BOT: Dart Dependency Updater

[jpeiffer]

PR created automatically

dependencies:

• pointycastle: 3.9.1 --> 4.0.0

dev_dependencies:

• flutter_lints: 5.0.0 --> 6.0.0
• test: 1.25.12 --> 1.28.0

Error!!!

Resolving dependencies...


Because template_expressions depends on encrypt ^5.0.3 which depends on pointycastle ^3.6.2, pointycastle ^3.6.2 is required.
So, because template_expressions depends on pointycastle ^4.0.0, version solving failed.


You can try the following suggestion to make the pubspec resolve:
* Consider downgrading your constraint on pointycastle: dart pub add pointycastle:^3.9.1

Summary by CodeRabbit

• Chores

  • Updated project dependencies, including Pointycastle to the latest version
  • Standardized project metadata formatting

• Documentation

  • Added changelog entry for version 3.3.1+3 documenting automated dependency updates

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Added a new changelog entry for version 3.3.1+3 (January 6, 2026) documenting automated dependency updates. Updated pubspec.yaml with quote formatting standardization, dependency version updates including Pointycastle from ^3.9.1 to ^4.0.0, and metadata reformatting.

Changes

Cohort / File(s)	Summary
Changelog & Metadata Updates CHANGELOG.md, pubspec.yaml	Added new changelog entry [3.3.1+3] for January 6, 2026 with automated dependency updates note. Standardized quote formatting in pubspec.yaml metadata and dependencies from single to double quotes. Updated Pointycastle from ^3.9.1 to ^4.0.0; adjusted flutter_lints and test dependency versions with formatting changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'BOT: Dart Dependency Updater' accurately describes the main change—an automated dependency update. However, it's generic and doesn't specify the core issue: a conflicting pointycastle upgrade that fails dependency resolution.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

Fix all issues with AI Agents 🤖

In @pubspec.yaml:
- Line 4: Revert the premature version bump in pubspec.yaml: change the version
value back from "3.3.1+3" to the previous published version string (undo the
edit that modified the version field) and do not increment the version until the
pointycastle dependency conflict is resolved; ensure the version key in
pubspec.yaml remains unchanged while you fix dependency constraints (e.g.,
adjust pointycastle constraints or dependency_overrides) and only update the
version after those changes are merged and dependency resolution succeeds.
- Line 12: The update is failing because encrypt 5.0.3 depends on pointycastle
^3.x while the project currently requires pointycastle ^4.0.0; to fix, revert
the project's pointycastle constraint to a 3.x range compatible with encrypt
(e.g. change the pointycastle entry in pubspec.yaml to ^3.9.1), keep encrypt:
^5.0.3, run pub get to resolve deps and run tests; alternatively, if you cannot
downgrade pointycastle, remove or replace the encrypt dependency with a library
that supports pointycastle ^4.0.0.
- Around line 26-27: The pubspec currently uses flutter_lints ^6.0.0 which
requires Dart >=3.8; either update the SDK environment SDK constraint to
">=3.8.0 <4.0.0" (modify the environment:sdk entry) to match flutter_lints
^6.0.0, or keep the existing SDK constraint and downgrade flutter_lints to a 5.x
range (change the flutter_lints entry) so the package and SDK are compatible;
make one of these two changes and run pub get to verify resolution.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 35797eb and 1480f37.

📒 Files selected for processing (2)

• CHANGELOG.md
• pubspec.yaml

🔇 Additional comments (2)

pubspec.yaml (2)

1-3: LGTM: Formatting standardization.

The quote formatting standardization for metadata and dependency version strings is consistent and appropriate.

Also applies to: 7-7, 10-11, 13-19, 21-23

---

29-75: LGTM: License and ignore list formatting.

The quote formatting standardization for license configurations and ignore lists is consistent and maintains all original values.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Premature changelog entry given dependency conflict.

This changelog entry documents version 3.3.1+3 with automated dependency updates, but the PR objectives indicate a critical dependency resolution error with pointycastle. The version entry should only be added after the dependency conflict is resolved and the update can successfully complete.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Version bump is premature due to dependency conflict.

The version has been incremented to 3.3.1+3, but the PR has a critical dependency resolution error that prevents successful completion. The version should only be bumped after the pointycastle conflict is resolved.

