Use package:vendor to vendor package:tar and package:oauth2 (#3638)

Author: sigurdm

lib/src/io.dart

@@ -15,13 +15,14 @@ import 'package:http_multi_server/http_multi_server.dart';
 import 'package:meta/meta.dart';
 import 'package:path/path.dart' as path;
 import 'package:pool/pool.dart';
+// ignore: prefer_relative_imports
+import 'package:pub/src/third_party/tar/lib/tar.dart';
 import 'package:stack_trace/stack_trace.dart';
 
 import 'error_group.dart';
 import 'exceptions.dart';
 import 'exit_codes.dart' as exit_codes;
 import 'log.dart' as log;
-import 'third_party/tar/tar.dart';
 import 'utils.dart';
 
 export 'package:http/http.dart' show ByteStream;

lib/src/oauth2.dart

@@ -8,8 +8,9 @@ import 'dart:io';
 import 'package:collection/collection.dart' show IterableExtension;
 import 'package:http/http.dart' as http;
 import 'package:http/retry.dart';
-import 'package:oauth2/oauth2.dart';
 import 'package:path/path.dart' as path;
+// ignore: prefer_relative_imports
+import 'package:pub/src/third_party/oauth2/lib/oauth2.dart';
 import 'package:shelf/shelf.dart' as shelf;
 import 'package:shelf/shelf_io.dart' as shelf_io;
 

lib/src/third_party/oauth2/CHANGELOG.md

@@ -0,0 +1,123 @@
+# 2.0.1
+
+* Handle `expires_in` when encoded as string.
+* Populate the pubspec `repository` field.
+* Increase the minimum Dart SDK to `2.17.0`.
+
+# 2.0.0
+
+* Migrate to null safety.
+
+# 1.6.3
+
+* Added optional `codeVerifier` parameter to `AuthorizationCodeGrant` constructor.
+
+# 1.6.1
+
+* Added fix to make sure that credentials are only refreshed once when multiple calls are made.
+
+# 1.6.0
+
+* Added PKCE support to `AuthorizationCodeGrant`.
+
+# 1.5.0
+
+* Added support for `clientCredentialsGrant`.
+
+# 1.4.0
+
+* OpenID's id_token treated.
+
+# 1.3.0
+
+* Added `onCredentialsRefreshed` option when creating `Client` objects.
+
+# 1.2.3
+
+* Support the latest `package:http` release.
+
+# 1.2.2
+
+* Allow the stable 2.0 SDK.
+
+# 1.2.1
+
+* Updated SDK version to 2.0.0-dev.17.0
+
+# 1.2.0
+
+* Add a `getParameter()` parameter to `new AuthorizationCodeGrant()`, `new
+  Credentials()`, and `resourceOwnerPasswordGrant()`. This controls how the
+  authorization server's response is parsed for servers that don't provide the
+  standard JSON response.
+
+# 1.1.1
+
+* `resourceOwnerPasswordGrant()` now properly uses its HTTP client for requests
+  made by the OAuth2 client it returns.
+
+# 1.1.0
+
+* Add a `delimiter` parameter to `new AuthorizationCodeGrant()`, `new
+  Credentials()`, and `resourceOwnerPasswordGrant()`. This controls the
+  delimiter between scopes, which some authorization servers require to be
+  different values than the specified `' '`.
+
+# 1.0.2
+
+* Fix all strong-mode warnings.
+
+* Support `crypto` 1.0.0.
+
+* Support `http_parser` 3.0.0.
+
+# 1.0.1
+
+* Support `http_parser` 2.0.0.
+
+# 1.0.0
+
+## Breaking changes
+
+* Requests that use client authentication, such as the
+  `AuthorizationCodeGrant`'s access token request and `Credentials`' refresh
+  request, now use HTTP Basic authentication by default. This form of
+  authentication is strongly recommended by the OAuth 2.0 spec. The new
+  `basicAuth` parameter may be set to `false` to force form-based authentication
+  for servers that require it.
+
+* `new AuthorizationCodeGrant()` now takes `secret` as an optional named
+  argument rather than a required argument. This matches the OAuth 2.0 spec,
+  which says that a client secret is only required for confidential clients.
+
+* `new Client()` and `Credentials.refresh()` now take both `identifier` and
+  `secret` as optional named arguments rather than required arguments. This
+  matches the OAuth 2.0 spec, which says that the server may choose not to
+  require client authentication for some flows.
+
+* `new Credentials()` now takes named arguments rather than optional positional
+  arguments.
+
+## Non-breaking changes
+
+* Added a `resourceOwnerPasswordGrant` method.
+
+* The `scopes` argument to `AuthorizationCodeGrant.getAuthorizationUrl()` and
+  `new Credentials()` and the `newScopes` argument to `Credentials.refresh` now
+  take an `Iterable` rather than just a `List`.
+
+* The `scopes` argument to `AuthorizationCodeGrant.getAuthorizationUrl()` now
+  defaults to `null` rather than `const []`.
+
+# 0.9.3
+
+* Update the `http` dependency.
+
+* Since `http` 0.11.0 now works in non-`dart:io` contexts, `oauth2` does as
+  well.
+
+# 0.9.2
+
+* Expand the dependency on the HTTP package to include 0.10.x.
+
+* Add a README file.

lib/src/third_party/oauth2/LICENSE

@@ -0,0 +1,27 @@
+Copyright 2014, the Dart project authors.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above
+      copyright notice, this list of conditions and the following
+      disclaimer in the documentation and/or other materials provided
+      with the distribution.
+    * Neither the name of Google LLC nor the names of its
+      contributors may be used to endorse or promote products derived
+      from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.