pub beta support for Dependabot version updates

Users of Dependabot version updates can now proactively update their dependencies for Flutter or Dart projects which use the pub package manager.

To test version updates on your own Dart or Flutter repo, add the following configuration file in [.github/dependabot.yaml](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-dependabot-version-updates):

version: 2
enable-beta-ecosystems: true
updates:
  - package-ecosystem: "pub"
    directory: "/"
    schedule:
      interval: "weekly"

version: 2
enable-beta-ecosystems: true
updates:
  - package-ecosystem: "pub"
    directory: "/"
    schedule:
      interval: "weekly"

Note the package-ecosystem: "pub" and enable-beta-ecosystems: true flags.

Limitations

Support for pub is in beta, and thus, we are aware of some limitations. For example, security updates are not supported in this release but will be in the future.

Other known limitations:

• No support for updating git-dependencies
• If the version found is ignored (by dependabot config) no update will happen (even if, an earlier version could be used)
• No support for private package repositories

We want your feedback! Please open or vote on a comment in this discussion. You can get help troubleshooting by opening an issue on dependabot-core.

Special thanks to the Dart team for collaborating with us to make this happen.