🤖 Prompt for AI Agents

In @pubspec.yaml around line 4, Revert the premature version bump in
pubspec.yaml: change the version value back from "3.3.1+3" to the previous
published version string (undo the edit that modified the version field) and do
not increment the version until the pointycastle dependency conflict is
resolved; ensure the version key in pubspec.yaml remains unchanged while you fix
dependency constraints (e.g., adjust pointycastle constraints or
dependency_overrides) and only update the version after those changes are merged
and dependency resolution succeeds.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check latest encrypt version and its pointycastle dependency requirement

# Fetch encrypt package info from pub.dev
echo "=== Checking encrypt package versions (latest 15) ==="
curl -s "https://pub.dev/api/packages/encrypt" | jq -r '.versions[] | .version' | head -15

echo -e "\n=== Checking encrypt latest version details ==="
curl -s "https://pub.dev/api/packages/encrypt" | jq -r '.latest | {version: .version, pubspec: .pubspec}'

echo -e "\n=== Checking pointycastle version 4.0.0+ support in recent encrypt versions ==="
curl -s "https://pub.dev/api/packages/encrypt" | jq -r '.versions[] | select(.version | test("^5\\.|^6\\.")) | {version: .version, pubspec: .pubspec}' | head -40

Repository: peiffer-innovations/template_expressions

Length of output: 2071

---

Critical: Dependency conflict prevents this update.

encrypt 5.0.3 (latest version) depends on pointycastle ^3.6.2, which is incompatible with pointycastle ^4.0.0. This will cause dependency resolution to fail.

Resolution options:

1. Keep pointycastle at ^3.9.1 (as suggested in PR objectives)
2. Update encrypt to a version supporting pointycastle ^4.0.0 (no such version currently exists)
3. Remove or replace the encrypt dependency

🤖 Prompt for AI Agents

In @pubspec.yaml around line 12, The update is failing because encrypt 5.0.3
depends on pointycastle ^3.x while the project currently requires pointycastle
^4.0.0; to fix, revert the project's pointycastle constraint to a 3.x range
compatible with encrypt (e.g. change the pointycastle entry in pubspec.yaml to
^3.9.1), keep encrypt: ^5.0.3, run pub get to resolve deps and run tests;
alternatively, if you cannot downgrade pointycastle, remove or replace the
encrypt dependency with a library that supports pointycastle ^4.0.0.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat -n pubspec.yaml | head -50

Repository: peiffer-innovations/template_expressions

Length of output: 1557

---

🌐 Web query:

breaking changes flutter_lints 6.0.0 compared to 5.0.0

💡 Result:

Short answer — breaking / notable changes in flutter_lints 6.0.0 vs 5.0.0:

• Bumps package:lints to 6.0.0 (includes new lints: strict_top_level_inference and unnecessary_underscores). [1][2]
• Raises minimum SDK requirement to Flutter 3.32 / Dart 3.8 (you may need to upgrade your Flutter/Dart SDK to use flutter_lints ^6.0.0). [1][2]

Sources:
[1] flutter_lints CHANGELOG (6.0.0).
[2] flutter_lints package page / changelog on pub.dev.

---

🌐 Web query:

breaking changes Dart test package 1.28.0 compared to 1.25.12

💡 Result:

Short answer: No explicit breaking changes were introduced in test 1.28.0 compared to 1.25.12. The 1.28.0 release adds new matchers and tweaks behavior but does not list any BREAKING notes. [1]

Notable changes in 1.28.0 you should review (may affect tests):

• Added isSorted and related iterable matchers. [1]
• equals() now considers NaN equal to itself (changes matcher behavior for NaN). [1]
• Bumped test_core and allowed newer package:matcher; removed an unused js dependency (dependency/behavior changes). [1]

Reference: package:test changelog. [1]

---

Update SDK constraint or downgrade flutter_lints to maintain compatibility.

The project's SDK constraint allows Dart 3.0.0, but flutter_lints ^6.0.0 requires a minimum of Dart 3.8. Either update the SDK constraint to >=3.8.0 <4.0.0 or revert flutter_lints to version 5.x to resolve this incompatibility.

The test ^1.28.0 update is compatible with the project; no breaking changes were introduced (only behavior refinements like NaN equality handling in matchers).

🤖 Prompt for AI Agents

In @pubspec.yaml around lines 26-27, The pubspec currently uses flutter_lints
^6.0.0 which requires Dart >=3.8; either update the SDK environment SDK
constraint to ">=3.8.0 <4.0.0" (modify the environment:sdk entry) to match
flutter_lints ^6.0.0, or keep the existing SDK constraint and downgrade
flutter_lints to a 5.x range (change the flutter_lints entry) so the package and
SDK are compatible; make one of these two changes and run pub get to verify
resolution.