Bump dependency_validator from 3.2.3 to 4.1.1

[dependabot]

Bumps dependency_validator from 3.2.3 to 4.1.1.

Release notes

Sourced from dependency_validator's releases.

4.1.1

Info

Build: (waiting for build to complete) Skynet Results: (waiting for Skynet results) Pipeline: (waiting for pipeline to start) This patch release includes the following changes:

Miscellaneous

• #124 FEA-3927: Updated changelog for v4.1.0

  • FEA-3927 Updated changelog for v4.1.0

• #126 fedx_codeowners_file

• #127 FEDX-1587: implemented gha-dart-oss

  • FEDX-1587 implemented gha-dart-oss

• #128 FEDX-1589: Include file path on parse error

  • FEDX-1589 Include file path on parse error

• #129 RM-263537 Release dependency_validator 4.1.1

  • RM-263537 RELEASE dependency_validator 4.1.1

• #130 Bump Workiva/gha-dart-oss from 0.1.5 to 0.1.6 in the gha group

Notes created on Tuesday, September 24 04:07 PM UTC

4.1.0

Info

Build: (waiting for build to complete) Skynet Results: (waiting for Skynet results) Pipeline: (waiting for pipeline to start) This minor release includes the following changes:

Miscellaneous

• #114 v4 Changelog update

• #115 FEA-3685: Reverted non-dev bin import usage errors

  • FEA-3685 Reverted non-dev bin import usage errors

• #116 Revert "FEA-3685: Reverted non-dev bin import usage errors"

  • FEA-3685 Reverted non-dev bin import usage errors

• #117 Update analyzer constraint

• #120 Fixed broken GHA and updated installation instructions

• #121 Add dependabot.yml

• #122 GHA: Bump actions/checkout from 2 to 4 in the gha-dependencies group

• #123 RM-256973 Release dependency_validator 4.1.0

  • RM-256973 RELEASE dependency_validator 4.1.0

Notes created on Monday, June 03 05:25 PM UTC

... (truncated)

Changelog

Sourced from dependency_validator's changelog.

4.1.1

• Update the output of parse failures to include the path to the file which failed to parse

4.1.0

• Update specified analyzer range to support v6.0.0+. This supports dependency_validator running on dart 3 better

4.0.0

• Breaking Change: Added "non-dev packages that are only used within bin/" check to cover this edge case. This is enabled by default, and will break the execution of dependency_validator if it occurs within the codebase. Resolution is to either ignore the dependency, or demote the dependency to a dev_dep
• Fixed bug where uris declared within comments and strings would register as dependency "usages"

3.2.2

• Raise dependency minimums to ensure all dependencies are null-safe.

3.2.0

• Feature: Added option allow_pins for disabling/enabling checks for pins. Pins not allowed by default.

3.1.2

• Return non-zero exit code from executable when incorrect args are used

3.1.0

• Deprecate static configuration in pubspec.yaml (because pub publish warns about unrecognized keys) and instead read it from a dart_dependency_validator.yaml file when possible.

3.0.0

• Breaking: removed the public package:dependency_validator/dependency_validator.dart entrypoint. It was only intended for this package to provide an executable and the Dart APIs don't need to be public.
• Null safety.

2.0.1

• Fix a path issue on Windows.

2.0.0

• Breaking Change: Excluded paths and ignored packages must now be configured statically in your project's pubspec.yaml instead of via command-line arguments. See the README for more information.

... (truncated)

Commits

• 6c41e74 Merge pull request #129 from Workiva/release_dependency_validator_4.1.1
• 0702177 Merge pull request #130 from Workiva/dependabot/github_actions/gha-410c484db0
• dc7882e Bump Workiva/gha-dart-oss from 0.1.5 to 0.1.6 in the gha group
• 34c07f6 updated changelog
• 15a294c test new checks action version
• 5cdf62d dependency_validator_4.1.1
• fc6d632 Merge pull request #128 from Workiva/catch_parse_error
• f392e8c fmt and improved output
• 83d0535 catch parse error
• c30d2f3 Merge pull request #127 from Workiva/implemented_gha-dart-oss
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[aviary2-wf]

Security Insights

No security relevant content was detected by automated scans.

Action Items

• Review PR for security impact; comment "security review required" if needed or unsure
• Verify aviary.yaml coverage of security relevant code

---

Questions or Comments? Reach out on Slack: #support-infosec.