Bump dependencies

android/config/dependency-check-suppression-agp-fixes.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-    <suppress until="2024-12-01Z">
+    <suppress until="2025-03-01Z">
         <notes><![CDATA[
         This and all other supressions in this file are for dependencies only used for tests.
         These should be excluded by the plugin but this behaviour is broken.
@@ -15,7 +15,7 @@
         <cve>CVE-2022-41915</cve>
         <cve>CVE-2024-47535</cve>
     </suppress>
-    <suppress until="2024-12-01Z">
+    <suppress until="2025-03-01Z">
         <notes><![CDATA[
         This and all other supressions in this file are for dependencies only used for tests.
         These should be excluded by the plugin but this behaviour is broken.
@@ -27,7 +27,7 @@
         <cve>CVE-2022-3510</cve>
         <cve>CVE-2021-22569</cve>
     </suppress>
-    <suppress until="2024-12-01Z">
+    <suppress until="2025-03-01Z">
         <notes><![CDATA[
         This and all other supressions in this file are for dependencies only used for tests.
         These should be excluded by the plugin but this behaviour is broken.

android/config/dependency-check-suppression.xml

@@ -8,7 +8,7 @@
         <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib.*@.*$</packageUrl>
         <cve>CVE-2022-24329</cve>
     </suppress>
-    <suppress until="2024-12-01Z">
+    <suppress until="2025-03-01Z">
         <notes><![CDATA[
           This CVE only affect programs using loadXML and is derived from using ksp.
           We do not use the loadXML, ksp is used to generate navigation paths in our code
@@ -17,14 +17,14 @@
         <packageUrl regex="true">^pkg:maven/com\.google\.devtools\.ksp/symbol\-processing.*@.*$</packageUrl>
         <cve>CVE-2018-1000840</cve>
     </suppress>
-    <suppress until="2024-12-01Z">
+    <suppress until="2025-03-01Z">
         <notes><![CDATA[
             False-positive only affecting javascript gRPC packages.
         ]]></notes>
         <packageUrl regex="true">^pkg:maven/io\.grpc/protoc\-gen\-grpc\-kotlin@.*$</packageUrl>
         <cve>CVE-2020-7768</cve>
     </suppress>
-    <suppress until="2024-12-01Z">
+    <suppress until="2025-03-01Z">
         <notes><![CDATA[
             No impact on this app since it uses UDS rather than HTTP2.
         ]]></notes>
@@ -40,7 +40,7 @@
         <packageUrl regex="true">^pkg:maven/commons\-validator/commons\-validator@.*$</packageUrl>
         <cve>CVE-2021-3765</cve>
     </suppress>
-    <suppress until="2024-12-01Z">
+    <suppress until="2025-03-01Z">
         <notes><![CDATA[
             Denial of service using protobuf.
             Should not be applicable since client and server are always in sync and we are only

android/gradle/libs.versions.toml

@@ -25,12 +25,12 @@ androidx-uiautomator = "2.4.0-alpha01"
 arrow = "2.0.0"
 
 # Compose
-compose = "1.7.5"
+compose = "1.7.6"
 compose-destinations = "2.1.0-beta14"
 compose-constraintlayout = "1.1.0"
 compose-material3 = "1.3.1"
 
-grpc = "1.68.2"
+grpc = "1.69.0"
 grpc-kotlin = "1.4.1"
 grpc-kotlin-jar = "1.4.1:jdk8@jar"
 grpc-protobuf = "4.29.1"