BOT: Dart Dependency Updater

[jpeiffer]

PR created automatically

dependencies:

• pointycastle: 3.9.1 --> 4.0.0

dev_dependencies:

• flutter_lints: 5.0.0 --> 6.0.0
• test: 1.25.12 --> 1.28.0

Error!!!

Resolving dependencies...


Because template_expressions depends on encrypt ^5.0.3 which depends on pointycastle ^3.6.2, pointycastle ^3.6.2 is required.
So, because template_expressions depends on pointycastle ^4.0.0, version solving failed.


You can try the following suggestion to make the pubspec resolve:
* Consider downgrading your constraint on pointycastle: dart pub add pointycastle:^3.9.1

Summary by CodeRabbit

• Chores
  • Automated dependency updates released in version 3.3.1+3.
  • Upgraded pointycastle to version 4.0.0.
  • Updated package constraints and manifest configuration.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The PR updates the changelog with a new version 3.3.1+3 entry and modifies pubspec.yaml with formatting changes (single to double quotes) and bumps the pointycastle dependency from ^3.9.1 to ^4.0.0. Other dependency constraints are reformatted.

Changes

Cohort / File(s)	Summary
Changelog Update CHANGELOG.md	Added new top-level version entry (3.3.1+3, December 16, 2025) with "Automated dependency updates" bullet.
Dependency Manifest pubspec.yaml	Converted all YAML string literals from single to double quotes throughout metadata, dependencies, dev dependencies, permittedLicenses, packageLicenseOverride, and ignore_updates. Bumped pointycastle from ^3.9.1 to ^4.0.0 (major version update).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Pointycastle major version bump (^3.9.1 → ^4.0.0): Verify compatibility and that breaking changes (if any) are addressed or intentional.
• Quoting style changes are uniform formatting and low-risk.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: automated dependency updates including pointycastle version bump and formatting changes in pubspec.yaml and CHANGELOG.md.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dart_update_1765850325438

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 35797eb and c84a020.

📒 Files selected for processing (2)

• CHANGELOG.md (1 hunks)
• pubspec.yaml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (3)

pubspec.yaml (3)

1-4: Version and formatting changes look consistent.

The version bump to 3.3.1+3 aligns with the changelog, and the conversion from single to double quotes is consistently applied throughout the manifest.

---

29-75: Formatting changes are consistent.

The conversion from single to double quotes for all string literals in the permittedLicenses, packageLicenseOverride, and ignore_updates sections is consistently applied.

---

26-27: No compatibility issues found. Both flutter_lints ^6.0.0 (requires Dart 3.8) and test ^1.28.0 (requires Dart >= 3.7) are compatible with the project's SDK constraint >=3.0.0 <4.0.0.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Dependency resolution will fail—cannot merge as-is.

The PR description indicates a critical dependency resolution error: encrypt ^5.0.3 requires pointycastle ^3.6.2, but this PR attempts to update to pointycastle ^4.0.0. This conflict will cause version solving to fail. The changelog documents updates that cannot be applied until the underlying dependency conflict is resolved.

🤖 Prompt for AI Agents

In CHANGELOG.md around lines 1 to 4, the changelog entry documents dependency
updates that cannot be applied because encrypt ^5.0.3 requires pointycastle
^3.6.2 while this PR bumps pointycastle to ^4.0.0; either resolve the dependency
conflict first or do not claim the update in the changelog. Fix by reverting or
removing the automated dependency-update note (or change it to state the update
was deferred due to a dependency conflict), and instead add a short note that
the pointycastle update is blocked by encrypt ^5.0.3 (or pin
encrypt/pointycastle to compatible versions and update package manifests before
updating the changelog).

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

encrypt package pub.dev latest version dependencies pointycastle

💡 Result:

• Latest encrypt package version on pub.dev: 5.0.3 (published ~2 years ago). [1]
• Dependencies include pointycastle (alongside args, asn1lib, clock, collection, crypto). [1]

Sources:
[1] pub.dev package page for encrypt (versions & dependencies).

---

🌐 Web query:

encrypt 5.0.3 pointycastle dependency pub.dev

💡 Result:

encrypt 5.0.3 has pointycastle listed as a dependency (see Dependencies on the package page). [1][2]

Sources:

• pub.dev package page (encrypt 5.0.3) — Dependencies includes pointycastle. [1]
• encrypt GitHub repository (pubspec.yaml in 5.x branch). [2]

---

🌐 Web query:

encrypt 6.0.0 pointycastle dependency flutter pub

💡 Result:

There is no encrypt 6.0.0 release on pub.dev — the latest stable encrypt version is 5.0.3. [1][2]

If you’re adding encrypt and get PointyCastle-related conflicts (web build or incompatible pointycastle version), pin or override pointycastle in your pubspec.yaml. Example (use the pointycastle release that fixes the issue, e.g. 3.9.x or 4.0.0):

• dependencies:
  encrypt: ^5.0.3

• dependency_overrides:
  pointycastle: ^4.0.0

Using dependency_overrides is a common fix for encrypt → pointycastle compatibility / web errors. [3][4]

Sources:

1. encrypt package versions (pub.dev). [1]
2. encrypt package page (pub.dev). [2]
3. pointycastle changelog (pub.dev). [4]
4. StackOverflow — workaround: dependency_overrides for pointycastle web issues. [3]

---

🏁 Script executed:

# Find pubspec.yaml in the repo
find . -name "pubspec.yaml" -type f | head -5

Repository: peiffer-innovations/template_expressions

Length of output: 98

---

🌐 Web query:

encrypt 5.0.3 pubspec.yaml pointycastle ^3 constraint pub.dev

💡 Result:

Use a dependency override to force pointycastle ^3 while keeping encrypt 5.0.3. Example pubspec.yaml snippet:

dependencies:
encrypt: ^5.0.3

other deps...

dependency_overrides:
pointycastle: ^3.0.0

encrypt 5.x had fixes around parsing PointyCastle ~3.x versions; forcing the PointyCastle 3 series via dependency_overrides resolves version mismatches. [1][2]

Sources:
[1] encrypt changelog (v5.0.3).
[2] pointycastle changelog / package versions.

---

🏁 Script executed:

cat -n ./pubspec.yaml | sed -n '1,30p'

Repository: peiffer-innovations/template_expressions

Length of output: 955

---

Blocker: pointycastle ^4.0.0 is incompatible with encrypt ^5.0.3.

encrypt ^5.0.3 (the latest version) requires pointycastle ~3.x. Having both dependencies in pubspec.yaml will cause dependency resolution to fail.

Resolution options:

1. Downgrade pointycastle to ^3.9.1 (as suggested in the PR description)
2. Use dependency_overrides to force pointycastle 3.x while keeping encrypt 5.0.3:

   dependency_overrides:
     pointycastle: ^3.9.1

3. Remove or replace the encrypt dependency if it's blocking the update

Note: No newer encrypt version supporting pointycastle 4.x is available on pub.dev.

🤖 Prompt for AI Agents

In pubspec.yaml at line 12, encrypt: "^5.0.3" is incompatible with pointycastle
^4.0.0 and breaks dependency resolution; fix by either (A) downgrading
pointycastle to a 3.x version (e.g., change pointycastle entry to ^3.9.1), or
(B) add a dependency_overrides section forcing pointycastle: ^3.9.1 so encrypt
can resolve, or (C) remove/replace the encrypt dependency with an alternative
that supports pointycastle 4.x; apply one of these changes to pubspec.yaml and
run pub get to verify resolution.