Merge branch 'bump-dependencies-3'

Author: Rawa

.github/workflows/android-app.yml

@@ -240,7 +240,7 @@ jobs:
               :lib:shared:testDebugUnitTest
           - gradle-task: :test:arch:test --rerun-tasks
           - gradle-task: detekt
-          - gradle-task: :app:lint
+          - gradle-task: lint
     steps:
       # Fix for HOME path overridden by GH runners when building in containers, see:
       # https://github.com/actions/runner/issues/863

android/config/dependency-check-suppression-agp-fixes.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-    <suppress until="2024-12-01Z">
+    <suppress until="2025-03-01Z">
         <notes><![CDATA[
         This and all other supressions in this file are for dependencies only used for tests.
         These should be excluded by the plugin but this behaviour is broken.
@@ -15,7 +15,7 @@
         <cve>CVE-2022-41915</cve>
         <cve>CVE-2024-47535</cve>
     </suppress>
-    <suppress until="2024-12-01Z">
+    <suppress until="2025-03-01Z">
         <notes><![CDATA[
         This and all other supressions in this file are for dependencies only used for tests.
         These should be excluded by the plugin but this behaviour is broken.
@@ -27,7 +27,7 @@
         <cve>CVE-2022-3510</cve>
         <cve>CVE-2021-22569</cve>
     </suppress>
-    <suppress until="2024-12-01Z">
+    <suppress until="2025-03-01Z">
         <notes><![CDATA[
         This and all other supressions in this file are for dependencies only used for tests.
         These should be excluded by the plugin but this behaviour is broken.

android/config/dependency-check-suppression.xml

@@ -8,7 +8,7 @@
         <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib.*@.*$</packageUrl>
         <cve>CVE-2022-24329</cve>
     </suppress>
-    <suppress until="2024-12-01Z">
+    <suppress until="2025-03-01Z">
         <notes><![CDATA[
           This CVE only affect programs using loadXML and is derived from using ksp.
           We do not use the loadXML, ksp is used to generate navigation paths in our code
@@ -17,14 +17,14 @@
         <packageUrl regex="true">^pkg:maven/com\.google\.devtools\.ksp/symbol\-processing.*@.*$</packageUrl>
         <cve>CVE-2018-1000840</cve>
     </suppress>
-    <suppress until="2024-12-01Z">
+    <suppress until="2025-03-01Z">
         <notes><![CDATA[
             False-positive only affecting javascript gRPC packages.
         ]]></notes>
         <packageUrl regex="true">^pkg:maven/io\.grpc/protoc\-gen\-grpc\-kotlin@.*$</packageUrl>
         <cve>CVE-2020-7768</cve>
     </suppress>
-    <suppress until="2024-12-01Z">
+    <suppress until="2025-03-01Z">
         <notes><![CDATA[
             No impact on this app since it uses UDS rather than HTTP2.
         ]]></notes>
@@ -40,7 +40,7 @@
         <packageUrl regex="true">^pkg:maven/commons\-validator/commons\-validator@.*$</packageUrl>
         <cve>CVE-2021-3765</cve>
     </suppress>
-    <suppress until="2024-12-01Z">
+    <suppress until="2025-03-01Z">
         <notes><![CDATA[
             Denial of service using protobuf.
             Should not be applicable since client and server are always in sync and we are only

android/config/lint-baseline.xml

@@ -1,20 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <issues format="6" by="lint 8.7.3" type="baseline" client="gradle" dependencies="true" name="AGP (8.7.3)" variant="all" version="8.7.3">
 
-    <issue
-        id="InvalidPackage"
-        message="Invalid package reference in library; not included in Android: `javax.naming.directory`. Referenced from `io.grpc.internal.JndiResourceResolverFactory.JndiRecordFetcher`.">
-        <location
-            file="../../../root/.gradle/caches/modules-2/files-2.1/io.grpc/grpc-core/1.68.2/b0fd51a1c029785d1c9ae2cfc80a296b60dfcfdb/grpc-core-1.68.2.jar"/>
-    </issue>
-
-    <issue
-        id="InvalidPackage"
-        message="Invalid package reference in library; not included in Android: `javax.naming`. Referenced from `io.grpc.internal.JndiResourceResolverFactory.JndiRecordFetcher`.">
-        <location
-            file="../../../root/.gradle/caches/modules-2/files-2.1/io.grpc/grpc-core/1.68.2/b0fd51a1c029785d1c9ae2cfc80a296b60dfcfdb/grpc-core-1.68.2.jar"/>
-    </issue>
-
     <issue
         id="SimilarGradleDependency"
         message="There are multiple dependencies com.google.protobuf but with different version"

android/config/lint.xml

@@ -4,15 +4,18 @@
     <issue id="ExtraTranslation" severity="ignore" />
     <issue id="MissingTranslation" severity="ignore" />
     <issue id="Typos" severity="ignore" />
-    <issue id="UnusedResources">
-        <ignore path="res/values/strings.xml" />
-    </issue>
     <!-- We are currently not using the ellipsis character -->
     <issue id="TypographyEllipsis" severity="ignore" />
+    <!-- Tracked externally (DROID-245) since the same texts are used across multiple platforms. -->
+    <issue id="ImpliedQuantity" severity="ignore" />
     <!-- Temporarily ignore the below checks while migrating to version catalogs. -->
     <issue id="GradleDependency" severity="ignore" />
     <issue id="AndroidGradlePluginVersion" severity="ignore" />
     <!-- Temporarily ignored since a dependency is checked with older version of lint -->
     <issue id="ObsoleteLintCustomCheck" severity="ignore" />
     <issue id="NewerVersionAvailable" severity="ignore" />
+    <!-- Ignored, see more: https://github.com/grpc/grpc-java/blob/e8ff6da2cf57a39a62497e9f317e6976b5bfb98c/core/src/main/java/io/grpc/internal/JndiResourceResolverFactory.java#L199 -->
+    <issue id="InvalidPackage">
+      <ignore path="**/io.grpc/grpc-core/1.69.0/7dad3419dfb91a77788afcdf79e0477172784910/grpc-core-1.69.0.jar" />
+    </issue>
 </lint>

android/gradle/libs.versions.toml

@@ -25,12 +25,12 @@ androidx-uiautomator = "2.4.0-alpha01"
 arrow = "2.0.0"
 
 # Compose
-compose = "1.7.5"
+compose = "1.7.6"
 compose-destinations = "2.1.0-beta14"
 compose-constraintlayout = "1.1.0"
 compose-material3 = "1.3.1"
 
-grpc = "1.68.2"
+grpc = "1.69.0"
 grpc-kotlin = "1.4.1"
 grpc-kotlin-jar = "1.4.1:jdk8@jar"
 grpc-protobuf = "4.29.1"