CPLAT-13993: Read config from dart_dependency_validator.yaml if available

evanweible-wf commented 3 years ago

Motivation

pub publish warns when it finds unrecognized keys, which is problematic because we currently read static config from a dependency_validator entry in pubspec.yaml.

Changes

Deprecate the current static config location within pubspec.yaml (the executable now warns when it is used)
Add support for reading the same config format (without the dependency_validator: key) from a dart_dependency_validator.yaml file in the root of the package. This name was chosen to match the convention set by the test package using a dart_test.yaml config file.
Tests have been updated and both the deprecated and new config codepaths are verified.

aviary3-wk commented 3 years ago

Security Insights

No security relevant content was detected by automated scans.

Action Items

Review PR for security impact; comment "security review required" if needed or unsure
Verify aviary.yaml coverage of security relevant code

Questions or Comments? Reach out on Slack: #support-infosec.

evanweible-wf commented 3 years ago

QA +1

[x] CI passes
[x] Verified that pub publish --dry-run no longer emits any warnings

@Workiva/release-management-p

Workiva / dependency_validator

CPLAT-13993: Read config from dart_dependency_validator.yaml if available #73

Motivation

Changes

Security Insights

Action Items

Verify `aviary.yaml` coverage of security relevant code

Workiva / dependency_validator

CPLAT-13993: Read config from dart_dependency_validator.yaml if available #73

Motivation

Changes

Security Insights

Action Items

Verify aviary.yaml coverage of security relevant code

Verify `aviary.yaml` coverage of security relevant code