Roll expat dependency

[jmagman]

A security analysis tool is reporting a security vulnerability in expat 2.5.

https://nvd.nist.gov/vuln/detail/CVE-2024-45492
https://nvd.nist.gov/vuln/detail/CVE-2024-45491
https://nvd.nist.gov/vuln/detail/CVE-2024-45490

DEP:

flutter/DEPS

Line 483 in e8366e3

Var('chromium_git') + '/external/github.com/libexpat/libexpat.git' + '@' + '654d2de0da85662fcc7644a7acd7c2dd2cfb21f0',

According to #91384 (comment) "it's only used for parsing the font file on Android" so we don't actually believe there's a live security issue.

Skia is on sha libexpat/libexpat@8e49998 as of 2 weeks ago:
https://skia-review.googlesource.com/c/skia/+/994776

See related issues #114734, #91384, and the last time it rolled flutter/engine#37383
Autoroll feature request: #114817

[jmagman]

Last release was 2.7.1
https://github.com/libexpat/libexpat/releases/tag/R_2_7_1
libexpat/libexpat@f9a3eeb

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. If you are still experiencing a similar issue, please open a new bug, including the output of flutter doctor -v and a minimal reproduction of the issue.