blockquote>
<h2>v5.0.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Add release instructions and update maintainer docs by <a href="https://github.com/Link"><code>@​Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1696">actions/cache#1696</a></li>
<li>Potential fix for code scanning alert no. 52: Workflow does not contain permissions by <a href="https://github.com/Link"><code>@​Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1697">actions/cache#1697</a></li>
<li>Fix workflow permissions and cleanup workflow names / formatting by <a href="https://github.com/Link"><code>@​Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1699">actions/cache#1699</a></li>
<li>docs: Update examples to use the latest version by <a href="https://github.com/XZTDean"><code>@​XZTDean</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1690">actions/cache#1690</a></li>
<li>Fix proxy integration tests by <a href="https://github.com/Link"><code>@​Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1701">actions/cache#1701</a></li>
<li>Fix cache key in examples.md for bun.lock by <a href="https://github.com/RyPeck"><code>@​RyPeck</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1722">actions/cache#1722</a></li>
<li>Update dependencies &amp; patch security vulnerabilities by <a href="https://github.com/Link"><code>@​Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1738">actions/cache#1738</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/XZTDean"><code>@​XZTDean</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1690">actions/cache#1690</a></li>
<li><a href="https://github.com/RyPeck"><code>@​RyPeck</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1722">actions/cache#1722</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v5...v5.0.4">https://github.com/actions/cache/compare/v5...v5.0.4</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h2>How to prepare a release</h2>
<blockquote>
<p>[!NOTE]<br />
Relevant for maintainers with write access only.</p>
</blockquote>
<ol>
<li>Switch to a new branch from <code>main</code>.</li>
<li>Run <code>npm test</code> to ensure all tests are passing.</li>
<li>Update the version in <a href="https://github.com/actions/cache/blob/main/package.json"><code>https://github.com/actions/cache/blob/main/package.json</code></a>.</li>
<li>Run <code>npm run build</code> to update the compiled files.</li>
<li>Update this <a href="https://github.com/actions/cache/blob/main/RELEASES.md"><code>https://github.com/actions/cache/blob/main/RELEASES.md</code></a> with the new version and changes in the <code>## Changelog</code> section.</li>
<li>Run <code>licensed cache</code> to update the license report.</li>
<li>Run <code>licensed status</code> and resolve any warnings by updating the <a href="https://github.com/actions/cache/blob/main/.licensed.yml"><code>https://github.com/actions/cache/blob/main/.licensed.yml</code></a> file with the exceptions.</li>
<li>Commit your changes and push your branch upstream.</li>
<li>Open a pull request against <code>main</code> and get it reviewed and merged.</li>
<li>Draft a new release <a href="https://github.com/actions/cache/releases">https://github.com/actions/cache/releases</a> use the same version number used in <code>package.json</code>
<ol>
<li>Create a new tag with the version number.</li>
<li>Auto generate release notes and update them to match the changes you made in <code>RELEASES.md</code>.</li>
<li>Toggle the set as the latest release option.</li>
<li>Publish the release.</li>
</ol>
</li>
<li>Navigate to <a href="https://github.com/actions/cache/actions/workflows/release-new-action-version.yml">https://github.com/actions/cache/actions/workflows/release-new-action-version.yml</a>
<ol>
<li>There should be a workflow run queued with the same version number.</li>
<li>Approve the run to publish the new version and update the major tags for this action.</li>
</ol>
</li>
</ol>
<h2>Changelog</h2>
<h3>5.0.4</h3>
<ul>
<li>Bump <code>minimatch</code> to v3.1.5 (fixes ReDoS via globstar patterns)</li>
<li>Bump <code>undici</code> to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)</li>
<li>Bump <code>fast-xml-parser</code> to v5.5.6</li>
</ul>
<h3>5.0.3</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li>
<li>Bump <code>@actions/core</code> to v2.0.3</li>
</ul>
<h3>5.0.2</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v5.0.3 <a href="https://redirect.github.com/actions/cache/pull/1692">#1692</a></li>
</ul>
<h3>5.0.1</h3>
<ul>
<li>Update <code>@azure/storage-blob</code> to <code>^12.29.1</code> via <code>@actions/cache@5.0.1</code> <a href="https://redirect.github.com/actions/cache/pull/1685">#1685</a></li>
</ul>
<h3>5.0.0</h3>
<blockquote>
<p>[!IMPORTANT]
<code>actions/cache@v5</code> runs on the Node.js 24 runtime and requires a minimum Actions Runner version of <code>2.327.1</code>.</p>
</blockquote>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7"><code>6682284</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1738">#1738</a> from actions/prepare-v5.0.4</li>
<li><a href="https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2"><code>e340396</code></a> Update RELEASES</li>
<li><a href="https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6"><code>8a67110</code></a> Add licenses</li>
<li><a href="https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830"><code>1865903</code></a> Update dependencies &amp; patch security vulnerabilities</li>
<li><a href="https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c"><code>5656298</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1722">#1722</a> from RyPeck/patch-1</li>
<li><a href="https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6"><code>4e380d1</code></a> Fix cache key in examples.md for bun.lock</li>
<li><a href="https://github.com/actions/cache/commit/b7e8d49f17405cc70c1c120101943203c98d3a4b"><code>b7e8d49</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1701">#1701</a> from actions/Link-/fix-proxy-integration-tests</li>
<li><a href="https://github.com/actions/cache/commit/984a21b1cb176a0936f4edafb42be88978f93ef1"><code>984a21b</code></a> Add traffic sanity check step</li>
<li><a href="https://github.com/actions/cache/commit/acf2f1f76affe1ef80eee8e56dfddd3b3e5f0fba"><code>acf2f1f</code></a> Fix resolution</li>
<li><a href="https://github.com/actions/cache/commit/95a07c51324af6001b4d6ab8dff29f4dfadc2531"><code>95a07c5</code></a> Add wait for proxy</li>
<li>Additional commits viewable in <a href="https://github.com/actions/cache/compare/cdf6c1fa76f9f475f3d7449005a359c84ca0f306...668228422ae6a00e4ad889ee87cd7109ec5666a7">compare view</a></li>
</ul>
</details>
<br />

