Skip to content

Allowlist for dependencies of sdk packages#180740

Merged
sigurdm merged 6 commits into
flutter:masterfrom
sigurdm:only_allowed_dependencies_test
Jan 20, 2026
Merged

Allowlist for dependencies of sdk packages#180740
sigurdm merged 6 commits into
flutter:masterfrom
sigurdm:only_allowed_dependencies_test

Conversation

@sigurdm

@sigurdm sigurdm commented Jan 9, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This test will highlight any accidentally introduced external dependency.

A similar check already exist for flutter/packages:

https://github.com/flutter/packages/blob/952418ded43bbbcc0a8ad29da17f9caefa338a99/script/tool/lib/src/pubspec_check_command.dart#L588-L608

This change is intended to reduce the risk of https://flutter.dev/go/unpin-flutter-sdk-dependencies, but is useful on its own even if we never implement unpinning.

@github-actions github-actions Bot added tool Affects the "flutter" command-line tool. See also t: labels. a: desktop Running on desktop labels Jan 9, 2026
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Jan 9, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new integration test to enforce an allowlist of dependencies for Flutter SDK packages. This is a valuable addition to prevent accidental external dependencies. My review includes suggestions to improve the test's performance and code clarity by using more efficient data structures for lookups and removing redundant code. I've also pointed out a small duplication in the list of root packages.

Comment thread packages/flutter_tools/test/integration.shard/only_allowed_dependencies_test.dart Outdated
Comment thread packages/flutter_tools/test/integration.shard/only_allowed_dependencies_test.dart Outdated
Comment thread packages/flutter_tools/test/integration.shard/only_allowed_dependencies_test.dart Outdated
Comment thread packages/flutter_tools/test/integration.shard/only_allowed_dependencies_test.dart Outdated
sigurdm and others added 5 commits January 9, 2026 15:17
@sigurdm @gemini-code-assist
Update packages/flutter_tools/test/integration.shard/only_allowed_dep…
36d0401 
…endencies_test.dart

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
@sigurdm @gemini-code-assist
Update packages/flutter_tools/test/integration.shard/only_allowed_dep…
60f1daf 
…endencies_test.dart

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
@sigurdm @gemini-code-assist
Update packages/flutter_tools/test/integration.shard/only_allowed_dep…
3598331 
…endencies_test.dart

