Skip to content

[mob] Freeze app dependencies and enforce lockfiles#9873

Open
neeraj-pilot wants to merge 4 commits intoente-io:mainfrom
neeraj-pilot:freeze
Open

[mob] Freeze app dependencies and enforce lockfiles#9873
neeraj-pilot wants to merge 4 commits intoente-io:mainfrom
neeraj-pilot:freeze

Conversation

@neeraj-pilot
Copy link
Copy Markdown
Contributor

@neeraj-pilot neeraj-pilot commented Mar 31, 2026

Summary

  • freeze mobile app hosted and git dependencies to the versions already resolved in checked-in lockfiles
  • enforce lockfile resolution in mobile app CI, release workflows, and helper scripts
  • add a frozen-pubspec checker for mobile/apps/** and extend workflow security checks to block newly introduced unpinned third-party actions

Validation

  • ruby mobile/scripts/check_frozen_pubspecs.rb
  • flutter pub get --enforce-lockfile in mobile/apps/auth
  • flutter pub get --enforce-lockfile in mobile/apps/locker
  • flutter pub get --enforce-lockfile in mobile/apps/photos
  • flutter build apk --debug --flavor independent in mobile/apps/auth
  • flutter build apk --debug --flavor independent in mobile/apps/locker
  • flutter build apk --debug --flavor independent in mobile/apps/photos
  • installed all three debug APKs with adb install -r

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3b73c19093

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

@neeraj-pilot neeraj-pilot requested a deployment to workflow-security-review March 31, 2026 10:57 — with GitHub Actions Waiting
@neeraj-pilot neeraj-pilot requested a deployment to workflow-security-review March 31, 2026 11:01 — with GitHub Actions Waiting
@ua741
Copy link
Copy Markdown
Member

ua741 commented Mar 31, 2026

@codex review

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 52d11c1c4e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@neeraj-pilot neeraj-pilot temporarily deployed to workflow-security-review March 31, 2026 11:17 — with GitHub Actions Inactive
@ashilkn
Copy link
Copy Markdown
Member

ashilkn commented Mar 31, 2026

Let's merge this after the code freeze?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ua741 ua741 ua741 left review comments

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@AmanRajSinghMourya AmanRajSinghMourya AmanRajSinghMourya approved these changes

@ashilkn ashilkn Awaiting requested review from ashilkn

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@neeraj-pilot @ua741 @ashilkn @AmanRajSinghMourya