Updates `dart-lang/setup-dart` from 1.7.1 to 1.7.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/dart-lang/setup-dart/releases">dart-lang/setup-dart's releases</a>.</em></p>
<blockquote>
<h2>v1.7.2</h2>
<ul>
<li>Update Node.js requirement to Node 24.</li>
<li>Fix open Dependabot alerts by bumping <code>undici</code> to <code>&gt;=6.24.0</code>.</li>
<li>Update GitHub Action dependencies (<code>@actions/core</code>, <code>@actions/exec</code>, <code>@actions/tool-cache</code>, <code>@actions/http-client</code>).</li>
<li>Update workflow actions to their latest versions (<code>actions/checkout</code> v6, <code>setup-flutter</code>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/dart-lang/setup-dart/blob/main/CHANGELOG.md">dart-lang/setup-dart's changelog</a>.</em></p>
<blockquote>
<h2>v1.7.2</h2>
<ul>
<li>Update Node.js requirement to Node 24.</li>
<li>Fix open Dependabot alerts by bumping <code>undici</code> to <code>&gt;=6.24.0</code>.</li>
<li>Update GitHub Action dependencies (<code>@actions/core</code>, <code>@actions/exec</code>, <code>@actions/tool-cache</code>, <code>@actions/http-client</code>).</li>
<li>Update workflow actions to their latest versions (<code>actions/checkout</code> v6, <code>setup-flutter</code>).</li>
</ul>
<h2>v1.7.1</h2>
<ul>
<li>Roll <code>undici</code> dependency to address <a href="https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975">CVE-2025-22150</a>.</li>
<li>Update to the latest npm dependencies.</li>
<li>Recompile the action using the new Dart / JavaScript interop.</li>
</ul>
<h2>v1.7.0</h2>
<ul>
<li>
<p>Install flutter sdk in publishing step, allowing Flutter packages to be
published (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/68">#68</a>[])</p>
<p><a href="https://redirect.github.com/dart-lang/setup-dart/issues/68">#68</a>: <a href="https://redirect.github.com/dart-lang/setup-dart/issues/68">dart-lang/setup-dart#68</a></p>
</li>
</ul>
<h2>v1.6.5</h2>
<ul>
<li>Fix zip path handling on Windows 11 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/118">#118</a>[])</li>
</ul>
<p><a href="https://redirect.github.com/dart-lang/setup-dart/issues/118">#118</a>: <a href="https://redirect.github.com/dart-lang/setup-dart/issues/118">dart-lang/setup-dart#118</a></p>
<h2>v1.6.4</h2>
<ul>
<li>Rebuild JS code.</li>
</ul>
<h2>v1.6.3</h2>
<ul>
<li>Roll <code>undici</code> dependency to address <a href="https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7">CVE-2024-30260</a> and <a href="https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672">CVE-2024-30261</a>.</li>
</ul>
<h2>v1.6.2</h2>
<ul>
<li>Switch to running the workflow on <code>node20`` from </code>node16`. See also
<a href="https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/">Transitioning from Node 16 to Node 20</a>.</li>
</ul>
<h2>v1.6.1</h2>
<ul>
<li>Updated the google storage url for <code>main</code> channel releases.</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/dart-lang/setup-dart/commit/65eb853c7ba17dde3be364c3d2858773e7144260"><code>65eb853</code></a> chore: prepare v1.7.2 release (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/175">#175</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/6e0ff0bc3a029a9532ae6a86b1ea4906038921bc"><code>6e0ff0b</code></a> Node 24 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/174">#174</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/03a180dbe1de8ea7fb700663cbb7d24ca4bbe82c"><code>03a180d</code></a> Group npm dependency updates (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/172">#172</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/74195ec01a320a45702f5d8d9aaae896f5a0b540"><code>74195ec</code></a> Bump <code>@​actions/exec</code> from 1.1.1 to 3.0.0 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/167">#167</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/41705c951d02aaf00ead5b0423d0808ea495d9b5"><code>41705c9</code></a> Bump <code>@​actions/core</code> from 1.11.1 to 3.0.0 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/168">#168</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/dd42013d4425790a72c8c6107773a99edeefd2a9"><code>dd42013</code></a> Bump <code>@​actions/tool-cache</code> from 2.0.2 to 4.0.0 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/169">#169</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/b36cb5e0e609c7313088a6614db391df98780dce"><code>b36cb5e</code></a> Bump <code>@​actions/http-client</code> from 3.0.0 to 4.0.0 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/170">#170</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/21e68f4d54916e6c2f68f8c290b2aed9b02cbd3e"><code>21e68f4</code></a> Bump actions/checkout from 5 to 6 in the github-actions group (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/162">#162</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/0bdb60234eb044854c1c73fb77b0f063cf290512"><code>0bdb602</code></a> Bump <code>@​actions/http-client</code> from 2.2.3 to 3.0.0 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/160">#160</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/daef289245bc5d4ab7864e0788a58108a9be6c99"><code>daef289</code></a> Bump flutter-actions/setup-flutter in the github-actions group (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/159">#159</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/dart-lang/setup-dart/compare/e51d8e571e22473a2ddebf0ef8a2123f0ab2c02c...65eb853c7ba17dde3be364c3d2858773e7144260">compare view</a></li>
</ul>
</details>
<br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions

