BOT: Dart Dependency Updater

[jpeiffer]

PR created automatically

dependencies:

• pointycastle: 3.9.1 --> 4.0.0

dev_dependencies:

• flutter_lints: 5.0.0 --> 6.0.0
• test: 1.25.12 --> 1.28.0

Error!!!

Resolving dependencies...


Because template_expressions depends on encrypt ^5.0.3 which depends on pointycastle ^3.6.2, pointycastle ^3.6.2 is required.
So, because template_expressions depends on pointycastle ^4.0.0, version solving failed.


You can try the following suggestion to make the pubspec resolve:
* Consider downgrading your constraint on pointycastle: dart pub add pointycastle:^3.9.1

Summary by CodeRabbit

• Chores
  • Bumped version to 3.3.1+3.
  • Updated dependencies: PointyCastle to ^4.0.0, Flutter Lints to ^6.0.0, and Test to ^1.28.0 for improved compatibility and bug fixes.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Version 3.3.1+3 release includes automated dependency updates with quote formatting normalization across configuration files. CHANGELOG.md documents the changes. Pubspec.yaml reflects version bump and updates PointyCastle (^3.9.1 → ^4.0.0), flutter_lints (^5.0.0 → ^6.0.0), and test (^1.25.12 → ^1.28.0) dependencies.

Changes

Cohort / File(s)	Summary
Documentation & Project Metadata CHANGELOG.md	Added new changelog entry for version 3.3.1+3 documenting automated dependency updates
Manifest & Dependencies pubspec.yaml	Version bumped to 3.3.1+3; dependency updates: PointyCastle ^4.0.0, flutter_lints ^6.0.0, test ^1.28.0; quote formatting normalized throughout (single → double quotes)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'BOT: Dart Dependency Updater' is vague and generic, using broad terms that don't specify which dependencies were updated or the actual version changes.	Consider a more specific title like 'Update Dart dependencies: pointycastle, flutter_lints, and test' to clearly convey the specific changes being made.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

pubspec.yaml (1)

1-3: Quote formatting normalized to double quotes.

All string values have been changed from single quotes to double quotes. This is a consistent stylistic change with no functional impact.

Also applies to: 7-7, 10-23, 26-27, 30-75

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 35797eb and d7a9831.

📒 Files selected for processing (2)

• CHANGELOG.md
• pubspec.yaml

🧰 Additional context used

🪛 GitHub Actions: Pull Request Checker

pubspec.yaml

[error] 1-1: Dependency resolution failed: template_expressions depends on encrypt ^5.0.3 which depends on pointycastle ^3.6.2, but template_expressions depends on pointycastle ^4.0.0; version solving failed. You can try downgrading constraint on pointycastle to ^3.9.1. Failed to update packages. Command: 'dart pub get'.

🔇 Additional comments (2)

pubspec.yaml (2)

4-4: Version bump appropriate for dependency updates.

The build number increment (3.3.1+2 → 3.3.1+3) correctly reflects automated dependency updates without breaking changes.

---

26-27: Verify flutter_lints 6.0.0 SDK compatibility.

The major version bump to flutter_lints 6.0.0 introduces breaking changes: new lint rules (strict_top_level_inference, unnecessary_underscores, use_super_parameters), removed rules (prefer_equal_for_default_values, prefer_void_to_null), and requires Flutter 3.32+ and Dart 3.8+ minimum. Confirm your project's minimum SDK version supports these requirements. The test 1.28.0 update is backward compatible with no breaking changes.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

git ls-files | head -20

Repository: peiffer-innovations/template_expressions

Length of output: 528

---

🏁 Script executed:

find . -name "pubspec.yaml" -o -name "pubspec.lock" -o -name "package.json" | head -10

Repository: peiffer-innovations/template_expressions

Length of output: 98

---

🏁 Script executed:

cat -n pubspec.yaml 2>/dev/null || cat -n package.json 2>/dev/null || echo "Dependency file not found in common locations"

Repository: peiffer-innovations/template_expressions

Length of output: 2147

---

🏁 Script executed:

#!/bin/bash
# Fetch encrypt ^5.0.3 details
echo "=== Checking encrypt 5.0.3 dependencies ==="
curl -s "https://pub.dev/api/packages/encrypt/versions/5.0.3" | jq -r '.pubspec.dependencies // empty' 2>/dev/null || echo "Failed to fetch encrypt 5.0.3"

echo -e "\n=== Checking latest encrypt versions ==="
curl -s "https://pub.dev/api/packages/encrypt" | jq -r '.versions[-5:] | .[] | .version' 2>/dev/null | sort -V | tail -5

echo -e "\n=== Checking latest encrypt version dependencies ==="
curl -s "https://pub.dev/api/packages/encrypt" | jq -r '.latest.pubspec.dependencies // empty' 2>/dev/null

echo -e "\n=== Checking pointycastle versions available ==="
curl -s "https://pub.dev/api/packages/pointycastle" | jq -r '.versions[-10:] | .[] | .version' 2>/dev/null | sort -V | tail -10

Repository: peiffer-innovations/template_expressions

Length of output: 658

---

🏁 Script executed:

#!/bin/bash
# Check ALL encrypt versions for pointycastle compatibility
echo "=== Checking all encrypt versions for pointycastle constraint ==="
curl -s "https://pub.dev/api/packages/encrypt" | jq -r '.versions | .[] | "\(.version): \(.pubspec.dependencies.pointycastle // "no constraint")"' 2>/dev/null | head -20

Repository: peiffer-innovations/template_expressions

Length of output: 451

---

🏁 Script executed:

#!/bin/bash
# Double-check by getting all versions with full details
echo "=== Getting remaining encrypt versions ==="
curl -s "https://pub.dev/api/packages/encrypt" | jq -r '.versions | .[] | select(.version | startswith("5.")) | "\(.version): pointycastle=\(.pubspec.dependencies.pointycastle // "none")"' 2>/dev/null

Repository: peiffer-innovations/template_expressions

Length of output: 281

---

PR blocked by incompatible dependency constraint.

