deps: Upgrade @react-native-async-storage/async-storage to 1.23.1 (latest) #5856
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…test) Changelog: https://github.com/react-native-async-storage/async-storage/releases This new version has a "privacy manifest", which should help us toward zulip#5847. For why this upgrade is unlikely to break things, see: zulip#5309 (comment) For why the version was constrained with ~ instead of ^ see 47b7ead, an Expo SDK upgrade: [T]he `expo upgrade` command went through a phase it described as "Updating packages to compatible versions (where known)," and that changed several of our dependency ranges, even of non-Expo things. It would actually be better to remove the dependency entirely. It's our legacy way of storing data on the device, and we have a migration to the new way that's now been active for over two years (see caf3bf9). The proportion of our users who still benefit from what this dependency offers will be vanishingly small at this point. But I'm not totally comfortable removing it without more careful thought than we have time for right now in this legacy codebase. (One step we'd want to consider, if doing that, is adding and releasing a migration to clear out the contents of the legacy storage.) Tested on my iPhone and on the office Android device, on both a first and a subsequent startup of the app. No crashes or errors observed. Related: zulip#5847
chrisbobbe
added a commit
to chrisbobbe/zulip-mobile
that referenced
this pull request
Apr 23, 2024
… APIs" Apple has a new requirement to declare reasons for using certain potentially privacy-sensitive APIs. It calls these "required reason APIs": https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api?language=objc Starting May 1, we risk being prevented from publishing until we properly do that: zulip#5847. We don't have much iOS code of our own, and none of it uses these APIs (I've checked). But some of our dependencies do, and we have to handle that. Specifically, we expect to have to aggregate the declared reasons of all our dependencies that use these APIs, and declare them ourself. (That is, of dependencies that are statically linked -- which we expect them to be, since we don't call `use_frameworks!` in our Podfile.) The dependencies declare them with a "privacy manifest" file, and the place we declare them is in a privacy manifest of our own. Below are the reasons we're copying over, noted with the dependencies that declare them: ---- File timestamp APIs ---- (rn-fetch-blob uses some of these APIs, but that project hasn't yet merged a privacy manifest. Currently the only reason code we haven't declared in this category is DDA9.1, and I don't think that applies. The Apple doc says, "Declare this reason to display file timestamps to the person using the device," and we don't do that.) C617.1: "Declare this reason to access the timestamps, size, or other metadata of files inside the app container, app group container, or the app’s CloudKit container." @react-native-async-storage/async-storage (using the privacy manifest from the later version we take in zulip#5856, which is not yet merged as of writing) @sentry/react-native expo-application (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) react-native (using the privacy manifest added very recently in facebook/react-native@d39712f54, which we haven't taken because RN upgrades take a lot of effort) 0A2A.1: "Declare this reason if your third-party SDK is providing a wrapper function around file timestamp API(s) for the app to use, and you only access the file timestamp APIs when the app calls your wrapper function. This reason may only be declared by third-party SDKs. This reason may not be declared if your third-party SDK was created primarily to wrap required reason API(s). Information accessed for this reason, or any derived information, may not be used for your third-party SDK’s own purposes or sent off-device by your third-party SDK." expo-file-system (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) 3B52.1: "Declare this reason to access the timestamps, size, or other metadata of files or directories that the user specifically granted access to, such as using a document picker view controller." expo-file-system (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) ---- System boot time APIs ---- 35F9.1: "Declare this reason to access the system boot time in order to measure the amount of time that has elapsed between events that occurred within the app or to perform calculations to enable timers. Information accessed for this reason, or any derived information, may not be sent off-device. There is an exception for information about the amount of time that has elapsed between events that occurred within the app, which may be sent off-device." @sentry/react-native react-native (using the privacy manifest added very recently in facebook/react-native@d39712f54, which we haven't taken because RN upgrades take a lot of effort) ---- Disk space APIs ---- (rn-fetch-blob uses some of these APIs, but that project hasn't merged a privacy manifest yet. Currently the only reasons we haven't declared in this category are 7D9E.1 and B728.1, and I don't think those apply.) 85F4.1: "Declare this reason to display disk space information to the person using the device. Disk space may be displayed in units of information (such as bytes) or units of time combined with a media type (such as minutes of HD video). Information accessed for this reason, or any derived information, may not be sent off-device. There is an exception that allows the app to send disk space information over the local network to another device operated by the same person only for the purpose of displaying disk space information on that device; this exception only applies if the user has provided explicit permission to send disk space information, and the information may not be sent over the Internet." expo-file-system (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) E174.1: "Declare this reason to check whether there is sufficient disk space to write files, or to check whether the disk space is low so that the app can delete files when the disk space is low. The app must behave differently based on disk space in a way that is observable to users. Information accessed for this reason, or any derived information, may not be sent off-device. There is an exception that allows the app to avoid downloading files from a server when disk space is insufficient." expo-file-system (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) ---- User defaults APIs ---- (expo-error-recovery uses some of these APIs, but that project hasn't merged a privacy manifest yet, and we don't expect it to because it is deprecated and not used in recent versions of Expo; see expo/expo@87ffd749a. I don't *think* our app ends up using expo-error-recovery; its README makes it sound like something we would be aware of if it were active: "`expo-error-recovery` helps you gracefully handle crashes caused by fatal JavaScript errors.".) CA92.1: "Declare this reason to access user defaults to read and write information that is only accessible to the app itself. This reason does not permit reading information that was written by other apps or the system, or writing information that can be accessed by other apps." @sentry/react-native expo-constants (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) expo-file-system (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) react-native (using the privacy manifest added very recently in facebook/react-native@d39712f54, which we haven't taken because RN upgrades take a lot of effort)
