Skip to content

Update dependency flutter_secure_storage to v10 (main)#225

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/main-flutter_secure_storage-10.x
Open

Update dependency flutter_secure_storage to v10 (main)#225
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/main-flutter_secure_storage-10.x

Conversation

@renovate

@renovate renovate Bot commented Jul 6, 2026

Copy link
Copy Markdown

This PR contains the following updates:

Package Type Update Change
flutter_secure_storage (source) dependencies major ^9.2.4^10.0.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

mogol/flutter_secure_storage (flutter_secure_storage)

v10.0.0

Compare Source

This major release brings significant security improvements, platform updates, and modernization across all supported platforms.

Android

Due to the deprecation of Jetpack Security library, the Android implementation has been largely rewritten with custom secure ciphers, enhanced biometrics support, and migration tools.

Breaking Changes:

  • AndroidOptions().encryptedSharedPreferences is now deprecated due to Jetpack Crypto package deprecation
    • Migration will automatically happen due to migrateOnAlgorithmChange: true, which can also be set to false if not wanted.
  • ResetOnError will now automatically be true, because most errors are unrecoverable due to key storage problems. It can still be disabled with resetOnError: false
  • Default key cipher changed to RSA_ECB_OAEPwithSHA_256andMGF1Padding
  • Default storage cipher changed to AES_GCM_NoPadding
  • Minimum Android SDK changed from 19 to 23
  • Target SDK updated to 36
  • Migrated from deprecated Jetpack Crypto library to custom cipher implementation (Tink doesn't support biometrics)
  • Migrated to Java Version 17

New Features:

  • New named constructors: AndroidOptions(), AndroidOptions.biometric()
  • AndroidOptions().migrateOnAlgorithmChange automatically migrates data to new ciphers when enabled
  • Improved biometric authentication with graceful degradation when device has no security setup
  • Migration tools for transitioning from deprecated encryptedSharedPreferences
  • Enhanced error handling with proper exception messages for biometric unavailability

Fixes:

  • Fixed biometric authentication on devices without security (PIN/pattern/password) - now gracefully degrades when enforceBiometrics=false
  • Fixed storage cipher and key cipher pairing validation
  • Fixed migration checks for encrypted shared preferences
  • Fixed biometric permission handling
  • Fixed exception when reading data after boot

Other Changes:

  • Updated Gradle, Kotlin, and Tink dependencies
  • Refactored custom cipher implementations for better maintainability
  • Added delete key functions for proper reset handling
  • Migrated to new analyzer and code cleanup
iOS / macOS (darwin)
  • Merged iOS and macOS implementations into unified flutter_secure_storage_darwin package
  • Added support for Swift Package Manager
  • Remove keys regardless of synchronizable state or accessibility constraints
  • Change minimum iOS version from 9 to 12
  • Change minimum macOS version to 10.14
  • Use serial queue for execution of keychain operations
  • Added privacy manifest
  • Refactored code and added missing options to IOSOptions and MacOSOptions
  • Fixed warnings with Privacy Manifest
  • Fixed delete and deleteAll when synchronizable is set
  • Fixed migration when value is saved while key already exists with different accessibility option
  • Use accessibility option for all operations
  • Migrated to new analyzer and code cleanup
Web
  • Web is now compatible with WASM
  • Updated code style and migrated to very_good_analysis
  • Add check for secure context (operations only allowed with secure context)
  • Remove dart:io to support WASM build
  • Migrated away from html to web package
  • Removed js in favor of using js-interop
  • Added useSessionStorage parameter to WebOptions for saving in session storage instead of local storage
  • Updated web dependency support to <2.0.0
  • Migrated to new analyzer and code cleanup
Windows
  • Upgrades deprecated member usage of win32
  • Migrated to win32 version 5.5.4 to support Dart 3.4 / Flutter 3.22.0
  • Migrated to new analyzer and code cleanup
  • Write encrypted data to files instead of the Windows credential system
Linux
  • Fixed whitespace deprecation warning
  • Reverted json.dump with indentations due to problems
  • Fixed search with schemas fails in cold keyrings
  • Fixed erase called on null
  • Fixed memory management issue
  • Remove and replace libjsoncpp1 dependency
  • Migrated to new analyzer and code cleanup
Platform Interface
  • Remove dart:io to support WASM build of web
  • Migrated to new analyzer and code cleanup
General Improvements
  • Listener functionality via FlutterSecureStorage().registerListener()
  • All platforms updated to support Dart SDK <4.0.0
  • Comprehensive test coverage improvements
  • Documentation updates across all platforms

Configuration

📅 Schedule: (in timezone Europe/Warsaw)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
@renovate

renovate Bot commented Jul 6, 2026

Copy link
Copy Markdown
Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: client/pubspec.lock
Command failed: flutter pub upgrade flutter_secure_storage
Note: matcher is pinned to version 0.12.19 by flutter_test from the flutter SDK.
See https://dart.dev/go/sdk-version-pinning for details.

Note: test_api is pinned to version 0.7.11 by flutter_test from the flutter SDK.
See https://dart.dev/go/sdk-version-pinning for details.

The current Dart SDK version is 3.12.2.