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
@sigurdm
Use a map for lookups
9b2ea6e
@sigurdm
Remove accidentally committed files
4a5c381
@github-actions github-actions Bot removed the a: desktop Running on desktop label Jan 9, 2026
@sigurdm sigurdm added this pull request to the merge queue Jan 20, 2026
Merged via the queue into flutter:master with commit 3c06bb5 Jan 20, 2026
138 of 139 checks passed
@sigurdm sigurdm deleted the only_allowed_dependencies_test branch January 20, 2026 09:24
@engine-flutter-autoroll engine-flutter-autoroll mentioned this pull request Jan 20, 2026
Closed
engine-flutter-autoroll added a commit to engine-flutter-autoroll/packages that referenced this pull request Jan 20, 2026
@engine-flutter-autoroll
3c06bb535 Allowlist for dependencies of sdk packages (flutter/flutter…
a5755dc 
…#180740)
@engine-flutter-autoroll engine-flutter-autoroll mentioned this pull request Jan 20, 2026
Closed
engine-flutter-autoroll added a commit to engine-flutter-autoroll/packages that referenced this pull request Jan 20, 2026
@engine-flutter-autoroll
3c06bb535 Allowlist for dependencies of sdk packages (flutter/flutter…
4eb9a89 
…#180740)
@engine-flutter-autoroll engine-flutter-autoroll mentioned this pull request Jan 20, 2026
Closed
engine-flutter-autoroll added a commit to engine-flutter-autoroll/packages that referenced this pull request Jan 20, 2026
@engine-flutter-autoroll
3c06bb535 Allowlist for dependencies of sdk packages (flutter/flutter…
eca75b2 
…#180740)
@engine-flutter-autoroll engine-flutter-autoroll mentioned this pull request Jan 20, 2026
Closed
engine-flutter-autoroll added a commit to engine-flutter-autoroll/packages that referenced this pull request Jan 20, 2026
@engine-flutter-autoroll
3c06bb535 Allowlist for dependencies of sdk packages (flutter/flutter…
7d5e560 
…#180740)
@engine-flutter-autoroll engine-flutter-autoroll mentioned this pull request Jan 20, 2026
Closed
engine-flutter-autoroll added a commit to engine-flutter-autoroll/packages that referenced this pull request Jan 20, 2026
@engine-flutter-autoroll
3c06bb535 Allowlist for dependencies of sdk packages (flutter/flutter…
4aa91f7 
…#180740)
@engine-flutter-autoroll engine-flutter-autoroll mentioned this pull request Jan 21, 2026
Closed
engine-flutter-autoroll added a commit to engine-flutter-autoroll/packages that referenced this pull request Jan 21, 2026
@engine-flutter-autoroll
3c06bb535 Allowlist for dependencies of sdk packages (flutter/flutter…
7083550 
…#180740)
@engine-flutter-autoroll engine-flutter-autoroll mentioned this pull request Jan 21, 2026
Closed
engine-flutter-autoroll added a commit to engine-flutter-autoroll/packages that referenced this pull request Jan 21, 2026
@engine-flutter-autoroll
3c06bb535 Allowlist for dependencies of sdk packages (flutter/flutter…
6d01a46 
…#180740)
@engine-flutter-autoroll engine-flutter-autoroll mentioned this pull request Jan 21, 2026
Closed
engine-flutter-autoroll added a commit to engine-flutter-autoroll/packages that referenced this pull request Jan 21, 2026
@engine-flutter-autoroll
3c06bb535 Allowlist for dependencies of sdk packages (flutter/flutter…
5d1eff3 
…#180740)
engine-flutter-autoroll added a commit to engine-flutter-autoroll/packages that referenced this pull request Jan 22, 2026
@engine-flutter-autoroll
3c06bb535 Allowlist for dependencies of sdk packages (flutter/flutter…
58e2d90 
…#180740)
engine-flutter-autoroll added a commit to engine-flutter-autoroll/packages that referenced this pull request Jan 22, 2026
@engine-flutter-autoroll
3c06bb535 Allowlist for dependencies of sdk packages (flutter/flutter…
75bf654 
…#180740)
engine-flutter-autoroll added a commit to engine-flutter-autoroll/packages that referenced this pull request Jan 22, 2026
@engine-flutter-autoroll
3c06bb535 Allowlist for dependencies of sdk packages (flutter/flutter…
1fb7ede 
…#180740)
engine-flutter-autoroll added a commit to engine-flutter-autoroll/packages that referenced this pull request Jan 23, 2026
@engine-flutter-autoroll
3c06bb535 Allowlist for dependencies of sdk packages (flutter/flutter…
43e27dc 
…#180740)
flutter-zl pushed a commit to flutter-zl/flutter that referenced this pull request Feb 10, 2026
@sigurdm @gemini-code-assist @flutter-zl
Allowlist for dependencies of sdk packages (flutter#180740)
cf1ed04 
This test will highlight any accidentally introduced external
dependency.

A similar check already exist for flutter/packages:


https://github.com/flutter/packages/blob/952418ded43bbbcc0a8ad29da17f9caefa338a99/script/tool/lib/src/pubspec_check_command.dart#L588-L608

This change is intended to reduce the risk of
https://flutter.dev/go/unpin-flutter-sdk-dependencies, but is useful on
its own even if we never implement unpinning.

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bkonyi bkonyi bkonyi approved these changes
+1 more reviewer
@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

tool Affects the "flutter" command-line tool. See also t: labels.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sigurdm @bkonyi