The changelog entry is properly formatted, but this PR cannot be merged due to an unresolvable dependency conflict. encrypt ^5.0.3 requires pointycastle ^3.6.2, but pubspec.yaml declares pointycastle ^4.0.0. No version of encrypt currently supports pointycastle 4.x.

To resolve this, you must downgrade pointycastle to a compatible version (e.g., ^3.9.1). There is no viable path to keep pointycastle ^4.0.0 without upgrading encrypt to a future version that supports it (currently unavailable).

🤖 Prompt for AI Agents

In CHANGELOG.md around lines 1 to 4, the PR is blocked by an incompatible
dependency: encrypt ^5.0.3 requires pointycastle ^3.6.2 but pubspec.yaml
currently requires pointycastle ^4.0.0; update pubspec.yaml to set pointycastle
to a compatible constraint (e.g., ^3.9.1), run package resolution (flutter pub
get or dart pub get) to regenerate pubspec.lock, verify the project builds/tests
pass, and commit the updated pubspec.yaml and lockfile so the changelog entry
can be merged.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

git ls-files | grep -E "(pubspec|\.yaml)" | head -20

Repository: peiffer-innovations/template_expressions

Length of output: 187

---

🏁 Script executed:

find . -name "pubspec.yaml" -type f

Repository: peiffer-innovations/template_expressions

Length of output: 98

---

🏁 Script executed:

cat -n pubspec.yaml | head -30

Repository: peiffer-innovations/template_expressions

Length of output: 955

---

🌐 Web query:

encrypt package dart pub.dev latest version pointycastle dependency

💡 Result:

The encrypt package on pub.dev is currently at version 5.0.3 (published ~2 years ago) and it lists pointycastle as a dependency. (pub.dev)

Citations:

• 1: https://pub.dev/packages/encrypt/versions

---

🌐 Web query:

encrypt 5.0.3 pointycastle dependency requirement

💡 Result:

encrypt 5.0.3 relies on pointycastle (3.x). In practice users/archives show encrypt 5.x used with pointycastle 3.6.2 (and later 3.x) — e.g. pub.dev encrypt package page (deps include pointycastle) and project sources using pointycastle 3.6.2. [1][2]

Sources:

• encrypt package (pub.dev) — dependencies include pointycastle. [1]
• Examples / community usage showing pointycastle 3.6.2 with encrypt 5.x. [2]

If you need the exact constraint from encrypt 5.0.3 pubspec (for a dependency_overrides or resolution), tell me and I’ll fetch the package pubspec file/archive and paste the exact version constraint.

---

🌐 Web query:

encrypt dart package version 6.0 pointycastle 4.0 compatibility

💡 Result:

Short answer: The official encrypt package latest stable is 5.0.3 (no 6.0 release). It was built against PointyCastle 3.x and is not guaranteed compatible with PointyCastle 4.0 — many users/forks force/patch PointyCastle versions or use maintained forks (e.g. encrypt_next) to support newer PointyCastle releases. Sources: pub.dev (encrypt 5.0.3), pub.dev (pointycastle 4.0.0), and encrypt_next changelog. [1][2][3]

Sources

• encrypt (pub.dev) — latest stable 5.0.3 (dependencies include pointycastle). [1]
• pointycastle (pub.dev) — 4.0.0 release. [2]
• encrypt_next changelog (notes about forcing/updating PointyCastle to support newer versions). [3]

---

🌐 Web query:

latest encrypt package dart pub.dev version after 5.0.3

💡 Result:

There is no version after 5.0.3 — the latest on pub.dev is 5.0.3. [1][2]

Sources:
[1] pub.dev - encrypt (All versions).
[2] pub.dev - encrypt 5.0.2 (package page showing Latest: 5.0.3).

---

CRITICAL: Dependency conflict blocks merge.

The pointycastle ^4.0.0 update (line 20) is incompatible with encrypt ^5.0.3 (line 12), which requires pointycastle ^3.6.2. This creates an unresolvable dependency conflict that prevents dart pub get from succeeding.

Resolution: Downgrade pointycastle to ^3.9.1 (or another compatible 3.x version). No newer version of encrypt supporting pointycastle 4.0.0 exists on pub.dev.

Also applies to: 20-20

🤖 Prompt for AI Agents

In pubspec.yaml around lines 12 and 20, there is an unresolvable dependency
conflict: encrypt ^5.0.3 (line 12) requires pointycastle ^3.6.2 but pointycastle
was updated to ^4.0.0 (line 20); to fix, change the pointycastle entry back to a
compatible 3.x version (e.g., ^3.9.1) on line 20 so it aligns with encrypt's
constraint and allows dart pub get to succeed.