Prevent upgrades to prerelease when constrained to stable versions

Author: chika3742

lib/src/solver/package_lister.dart

@@ -162,10 +162,16 @@ class PackageLister {
   /// Returns the best version of this package that matches [constraint]
   /// according to the solver's prioritization scheme, or `null` if no versions
   /// match.
+  /// If [allowPrereleases] is false, this will only consider non-prerelease
+  /// versions unless there are no non-prerelease versions that match
+  /// [constraint].
   ///
   /// Throws a [PackageNotFoundException] if this lister's package doesn't
   /// exist.
-  Future<PackageId?> bestVersion(VersionConstraint constraint) async {
+  Future<PackageId?> bestVersion(
+    VersionConstraint constraint, {
+    bool allowPrereleases = true,
+  }) async {
     final locked = _locked;
     if (locked != null && constraint.allows(locked.version)) return locked;
 
@@ -192,13 +198,14 @@ class PackageLister {
       if (isPastLimit(id.version)) break;
 
       if (!constraint.allows(id.version)) continue;
+      if (!allowPrereleases && id.version.isPreRelease) continue;
       if (!id.version.isPreRelease) {
         return id;
       }
       bestPrerelease ??= id;
     }
 
-    return bestPrerelease;
+    return allowPrereleases ? bestPrerelease : null;
   }
 
   /// Returns incompatibilities that encapsulate [id]'s dependencies, or that

lib/src/solver/version_solver.dart

@@ -68,6 +68,25 @@ class VersionSolver {
     for (final package in _root.transitiveWorkspace) package.name: package,
   };
 
+  /// Set of direct dependencies from root pubspec.yaml
+  late final Set<String> _rootDirectDependencies = _root.pubspec.dependencies
+      .keys.toSet();
+
+  /// Returns true if the root's direct dependency for [packageName] is stable
+  /// (not prerelease)
+  bool _isRootDirectDependencyStable(String packageName) {
+    final dep = _root.pubspec.dependencies[packageName];
+    if (dep == null) return false;
+    final constraint = dep.constraint;
+    if (constraint is Version) {
+      return !constraint.isPreRelease;
+    }
+    if (constraint is VersionRange && constraint.min != null) {
+      return !constraint.min!.isPreRelease;
+    }
+    return false;
+  }
+
   /// The lockfile, indicating which package versions were previously selected.
   final LockFile _lockFile;
 
@@ -398,7 +417,14 @@ class VersionSolver {
 
     PackageId? version;
     try {
-      version = await _packageLister(package).bestVersion(package.constraint);
+      // Prereleases are allowed only if not direct or not stable.
+      final isDirect = _rootDirectDependencies.contains(package.name);
+      final isStable = _isRootDirectDependencyStable(package.name);
+      final allowPrereleases = !(isDirect && isStable);
+      version = await _packageLister(package).bestVersion(
+        package.constraint,
+        allowPrereleases: allowPrereleases,
+      );
     } on PackageNotFoundException catch (error) {
       _addIncompatibility(
         Incompatibility([