Merge remote-tracking branch 'upstream/master'

Author: mtrezza

.github/ISSUE_TEMPLATE/---3-version-conflict.md

@@ -0,0 +1,77 @@
+---
+name: "\U0001F4E6 Version Conflict"
+about: Report a version conflict with Parse SDK dependencies
+title: '[Version Conflict] '
+labels: 'dependencies, version-conflict'
+assignees: ''
+---
+
+## Version Conflict Description
+
+<!-- Describe the version conflict you're experiencing -->
+
+## Environment
+
+**Parse SDK Version:**
+- Dart SDK: [e.g., 8.0.2]
+- Flutter SDK (if applicable): [e.g., 9.0.0]
+
+**Framework Version:**
+- Dart: [e.g., 3.2.6]
+- Flutter (if applicable): [e.g., 3.16.9]
+
+**Platform:**
+- [ ] Dart
+- [ ] Flutter (Web)
+- [ ] Flutter (Mobile - iOS)
+- [ ] Flutter (Mobile - Android)
+- [ ] Flutter (Desktop - macOS)
+- [ ] Flutter (Desktop - Windows)
+- [ ] Flutter (Desktop - Linux)
+
+## Conflict Details
+
+**Conflicting Package:**
+[e.g., dio, http, sembast]
+
+**Required Version:**
+[e.g., Package X requires dio ^6.0.0 but Parse SDK requires ^5.0.0]
+
+**Error Message:**
+```
+Paste the full error message from `dart pub get` or `flutter pub get`
+```
+
+## Your pubspec.yaml
+
+```yaml
+# Paste relevant sections of your pubspec.yaml
+dependencies:
+  parse_server_sdk: ^8.0.0
+  # ... other dependencies
+```
+
+## Dependency Tree
+
+```bash
+# Run: dart pub deps or flutter pub deps
+# Paste the output here
+```
+
+## Steps Tried
+
+<!-- Check all that apply -->
+
+- [ ] Updated to latest Parse SDK version
+- [ ] Ran `dart pub outdated` / `flutter pub outdated`
+- [ ] Checked [MIGRATION_GUIDES.md](https://github.com/parse-community/Parse-SDK-Flutter/blob/master/MIGRATION_GUIDES.md)
+- [ ] Tried `dependency_overrides` (temporary workaround)
+- [ ] Searched existing issues
+
+## Workaround
+
+<!-- If you found a workaround, share it here to help others -->
+
+## Additional Context
+
+<!-- Add any other context, screenshots, or information -->

.github/dependabot.yml

@@ -0,0 +1,34 @@
+version: 2
+updates:
+  # Dart package dependencies
+  - package-ecosystem: "pub"
+    directory: "/packages/dart"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+    labels:
+      - "dart"
+    commit-message:
+      prefix: "feat"
+
+  # Flutter package dependencies
+  - package-ecosystem: "pub"
+    directory: "/packages/flutter"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+    labels:
+      - "flutter"
+    commit-message:
+      prefix: "feat"
+
+  # GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+    labels:
+      - "ci"
+    commit-message:
+      prefix: "refactor"

.github/workflows/ci.yml

@@ -14,27 +14,21 @@ jobs:
     strategy:
       matrix:
         include:
+          # Version Support Policy: 6 months after next significant version release
+          # See VERSIONING_POLICY.md for full details
+          #
           # Dart framework may contain breaking changes in minor version releases, not following semver.
           # The latest Dart framework (below) is tested on all architectures (Ubuntu, macOS, Windows).
-          - name: Dart 3.5, Ubuntu
+          - name: Dart 3.10, Ubuntu
             os: ubuntu-latest
-            sdk: 3.5.3
-          - name: Dart 3.5, macOS
+            sdk: 3.10.0
+          - name: Dart 3.10, macOS
             os: macos-latest
-            sdk: 3.5.3
-          - name: Dart 3.5, Windows
+            sdk: 3.10.0
+          - name: Dart 3.10, Windows
             os: windows-latest
-            sdk: 3.5.3
-          # Older Dart framework versions (below) are only tested with Ubuntu to reduce CI resource usage.
-          - name: Dart 3.4
-            os: ubuntu-latest
-            sdk: 3.4.4
-          - name: Dart 3.3
-            os: ubuntu-latest
-            sdk: 3.3.4
-          - name: Dart 3.2
-            os: ubuntu-latest
-            sdk: 3.2.6
+            sdk: 3.10.0
+          # Beta channel helps identify breaking changes early
           - name: Dart beta
             os: ubuntu-latest
             sdk: beta
@@ -43,6 +37,12 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+      - name: Configure git for line endings (Windows)
+        if: matrix.os == 'windows-latest'
+        run: |
+          git config core.autocrlf false
+          git rm --cached -r .
+          git reset --hard
       - name: Setup dart
         uses: dart-lang/setup-dart@v1.5.0
         with:
@@ -79,27 +79,21 @@ jobs:
     strategy:
       matrix:
         include:
+          # Version Support Policy: 6 months after next significant version release
+          # See VERSIONING_POLICY.md for full details
+          #
           # Flutter framework may contain breaking changes in minor version releases, not following semver.
           # The latest Flutter framework (below) is tested on all architectures (Ubuntu, macOS, Windows).
-          - name: Flutter 3.24, Ubuntu
+          - name: Flutter 3.38, Ubuntu
             os: ubuntu-latest
-            sdk: 3.24.3
-          - name: Flutter 3.24, macOS
+            sdk: 3.38.1
+          - name: Flutter 3.38, macOS
             os: macos-latest
-            sdk: 3.24.3
-          - name: Flutter 3.24, Windows
+            sdk: 3.38.1
+          - name: Flutter 3.38, Windows
             os: windows-latest
-            sdk: 3.24.3
-          # Older Flutter framework versions (below) are only tested with Ubuntu to reduce CI resource usage.
-          - name: Flutter 3.22
-            os: ubuntu-latest
-            sdk: 3.22.3
-          - name: Flutter 3.19
-            os: ubuntu-latest
-            sdk: 3.19.6
-          - name: Flutter 3.16
-            os: ubuntu-latest
-            sdk: 3.16.9
+            sdk: 3.38.1
+          # Beta channel helps identify breaking changes early
           - name: Flutter beta
             os: ubuntu-latest
             sdk: beta

