Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.4 to 2.22.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.22.5 - 27 Oct 2023</h2>
<p>No user facing changes.</p>
<h2>2.22.4 - 20 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.1. <a href="https://redirect.github.com/github/codeql-action/pull/1953">#1953</a></li>
<li>Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
<ul>
<li>All code scanning workflows should continue to succeed regardless of the warning.</li>
<li>The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.</li>
<li>For more information, and to communicate with the maintaining team, please use <a href="https://redirect.github.com/github/codeql-action/issues/1959">this issue</a>.</li>
</ul>
</li>
</ul>
<h2>2.22.3 - 13 Oct 2023</h2>
<ul>
<li>Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. <a href="https://redirect.github.com/github/codeql-action/pull/1945">#1945</a></li>
</ul>
<h2>2.22.2 - 12 Oct 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.15.0. <a href="https://redirect.github.com/github/codeql-action/pull/1938">#1938</a></li>
<li>Improve the log output when an error occurs in an invocation of the CodeQL CLI. <a href="https://redirect.github.com/github/codeql-action/pull/1927">#1927</a></li>
</ul>
<h2>2.22.1 - 09 Oct 2023</h2>
<ul>
<li>Add a workaround for Python 3.12, which is not supported in CodeQL CLI version 2.14.6 or earlier. If you are running an analysis on Windows and using Python 3.12 or later, the CodeQL Action will switch to running Python 3.11. In this case, if Python 3.11 is not found, then the workflow will fail. <a href="https://redirect.github.com/github/codeql-action/pull/1928">#1928</a></li>
</ul>
<h2>2.22.0 - 06 Oct 2023</h2>
<ul>
<li>The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. <a href="https://redirect.github.com/github/codeql-action/pull/1907">#1907</a></li>
<li>The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see <a href="https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/">"CodeQL code scanning deprecates ML-powered alerts."</a> <a href="https://redirect.github.com/github/codeql-action/pull/1910">#1910</a></li>
<li>Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. <a href="https://redirect.github.com/github/codeql-action/pull/1909">#1909</a></li>
</ul>
<h2>2.21.9 - 27 Sep 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.14.6. <a href="https://redirect.github.com/github/codeql-action/pull/1897">#1897</a></li>
<li>We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. <a href="https://redirect.github.com/github/codeql-action/pull/1889">#1889</a></li>
<li>We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. <a href="https://redirect.github.com/github/codeql-action/pull/1903">#1903</a></li>
<li>Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. <a href="https://redirect.github.com/github/codeql-action/pull/1901">#1901</a></li>
</ul>
<h2>2.21.8 - 19 Sep 2023</h2>
<ul>
<li>Add a deprecation warning for customers using CodeQL version 2.10.4 and earlier. These versions of CodeQL were discontinued on 12 September 2023 alongside GitHub Enterprise Server 3.6, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/1884">#1884</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI version 2.10.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.</li>
</ul>
</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="74483a38d3"><code>74483a3</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1972">#1972</a> from github/update-v2.22.5-2d5ffa777</li>
<li><a href="2ba6829f2b"><code>2ba6829</code></a> Update changelog for v2.22.5</li>
<li><a href="2d5ffa7773"><code>2d5ffa7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1970">#1970</a> from github/henrymercer/clean-up-init-logs</li>
<li><a href="14d0fa93b4"><code>14d0fa9</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1967">#1967</a> from github/henrymercer/enable-features-on-ghes</li>
<li><a href="5744b13b66"><code>5744b13</code></a> Rebuild Action</li>
<li><a href="f3b55862ea"><code>f3b5586</code></a> Check out the right branch in <code>rebuild.yml</code></li>
<li><a href="95c219819d"><code>95c2198</code></a> Add a log in the OK case</li>
<li><a href="e8e83c3a56"><code>e8e83c3</code></a> Merge branch 'main' into henrymercer/enable-features-on-ghes</li>
<li><a href="c7abe9ca5f"><code>c7abe9c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1971">#1971</a> from github/henrymercer/bot-rebuild</li>
<li><a href="3fc281e079"><code>3fc281e</code></a> Add workflow to rebuild the Action on a label</li>
<li>Additional commits viewable in <a href="49abf0ba24...74483a38d3">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
## Description
This PR adds a `nonce` parameter to flutter.js' `loadEntrypoint` method.
When set, loadEntrypoint will add a `nonce` attribute to the `main.dart.js` script tag, which allows Flutter to run in environments slightly more restricted by CSP; those that don't add `'self'` as a valid source for `script-src`.
----
### CSP directive
After this change, the CSP directive for a Flutter Web index.html can be:
```
script-src 'nonce-YOUR_NONCE_VALUE' 'wasm-unsafe-eval';
font-src https://fonts.gstatic.com;
style-src 'nonce-YOUR_NONCE_VALUE';
```
When CSP is set via a `meta` tag (like in the test accompanying this change), and to use a service worker, the CSP needs an additional directive: [`worker-src 'self';`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src)
When CSP set via response headers, the CSP that applies to `flutter_service_worker.js` is determined by its response headers. See **Web Workers API > [Content security policy](https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Using_web_workers#content_security_policy)** in MDN.)
