Skip to content

Add Dart 3.12 and Flutter 3.44 runtimes#104

Merged
lohanidamodar merged 1 commit into
mainfrom
feat-add-dart-3.12-flutter-3.44
May 24, 2026
Merged

Add Dart 3.12 and Flutter 3.44 runtimes#104
lohanidamodar merged 1 commit into
mainfrom
feat-add-dart-3.12-flutter-3.44

Conversation

@lohanidamodar
Copy link
Copy Markdown
Member

@lohanidamodar lohanidamodar commented May 24, 2026

Summary

Adds two new runtime versions to the available runtimes configuration:

  • Dart 3.12.0 — image dart:3.12.0, architectures X86, ARM64, ARMV7, ARMV8
  • Flutter 3.44.0 — image ghcr.io/adrianjagielak/flutter:3.44.0, architectures X86, ARM64

Notes

The new Flutter entry pins to ghcr.io/adrianjagielak/flutter, the community continuation of cirruslabs/docker-images-flutter which was deprecated in May 2026 when Cirrus Labs wound down its image-hosting after an acquisition (their last published image is 3.41.9). The upstream README positions adrianjagielak as drop-in compatible — same tag scheme, same architectures.

The existing Flutter entries (3.24 — 3.41) continue to reference the cirruslabs registry and are intentionally left untouched in this PR; a follow-up can migrate them in bulk if desired.

Pairs with the merged open-runtimes images:

@greptile-apps
Copy link
Copy Markdown

greptile-apps Bot commented May 24, 2026

Greptile Summary

Registers two new runtime versions — Dart 3.12.0 and Flutter 3.44.0 — by adding entries to Runtimes.php. The Dart addition follows the established pattern exactly; the Flutter addition is the first entry to use a third-party community image from an individual's GitHub Container Registry namespace instead of an organization-backed registry.

  • Dart 3.12: dart:3.12.0 with X86/ARM64/ARMV7/ARMV8 support, consistent with all existing Dart entries.
  • Flutter 3.44: ghcr.io/adrianjagielak/flutter:3.44.0 with X86/ARM64 support; uses a personal GHCR account rather than the cirruslabs org used by all prior Flutter entries, warranting a supply chain trust review before merge.

Confidence Score: 3/5

Safe to merge for the Dart addition; the Flutter 3.44 entry depends on a personal GHCR image with no organizational governance or digest pinning, which should be validated before the runtime is exposed to users.

The Dart 3.12 line is a straightforward, low-risk addition that mirrors existing entries exactly. The Flutter 3.44 line is the concern: it pulls from an individual's container registry namespace (adrianjagielak) under a mutable tag, with no provenance attestation visible in this PR. If that image were compromised or replaced, every Appwrite user building a Flutter 3.44 runtime could be affected.

src/Runtimes/Runtimes.php — specifically the Flutter 3.44 image reference on the newly added line.

Security Review
  • Untrusted image registry (Flutter 3.44): ghcr.io/adrianjagielak/flutter:3.44.0 is published under a personal GitHub account with no organizational governance. Unlike company-backed registries, individual accounts have no mandatory access controls, no signing enforcement, and no continuity guarantees. A compromised or deleted account would break the runtime or, worse, allow a malicious image to be pushed under the same mutable tag.
  • The mutable tag 3.44.0 (rather than a digest pin) means the image Appwrite pulls today may not be the same image pulled tomorrow if the tag is overwritten.

Important Files Changed

Filename Overview
src/Runtimes/Runtimes.php Adds Dart 3.12 (dart:3.12.0) and Flutter 3.44 (ghcr.io/adrianjagielak/flutter:3.44.0); the Flutter entry switches registries to a personal GHCR account, introducing supply chain concerns.

Reviews (1): Last reviewed commit: "Add Dart 3.12 and Flutter 3.44 runtimes" | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed May 24, 2026
View reviewed changes
Comment thread src/Runtimes/Runtimes.php
$flutter->addVersion('3.35', 'ghcr.io/cirruslabs/flutter:3.35.7', 'openruntimes/flutter:'.$this->version.'-3.35', [System::X86, System::ARM64]);
$flutter->addVersion('3.38', 'ghcr.io/cirruslabs/flutter:3.38.0', 'openruntimes/flutter:'.$this->version.'-3.38', [System::X86, System::ARM64]);
$flutter->addVersion('3.41', 'ghcr.io/cirruslabs/flutter:3.41.0', 'openruntimes/flutter:'.$this->version.'-3.41', [System::X86, System::ARM64]);
$flutter->addVersion('3.44', 'ghcr.io/adrianjagielak/flutter:3.44.0', 'openruntimes/flutter:'.$this->version.'-3.44', [System::X86, System::ARM64]);
Copy link
Copy Markdown

@greptile-apps greptile-apps Bot May 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 security Supply chain risk: community image from individual account

The Flutter 3.44 entry uses ghcr.io/adrianjagielak/flutter:3.44.0, which is published from a personal GitHub account rather than an organization. All other Flutter entries point to ghcr.io/cirruslabs/flutter, which was backed by a company. An image hosted under an individual's GHCR namespace can be deleted, overwritten with a backdoored image, or become unavailable if the account is compromised or suspended — with no organizational controls to prevent it. Before merging, it is worth confirming the authenticity and security posture of this image (e.g., verifying the build provenance or pinning to a digest rather than a mutable tag like 3.44.0).

@lohanidamodar lohanidamodar merged commit e9213df into main May 24, 2026
7 checks passed
@lohanidamodar lohanidamodar deleted the feat-add-dart-3.12-flutter-3.44 branch May 24, 2026 03:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@eldadfux eldadfux eldadfux approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lohanidamodar @eldadfux