Skip to content

Bump com.journeyapps:zxing-android-embedded from 3.6.0 to 4.3.0#3688

Open
dependabot[bot] wants to merge 2 commits into
masterfrom
dependabot/gradle/com.journeyapps-zxing-android-embedded-4.3.0
Open

Bump com.journeyapps:zxing-android-embedded from 3.6.0 to 4.3.0#3688
dependabot[bot] wants to merge 2 commits into
masterfrom
dependabot/gradle/com.journeyapps-zxing-android-embedded-4.3.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 1, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps com.journeyapps:zxing-android-embedded from 3.6.0 to 4.3.0.

Release notes

Sourced from com.journeyapps:zxing-android-embedded's releases.

v4.3.0

  • Minimum SDK version 19, but requires additional config (see readme) for < 24 compatibility.
  • Add ScanOptions and ScanContract for use with registerForActivityResult().
  • Deprecates IntentIntegrator. It is still available, but registerForActivityResult() is recommended instead.
  • Use minimal AndroidX libraries.
  • Use zxing:core 3.4.1 by default.

Full Changelog: journeyapps/zxing-android-embedded@v4.2.0...v4.3.0

v4.2.0

Changes

  • Fix MediaPlayer warnings (#587).
  • Prevent CameraConfigurationUtils clash (#609).
  • Add licenses to POM (#556).

Issues

Crashes on SDK versions older than 21 (#645).

Full Changelog: journeyapps/zxing-android-embedded@v4.1.0...v4.2.0

v4.1.0

  • Ability to hide the laser in ViewfinderView (#503).
  • Make possibleResultPoints method in BarcodeCallback optional (#504).
  • Ability to customize or disable the permission error dialog (#505).

v4.0.2

  • Use androidx.
  • Use zxing:core 3.4.0 by default.
  • Minimum SDK version 24, downgradable to 14.
  • Fix ArithmeticException.
  • Fix ResultPoint locations when camera is mirrored.
Changelog

Sourced from com.journeyapps:zxing-android-embedded's changelog.

4.3.0 (2021-10-25)

  • Minimum SDK version 19, but requires additional config (see readme) for < 24 compatibility.
  • Add ScanOptions and ScanContract for use with registerForActivityResult().
  • Deprecates IntentIntegrator.
  • Use minimal AndroidX libraries.

4.2.0 (2021-03-15)

  • Fix MediaPlayer warnings (#587).
  • Prevent CameraConfigurationUtils clash (#609).
  • Add licenses to POM (#556).
  • Bug: Crashes on SDK versions older than 21 (#645).

4.1.0 (2020-01-07)

  • Ability to hide the laser in ViewfinderView (#503).
  • Make possibleResultPoints method in BarcodeCallback optional (#504).
  • Ability to customize or disable the permission error dialog (#505).

4.0.2 (2019-09-07)

  • Use androidx.
  • Use zxing:core 3.4.0 by default.
  • Minimum SDK version 24.
  • Fix ArithmeticException.
  • Fix ResultPoint locations when camera is mirrored.

4.0.0 / 4.0.1 (2019-09-07)

  • Broken release - use 4.0.2.
Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump com.journeyapps:zxing-android-embedded from 3.6.0 to 4.3.0
e34f32a 
Bumps [com.journeyapps:zxing-android-embedded](https://github.com/journeyapps/zxing-android-embedded) from 3.6.0 to 4.3.0.
- [Release notes](https://github.com/journeyapps/zxing-android-embedded/releases)
- [Changelog](https://github.com/journeyapps/zxing-android-embedded/blob/master/CHANGES.md)
- [Commits](journeyapps/zxing-android-embedded@v3.6.0...v4.3.0)

---
updated-dependencies:
- dependency-name: com.journeyapps:zxing-android-embedded
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 1, 2026
@claude

claude Bot commented May 1, 2026

Copy link
Copy Markdown

Dependency Update Review: com.journeyapps:zxing-android-embedded 3.6.0 → 4.3.0

🔍 Dependency Analysis Summary

Package Old Version New Version Jump Type
com.journeyapps:zxing-android-embedded 3.6.0 4.3.0 MAJOR (3.x → 4.x)

Overall Risk: MEDIUM — This is a large jump spanning multiple major/minor releases. The library still compiles cleanly with CommCare's current usage, but IntentIntegrator (used in 2 production files) is now deprecated, and the v4.x series introduced an AndroidX migration and minimum SDK changes.