----
### Initialization
If the CSP is set to disallow `script-src 'self'`, a nonce needs to also be passed to `loadEntrypoint`:
```javascript
_flutter.loader.loadEntrypoint({
nonce: 'SOME_NONCE',
onEntrypointLoaded: (engineInitializer) async {
const appRunner = await engineInitializer.initializeEngine({
nonce: 'SOME_NONCE',
});
appRunner.runApp();
},
});
```
(`nonce` shows twice for now, because the entrypoint loader script doesn't have direct access to the `initializeEngine` call.)
----
## Tests
* Added a smoke test to ensure an app configured as described above starts.
## Issues
* Fixes https://github.com/flutter/flutter/issues/126977
Latest example of an issue about a typo: https://github.com/flutter/flutter/issues/137080. I don't think these are helpful, so we shouldn't be encouraging people to file these in order to submit a PR to fix 'em.
## Description
Adds some convenience methods to `KeyEvent` that allow testing to see if a logical or physical key is pressed from the event object. These are similar to the ones already on `RawKeyEvent`, and will make migration the to `KeyEvent` easier (so it could more easily be a `flutter fix` migration).
Added:
- `bool isLogicalKeyPressed(LogicalKeyboardKey key)`
- `bool isPhysicalKeyPressed(PhysicalKeyboardKey key)`
- `bool get isControlPressed`
- `bool get isShiftPressed`
- `bool get isAltPressed`
- `bool get isMetaPressed`
## Related Issues
- https://github.com/flutter/flutter/issues/136419
## Tests
- Added tests for the new methods.
Reverts flutter/flutter#136880
Initiated by: camsim99
This change reverts the following previous change:
Original Description:
Since the original PR that supposedly enabled proguard, it was using the android proguard rules that disable optimizations. See initial PR in [0]
This PR changes the flutter gradle plugin to use the `proguard-android-optimize.txt` (instead of `proguard-android.txt`) which will enable optimizations/shrinking of platform code (i.e. java/kotlin).
For a simple flutter hello world this results in a 25% reduction in the resulting DEX file (`classes.dex` of the APK).
[0] f098de1fdedec2232aa740a6413f318166762795
Fixes https://github.com/flutter/flutter/issues/136879
Since the original PR that supposedly enabled proguard, it was using the
android proguard rules that disable optimizations. See initial PR in [0]
This PR changes the flutter gradle plugin to use the
`proguard-android-optimize.txt` (instead of `proguard-android.txt`)
which will enable optimizations/shrinking of platform code (i.e.
java/kotlin).
For a simple flutter hello world this results in a 25% reduction in the
resulting DEX file (`classes.dex` of the APK).
Note for users:
For some users this may result in issues because their java/kotlin code is
now better optimized & tree shaken and thereby symbols may be no longer
available or being obfuscated.
To fix those issues it's best to craft precise proguard rules describing the
extra symbols that are needed by the app (see [1]). But it's also possible to
opt out entirely of optimizations by using the unoptimized proguard rules.
To add custom proguard rules or use the unoptimized android rules, one can
update `android/app/build.gradle`:
```
android {
...
buildTypes {
release {
...
+ proguardFiles(
+ // Not ideal: Disables optimizations by using unoptimized android rules.
+ getDefaultProguardFile("proguard-android.txt"),
+
+ // Better: Have precise keep rules to only keep things that are needed.
+ "custom-rules.pro",
+ )
}
}
}
```
[0] f098de1fdedec2232aa740a6413f318166762795
[1] https://developer.android.com/build/shrink-code
Fixes https://github.com/flutter/flutter/issues/136879
Fixes https://github.com/flutter/flutter/issues/136698.
Alters how `throwToolExit` creates its matcher. This results is an improved description of the matcher.
The mismatch description isn't improved by this, but I writing an entirely custom matcher to fix this isn't ideal either. We can instead mitigate the issue by augmenting the `toString` implementation of `ToolExit` to include the exit code, if it is non-null.
With these changes, the first few lines of output from a test would look like this:
```
Expected: throws <Instance of 'ToolExit'> with `exitCode`: <42> and `message`: contains 'message'
Actual: <Closure: () => Never>
Which: threw ToolExit:<Exit code: 41232. Error: message>
```
This method controls whether the builder needs to be called again again even if the layout constraints are the same.
By default, the builder will always be called when the widget is updated because the logic in the callback might have changed. However, there are cases where subclasses of ConstrainedLayoutBuilder know that certain property updates only affect paint and not build. In these cases, we lack a way of expressing that the builder callback is not needed -- and we end up doing superfluous work.
This PR gives subclasses the ability to know exactly when the callback needs to be called and when it can be skipped.
This comment on _localizedThemeDataCacheSize was a bit garbled from getting split up, and the doc on _localizedThemeDataCache was missing from having been moved elsewhere.
It looks like the dislocation happened in 8b86d238b (#116088), which was otherwise making unrelated changes, including a couple of lines near these. Likely it was due to an error in resolving merge or rebase conflicts at some point while revising that PR.
