Raise More Max Versions

[sourcegraph-wk]

Summary

Frontend Frameworks is updating more dependencies! More details at https://wiki.atl.workiva.net/display/CP/Dependency+Upgrades

This updates the maximum for the following packages (leaving the minimum unchanged)

pubspec_codemod raise-max build_runner 3.0.0 --recursive pubspec_codemod raise-max crypto 4.0.0 --recursive pubspec_codemod raise-max dart_style 3.0.0 --recursive pubspec_codemod raise-max dependency_validator 4.0.0 --recursive pubspec_codemod raise-max io 2.0.0 --recursive pubspec_codemod raise-max mime 2.0.0 --recursive pubspec_codemod raise-max quiver 4.0.0 --recursive pubspec_codemod raise-max stream_transform 3.0.0 --recursive pubspec_codemod raise-max tuple 3.0.0 --recursive pubspec_codemod raise-max uuid 4.0.0 --recursive pubspec_codemod raise-max yaml 4.0.0 --recursive

How do we know these ranges are safe?

• build_runner, dart_style, and dependency_validator are all only used for their executables and shouldn't introduce any breaking changes. Note that as your package resolves to newer versions of dart_style, it's possible that you may need to commit some updated formatting changes.

• crypto v3 is the NNBD migration and has one breaking change, which is to remove a newInstance() method on some classes. We have no usages of this method.

• io v1, mime v1, stream_transform v2, and tuple v2 are all NNBD migrations.

• quiver v3 has breaking changes, so we ran a batch change with a dependency override to verify compatibility. We did identify one package affected by these breaking changes, which has already been remediated.

• uuid v2 and v3 have some breaking changes, so we ran a batch change with a dependency override to verify compatibility We identified and fixed 1 test that was affected by the uuid change.

• yaml v3 has one breaking change, which is that optional sourceUrl param in the loadYaml function is now typed as Uri instead of dynamic (previously it allowed String, as well). We have already addressed our own usages of this parameter to use Uris.

  While we're confident these newer versions should be safe to consume, we can't say for sure. Please reach out to us if you encounter any issues that you think may be related.

For more info, reach out to #support-frontend-architecture on Slack.

_Created by Sourcegraph batch change Workiva/raise_more_max_versions._

[aviary3-wk]

Security Insights

No security relevant content was detected by automated scans.

Action Items

• Review PR for security impact; comment "security review required" if needed or unsure

• Verify aviary.yaml coverage of security relevant code

  Questions or Comments? Reach out on Slack: #support-infosec.

[robbecker-wf]

QA+1 CI passes

[robbecker-wf]

@Workiva/release-management-p