Skip to content

chore(deps): bump flutter_secure_storage from 8.1.0 to 10.3.1#957

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pub/flutter_secure_storage-10.3.1
Open

chore(deps): bump flutter_secure_storage from 8.1.0 to 10.3.1#957
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pub/flutter_secure_storage-10.3.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 1, 2026

Bumps flutter_secure_storage from 8.1.0 to 10.3.1.

Release notes

Sourced from flutter_secure_storage's releases.

v10.3.1

Android

  • Fixed AEADBadTagException when biometric authentication is cancelled on first launch: a stale IV is now cleared and the cipher re-initialised in encrypt mode so the next authentication attempt succeeds.
  • Fixed NullPointerException when retrying an operation after a cancelled biometric prompt: preferences is now only assigned once cipher initialisation completes successfully, allowing a clean retry.

v10.3.0

Android

  • Added AndroidBiometricType enum and biometricType option to AndroidOptions to control which authentication methods are accepted during biometric prompts (requires KeyCipherAlgorithm.AES_GCM_NoPadding).
    • AndroidBiometricType.biometricOrDeviceCredential (default) accepts Class 3 biometrics or device credentials (PIN/pattern/password), preserving previous behaviour.
    • AndroidBiometricType.strongBiometricOnly restricts authentication to Class 3 (strong) biometrics only; device credentials are explicitly rejected.
  • Fully enforced on Android 11+ (API 30+) via setAllowedAuthenticators on BiometricPrompt and setUserAuthenticationParameters on the KeyStore key. On earlier API levels the system may still permit device credentials.
  • Added biometricPromptNegativeButton option to AndroidOptions to customise the dismiss button label on the biometric prompt. Required when using strongBiometricOnly or on Android 10 and lower.

iOS / macOS

  • Fixed secStoreAvailabilitySink not being called when protected data availability changes.
  • Fixed kSecUseDataProtectionKeychain being added to Keychain queries unconditionally; it is now only set when useDataProtectionKeychain is explicitly enabled.

Windows

  • Fixed deleteAll and containsKey not acquiring the mutex lock, which could cause data races under concurrent access. If you are on Dart >=3.10.0, this fix is applied automatically. Otherwise, pin flutter_secure_storage_windows: ^4.2.2 in your pubspec.yaml to opt in and make sure your constraint is set for minimum of Dart >=3.10.0.

Linux

  • Fixed deleteKeyring storing the string "null" instead of an empty JSON object {}.
  • Fixed non-UTF-8 error messages from libsecret causing a FormatException on the Dart side; messages are now sanitised before being sent through the method channel.
  • Fixed locked or unavailable keyring now surfacing as a catchable PlatformException with code KeyringLocked.
  • Fixed JSON parse errors and other C++ exceptions now surfacing as a PlatformException with code StorageError instead of sending malformed bytes through the channel.

v10.2.0

Android

  • Deprecated KeyCipherAlgorithm.RSA_ECB_PKCS1Padding. Existing data is automatically migrated to the default RSA_ECB_OAEPwithSHA_256andMGF1Padding when migrateOnAlgorithmChange is true.
  • Deprecated StorageCipherAlgorithm.AES_CBC_PKCS7Padding. Existing data is automatically migrated to the default AES_GCM_NoPadding when migrateOnAlgorithmChange is true.
  • Fixed Gradle space-assignment warnings in build.gradle.

iOS / macOS

  • Fixed iOS build by updating availability annotation for Secure Enclave methods from iOS 11.3 to iOS 13.0.

Windows

  • Fixed compatibility with win32 6.0.0 in flutter_secure_storage_windows 4.2.0. If you are on Dart >=3.10.0, this fix is applied automatically. Otherwise, pin flutter_secure_storage_windows: ^4.2.0 in your pubspec.yaml to opt in and make sure your constraint is set for minimum of Dart >=3.10.0.

v10.1.0

Android

  • Added storageNamespace option to AndroidOptions for full namespace isolation across storage instances (SharedPreferences, KeyStore aliases, config/key storage). Use this instead of sharedPreferencesName when running multiple FlutterSecureStorage instances with different cipher configurations.
  • Deprecated sharedPreferencesName in favor of storageNamespace, which provides complete isolation rather than data-only isolation.
  • Added migrateWithBackup option to AndroidOptions for crash-resistant migration. When enabled, backup copies of encrypted data are created before migration starts, allowing recovery if migration fails or the app crashes mid-migration. Works in conjunction with migrateOnAlgorithmChange.
  • Made KeyCipherAlgorithm and StorageCipherAlgorithm public enums.

Fixes:

  • Fixed crash on biometric failure (not error).
  • Fixed null safety issue in MethodRunner that could cause a crash on Android.

... (truncated)

Commits
  • 3fc4c53 fix: revert updated darwin package for backwards compatibility
  • 6b9e8f4 fix: added changelog entries
  • 0b9ed95 Merge pull request #1148 from CORDEA/fix/defer-preferences-until-cipher-initi...
  • c557a53 Merge pull request #1147 from CORDEA/fix/reset-stale-cipher-iv-on-biometric-f...
  • be0674a Use a single SharedPreferences.Editor when resetting stale IV
  • 5817b55 Reset stale cipher IV when biometric auth fails before completion
  • 635013b Defer setting preferences until storageCipher is initialized
  • 35da5ae fix: badge
  • a86a1ef release of v10.3.0
  • 9d09d99 release of v0.3.2
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump flutter_secure_storage from 8.1.0 to 10.3.1
9e22856 
Bumps [flutter_secure_storage](https://github.com/mogol/flutter_secure_storage) from 8.1.0 to 10.3.1.
- [Release notes](https://github.com/mogol/flutter_secure_storage/releases)
- [Commits](juliansteenbakker/flutter_secure_storage@v8.1.0...v10.3.1)

---
updated-dependencies:
- dependency-name: flutter_secure_storage
  dependency-version: 10.3.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dart Pull requests that update Dart code dependencies Pull requests that update a dependency file labels Jun 1, 2026
@dependabot dependabot Bot mentioned this pull request Jun 1, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dart Pull requests that update Dart code dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants