Update dependencies and enable dependency verification in Gradle

Here's another attempt to enable Gradle dependency verification. I've
tried to do this a couple of times before, but always ran into issues.
With a helper script borrowed from a different project, hopefully this
will finally work reliably.

Every time we update Gradle or a dependency, the script I mentioned
needs to be run to update the list of checksums. The script runs the
build, the tests and the instrumented tests. This is necessary
because apparently Gradle is not able to discover all dependencies
without actually running the build tasks.

It's a little bit annoying that this Gradle feature is so half-baked
that we need a helper script to make things work, but I think it's worth
it.

Author: alexbakker

app/build.gradle

@@ -133,10 +133,10 @@ aboutLibraries {
 }
 
 dependencies {
-    def cameraxVersion = '1.3.1'
+    def cameraxVersion = '1.3.2'
     def glideVersion = '4.16.0'
-    def guavaVersion = '33.0.0'
-    def hiltVersion = '2.50'
+    def guavaVersion = '33.1.0'
+    def hiltVersion = '2.51'
     def junitVersion = '4.13.2'
     def libsuVersion = '5.2.2'
 
@@ -154,7 +154,7 @@ dependencies {
     implementation "androidx.core:core:1.12.0"
     implementation 'androidx.constraintlayout:constraintlayout:2.1.4'
     implementation 'androidx.documentfile:documentfile:1.0.1'
-    implementation "androidx.lifecycle:lifecycle-process:2.6.2"
+    implementation "androidx.lifecycle:lifecycle-process:2.7.0"
     implementation "androidx.preference:preference:1.2.1"
     implementation 'androidx.recyclerview:recyclerview:1.3.2'
     implementation "androidx.viewpager2:viewpager2:1.0.0"
@@ -171,18 +171,18 @@ dependencies {
     implementation "com.github.topjohnwu.libsu:io:${libsuVersion}"
     implementation "com.google.guava:guava:${guavaVersion}-android"
     implementation 'com.google.android.material:material:1.11.0'
-    implementation 'com.google.protobuf:protobuf-javalite:3.25.1'
-    implementation 'com.google.zxing:core:3.5.2'
+    implementation 'com.google.protobuf:protobuf-javalite:4.26.0'
+    implementation 'com.google.zxing:core:3.5.3'
     implementation("com.mikepenz:aboutlibraries:11.1.0") {
         exclude group: 'com.mikepenz', module: 'aboutlibraries-core'
     }
-    implementation "com.mikepenz:aboutlibraries-core-android:11.1.0"
+    implementation 'com.mikepenz:aboutlibraries-core-android:11.1.1'
     implementation 'com.nulab-inc:zxcvbn:1.8.2'
     implementation 'de.hdodenhof:circleimageview:3.1.0'
     implementation 'net.lingala.zip4j:zip4j:2.11.5'
     implementation 'info.guardianproject.trustedintents:trustedintents:0.2'
     implementation 'org.bouncycastle:bcprov-jdk18on:1.77'
-    implementation "org.simpleflatmapper:sfm-csv:8.2.3"
+    implementation 'org.simpleflatmapper:sfm-csv:9.0.0'
 
     androidTestAnnotationProcessor "com.google.dagger:hilt-android-compiler:$hiltVersion"
     androidTestImplementation "com.google.dagger:hilt-android-testing:$hiltVersion"
@@ -199,7 +199,7 @@ dependencies {
     testImplementation 'androidx.test:core:1.5.0'
     testImplementation "com.google.guava:guava:${guavaVersion}-jre"
     testImplementation "junit:junit:${junitVersion}"
-    testImplementation 'org.json:json:20231013'
+    testImplementation 'org.json:json:20240303'
     testImplementation 'org.robolectric:robolectric:4.11.1'
 
     coreLibraryDesugaring 'com.android.tools:desugar_jdk_libs:2.0.4'

build.gradle

@@ -6,8 +6,8 @@ buildscript {
         google()
     }
     dependencies {
-        classpath 'com.android.tools.build:gradle:8.2.0'
-        classpath 'com.google.dagger:hilt-android-gradle-plugin:2.50'
+        classpath 'com.android.tools.build:gradle:8.3.1'
+        classpath 'com.google.dagger:hilt-android-gradle-plugin:2.51'
         classpath 'com.google.protobuf:protobuf-gradle-plugin:0.9.4'
 
