chore(deps): bump flutter_secure_storage from 9.2.4 to 10.2.0 in /mobile

[dependabot]

Bumps flutter_secure_storage from 9.2.4 to 10.2.0.

Release notes

Sourced from flutter_secure_storage's releases.

v10.2.0

Android

• Deprecated KeyCipherAlgorithm.RSA_ECB_PKCS1Padding. Existing data is automatically migrated to the default RSA_ECB_OAEPwithSHA_256andMGF1Padding when migrateOnAlgorithmChange is true.
• Deprecated StorageCipherAlgorithm.AES_CBC_PKCS7Padding. Existing data is automatically migrated to the default AES_GCM_NoPadding when migrateOnAlgorithmChange is true.
• Fixed Gradle space-assignment warnings in build.gradle.

iOS / macOS

• Fixed iOS build by updating availability annotation for Secure Enclave methods from iOS 11.3 to iOS 13.0.

Windows

• Fixed compatibility with win32 6.0.0 in flutter_secure_storage_windows 4.2.0. If you are on Dart >=3.10.0, this fix is applied automatically. Otherwise, pin flutter_secure_storage_windows: ^4.2.0 in your pubspec.yaml to opt in and make sure your constraint is set for minimum of Dart >=3.10.0.

v10.1.0

Android

• Added storageNamespace option to AndroidOptions for full namespace isolation across storage instances (SharedPreferences, KeyStore aliases, config/key storage). Use this instead of sharedPreferencesName when running multiple FlutterSecureStorage instances with different cipher configurations.
• Deprecated sharedPreferencesName in favor of storageNamespace, which provides complete isolation rather than data-only isolation.
• Added migrateWithBackup option to AndroidOptions for crash-resistant migration. When enabled, backup copies of encrypted data are created before migration starts, allowing recovery if migration fails or the app crashes mid-migration. Works in conjunction with migrateOnAlgorithmChange.
• Made KeyCipherAlgorithm and StorageCipherAlgorithm public enums.

Fixes:

• Fixed crash on biometric failure (not error).
• Fixed null safety issue in MethodRunner that could cause a crash on Android.
• Fixed config being overwritten on initialization.
• Fixed default Android key cipher not aligning with the Flutter default.

iOS / macOS

• Added useSecureEnclave option to IOSOptions and MacOsOptions to store keys in the device's Secure Enclave for hardware-backed security.

Fixes:

• Fixed kSecAttrSynchronizable being silently dropped when no access control flags are set.
• Fixed readAll not returning Secure Enclave items correctly.

v10.0.0

This major release brings significant security improvements, platform updates, and modernization across all supported platforms.

Android

Due to the deprecation of Jetpack Security library, the Android implementation has been largely rewritten with custom secure ciphers, enhanced biometrics support, and migration tools.

Breaking Changes:

• AndroidOptions().encryptedSharedPreferences is now deprecated due to Jetpack Crypto package deprecation
  • Migration will automatically happen due to migrateOnAlgorithmChange: true, which can also be set to false if not wanted.
• ResetOnError will now automatically be true, because most errors are unrecoverable due to key storage problems. It can still be disabled with resetOnError: false
• Default key cipher changed to RSA_ECB_OAEPwithSHA_256andMGF1Padding
• Default storage cipher changed to AES_GCM_NoPadding
• Minimum Android SDK changed from 19 to 23
• Target SDK updated to 36
• Migrated from deprecated Jetpack Crypto library to custom cipher implementation (Tink doesn't support biometrics)
• Migrated to Java Version 17

... (truncated)

Commits

• 55dd5a7 fix: add release note
• 5b56420 fix: revert flutter_secure_storage_windows to 4.1.0, so users with dart sdk <...
• f29180c release of v10.2.0
• 8aeab07 release of v0.3.1
• f652103 Merge pull request #1130 from juliansteenbakker/fix/deprecate-insecure
• 1c6a63a fix: analyzer issues for deprecated member usage
• 1c88511 Merge branch 'develop' into fix/deprecate-insecure
• b6a3554 Merge pull request #1129 from juliansteenbakker/dependabot/github_actions/nic...
• 51f377a Merge pull request #1122 from juliansteenbakker/fix/win32-6-compat
• 0aa65ad fix: regenerate cmakelists for windows
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: mobile. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.