Skip to content

Bump flutter_secure_storage from 10.0.0 to 10.3.0#57

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pub/flutter_secure_storage-10.3.0
Open

Bump flutter_secure_storage from 10.0.0 to 10.3.0#57
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pub/flutter_secure_storage-10.3.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 26, 2026

Copy link
Copy Markdown
Contributor

Bumps flutter_secure_storage from 10.0.0 to 10.3.0.

Release notes

Sourced from flutter_secure_storage's releases.

v10.3.0

Android

  • Added AndroidBiometricType enum and biometricType option to AndroidOptions to control which authentication methods are accepted during biometric prompts (requires KeyCipherAlgorithm.AES_GCM_NoPadding).
    • AndroidBiometricType.biometricOrDeviceCredential (default) accepts Class 3 biometrics or device credentials (PIN/pattern/password), preserving previous behaviour.
    • AndroidBiometricType.strongBiometricOnly restricts authentication to Class 3 (strong) biometrics only; device credentials are explicitly rejected.
  • Fully enforced on Android 11+ (API 30+) via setAllowedAuthenticators on BiometricPrompt and setUserAuthenticationParameters on the KeyStore key. On earlier API levels the system may still permit device credentials.
  • Added biometricPromptNegativeButton option to AndroidOptions to customise the dismiss button label on the biometric prompt. Required when using strongBiometricOnly or on Android 10 and lower.

iOS / macOS

  • Fixed secStoreAvailabilitySink not being called when protected data availability changes.
  • Fixed kSecUseDataProtectionKeychain being added to Keychain queries unconditionally; it is now only set when useDataProtectionKeychain is explicitly enabled.

Windows

  • Fixed deleteAll and containsKey not acquiring the mutex lock, which could cause data races under concurrent access. If you are on Dart >=3.10.0, this fix is applied automatically. Otherwise, pin flutter_secure_storage_windows: ^4.2.2 in your pubspec.yaml to opt in and make sure your constraint is set for minimum of Dart >=3.10.0.

Linux

  • Fixed deleteKeyring storing the string "null" instead of an empty JSON object {}.
  • Fixed non-UTF-8 error messages from libsecret causing a FormatException on the Dart side; messages are now sanitised before being sent through the method channel.
  • Fixed locked or unavailable keyring now surfacing as a catchable PlatformException with code KeyringLocked.
  • Fixed JSON parse errors and other C++ exceptions now surfacing as a PlatformException with code StorageError instead of sending malformed bytes through the channel.

v10.2.0

Android

  • Deprecated KeyCipherAlgorithm.RSA_ECB_PKCS1Padding. Existing data is automatically migrated to the default RSA_ECB_OAEPwithSHA_256andMGF1Padding when migrateOnAlgorithmChange is true.
  • Deprecated StorageCipherAlgorithm.AES_CBC_PKCS7Padding. Existing data is automatically migrated to the default AES_GCM_NoPadding when migrateOnAlgorithmChange is true.
  • Fixed Gradle space-assignment warnings in build.gradle.

iOS / macOS

  • Fixed iOS build by updating availability annotation for Secure Enclave methods from iOS 11.3 to iOS 13.0.

Windows

  • Fixed compatibility with win32 6.0.0 in flutter_secure_storage_windows 4.2.0. If you are on Dart >=3.10.0, this fix is applied automatically. Otherwise, pin flutter_secure_storage_windows: ^4.2.0 in your pubspec.yaml to opt in and make sure your constraint is set for minimum of Dart >=3.10.0.

v10.1.0

Android

  • Added storageNamespace option to AndroidOptions for full namespace isolation across storage instances (SharedPreferences, KeyStore aliases, config/key storage). Use this instead of sharedPreferencesName when running multiple FlutterSecureStorage instances with different cipher configurations.
  • Deprecated sharedPreferencesName in favor of storageNamespace, which provides complete isolation rather than data-only isolation.
  • Added migrateWithBackup option to AndroidOptions for crash-resistant migration. When enabled, backup copies of encrypted data are created before migration starts, allowing recovery if migration fails or the app crashes mid-migration. Works in conjunction with migrateOnAlgorithmChange.
  • Made KeyCipherAlgorithm and StorageCipherAlgorithm public enums.

Fixes:

  • Fixed crash on biometric failure (not error).
  • Fixed null safety issue in MethodRunner that could cause a crash on Android.
  • Fixed config being overwritten on initialization.
  • Fixed default Android key cipher not aligning with the Flutter default.

iOS / macOS

  • Added useSecureEnclave option to IOSOptions and MacOsOptions to store keys in the device's Secure Enclave for hardware-backed security.

... (truncated)

Commits
  • a86a1ef release of v10.3.0
  • 9d09d99 release of v0.3.2
  • 57f83b4 release of v3.0.1
  • 8a6e759 release of v4.2.2
  • 25ac868 Merge pull request #1146 from juliansteenbakker/doc/linux
  • 0061a48 fix: typo, add more details section,
  • ff3004b doc: re-add note about libsecret availability
  • d5ab2cb Merge pull request #1132 from juliansteenbakker/fix/linux-locked-keyring
  • 6959bfd Merge branch 'develop' into fix/linux-locked-keyring
  • 301194f Merge pull request #1143 from CORDEA/feature/android-biometric-type
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump flutter_secure_storage from 10.0.0 to 10.3.0
2cfc693 
Bumps [flutter_secure_storage](https://github.com/mogol/flutter_secure_storage) from 10.0.0 to 10.3.0.
- [Release notes](https://github.com/mogol/flutter_secure_storage/releases)
- [Commits](juliansteenbakker/flutter_secure_storage@v10.0.0...v10.3.0)

---
updated-dependencies:
- dependency-name: flutter_secure_storage
  dependency-version: 10.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github May 26, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, flutter. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot mentioned this pull request May 26, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants