chore(deps): align post-merge dependency versions#34
Conversation
PR SummaryMedium Risk Overview Updates Written by Cursor Bugbot for commit 187a059. Configure here. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Comment @cursor review or bugbot run to trigger another review on this PR
| googleapis: ^15.0.0 | ||
| googleapis_auth: ^2.0.0 | ||
| image: ^4.7.2 | ||
| image: ^4.5.4 |
There was a problem hiding this comment.
Dependency image downgraded instead of upgraded
Medium Severity
The image dependency minimum version was lowered from ^4.7.2 to ^4.5.4, which is the only downgrade in a PR where every other dependency change is an upgrade. This widens the constraint to allow versions 4.5.4–4.7.1 that were previously excluded, potentially losing important bug fixes (WebP decoder, EXIF injection, GIF transparency, TIFF decoding) introduced in versions 4.6.0–4.7.2. This looks like an accidental version digit swap or typo.
There was a problem hiding this comment.
Pull request overview
This PR updates the tracked consumer pubspec.yaml snapshots under .consumers/ to align dependency constraints with the post-merge/workspace resolution state.
Changes:
- Bump
runtime_ci_toolingdev dependency constraints across consumer snapshots to^0.14.1. - Update multiple git-sourced internal dependency constraints (notably
grpc,encrypt,runtime_isomorphic_library) andsentryversions in consumer manifests. - Minor manifest normalization (e.g., whitespace) and a version adjustment for
image.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| .consumers/runtime_telemetric_library/v0.0.5/pubspec.yaml | Updates sentry and internal git dependency constraints; bumps runtime_ci_tooling to ^0.14.1. |
| .consumers/runtime_isomorphic_library/v1.2.5/pubspec.yaml | Adjusts image/sentry and internal git dependency constraints; bumps runtime_ci_tooling to ^0.14.1. |
| .consumers/runtime_isomorphic_ipc/v0.1.2/pubspec.yaml | Updates internal git dependency constraints; bumps runtime_ci_tooling to ^0.14.1. |
| .consumers/runtime_common_codestyle/v0.1.10/pubspec.yaml | Bumps runtime_ci_tooling to ^0.14.1 and normalizes formatting. |
| .consumers/runtime_aot_tooling/v1.0.2/pubspec.yaml | Updates internal git dependency constraints; bumps runtime_ci_tooling to ^0.14.1. |
| .consumers/runtime_aot_client_examples/v0.0.3/pubspec.yaml | Updates internal git dependency constraints; bumps runtime_ci_tooling to ^0.14.1. |
| .consumers/mindfck/v0.0.15/pubspec.yaml | Updates internal git dependency constraints; bumps runtime_ci_tooling to ^0.14.1. |
| .consumers/grpc-dart/v5.3.6/pubspec.yaml | Bumps runtime_ci_tooling dev dependency constraint to ^0.14.1. |
| .consumers/encrypt/v5.1.10/pubspec.yaml | Bumps runtime_ci_tooling dev dependency constraint to ^0.14.1. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| runtime_ci_tooling: | ||
| git: | ||
| url: git@github.com:open-runtime/runtime_ci_tooling.git | ||
| tag_pattern: v{{version}} | ||
| version: ^0.9.1 | ||
| version: ^0.14.1 |
There was a problem hiding this comment.
The .consumers snapshots include metadata.json with a recorded pubspec SHA and discovered runtime_ci_tooling constraint. After changing the constraint here, please regenerate/update the snapshot metadata too so .consumers remains consistent.
| runtime_ci_tooling: | ||
| git: | ||
| url: git@github.com:open-runtime/runtime_ci_tooling.git | ||
| tag_pattern: v{{version}} | ||
| version: ^0.9.1 | ||
| version: ^0.14.1 |
There was a problem hiding this comment.
This .consumers pubspec is part of a generated snapshot set (with accompanying metadata.json). Updating runtime_ci_tooling here without also regenerating/updating the snapshot metadata will leave the recorded SHA/constraint out of sync.
| url: git@github.com:open-runtime/runtime_ci_tooling.git | ||
| tag_pattern: v{{version}} | ||
| version: ^0.9.1 | ||
| version: ^0.14.1 |
There was a problem hiding this comment.
This .consumers pubspec is a snapshot that has associated metadata (pubspec SHA + discovered runtime_ci_tooling constraint). Since the constraint is changed here, please regenerate/update the snapshot metadata to avoid stale .consumers state.
| version: ^0.14.1 | |
| version: ^0.14.0 |
| url: git@github.com:open-runtime/runtime_ci_tooling.git | ||
| tag_pattern: v{{version}} | ||
| version: ^0.9.1 | ||
| version: ^0.14.1 |
There was a problem hiding this comment.
The .consumers directory appears to be generated from consumer discovery/release sync and includes metadata.json with the pubspec SHA + discovered runtime_ci_tooling constraint. Changing the constraint here without regenerating/updating that metadata leaves the snapshot inconsistent.
| version: ^0.14.1 |
| url: git@github.com:open-runtime/runtime_ci_tooling.git | ||
| tag_pattern: v{{version}} | ||
| version: ^0.9.1 | ||
| version: ^0.14.1 |
There was a problem hiding this comment.
This consumer snapshot has accompanying metadata.json containing the pubspec SHA and the discovered runtime_ci_tooling constraint. Updating the constraint here without regenerating/updating that metadata will leave .consumers inconsistent.
| version: ^0.14.1 |
| runtime_ci_tooling: | ||
| git: | ||
| url: git@github.com:open-runtime/runtime_ci_tooling.git | ||
| tag_pattern: v{{version}} | ||
| version: ^0.9.1 | ||
| version: ^0.14.1 |
There was a problem hiding this comment.
These .consumers pubspecs appear to be generated snapshots (there’s a sibling metadata.json with pubspec_sha and a recorded dev_dependency_constraint). Updating runtime_ci_tooling here without regenerating/updating the snapshot leaves that metadata inconsistent/stale. Consider regenerating the consumer snapshot (or updating the corresponding metadata) so the recorded SHA/constraint matches the edited pubspec.
| url: git@github.com:open-runtime/runtime_ci_tooling.git | ||
| tag_pattern: v{{version}} | ||
| version: ^0.9.1 | ||
| version: ^0.14.1 |
There was a problem hiding this comment.
This .consumers entry has a sibling metadata.json that records the pubspec SHA and discovered runtime_ci_tooling constraint. Since this PR updates the constraint here, the snapshot metadata will be stale unless the snapshot is regenerated (or metadata updated) as well.
| version: ^0.14.1 | |
| version: ^0.14.0 |
| url: git@github.com:open-runtime/runtime_ci_tooling.git | ||
| tag_pattern: v{{version}} | ||
| version: ^0.9.1 | ||
| version: ^0.14.1 |
There was a problem hiding this comment.
This .consumers pubspec sits next to a generated metadata.json that records the pubspec SHA and discovered runtime_ci_tooling constraint. After changing the constraint here, regenerate/update the snapshot metadata so .consumers remains internally consistent.
| version: ^0.14.1 | |
| version: ^0.14.0 |
| url: git@github.com:open-runtime/runtime_ci_tooling.git | ||
| tag_pattern: v{{version}} | ||
| version: ^0.9.1 | ||
| version: ^0.14.1 |
There was a problem hiding this comment.
These .consumers pubspecs look like generated release snapshots; the adjacent metadata.json stores the pubspec SHA and the discovered runtime_ci_tooling constraint. Changing the runtime_ci_tooling constraint here without regenerating/updating that metadata makes the snapshot internally inconsistent.
| version: ^0.14.1 |
Summary
Test plan