docs(dart): add link to source code / repository for pub.dev

[IchordeDionysos]

Related Issue or Design Document

Follow up of https://github.com/ory/sdk/pull/263

Adds the repository to the pubspec.yaml so that on pub.dev a link to the repository will be shown to users. https://dart.dev/tools/pub/pubspec#repository

Checklist

• [x] I have read the contributing guidelines and signed the CLA.
• [x] I have referenced an issue containing the design document if my change introduces a new feature.
• [x] I have read the security policy.
• [x] I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security vulnerability, I confirm that I got approval (please contact security@ory.sh) from the maintainers to push the changes.
• [x] I have added tests that prove my fix is effective or that my feature works.
• [x] I have added the necessary documentation within the code base (if appropriate).

Further comments

I, unfortunately, couldn't test it locally as I get errors for both the current Docker image v0.51.0 as well as a locally built image ... Not sure if this might have to do something with my M1 MacBook?!

[IchordeDionysos]

@jonas-jonas this also allows users to update to dio v5.0.0 fixing two vulnerabilities https://pub.dev/packages/dio/changelog

https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apub+dio

[IchordeDionysos]

❓ Breaking change or not:

• Content Type is not longer implicitly set (should be fine as the content type is explicitly set: see)
• The OpenAPI generator should abstract the other breaking changes or the features are not used
• The only reason I see to justify a breaking change of Ory would be that Ory now requires using Dio 5.0.0, and the latest version of the Ory SDKs only works with Dio 5.x.

I'm not sure but I guess the Ory SDK would find the latest version of Ory that uses Dio 4.x. Otherwise we'd have package users required to update their packages all to the latest versions which they anyways should do to ensure the best compatibility.

[IchordeDionysos]

I rented a Linux VM to check the changes.

I've actually figured out that I can run open-api-generator in the Docker container and then run dart pub build_runner build outside of the Docker container which works for me

[jonas-jonas]

I've actually figured out that I can run open-api-generator in the Docker container and then run dart pub build_runner build outside of the Docker container which works for me

Ah, good idea.

The only reason I see to justify a breaking change of Ory would be that Ory now requires using Dio 5.0.0, and the latest version of the Ory SDKs only works with Dio 5.x.

Is that not the case? The generated version constraint looks like it requires >5.

[IchordeDionysos]

Is that not the case? The generated version constraint looks like it requires >5. Wait, let me explain it better :D

The current Ory SDKs require dio version >= 4.0.0 and < 5.0.0, reducing scores on pub.dev

With the change, the Ory SDKs would require dio version >= 5.0.0 and < 6.0.0 (the latest version of dio is 5.1.2)

---

So the only change that could make it a breaking change would be because the Ory SDKs now depend on dio version 5.x.x. Not because there are any changes to the Ory SDKs behavior

According to the server FAQ it should probably not be considered a breaking change: https://semver.org/#what-should-i-do-if-i-update-my-own-dependencies-without-changing-the-public-api That's maybe also the reason why the maintainers at open-api-generator did not include in the next major version

[jonas-jonas]

@IchordeDionysos thank you!