realm >=3.3.0 depends on realm_dart ^3.3.0 which depends on http ^1.0.0,

[kisomo]

Problem

realm depends on http ^1.0.0 but we need flexibility to use other versions of http.

Solution

realm depends on http ^1.0.0 but we need flexibility to use other versions of http. change to include more versions of http please.

Alternatives

No response

How important is this improvement for you?

Dealbreaker

Feature would mainly be used with

Atlas Device Sync

[sync-by-unito[bot]]

➤ PM Bot commented:

Jira ticket: RDART-1083

[nirinchev]

What version of http do you want to use?

[kisomo]

I need 1.2.2 but the best option would be to include a range like this : http: '>= 0.13.1 <= 1.2.2'

[nielsenko]

@kisomo You can use realm 3.3.0 with http 1.2.2. The constraint says ^1.0.0 which is just shorthand for >=1.0.0 < 2.0.0. You can read about how dependencies are resolved in Dart here.

[kisomo]

That will not solve my problem because I also need to use http: 0.13.1. Can you include that too?

[nielsenko]

http 0.13.1 is affected by CVE-2020-35669, so that would be irresponsible. Why do you need 0.13.1?

[nirinchev]

http 0.13.1 was released 3 years ago. There don't appear to be any breaking changes from 0.x to 1.x of the http package, so should be a seamless migration. The only reason to want to use 0.x would be if you were targeting dart 2.x, which Realm doesn't support anyway. I'm going to close this as it's not something we're willing to do at this point.