    Because test >=1.16.0-nullsafety.8 <1.16.5 depends on io ^0.3.0 and build_verify >=3.0.0 depends on io ^1.0.0, test >=1.16.0-nullsafety.8 <1.16.5 is incompatible with build_verify >=3.0.0.
    And because build_verify >=2.0.0 <3.1.1 depends on test ^1.0.0 and no versions of build_verify match >3.1.1 <4.0.0, build_verify >=3.0.0 <3.1.1-∞ or >3.1.1 <4.0.0 requires test >=1.0.0 <1.16.0-nullsafety.8 or >=1.16.5 <2.0.0.
(1) So, because build_verify 3.1.1 depends on test ^1.16.6 and test >=0.12.0-beta.3 <1.16.0-nullsafety.8 doesn't support null safety, build_verify ^3.0.0 requires test ^1.16.5.

    Because test >=1.31.0 <1.31.1 depends on analyzer >=8.0.0 <13.0.0 and test >=1.21.6 <1.24.4 depends on analyzer >=2.0.0 <6.0.0, test >=1.21.6 <1.24.4-∞ or >=1.31.0 <1.31.1-∞ requires analyzer >=2.0.0 <6.0.0 or >=8.0.0 <13.0.0.
    And because test >=1.21.0 <1.21.6 depends on analyzer >=2.0.0 <5.0.0, test >=1.21.0 <1.24.4-∞ or >=1.31.0 <1.31.1-∞ requires analyzer >=2.0.0 <6.0.0 or >=8.0.0 <13.0.0.
    And because test >=1.28.0 <1.30.0 depends on matcher >=0.12.16 <0.12.19 and test >=1.25.13 <1.28.0 depends on matcher >=0.12.16 <0.12.18, test >=1.21.0 <1.24.4-∞ or >=1.25.13 <1.30.0-∞ or >=1.31.0 <1.31.1-∞ requires analyzer >=2.0.0 <6.0.0 or >=8.0.0 <13.0.0 or matcher >=0.12.16 <0.12.19.
    And because test >=1.24.3 <1.25.13 depends on matcher >=0.12.16 <0.12.17 and test >=1.31.2 depends on test_api 0.7.13, test >=1.21.0 <1.30.0-∞ or >=1.31.0 <1.31.1-∞ or >=1.31.2 requires analyzer >=2.0.0 <6.0.0 or >=8.0.0 <13.0.0 or matcher >=0.12.16 <0.12.19 or test_api 0.7.13.
(2) So, because test >=1.31.1 <1.31.2 depends on test_api 0.7.12 and test >=1.30.0 <1.31.0 depends on test_api 0.7.10, test >=1.21.0 requires analyzer >=2.0.0 <6.0.0 or >=8.0.0 <13.0.0 or matcher >=0.12.16 <0.12.19 or test_api 0.7.10 or 0.7.12 or 0.7.13.

    Because test >=1.16.6 <1.17.10 depends on analyzer ^1.0.0 and test >=1.17.10 <1.20.0 depends on analyzer >=1.0.0 <3.0.0, test >=1.16.6 <1.20.0 requires analyzer >=1.0.0 <3.0.0.
    And because test >=1.20.0 <1.21.2 depends on test_api 0.4.9, test >=1.16.6 <1.21.2 requires analyzer >=1.0.0 <3.0.0 or test_api 0.4.9.
    And because test >=1.21.0 requires analyzer >=2.0.0 <6.0.0 or >=8.0.0 <13.0.0 or matcher >=0.12.16 <0.12.19 or test_api 0.7.10 or 0.7.12 or 0.7.13 (2), test >=1.16.6 requires analyzer >=1.0.0 <6.0.0 or >=8.0.0 <13.0.0 or matcher >=0.12.16 <0.12.19 or test_api 0.4.9 or 0.7.10 or 0.7.12 or 0.7.13.
    And because every version of flutter_test from sdk depends on matcher 0.12.19, if test >=1.16.6 and flutter_test from sdk then analyzer >=1.0.0 <6.0.0 or >=8.0.0 <13.0.0 or test_api 0.4.9 or 0.7.10 or 0.7.12 or 0.7.13.
    And because build_verify ^3.0.0 requires test ^1.16.5 (1), if build_verify ^3.0.0 and flutter_test from sdk then analyzer >=1.0.0 <6.0.0 or >=8.0.0 <13.0.0 or test_api 0.4.9 or 0.7.10 or 0.7.12 or 0.7.13 or test >=1.16.5 <1.16.6.
    And because test >=1.16.1 <1.16.6 depends on analyzer >=0.39.5 <2.0.0, if build_verify ^3.0.0 and flutter_test from sdk then analyzer >=0.39.5 <6.0.0 or >=8.0.0 <13.0.0 or test_api 0.4.9 or 0.7.10 or 0.7.12 or 0.7.13.
    And because riverpod_lint 2.6.5 depends on analyzer ^7.0.0 and no versions of riverpod_lint match >2.6.5 <3.0.0, if build_verify ^3.0.0 and flutter_test from sdk and riverpod_lint ^2.6.5 then test_api 0.4.9 or 0.7.10 or 0.7.12 or 0.7.13.
    And because mobile depends on flutter_test from sdk which depends on test_api 0.7.11, build_verify ^3.0.0 is incompatible with riverpod_lint ^2.6.5.
    So, because mobile depends on both build_verify ^3.1.0 and riverpod_lint ^2.6.5, version solving failed.

The lower bound of "sdk: '>=1.8.0 <3.0.0'" must be 2.12.0 or higher to enable null safety.
For details, see https://dart.dev/null-safety


You can try the following suggestion to make the pubspec resolve:
* Try an upgrade of your constraints: flutter pub upgrade --major-versions
Failed to update packages.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants