From 8a911d153101647e392a4cb5f2b9205027e23627 Mon Sep 17 00:00:00 2001 From: Matthew Robertson Date: Mon, 10 Feb 2025 07:31:48 -0500 Subject: [PATCH 1/4] Updated datastore dependency to 1.1.2 --- firebase-sessions/CHANGELOG.md | 2 ++ firebase-sessions/firebase-sessions.gradle.kts | 2 +- gradle/libs.versions.toml | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/firebase-sessions/CHANGELOG.md b/firebase-sessions/CHANGELOG.md index 7147a6bf504..a8358ecf26e 100644 --- a/firebase-sessions/CHANGELOG.md +++ b/firebase-sessions/CHANGELOG.md @@ -1,5 +1,7 @@ # Unreleased +* [changed] Updated datastore dependency to `1.1.2` to + fix [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). # 2.0.7 * [fixed] Removed extraneous logs that risk leaking internal identifiers. diff --git a/firebase-sessions/firebase-sessions.gradle.kts b/firebase-sessions/firebase-sessions.gradle.kts index 15d22381e31..45a5f744f03 100644 --- a/firebase-sessions/firebase-sessions.gradle.kts +++ b/firebase-sessions/firebase-sessions.gradle.kts @@ -67,12 +67,12 @@ dependencies { exclude(group = "com.google.firebase", module = "firebase-common") exclude(group = "com.google.firebase", module = "firebase-components") } - implementation("androidx.datastore:datastore-preferences:1.0.0") implementation("com.google.android.datatransport:transport-api:3.2.0") api("com.google.firebase:firebase-annotations:16.2.0") api("com.google.firebase:firebase-encoders:17.0.0") api("com.google.firebase:firebase-encoders-json:18.0.1") implementation(libs.androidx.annotation) + implementation(libs.androidx.datastore.preferences.android) compileOnly(libs.errorprone.annotations) runtimeOnly("com.google.firebase:firebase-installations:18.0.0") { diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 21442a483d3..2cfddcbdb1b 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -18,6 +18,7 @@ constraintlayout = "2.1.4" coreKtx = "1.12.0" coroutines = "1.7.3" dagger = "2.43.2" +datastorePreferencesAndroid = "1.1.2" dexmaker = "2.28.1" dexmakerVersion = "1.2" espressoCore = "3.6.1" @@ -91,6 +92,7 @@ androidx-cardview = { module = "androidx.cardview:cardview", version.ref = "card androidx-constraintlayout = { module = "androidx.constraintlayout:constraintlayout", version.ref = "constraintlayout" } androidx-core = { module = "androidx.core:core", version = "1.2.0" } androidx-core-ktx = { module = "androidx.core:core-ktx", version.ref = "coreKtx" } +androidx-datastore-preferences-android = { module = "androidx.datastore:datastore-preferences-android", version.ref = "datastorePreferencesAndroid" } androidx-espresso-core = { module = "androidx.test.espresso:espresso-core", version.ref = "espressoCore" } androidx-espresso-idling-resource = { module = "androidx.test.espresso:espresso-idling-resource", version.ref = "espressoCore" } androidx-espresso-intents = { module = "androidx.test.espresso:espresso-intents", version.ref = "espressoCore" } From 74a1c6591678eeb4ea5effb78677032f87e54967 Mon Sep 17 00:00:00 2001 From: Matthew Robertson Date: Tue, 11 Feb 2025 14:07:20 -0500 Subject: [PATCH 2/4] Fix datastore dep by removing -android from the name --- firebase-sessions/firebase-sessions.gradle.kts | 2 +- gradle/libs.versions.toml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/firebase-sessions/firebase-sessions.gradle.kts b/firebase-sessions/firebase-sessions.gradle.kts index 45a5f744f03..0a09740bd77 100644 --- a/firebase-sessions/firebase-sessions.gradle.kts +++ b/firebase-sessions/firebase-sessions.gradle.kts @@ -72,7 +72,7 @@ dependencies { api("com.google.firebase:firebase-encoders:17.0.0") api("com.google.firebase:firebase-encoders-json:18.0.1") implementation(libs.androidx.annotation) - implementation(libs.androidx.datastore.preferences.android) + implementation(libs.androidx.datastore.preferences) compileOnly(libs.errorprone.annotations) runtimeOnly("com.google.firebase:firebase-installations:18.0.0") { diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 2cfddcbdb1b..61916fba815 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -18,7 +18,7 @@ constraintlayout = "2.1.4" coreKtx = "1.12.0" coroutines = "1.7.3" dagger = "2.43.2" -datastorePreferencesAndroid = "1.1.2" +datastorePreferences = "1.1.2" dexmaker = "2.28.1" dexmakerVersion = "1.2" espressoCore = "3.6.1" @@ -92,7 +92,7 @@ androidx-cardview = { module = "androidx.cardview:cardview", version.ref = "card androidx-constraintlayout = { module = "androidx.constraintlayout:constraintlayout", version.ref = "constraintlayout" } androidx-core = { module = "androidx.core:core", version = "1.2.0" } androidx-core-ktx = { module = "androidx.core:core-ktx", version.ref = "coreKtx" } -androidx-datastore-preferences-android = { module = "androidx.datastore:datastore-preferences-android", version.ref = "datastorePreferencesAndroid" } +androidx-datastore-preferences = { module = "androidx.datastore:datastore-preferences", version.ref = "datastorePreferences" } androidx-espresso-core = { module = "androidx.test.espresso:espresso-core", version.ref = "espressoCore" } androidx-espresso-idling-resource = { module = "androidx.test.espresso:espresso-idling-resource", version.ref = "espressoCore" } androidx-espresso-intents = { module = "androidx.test.espresso:espresso-intents", version.ref = "espressoCore" } From 599205564a4a141b3a551d615d89f30f07195ba2 Mon Sep 17 00:00:00 2001 From: Matthew Robertson Date: Tue, 18 Feb 2025 14:53:43 -0500 Subject: [PATCH 3/4] Workaround for b/328687152 --- firebase-sessions/firebase-sessions.gradle.kts | 12 +++++++++++- gradle/libs.versions.toml | 2 -- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/firebase-sessions/firebase-sessions.gradle.kts b/firebase-sessions/firebase-sessions.gradle.kts index 0a09740bd77..50eac325dfe 100644 --- a/firebase-sessions/firebase-sessions.gradle.kts +++ b/firebase-sessions/firebase-sessions.gradle.kts @@ -72,9 +72,19 @@ dependencies { api("com.google.firebase:firebase-encoders:17.0.0") api("com.google.firebase:firebase-encoders-json:18.0.1") implementation(libs.androidx.annotation) - implementation(libs.androidx.datastore.preferences) compileOnly(libs.errorprone.annotations) + // Workaround for b/328687152, AndroidX desktop artifacts packaged in Android APK + val datastoreVersion = "1.1.2" + implementation("androidx.datastore:datastore-preferences-android:$datastoreVersion") { + exclude(group = "androidx.datastore", module = "datastore") + exclude(group = "androidx.datastore", module = "datastore-core") + } + implementation("androidx.datastore:datastore-android:$datastoreVersion") { + exclude(group = "androidx.datastore", module = "datastore-core") + } + implementation("androidx.datastore:datastore-core-android:$datastoreVersion") + runtimeOnly("com.google.firebase:firebase-installations:18.0.0") { exclude(group = "com.google.firebase", module = "firebase-common") exclude(group = "com.google.firebase", module = "firebase-components") diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 61916fba815..21442a483d3 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -18,7 +18,6 @@ constraintlayout = "2.1.4" coreKtx = "1.12.0" coroutines = "1.7.3" dagger = "2.43.2" -datastorePreferences = "1.1.2" dexmaker = "2.28.1" dexmakerVersion = "1.2" espressoCore = "3.6.1" @@ -92,7 +91,6 @@ androidx-cardview = { module = "androidx.cardview:cardview", version.ref = "card androidx-constraintlayout = { module = "androidx.constraintlayout:constraintlayout", version.ref = "constraintlayout" } androidx-core = { module = "androidx.core:core", version = "1.2.0" } androidx-core-ktx = { module = "androidx.core:core-ktx", version.ref = "coreKtx" } -androidx-datastore-preferences = { module = "androidx.datastore:datastore-preferences", version.ref = "datastorePreferences" } androidx-espresso-core = { module = "androidx.test.espresso:espresso-core", version.ref = "espressoCore" } androidx-espresso-idling-resource = { module = "androidx.test.espresso:espresso-idling-resource", version.ref = "espressoCore" } androidx-espresso-intents = { module = "androidx.test.espresso:espresso-intents", version.ref = "espressoCore" } From 35a6724dc17fe8dc2bbd59183c153515fdd704b0 Mon Sep 17 00:00:00 2001 From: Matthew Robertson Date: Mon, 3 Mar 2025 16:28:25 -0500 Subject: [PATCH 4/4] Update datastore dependency to 1.1.3 --- firebase-sessions/CHANGELOG.md | 4 +++- firebase-sessions/firebase-sessions.gradle.kts | 12 +----------- gradle/libs.versions.toml | 2 ++ smoke-tests/build.gradle | 2 ++ 4 files changed, 8 insertions(+), 12 deletions(-) diff --git a/firebase-sessions/CHANGELOG.md b/firebase-sessions/CHANGELOG.md index 66b5d446d33..2473b64a1cf 100644 --- a/firebase-sessions/CHANGELOG.md +++ b/firebase-sessions/CHANGELOG.md @@ -1,7 +1,9 @@ # Unreleased -* [changed] Updated datastore dependency to `1.1.2` to +* [changed] Updated datastore dependency to `1.1.3` to fix [CVE-2024-7254](https://github.com/advisories/GHSA-735f-pc8j-v9w8). + +# 2.0.9 * [fixed] Make AQS resilient to background init in multi-process apps. # 2.0.7 diff --git a/firebase-sessions/firebase-sessions.gradle.kts b/firebase-sessions/firebase-sessions.gradle.kts index 50eac325dfe..0a09740bd77 100644 --- a/firebase-sessions/firebase-sessions.gradle.kts +++ b/firebase-sessions/firebase-sessions.gradle.kts @@ -72,19 +72,9 @@ dependencies { api("com.google.firebase:firebase-encoders:17.0.0") api("com.google.firebase:firebase-encoders-json:18.0.1") implementation(libs.androidx.annotation) + implementation(libs.androidx.datastore.preferences) compileOnly(libs.errorprone.annotations) - // Workaround for b/328687152, AndroidX desktop artifacts packaged in Android APK - val datastoreVersion = "1.1.2" - implementation("androidx.datastore:datastore-preferences-android:$datastoreVersion") { - exclude(group = "androidx.datastore", module = "datastore") - exclude(group = "androidx.datastore", module = "datastore-core") - } - implementation("androidx.datastore:datastore-android:$datastoreVersion") { - exclude(group = "androidx.datastore", module = "datastore-core") - } - implementation("androidx.datastore:datastore-core-android:$datastoreVersion") - runtimeOnly("com.google.firebase:firebase-installations:18.0.0") { exclude(group = "com.google.firebase", module = "firebase-common") exclude(group = "com.google.firebase", module = "firebase-components") diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index b234d7bbd0f..4881c9d7d40 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -18,6 +18,7 @@ constraintlayout = "2.1.4" coreKtx = "1.12.0" coroutines = "1.7.3" dagger = "2.43.2" +datastore = "1.1.3" dexmaker = "2.28.1" dexmakerVersion = "1.2" espressoCore = "3.6.1" @@ -91,6 +92,7 @@ androidx-cardview = { module = "androidx.cardview:cardview", version.ref = "card androidx-constraintlayout = { module = "androidx.constraintlayout:constraintlayout", version.ref = "constraintlayout" } androidx-core = { module = "androidx.core:core", version = "1.2.0" } androidx-core-ktx = { module = "androidx.core:core-ktx", version.ref = "coreKtx" } +androidx-datastore-preferences = { module = "androidx.datastore:datastore-preferences", version.ref = "datastore" } androidx-espresso-core = { module = "androidx.test.espresso:espresso-core", version.ref = "espressoCore" } androidx-espresso-idling-resource = { module = "androidx.test.espresso:espresso-idling-resource", version.ref = "espressoCore" } androidx-espresso-intents = { module = "androidx.test.espresso:espresso-intents", version.ref = "espressoCore" } diff --git a/smoke-tests/build.gradle b/smoke-tests/build.gradle index 346bad8698f..89df856dd06 100644 --- a/smoke-tests/build.gradle +++ b/smoke-tests/build.gradle @@ -24,12 +24,14 @@ buildscript { dependencies { classpath "com.android.tools.build:gradle:8.3.2" + classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:1.9.0" classpath "com.google.gms:google-services:4.3.14" classpath "com.google.firebase:firebase-crashlytics-gradle:2.8.1" } } apply plugin: "com.android.application" +apply plugin: "org.jetbrains.kotlin.android" android { compileSdkVersion 34