BOT: Dart Dependency Updater

[jpeiffer]

PR created automatically

dependencies:

• pointycastle: 3.9.1 --> 4.0.0

dev_dependencies:

• flutter_lints: 5.0.0 --> 6.0.0
• test: 1.25.12 --> 1.29.0

Error!!!

Resolving dependencies...


Because template_expressions depends on encrypt ^5.0.3 which depends on pointycastle ^3.6.2, pointycastle ^3.6.2 is required.
So, because template_expressions depends on pointycastle ^4.0.0, version solving failed.


You can try the following suggestion to make the pubspec resolve:
* Consider downgrading your constraint on pointycastle: dart pub add pointycastle:^3.9.1

Summary by CodeRabbit

• Chores
  • Released version 3.3.1+3 with automated dependency updates
  • Upgraded pointycastle dependency to version 4.0.0
  • Updated flutter_lints and test dependencies to newer releases

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The PR adds a changelog entry for version 3.3.1+3 documenting automated dependency updates and normalizes pubspec.yaml formatting by converting quote styles to double quotes across metadata and dependencies. Additionally, pointycastle is upgraded from ^3.9.1 to ^4.0.0, and dev dependencies are updated.

Changes

Cohort / File(s)	Summary
Changelog Update CHANGELOG.md	Adds new entry for version 3.3.1+3 dated January 27, 2026 with note "Automated dependency updates"
Dependency and Format Normalization pubspec.yaml	Normalizes quote style from single to double quotes across all metadata, dependencies, dev_dependencies, permittedLicenses, packageLicenseOverride, and ignore_updates entries; upgrades pointycastle from ^3.9.1 to ^4.0.0 (major version bump); updates flutter_lints and test to newer versions

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'BOT: Dart Dependency Updater' is generic and does not specifically describe the main changes. While it indicates automated dependency updates, it fails to mention that the pointycastle upgrade to ^4.0.0 causes a dependency resolution failure, which is the critical issue in this PR.	Clarify the title to reflect the actual outcome, such as 'BOT: Attempt Dart dependency updates (pointycastle upgrade fails resolution)' or similar, to better convey what the PR actually does and its current status.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@CHANGELOG.md`:
- Around line 1-3: The changelog entry "## [3.3.1+3] - January 27, 2026"
prematurely lists dependency updates that currently break dependency resolution
(e.g., pointycastle ^4.0.0); revert or mark this entry as provisional and add a
note referencing the unresolved pubspec.yaml conflict (or remove the specific
dependency mention) so the changelog only records confirmed, buildable
changes—once pubspec.yaml is fixed, update the "3.3.1+3" entry to reflect the
final, resolved dependency updates.

In `@pubspec.yaml`:
- Line 20: pubspec.yaml currently pins pointycastle to ^4.0.0 which conflicts
with encrypt ^5.0.3 (which requires pointycastle ^3.6.2); fix by either
downgrading pointycastle to a compatible version (e.g., pointycastle: "^3.9.1")
or replacing the encrypt dependency with encrypt_next (version 5.0.5+), update
the dependency entry for either pointycastle or encrypt/encrypt_next in
pubspec.yaml, run pub get to verify resolution, and ensure any code referencing
encrypt APIs remains compatible if you switch to encrypt_next.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Changelog entry documents changes that will fail to build.

This changelog entry is premature since the dependency updates it documents (specifically pointycastle ^4.0.0) cause dependency resolution failures. Once the pubspec.yaml conflict is resolved, this entry may need to be updated to reflect which dependencies were actually updated.

🤖 Prompt for AI Agents

In `@CHANGELOG.md` around lines 1 - 3, The changelog entry "## [3.3.1+3] - January
27, 2026" prematurely lists dependency updates that currently break dependency
resolution (e.g., pointycastle ^4.0.0); revert or mark this entry as provisional
and add a note referencing the unresolved pubspec.yaml conflict (or remove the
specific dependency mention) so the changelog only records confirmed, buildable
changes—once pubspec.yaml is fixed, update the "3.3.1+3" entry to reflect the
final, resolved dependency updates.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

latest version of encrypt dart package pointycastle 4.0 compatibility

💡 Result:

• Latest encrypt package version: encrypt 5.0.3 (latest on pub.dev; published ~2 years ago). [1]
• Latest pointycastle version: pointycastle 4.0.0 (published 2025-02-12; min Dart SDK 3.2). [2], [3]

Compatibility note: encrypt hasn’t released any version that explicitly targets pointycastle 4.x, so Dart’s dependency solver may block upgrading to pointycastle: ^4.0.0 in projects that use encrypt (unless you force overrides, which may break at runtime). [1], [2]

Practical option if you need pointycastle 4.x: use the maintained fork encrypt_next 5.0.5 (requires Dart 3.3+, and is positioned as a maintained fork of encrypt). [4], [5]

Sources:
[1] https://pub.dev/packages/encrypt/versions
[2] https://pub.dev/packages/pointycastle/versions
[3] https://pub.dev/packages/pointycastle/changelog
[4] https://pub.dev/packages/encrypt_next/versions
[5] https://pub.dev/packages/encrypt_next/versions/5.0.5

---

Dependency conflict: pointycastle ^4.0.0 is incompatible with encrypt ^5.0.3.

The pipeline confirms dependency resolution failed because encrypt ^5.0.3 (line 12) transitively depends on pointycastle ^3.6.2, which conflicts with this ^4.0.0 constraint. The latest encrypt version (5.0.3, from ~2 years ago) does not support pointycastle 4.x.

Options to resolve:

1. Revert to pointycastle: "^3.9.1" as suggested by the resolver
2. Replace encrypt with encrypt_next (5.0.5+), a maintained fork that supports pointycastle 4.x

🐛 Proposed fix (revert pointycastle)

-  pointycastle: "^4.0.0"
+  pointycastle: "^3.9.1"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	pointycastle: "^4.0.0"
	pointycastle: "^3.9.1"

🤖 Prompt for AI Agents

In `@pubspec.yaml` at line 20, pubspec.yaml currently pins pointycastle to ^4.0.0
which conflicts with encrypt ^5.0.3 (which requires pointycastle ^3.6.2); fix by
either downgrading pointycastle to a compatible version (e.g., pointycastle:
"^3.9.1") or replacing the encrypt dependency with encrypt_next (version
5.0.5+), update the dependency entry for either pointycastle or
encrypt/encrypt_next in pubspec.yaml, run pub get to verify resolution, and
ensure any code referencing encrypt APIs remains compatible if you switch to
encrypt_next.