BOT: Dart Dependency Updater

[jpeiffer]

PR created automatically

dependencies:

• pointycastle: 3.9.1 --> 4.0.0

dev_dependencies:

• flutter_lints: 5.0.0 --> 6.0.0
• test: 1.25.12 --> 1.26.3

Error!!!

Resolving dependencies...


Because template_expressions depends on encrypt ^5.0.3 which depends on pointycastle ^3.6.2, pointycastle ^3.6.2 is required.
So, because template_expressions depends on pointycastle ^4.0.0, version solving failed.


You can try the following suggestion to make the pubspec resolve:
* Consider downgrading your constraint on pointycastle: dart pub add pointycastle:^3.9.1

Summary by CodeRabbit

• Chores
  • Applied automated dependency updates, including PointyCastle upgraded to version 4.0.0.

[coderabbitai]

Walkthrough

The PR updates the CHANGELOG with a new entry for version 3.3.1+3 noting automated dependency updates, and reformats pubspec.yaml to use double-quoted strings throughout while upgrading the pointycastle dependency from ^3.9.1 to ^4.0.0.

Changes

Cohort / File(s)	Change Summary
Changelog Entry CHANGELOG.md	Added new top-level entry for version 3.3.1+3 (November 11, 2025) with note about automated dependency updates.
Configuration and Dependency Updates pubspec.yaml	Normalized string quoting from single to double quotes across metadata, environment constraints, dependencies, dev_dependencies, permittedLicenses, packageLicenseOverride, and ignore_updates. Updated pointycastle dependency from ^3.9.1 to ^4.0.0. Minor formatting normalization applied.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• pointycastle version bump: Verify that the upgrade from ^3.9.1 to ^4.0.0 is compatible with the codebase and does not introduce breaking changes in the project's usage of this cryptographic library.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title 'BOT: Dart Dependency Updater' is partially related to the changeset but not the main point; it misses the critical issue.	Consider revising the title to reflect the actual challenge, such as 'BOT: Dart Dependency Updater (pointycastle constraint conflict)' or similar to highlight the dependency resolution error.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dart_update_1762826042116

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 35797eb and 947732f.

📒 Files selected for processing (2)

• CHANGELOG.md (1 hunks)
• pubspec.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (2)

CHANGELOG.md (1)

1-3: LGTM!

The changelog entry for version 3.3.1+3 follows the established format for automated dependency updates and is correctly dated. The entry placement and structure are consistent with existing entries.

pubspec.yaml (1)

26-27: Dev dependency updates look reasonable.

The flutter_lints and test versions are updated with no apparent conflicts. Consider verifying that these updates don't introduce breaking changes in your build or linting configuration.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

CRITICAL: Dependency conflict – pointycastle upgrade breaks encrypt compatibility.

Line 20 attempts to upgrade pointycastle to ^4.0.0, but the project depends on encrypt: ^5.0.3, which requires pointycastle: ^3.6.2. These version ranges don't overlap:

• pointycastle: ^3.6.2 = >=3.6.2 <4.0.0
• pointycastle: ^4.0.0 = >=4.0.0 <5.0.0

This breaks dependency resolution. As noted in the PR objectives, the solution is to keep pointycastle within the ^3.x range (e.g., ^3.9.1) until the encrypt package updates its pointycastle dependency.

Apply this diff to resolve the conflict:

-  pointycastle: "^4.0.0"
+  pointycastle: "^3.9.1"

Alternatively, verify whether encrypt ^5.0.3 has been updated to support pointycastle ^4.0.0 before proceeding.

---

---

🌐 Web query:

encrypt package pubspec pointycastle dependency version

💡 Result:

The encrypt package depends on pointycastle. Pub.dev lists pointycastle as a dependency but the package does not hard-pin a single version on the package page — see the dependencies list. For the exact version constraint used by a specific encrypt release, check that release's pubspec.yaml in the repo or the package version page on pub.dev. [1][2]

Sources:
[1] pub.dev — encrypt package (dependencies list).
[2] GitHub — leocavalcante/encrypt (repo with pubspec.yaml).

---

🌐 Web query:

pointycastle 4.0.0 encrypt package compatibility

💡 Result:

Short answer: encrypt (latest published 5.0.x) does not declare compatibility with pointycastle 4.0.0 and you will likely get a pub dependency conflict if you try to mix encrypt 4.x/5.x with pointycastle: ^4.0.0. Pub shows encrypt historically depended on pointycastle 3.x (encrypt changelog/versions) while pointycastle 4.0.0 is a 2025 release — so use dependency_overrides or a fork if you must run them together, or prefer packages updated for pointycastle 4.x. [1][2]

References:

• encrypt package versions & changelog (shows history and that encrypt updates target older pointycastle series). [1]
• pointycastle 4.0.0 changelog (release 2025-02-12). [2]

If you want, I can check your pubspec and produce a concrete dependency_overrides entry or test resolution for your specific versions.

---

CRITICAL: Dependency conflict – pointycastle upgrade breaks encrypt compatibility.

Line 20 attempts to upgrade pointycastle to ^4.0.0, but the project depends on encrypt: ^5.0.3, which requires pointycastle from the 3.x series. Encrypt (latest published 5.0.x) does not declare compatibility with pointycastle 4.0.0 and will result in a pub dependency conflict. These version ranges do not overlap:

• pointycastle: ^3.x (encrypt's requirement)
• pointycastle: ^4.0.0 (PR change)

Revert to keep pointycastle within the 3.x range:

-  pointycastle: "^4.0.0"
+  pointycastle: "^3.9.1"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	pointycastle: "^4.0.0"
	pointycastle: "^3.9.1"

🤖 Prompt for AI Agents

In pubspec.yaml around line 20, the upgrade to pointycastle: ^4.0.0 conflicts
with the project's encrypt: ^5.0.3 dependency which requires pointycastle 3.x;
revert pointycastle to the 3.x range (e.g., pointycastle: ^3.x or a specific
3.y.z that satisfies encrypt) and then run pub get to update the lockfile so
dependencies resolve without conflict.