📋 Detailed Changelog Review

Package: com.journeyapps:zxing-android-embedded (3.6.0 → 4.3.0)

v4.0.2 (2019-09-07)

  • Migrated from android.support.* to AndroidX
  • Upgraded bundled zxing:core to 3.4.0
  • Minimum SDK became 24 (downgradable to 14 with extra config)
  • Fixed ArithmeticException and ResultPoint mirroring bug

v4.1.0 (2020-01-07)

  • BarcodeCallback.possibleResultPoints() made optional (default no-op) — no impact on CommCare which doesn't implement this interface directly
  • New: ability to hide the laser in ViewfinderView
  • New: ability to customize/disable the camera permission error dialog

v4.2.0 (2021-03-15)

v4.3.0 (2021-10-25)

  • Minimum SDK lowered back to 19 (requires desugaring/multidex config for < 24)
  • Added ScanOptions + ScanContract for the modern registerForActivityResult() API
  • IntentIntegrator deprecated — still functional, but the new ScanOptions/ScanContract approach is recommended
  • Switched to minimal AndroidX dependencies
  • Upgraded bundled zxing:core to 3.4.1

Breaking Changes: None for CommCare's current API usage. IntentIntegrator remains available.
Security Fixes: None documented.
Migration Notes: For < SDK 24 support, desugaring must be configured — CommCare already has this covered (coreLibraryDesugaring 'com.android.tools:desugar_jdk_libs_minimal:2.1.3' + coreLibraryDesugaringEnabled true in app/build.gradle).

⚠️ Impact Assessment

Breaking Changes Found: No hard breaks, but:

  • IntentIntegrator is deprecated in 4.3.0 and used in 2 production files:

    • app/src/org/commcare/views/widgets/WidgetUtils.java:77 — creates the scan intent via new IntentIntegrator(activity).createScanIntent()
    • app/src/org/commcare/views/widgets/BarcodeWidget.java:36 — fallback call in performCallout()

    These will compile and function correctly, but the build will generate deprecation warnings until migrated to ScanOptions/ScanContract.

Affected Files:

  • app/src/org/commcare/views/widgets/WidgetUtils.java — direct IntentIntegrator usage (deprecated, not broken)
  • app/src/org/commcare/views/widgets/BarcodeWidget.java — direct IntentIntegrator usage (deprecated, not broken)
  • app/src/org/commcare/utils/QRCodeEncoder.java, SelectInstallModeFragment.java, GlobalPrivilegeClaimingActivity.java — use com.google.zxing.BarcodeFormat etc. from the underlying zxing:core (unaffected; these are the core encoding classes, not the Android wrapper)

Test Impact: No unit tests exist for barcode scanning functionality. Manual regression testing of the QR/barcode scan flow is recommended.

Configuration Changes: None required. CommCare's existing coreLibraryDesugaring configuration already satisfies the v4.3.0 requirement for SDK < 24 support.

🛠️ Recommendations

Action Required:

  1. Merge is safe — no compile-time breakage, desugaring config is already in place.
  2. Follow-up ticket recommended: Migrate WidgetUtils.java and BarcodeWidget.java from IntentIntegrator to the modern ScanOptions + ScanContract (registerForActivityResult()) API to eliminate deprecation warnings and future-proof the barcode integration.

Testing Focus:

  • End-to-end barcode scan in a form (via BarcodeWidget)
  • QR code scan via SelectInstallModeFragment (app installation flow)
  • GlobalPrivilegeClaimingActivity QR code scan
  • Verify camera permission dialog still appears/behaves correctly
  • Test on a device running SDK 23 specifically (CommCare's minSdkVersion, and in the boundary range that required the desugaring workaround in v4.3.0)

Follow-up Tasks:

  • Open a ticket to migrate IntentIntegratorScanOptions/ScanContract in WidgetUtils.java and BarcodeWidget.java

Merge Recommendation: ✅ REVIEW_NEEDED — The update is safe to merge after manual QA of the barcode scan flows. No code changes are required to compile or run, but functional regression testing of all scan entry points is strongly advised given the size of the version jump (3.6 → 4.3).

📚 Useful Links

Reviewed by Claude — automated Dependabot PR analysis

@github-actions

github-actions Bot commented May 8, 2026

Copy link
Copy Markdown
Contributor

Code Coverage

Overall Project 26.56%

There is no coverage information present for the Files changed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@avazirna