chore(deps): bump the non-breaking group across 1 directory with 3 updates

[dependabot]

Bumps the non-breaking group with 3 updates in the / directory: dbus, flutter_secure_storage and go_router.

Updates dbus from 0.7.12 to 0.7.14

Changelog

Sourced from dbus's changelog.

0.7.14

• Drop xml dependency to 6.6.1, which is the version that Flutter is using.

0.7.13

• Make able to work on Windows by not supporting control messages there (they are not supported).
• Depend on xml 7.x.

Commits

• See full diff in compare view

Updates flutter_secure_storage from 10.2.0 to 10.3.1

Release notes

Sourced from flutter_secure_storage's releases.

v10.3.1

Android

• Fixed AEADBadTagException when biometric authentication is cancelled on first launch: a stale IV is now cleared and the cipher re-initialised in encrypt mode so the next authentication attempt succeeds.
• Fixed NullPointerException when retrying an operation after a cancelled biometric prompt: preferences is now only assigned once cipher initialisation completes successfully, allowing a clean retry.

v10.3.0

Android

• Added AndroidBiometricType enum and biometricType option to AndroidOptions to control which authentication methods are accepted during biometric prompts (requires KeyCipherAlgorithm.AES_GCM_NoPadding).
  • AndroidBiometricType.biometricOrDeviceCredential (default) accepts Class 3 biometrics or device credentials (PIN/pattern/password), preserving previous behaviour.
  • AndroidBiometricType.strongBiometricOnly restricts authentication to Class 3 (strong) biometrics only; device credentials are explicitly rejected.
• Fully enforced on Android 11+ (API 30+) via setAllowedAuthenticators on BiometricPrompt and setUserAuthenticationParameters on the KeyStore key. On earlier API levels the system may still permit device credentials.
• Added biometricPromptNegativeButton option to AndroidOptions to customise the dismiss button label on the biometric prompt. Required when using strongBiometricOnly or on Android 10 and lower.

iOS / macOS

• Fixed secStoreAvailabilitySink not being called when protected data availability changes.
• Fixed kSecUseDataProtectionKeychain being added to Keychain queries unconditionally; it is now only set when useDataProtectionKeychain is explicitly enabled.

Windows

• Fixed deleteAll and containsKey not acquiring the mutex lock, which could cause data races under concurrent access. If you are on Dart >=3.10.0, this fix is applied automatically. Otherwise, pin flutter_secure_storage_windows: ^4.2.2 in your pubspec.yaml to opt in and make sure your constraint is set for minimum of Dart >=3.10.0.

Linux

• Fixed deleteKeyring storing the string "null" instead of an empty JSON object {}.
• Fixed non-UTF-8 error messages from libsecret causing a FormatException on the Dart side; messages are now sanitised before being sent through the method channel.
• Fixed locked or unavailable keyring now surfacing as a catchable PlatformException with code KeyringLocked.
• Fixed JSON parse errors and other C++ exceptions now surfacing as a PlatformException with code StorageError instead of sending malformed bytes through the channel.

Commits

• 3fc4c53 fix: revert updated darwin package for backwards compatibility
• 6b9e8f4 fix: added changelog entries
• 0b9ed95 Merge pull request #1148 from CORDEA/fix/defer-preferences-until-cipher-initi...
• c557a53 Merge pull request #1147 from CORDEA/fix/reset-stale-cipher-iv-on-biometric-f...
• be0674a Use a single SharedPreferences.Editor when resetting stale IV
• 5817b55 Reset stale cipher IV when biometric auth fails before completion
• 635013b Defer setting preferences until storageCipher is initialized
• 35da5ae fix: badge
• a86a1ef release of v10.3.0
• 9d09d99 release of v0.3.2
• Additional commits viewable in compare view

Updates go_router from 17.2.3 to 17.3.0

Commits

• 40733eb [go_router] Batch release (#11813)
• 6246800 [vector_graphics_compiler] Support xml 7 (#11804)
• 0bceb64 Migrated video_player_android to Built-in Kotlin (#11798)
• e930ced [vector_graphics_compiler]: Fix Stack Overflow and CPU/Memory DoS on SVGs wit...
• 10cbdc5 [in_app_purchase_android] Update Play Billing library to 8.0.0 (#10816)
• b74a269 [google_maps_flutter] Federate READMEs (#11790)
• c19a48d [google_maps_flutter] Remove duplicated privacy manifest entries (#11791)
• db270b4 [go_router] Allow users to specify onExit as optional (#11150)
• 6da2737 [google_maps_flutter] Add Android and iOS attribution ID (#11731)
• 874b823 [dependabot]: Bump org.json:json from 20251224 to 20260522 in /packages/in_ap...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.