chrisbobbe
added a commit
to chrisbobbe/zulip-mobile
that referenced
this pull request
Apr 23, 2024
… APIs" Apple has a new requirement to declare reasons for using certain potentially privacy-sensitive APIs. It calls these "required reason APIs": https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api?language=objc Starting May 1, we risk being prevented from publishing until we properly do that: zulip#5847. We don't have much iOS code of our own, and none of it uses these APIs (I've checked). But some of our dependencies do, and we have to handle that. Specifically, we expect to have to aggregate the declared reasons of all our dependencies that use these APIs, and declare them ourself. (That is, of dependencies that are statically linked -- which we expect them to be, since we don't call `use_frameworks!` in our Podfile.) The dependencies declare them with a "privacy manifest" file, and the place we declare them is in a privacy manifest of our own. Below are the reasons we're copying over, noted with the dependencies that declare them: ---- File timestamp APIs ---- (rn-fetch-blob uses some of these APIs, but that project hasn't yet merged a privacy manifest. Currently the only reason code we haven't declared in this category is DDA9.1, and I don't think that applies. The Apple doc says, "Declare this reason to display file timestamps to the person using the device," and we don't do that.) C617.1: "Declare this reason to access the timestamps, size, or other metadata of files inside the app container, app group container, or the app’s CloudKit container." @react-native-async-storage/async-storage (using the privacy manifest from the later version we take in zulip#5856, which is not yet merged as of writing) @sentry/react-native expo-application (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) react-native (using the privacy manifest added very recently in facebook/react-native@d39712f54, which we haven't taken because RN upgrades take a lot of effort) 0A2A.1: "Declare this reason if your third-party SDK is providing a wrapper function around file timestamp API(s) for the app to use, and you only access the file timestamp APIs when the app calls your wrapper function. This reason may only be declared by third-party SDKs. This reason may not be declared if your third-party SDK was created primarily to wrap required reason API(s). Information accessed for this reason, or any derived information, may not be used for your third-party SDK’s own purposes or sent off-device by your third-party SDK." expo-file-system (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) 3B52.1: "Declare this reason to access the timestamps, size, or other metadata of files or directories that the user specifically granted access to, such as using a document picker view controller." expo-file-system (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) ---- System boot time APIs ---- 35F9.1: "Declare this reason to access the system boot time in order to measure the amount of time that has elapsed between events that occurred within the app or to perform calculations to enable timers. Information accessed for this reason, or any derived information, may not be sent off-device. There is an exception for information about the amount of time that has elapsed between events that occurred within the app, which may be sent off-device." @sentry/react-native react-native (using the privacy manifest added very recently in facebook/react-native@d39712f54, which we haven't taken because RN upgrades take a lot of effort) ---- Disk space APIs ---- (rn-fetch-blob uses some of these APIs, but that project hasn't merged a privacy manifest yet. Currently the only reasons we haven't declared in this category are 7D9E.1 and B728.1, and I don't think those apply.) 85F4.1: "Declare this reason to display disk space information to the person using the device. Disk space may be displayed in units of information (such as bytes) or units of time combined with a media type (such as minutes of HD video). Information accessed for this reason, or any derived information, may not be sent off-device. There is an exception that allows the app to send disk space information over the local network to another device operated by the same person only for the purpose of displaying disk space information on that device; this exception only applies if the user has provided explicit permission to send disk space information, and the information may not be sent over the Internet." expo-file-system (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) E174.1: "Declare this reason to check whether there is sufficient disk space to write files, or to check whether the disk space is low so that the app can delete files when the disk space is low. The app must behave differently based on disk space in a way that is observable to users. Information accessed for this reason, or any derived information, may not be sent off-device. There is an exception that allows the app to avoid downloading files from a server when disk space is insufficient." expo-file-system (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) ---- User defaults APIs ---- (expo-error-recovery uses some of these APIs, but that project hasn't merged a privacy manifest yet, and we don't expect it to because it is deprecated and not used in recent versions of Expo; see expo/expo@87ffd749a. I don't *think* our app ends up using expo-error-recovery; its README makes it sound like something we would be aware of if it were active: "`expo-error-recovery` helps you gracefully handle crashes caused by fatal JavaScript errors.".) CA92.1: "Declare this reason to access user defaults to read and write information that is only accessible to the app itself. This reason does not permit reading information that was written by other apps or the system, or writing information that can be accessed by other apps." @sentry/react-native expo-constants (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) expo-file-system (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) react-native (using the privacy manifest added very recently in facebook/react-native@d39712f54, which we haven't taken because RN upgrades take a lot of effort) Fixes: zulip#5847