</details>
1 file changed
tree: 75350872460db9f012fd55a80a94516b68e90452
  1. .github/
  2. pkgs/
  3. tool/
  4. .gitignore
  5. CONTRIBUTING.md
  6. LICENSE
  7. mono_repo.yaml
  8. README.md
README.md

Build Status

About Shelf

Shelf makes it easy to create and compose web servers and parts of web servers. How?

  • Expose a small set of simple types.
  • Map server logic into a simple function: a single argument for the request, the response is the return value.
  • Trivially mix and match synchronous and asynchronous processing.
  • Flexibility to return a simple string or a byte stream with the same model.

It was inspired by Connect for NodeJS and Rack for Ruby.

See the package:shelf readme for more information.

Packages

PackageDescriptionIssuesVersion
shelfA model for web server middleware that encourages composition and easy reuse.issuespub package
shelf_packages_handlerA shelf handler for serving a packages/ directory.issuespub package
shelf_proxyA shelf handler for proxying HTTP requests to another server.issuespub package
shelf_routerA convenient request router for the shelf web-framework, with support for URL-parameters, nested routers and routers generated from source annotations.issuespub package
shelf_router_generatorA package:build-compatible builder for generating request routers for the shelf web-framework based on source annotations.issuespub package
shelf_staticStatic file server support for the shelf package and ecosystem.issuespub package
shelf_test_handlerA Shelf handler that makes it easy to test HTTP interactions.issuespub package
shelf_web_socketA shelf handler that wires up a listener for every connection.issuespub package

Publishing automation

For information about our publishing automation and release process, see https://github.com/dart-lang/ecosystem/wiki/Publishing-automation.