Skip to content

Commit 92632af

Browse files
mrobermrober
authoredMar 4, 2025
Update datastore dependency to 1.1.3 (#6688)
Update datastore dependency to `1.1.3` to address [CVE-2024-7254](GHSA-735f-pc8j-v9w8) in AQS. We had landed #6343, but it missed the datastore dependency because version 1.0.0 "shaded" the vulnerable protobuf dependency, see #6534. I verified this was happening by extracting the jar from https://maven.google.com/web/index.html?q=datastore-pre#androidx.datastore:datastore-preferences-core:1.0.0 and seeing `<groupId>com.google.protobuf</groupId><artifactId>protobuf-parent</artifactId><version>3.10.0</version>` nested in a maven dir. I also verified datastore 1.1.3 has upgraded the protobuf version to 4.28.2, a safe version. See https://cs.android.com/androidx/platform/frameworks/support/+/androidx-datastore-release:gradle/libs.versions.toml;l=59. This datastore update also includes the stable `MultiProcessDataStoreFactory` which we can utilize in a future change to optimize things like the settings fetch for multi-process apps.
1 parent 79deb5f commit 92632af

File tree

4 files changed

+9
-1
lines changed

4 files changed

+9
-1
lines changed
 

‎firebase-sessions/CHANGELOG.md

+4
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,9 @@
11
# Unreleased
22

3+
* [changed] Updated datastore dependency to `1.1.3` to
4+
fix [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8).
5+
6+
# 2.0.9
37
* [fixed] Make AQS resilient to background init in multi-process apps.
48

59
# 2.0.7

‎firebase-sessions/firebase-sessions.gradle.kts

+1-1
Original file line numberDiff line numberDiff line change
@@ -67,12 +67,12 @@ dependencies {
6767
exclude(group = "com.google.firebase", module = "firebase-common")
6868
exclude(group = "com.google.firebase", module = "firebase-components")
6969
}
70-
implementation("androidx.datastore:datastore-preferences:1.0.0")
7170
implementation("com.google.android.datatransport:transport-api:3.2.0")
7271
api("com.google.firebase:firebase-annotations:16.2.0")
7372
api("com.google.firebase:firebase-encoders:17.0.0")
7473
api("com.google.firebase:firebase-encoders-json:18.0.1")
7574
implementation(libs.androidx.annotation)
75+
implementation(libs.androidx.datastore.preferences)
7676
compileOnly(libs.errorprone.annotations)
7777

7878
runtimeOnly("com.google.firebase:firebase-installations:18.0.0") {

‎gradle/libs.versions.toml

+2
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ constraintlayout = "2.1.4"
1818
coreKtx = "1.12.0"
1919
coroutines = "1.7.3"
2020
dagger = "2.43.2"
21+
datastore = "1.1.3"
2122
dexmaker = "2.28.1"
2223
dexmakerVersion = "1.2"
2324
espressoCore = "3.6.1"
@@ -91,6 +92,7 @@ androidx-cardview = { module = "androidx.cardview:cardview", version.ref = "card
9192
androidx-constraintlayout = { module = "androidx.constraintlayout:constraintlayout", version.ref = "constraintlayout" }
9293
androidx-core = { module = "androidx.core:core", version = "1.2.0" }
9394
androidx-core-ktx = { module = "androidx.core:core-ktx", version.ref = "coreKtx" }
95+
androidx-datastore-preferences = { module = "androidx.datastore:datastore-preferences", version.ref = "datastore" }
9496
androidx-espresso-core = { module = "androidx.test.espresso:espresso-core", version.ref = "espressoCore" }
9597
androidx-espresso-idling-resource = { module = "androidx.test.espresso:espresso-idling-resource", version.ref = "espressoCore" }
9698
androidx-espresso-intents = { module = "androidx.test.espresso:espresso-intents", version.ref = "espressoCore" }

‎smoke-tests/build.gradle

+2
Original file line numberDiff line numberDiff line change
@@ -24,12 +24,14 @@ buildscript {
2424

2525
dependencies {
2626
classpath "com.android.tools.build:gradle:8.3.2"
27+
classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:1.9.0"
2728
classpath "com.google.gms:google-services:4.3.14"
2829
classpath "com.google.firebase:firebase-crashlytics-gradle:2.8.1"
2930
}
3031
}
3132

3233
apply plugin: "com.android.application"
34+
apply plugin: "org.jetbrains.kotlin.android"
3335

3436
android {
3537
compileSdkVersion 34

0 commit comments

Comments
 (0)
Failed to load comments.