deps(flutter): bump flutter_secure_storage from 10.2.0 to 10.3.0 in the flutter-dependencies group

[dependabot]

Bumps the flutter-dependencies group with 1 update: flutter_secure_storage.

Updates flutter_secure_storage from 10.2.0 to 10.3.0

Release notes

Sourced from flutter_secure_storage's releases.

v10.3.0

Android

• Added AndroidBiometricType enum and biometricType option to AndroidOptions to control which authentication methods are accepted during biometric prompts (requires KeyCipherAlgorithm.AES_GCM_NoPadding).
  • AndroidBiometricType.biometricOrDeviceCredential (default) accepts Class 3 biometrics or device credentials (PIN/pattern/password), preserving previous behaviour.
  • AndroidBiometricType.strongBiometricOnly restricts authentication to Class 3 (strong) biometrics only; device credentials are explicitly rejected.
• Fully enforced on Android 11+ (API 30+) via setAllowedAuthenticators on BiometricPrompt and setUserAuthenticationParameters on the KeyStore key. On earlier API levels the system may still permit device credentials.
• Added biometricPromptNegativeButton option to AndroidOptions to customise the dismiss button label on the biometric prompt. Required when using strongBiometricOnly or on Android 10 and lower.

iOS / macOS

• Fixed secStoreAvailabilitySink not being called when protected data availability changes.
• Fixed kSecUseDataProtectionKeychain being added to Keychain queries unconditionally; it is now only set when useDataProtectionKeychain is explicitly enabled.

Windows

• Fixed deleteAll and containsKey not acquiring the mutex lock, which could cause data races under concurrent access. If you are on Dart >=3.10.0, this fix is applied automatically. Otherwise, pin flutter_secure_storage_windows: ^4.2.2 in your pubspec.yaml to opt in and make sure your constraint is set for minimum of Dart >=3.10.0.

Linux

• Fixed deleteKeyring storing the string "null" instead of an empty JSON object {}.
• Fixed non-UTF-8 error messages from libsecret causing a FormatException on the Dart side; messages are now sanitised before being sent through the method channel.
• Fixed locked or unavailable keyring now surfacing as a catchable PlatformException with code KeyringLocked.
• Fixed JSON parse errors and other C++ exceptions now surfacing as a PlatformException with code StorageError instead of sending malformed bytes through the channel.

Commits

• a86a1ef release of v10.3.0
• 9d09d99 release of v0.3.2
• 57f83b4 release of v3.0.1
• 8a6e759 release of v4.2.2
• 25ac868 Merge pull request #1146 from juliansteenbakker/doc/linux
• 0061a48 fix: typo, add more details section,
• ff3004b doc: re-add note about libsecret availability
• d5ab2cb Merge pull request #1132 from juliansteenbakker/fix/linux-locked-keyring
• 6959bfd Merge branch 'develop' into fix/linux-locked-keyring
• 301194f Merge pull request #1143 from CORDEA/feature/android-biometric-type
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

关联 Issue

Closes #1132
Closes #1143
Closes #1146