.github/workflows/dependency-audit.yml

@@ -0,0 +1,134 @@
+name: dependency-audit
+
+on:
+  schedule:
+    # Run on the first day of every month at 9:00 AM UTC
+    - cron: '0 9 1 * *'
+  workflow_dispatch: # Allow manual triggering
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  audit-dart:
+    name: Audit Dart Package Dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Dart
+        uses: dart-lang/setup-dart@v1
+        with:
+          sdk: stable
+
+      - name: Get dependencies
+        working-directory: packages/dart
+        run: dart pub get
+
+      - name: Check for outdated dependencies
+        id: outdated
+        working-directory: packages/dart
+        run: |
+          echo "## Dart Package - Outdated Dependencies" >> $GITHUB_STEP_SUMMARY
+          dart pub outdated --mode=outdated || true
+          dart pub outdated --mode=outdated >> $GITHUB_STEP_SUMMARY || true
+
+      - name: Security audit
+        id: audit
+        working-directory: packages/dart
+        run: |
+          echo "## Dart Package - Security Audit" >> $GITHUB_STEP_SUMMARY
+          dart pub audit || true
+          dart pub audit >> $GITHUB_STEP_SUMMARY || true
+
+  audit-flutter:
+    name: Audit Flutter Package Dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Flutter
+        uses: subosito/flutter-action@v2
+        with:
+          channel: stable
+
+      - name: Get dependencies
+        working-directory: packages/flutter
+        run: flutter pub get
+
+      - name: Check for outdated dependencies
+        id: outdated
+        working-directory: packages/flutter
+        run: |
+          echo "## Flutter Package - Outdated Dependencies" >> $GITHUB_STEP_SUMMARY
+          flutter pub outdated --mode=outdated || true
+          flutter pub outdated --mode=outdated >> $GITHUB_STEP_SUMMARY || true
+
+      - name: Security audit
+        id: audit
+        working-directory: packages/flutter
+        run: |
+          echo "## Flutter Package - Security Audit" >> $GITHUB_STEP_SUMMARY
+          dart pub audit || true
+          dart pub audit >> $GITHUB_STEP_SUMMARY || true
+
+  create-issue:
+    name: Create Issue if Security Vulnerabilities Found
+    needs: [audit-dart, audit-flutter]
+    runs-on: ubuntu-latest
+    if: failure()
+    steps:
+      - name: Create issue for security vulnerabilities
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const title = '[Security] Dependency vulnerabilities detected';
+            const body = `## Security Vulnerabilities Detected
+
+            The monthly dependency audit has detected security vulnerabilities in our dependencies.
+
+            ### Action Required
+            1. Review the [workflow run](${context.payload.repository.html_url}/actions/runs/${context.runId})
+            2. Update affected dependencies
+            3. Test thoroughly
+            4. Create a PR with security fixes
+
+            ### Resources
+            - [VERSIONING_POLICY.md](${context.payload.repository.html_url}/blob/master/VERSIONING_POLICY.md)
+            - [Dart Security Best Practices](https://dart.dev/guides/libraries/secure)
+
+            ---
+            **Auto-generated by dependency-audit workflow**
+            `;
+
+            // Check if similar issue exists
+            const issues = await github.rest.issues.listForRepo({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              state: 'open',
+              labels: 'security,dependencies'
+            });
+
+            const existingIssue = issues.data.find(issue =>
+              issue.title.includes('[Security] Dependency vulnerabilities')
+            );
+
+            if (!existingIssue) {
+              await github.rest.issues.create({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                title: title,
+                body: body,
+                labels: ['security', 'dependencies', 'high-priority']
+              });
+            } else {
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: existingIssue.number,
+                body: `New vulnerabilities detected in [workflow run](${context.payload.repository.html_url}/actions/runs/${context.runId})`
+              });
+            }

.gitignore

@@ -50,6 +50,9 @@ analysis_benchmark.json
 .flutter-plugins
 .flutter-plugins-dependencies
 **/generated_plugin_registrant.dart
+**/generated_plugin_registrant.cc
+**/generated_plugin_registrant.h
+**/generated_plugins.cmake
 .packages
 .pub-cache/
 .pub/
@@ -123,3 +126,6 @@ app.*.symbols
 !/dev/ci/**/Gemfile.lock
 
 /node_modules
+
+# AI agents
+/.claude

CONTRIBUTING.md

@@ -10,6 +10,20 @@ We actively welcome your pull requests. When we get one, we'll run some Parse-sp
 2. Add unit tests for any new code you add.
 3. If you've changed APIs, update the documentation.
 4. Ensure the test suite passes.
+5. Follow the commit message format for automated versioning (see below).
+6. For dependency updates, see the [Dependency Management](#dependency-management) section.
+
+## Dependency Management
+
+The Parse SDK follows a structured approach to dependency management. See [VERSIONING_POLICY.md](VERSIONING_POLICY.md) for full details.
+
+## Framework Support Policy
+
+The Parse SDK supports Dart and Flutter versions for 6 months after the next significant version release. When contributing:
+
+- Ensure compatibility with all supported versions (see README compatibility tables)
+- Don't use features only available in the latest version without version checks
+- CI will test your PR against all supported versions
 
 ## Code of Conduct