Update androidx.credentials to 1.6.0-beta03

[SaintPatrck]

🎟️ Tracking

N/A

📔 Objective

Release notes!

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[claude]

Claude finished @SaintPatrck's task —— View job

---

Reviewing PR #6097

Task: Review dependency update for androidx.credentials to 1.6.0-beta03

Progress

• Gather context and read changed files
• Perform comprehensive code review
• Check for breaking changes and compatibility issues
• Post review findings

---

Summary of Changes

This PR updates the androidx.credentials library from version 1.6.0-beta01 to 1.6.0-beta03 in gradle/libs.versions.toml:24.

Library Usage in Codebase:
The androidx.credentials library is used in three modules:

• app/build.gradle.kts:247 - Main password manager app
• ui/build.gradle.kts:72 - UI components library
• cxf/build.gradle.kts:52 - Credential Exchange (CXF/CXP) integration layer

The library is critical for the app's passkey support (FIDO2 credentials), Credential Provider Service, and Credential Exchange functionality.

---

Release Notes Analysis

According to the official release notes:

1.6.0-beta03 (October 22, 2025):

• Minor internal data serialization changes

1.6.0-beta02 (October 8, 2025):

• Optimized large data serialization

Both versions focus on internal improvements to data serialization. No breaking API changes are documented.

---

Critical Issues

None identified. This is a minor beta update with no documented breaking changes.

---

Suggested Improvements

1. Testing Recommendations

Given the serialization changes in beta02 and beta03, I recommend testing the following areas:

Priority Test Areas

High Priority:

• Passkey creation and authentication flows - Serialization changes could affect FIDO2 credential data transfer
• Credential Provider Service - Test password/passkey autofill from external apps
• Credential Exchange (CXF) - Import/export flows between password managers
• Large credential data handling - The "optimized large data serialization" suggests improvements for handling credentials with large attachments or many fields

Specific Test Scenarios:

1. Create and use passkeys on various sites
2. Autofill passwords and passkeys from the Credential Provider
3. Import credentials from another password manager via CXF
4. Export credentials to another password manager via CXF
5. Test with credentials containing large amounts of data (long notes, multiple attachments, many custom fields)

Rationale: Serialization changes, even "minor" or "optimized" ones, can introduce subtle bugs in how credential data is marshalled between processes (app ↔ system ↔ external apps).

2. Monitor for Beta Stability

Beta Release Considerations

This is a beta release, not a stable version. Consider:

• Watch for 1.6.0 stable release - May want to update again when stable version is available
• Monitor crash reports - Pay attention to any serialization-related crashes in Crashlytics after deployment
• Check for 1.6.0-beta04 - Since we're skipping beta02, watch for whether beta04 is released soon (which might indicate issues found in beta03)

3. Architecture Compliance Check

The change follows the project's dependency management patterns correctly:

• ✅ Uses version catalog in libs.versions.toml
• ✅ Alphabetically organized
• ✅ Follows existing naming conventions

---

Good Practices Observed

• Minimal, focused change - Single version number update
• Clear PR description - Links to release notes
• Proper version catalog usage - Centralized dependency management

---

Action Items

For Author:

• Manual testing - Run through passkey creation/authentication flows
• Verify autofill - Test Credential Provider Service with external apps
• Test CXF flows - If feature is enabled, test credential import/export
• Wait for CI - Ensure all automated tests pass (currently 3 workflows pending)
• Consider stable release - Evaluate updating to 1.6.0 stable when available

For Reviewers:

• Approve once CI passes and manual testing is complete
• Verify no serialization-related issues in subsequent deployments

---

CI Status

Current Status: 3 workflows in progress, 1 passed

• ✅ Lint workflow - Passed
• 🔄 Test - In progress
• 🔄 Code Review - In progress
• 🔄 Scan Pull Requests - In progress

---

Verdict

Recommendation: Approve after CI passes and manual testing confirms no regressions.

This is a straightforward dependency update with no API-breaking changes. The serialization improvements should be beneficial for performance, particularly with large credential datasets. The main risk is subtle bugs in data marshalling, which should be caught by existing tests and targeted manual testing.

The change is well-structured and follows project conventions. Once automated tests pass and manual verification of credential/passkey flows is complete, this is safe to merge.

---

[github-actions]

Checkmarx One – Scan Summary & Details – e1471f92-8737-4d11-bbe0-cbcef2e40af1

Great job! No new security vulnerabilities introduced in this pull request

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.81%. Comparing base (6007445) to head (e439aa4).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #6097   +/-   ##
=======================================
  Coverage   84.81%   84.81%           
=======================================
  Files         721      721           
  Lines       52811    52811           
  Branches     7668     7668           
=======================================
  Hits        44791    44791           
  Misses       5328     5328           
  Partials     2692     2692           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.