christopherfujino · dependabot · May 6, 2022 · May 6, 2022 · Feb 27, 2023
diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
@@ -49,6 +49,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@2f58583a1b24a7d3c7034f6bf9fa506d23b1183b
+        uses: github/codeql-action/upload-sarif@32dc499307d133bb5085bae78498c0ac2cf762d5
         with:
           sarif_file: results.sarif
diff --git a/packages/flutter_tools/lib/src/commands/update_packages.dart b/packages/flutter_tools/lib/src/commands/update_packages.dart
@@ -384,7 +384,7 @@ class UpdatePackagesCommand extends FlutterCommand {
       fakePackage.writeAsStringSync(
         _generateFakePubspec(
           dependencies,
-          useAnyVersion: doUpgrade,
+          doUpgrade: doUpgrade,
         ),
       );
       // Create a synthetic flutter SDK so that transitive flutter SDK
@@ -1321,8 +1321,17 @@ class PubspecDependency extends PubspecLine {
 
   /// This generates the entry for this dependency for the pubspec.yaml for the
   /// fake package that we'll use to get the version numbers figured out.
-  void describeForFakePubspec(StringBuffer dependencies, StringBuffer overrides, { bool useAnyVersion = true}) {
-    final String versionToUse = useAnyVersion || version.isEmpty ? 'any' : version;
+  void describeForFakePubspec(StringBuffer dependencies, StringBuffer overrides, { bool doUpgrade = true }) {
+    final String versionToUse;
+    if (version.isEmpty) {
+      versionToUse = 'any';
+    } else if (doUpgrade) {
+      // Must wrap in quotes for Yaml parsing
+      versionToUse = "'>= $version'";
+    } else {
+      versionToUse = version;
+    }
+    // final versionToUse = useAnyVersion || version.isEmpty ? 'any' : version;
     switch (kind) {
       case DependencyKind.unknown:
       case DependencyKind.overridden:
@@ -1385,7 +1394,7 @@ String _generateFakePubspec(
 }) {
   final StringBuffer result = StringBuffer();
   final StringBuffer overrides = StringBuffer();
-  final bool verbose = useAnyVersion;
+  final bool verbose = doUpgrade;
   result.writeln('name: flutter_update_packages');
   result.writeln('environment:');
   result.writeln("  sdk: '>=2.10.0 <3.0.0'");
@@ -1415,7 +1424,7 @@ String _generateFakePubspec(
   }
   for (final PubspecDependency dependency in dependencies) {
     if (!dependency.pointsToSdk) {
-      dependency.describeForFakePubspec(result, overrides, useAnyVersion: useAnyVersion);
+      dependency.describeForFakePubspec(result, overrides, doUpgrade: doUpgrade);
     }
   }
   result.write(overrides.toString());