         // NOTE: Do not place your application dependencies here; they belong
@@ -21,8 +21,8 @@ plugins {
 
 allprojects {
     repositories {
-        mavenCentral()
         google()
+        mavenCentral()
         maven { url 'https://jitpack.io' }
         maven {
             url 'https://jcenter.bintray.com'

gradle/update_verification.py

@@ -0,0 +1,126 @@
+#!/usr/bin/env python3
+
+# Based on: https://github.com/chenxiaolong/BCR/blob/6f1f30cf89f7d564870fe61791a490649cfb0ea0/gradle/update_verification.py
+# License: GPL-3.0
+
+import hashlib
+import io
+import os
+import subprocess
+import sys
+import tempfile
+import urllib.request
+import xml.etree.ElementTree as ET
+
+
+GOOGLE_MAVEN_REPO = 'https://dl.google.com/android/maven2'
+
+
+def add_source_exclusions(ns, root):
+    configuration = root.find(f'{{{ns}}}configuration')
+    trusted_artifacts = ET.SubElement(
+        configuration, f'{{{ns}}}trusted-artifacts')
+
+    for regex in [
+        r'.*-javadoc[.]jar',
+        r'.*-sources[.]jar',
+        r'.*-src[.]zip',
+    ]:
+        ET.SubElement(trusted_artifacts, f'{{{ns}}}trust', attrib={
+            'file': regex,
+            'regex': 'true',
+        })
+
+
+def add_missing_aapt2_platforms(ns, root):
+    components = root.find(f'{{{ns}}}components')
+    aapt2 = components.find(f'{{{ns}}}component[@name="aapt2"]')
+
+    for platform in ['linux', 'osx', 'windows']:
+        group = aapt2.attrib['group']
+        name = aapt2.attrib['name']
+        version = aapt2.attrib['version']
+        filename = f'{name}-{version}-{platform}.jar'
+
+        if aapt2.find(f'{{{ns}}}artifact[@name="{filename}"]') is not None:
+            continue
+
+        path = f'{group.replace(".", "/")}/{name}/{version}/{filename}'
+        url = f'{GOOGLE_MAVEN_REPO}/{path}'
+
+        with urllib.request.urlopen(url) as r:
+            if r.status != 200:
+                raise Exception(f'{url} returned HTTP {r.status}')
+
+            digest = hashlib.file_digest(r, 'sha512')
+
+        artifact = ET.SubElement(aapt2, f'{{{ns}}}artifact',
+                                 attrib={'name': filename})
+
+        ET.SubElement(artifact, f'{{{ns}}}sha512', attrib={
+            'value': digest.hexdigest(),
+            'origin': 'Generated by Gradle',
+        })
+
+    aapt2[:] = sorted(aapt2, key=lambda child: child.attrib['name'])
+
+
+def patch_xml(path):
+    tree = ET.parse(path)
+    root = tree.getroot()
+
+    ns = 'https://schema.gradle.org/dependency-verification'
+    ET.register_namespace('', ns)
+
+    # Add exclusions to allow Android Studio to download sources.
+    add_source_exclusions(ns, root)
+
+    # Gradle only adds the aapt2 entry for the host OS. We have to manually add
+    # the checksums for the other major desktop OSs.
+    add_missing_aapt2_platforms(ns, root)
+
+    # Match gradle's formatting exactly.
+    ET.indent(tree, '   ')
+    root.tail = '\n'
+
+    with io.BytesIO() as f:
+        # etree's xml_declaration=True uses single quotes in the header.
+        f.write(b'<?xml version="1.0" encoding="UTF-8"?>\n')
+        tree.write(f)
+        serialized = f.getvalue().replace(b' />', b'/>')
+
+    with open(path, 'wb') as f:
+        f.write(serialized)
+
+
+def main():
+    root_dir = os.path.join(sys.path[0], '..')
+    xml_file = os.path.join(sys.path[0], 'verification-metadata.xml')
+
+    try:
+        os.remove(xml_file)
+    except FileNotFoundError:
+        pass
+
+    # Gradle will sometimes fail to add verification entries for artifacts that
+    # are already cached.
+    with tempfile.TemporaryDirectory() as temp_dir:
+        env = os.environ | {'GRADLE_USER_HOME': temp_dir}
+
+        subprocess.check_call(
+            [
+                './gradlew' + ('.bat' if os.name == 'nt' else ''),
+                '--write-verification-metadata', 'sha512',
+                '--no-daemon',
+                'build',
+                'connectedCheck'
+            ],
+            env=env,
+            cwd=root_dir,
+        )
+
+    patch_xml(xml_file)
+
+
+if __name__ == '__main__':
+    main()