chrisbobbe
added a commit
to chrisbobbe/zulip-mobile
that referenced
this pull request
Apr 25, 2024
… APIs" Apple has a new requirement to declare reasons for using certain potentially privacy-sensitive APIs. It calls these "required reason APIs": https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api?language=objc Starting May 1, we risk being prevented from publishing until we properly do that: zulip#5847. We don't have much iOS code of our own, and none of it uses these APIs (I've checked). But some of our dependencies do, and we have to handle that. Specifically, we expect to have to aggregate the declared reasons of all our dependencies that use these APIs, and declare them ourself. (That is, of dependencies that are statically linked -- which we expect them to be, since we don't call `use_frameworks!` in our Podfile.) The dependencies declare them with a "privacy manifest" file, and the place we declare them is in a privacy manifest of our own. Below are the reasons we're copying over, noted with the dependencies that declare them: ---- File timestamp APIs ---- (rn-fetch-blob uses some of these APIs, but that project hasn't yet merged a privacy manifest. Currently the only reason code we haven't declared in this category is DDA9.1, and I don't think that applies. The Apple doc says, "Declare this reason to display file timestamps to the person using the device," and we don't do that.) C617.1: "Declare this reason to access the timestamps, size, or other metadata of files inside the app container, app group container, or the app’s CloudKit container." @react-native-async-storage/async-storage (using the privacy manifest from the later version we take in zulip#5856, which is not yet merged as of writing) @sentry/react-native expo-application (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) react-native (using the privacy manifest added very recently in facebook/react-native@d39712f54, which we haven't taken because RN upgrades take a lot of effort) ~~0A2A.1~~ We considered including this because of expo-file-system but concluded that it's not appropriate for our privacy manifest; details here: zulip#5859 (comment) 3B52.1: "Declare this reason to access the timestamps, size, or other metadata of files or directories that the user specifically granted access to, such as using a document picker view controller." expo-file-system (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) ---- System boot time APIs ---- 35F9.1: "Declare this reason to access the system boot time in order to measure the amount of time that has elapsed between events that occurred within the app or to perform calculations to enable timers. Information accessed for this reason, or any derived information, may not be sent off-device. There is an exception for information about the amount of time that has elapsed between events that occurred within the app, which may be sent off-device." @sentry/react-native react-native (using the privacy manifest added very recently in facebook/react-native@d39712f54, which we haven't taken because RN upgrades take a lot of effort) ---- Disk space APIs ---- (rn-fetch-blob uses some of these APIs, but that project hasn't merged a privacy manifest yet. Currently the only reasons we haven't declared in this category are 7D9E.1 and B728.1, and I don't think those apply.) 85F4.1: "Declare this reason to display disk space information to the person using the device. Disk space may be displayed in units of information (such as bytes) or units of time combined with a media type (such as minutes of HD video). Information accessed for this reason, or any derived information, may not be sent off-device. There is an exception that allows the app to send disk space information over the local network to another device operated by the same person only for the purpose of displaying disk space information on that device; this exception only applies if the user has provided explicit permission to send disk space information, and the information may not be sent over the Internet." expo-file-system (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) E174.1: "Declare this reason to check whether there is sufficient disk space to write files, or to check whether the disk space is low so that the app can delete files when the disk space is low. The app must behave differently based on disk space in a way that is observable to users. Information accessed for this reason, or any derived information, may not be sent off-device. There is an exception that allows the app to avoid downloading files from a server when disk space is insufficient." expo-file-system (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) ---- User defaults APIs ---- (expo-error-recovery uses some of these APIs, but that project hasn't merged a privacy manifest yet, and we don't expect it to because it is deprecated and not used in recent versions of Expo; see expo/expo@87ffd749a. I don't *think* our app ends up using expo-error-recovery; its README makes it sound like something we would be aware of if it were active: "`expo-error-recovery` helps you gracefully handle crashes caused by fatal JavaScript errors.".) CA92.1: "Declare this reason to access user defaults to read and write information that is only accessible to the app itself. This reason does not permit reading information that was written by other apps or the system, or writing information that can be accessed by other apps." @sentry/react-native expo-constants (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) expo-file-system (using the privacy manifest added recently in expo/expo@b8e40614b, which we haven't taken because Expo upgrades take a lot of effort) react-native (using the privacy manifest added very recently in facebook/react-native@d39712f54, which we haven't taken because RN upgrades take a lot of effort) Fixes: zulip#5847
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This new version has a "privacy manifest", which should help us toward #5847.
(More details in the commit message.)
Related: #5847