Skip to content

chore(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3#11

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/github.com/cloudflare/circl-1.6.3
Open

chore(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3#11
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/github.com/cloudflare/circl-1.6.3

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 25, 2026
edited by pull-request-agent bot
Loading

User description

Bumps github.com/cloudflare/circl from 1.6.1 to 1.6.3.

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.6.3

Fix a bug on ecc/p384 scalar multiplication.

What's Changed

Full Changelog: cloudflare/circl@v1.6.2...v1.6.3

CIRCL v1.6.2

  • New SLH-DSA, improvements in ML-DSA for arm64.
  • Tested compilation on WASM.

What's Changed

New Contributors

Full Changelog: cloudflare/circl@v1.6.1...v1.6.2

Commits
  • 24ae53c Release CIRCL v1.6.3
  • 581020b Rename method to oddMultiplesProjective.
  • 12209a4 Removing unused cmov for jacobian points.
  • fcba359 ecc/p384: use of complete projective formulas for scalar multiplication.
  • 5e1bae8 ecc/p384: handle point doubling in point addition with Jacobian coordinates.
  • 3416046 Check opts for nil value.
  • a763d47 Release CIRCL v1.6.2
  • 3c70bf9 Bump x/crypto x/sys dependencies.
  • 3f0f15b Revert to using package-declared HPKE errors for shortkem instead of standard...
  • 23491bd Adding generic Power2Round method.
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

PR Type

Enhancement

Description

  • Bump github.com/cloudflare/circl to v1.6.3

  • Update go.sum checksums for new version

Diagram Walkthrough

flowchart LR
  gomod["go.mod dependency version"]
  gosum["go.sum checksums"]
  circl161["circl v1.6.1"]
  circl163["circl v1.6.3"]
  circl161 -- "upgrade" --> circl163
  gomod -- "reflects" --> circl163
  gosum -- "updates checksums for" --> circl163
Loading

File Walkthrough
Relevant files
Dependencies
go.mod
Update circl dependency version in go.mod                               

go.mod

  • Update github.com/cloudflare/circl from v1.6.1 to v1.6.3.
  • Keep dependency as indirect requirement.
 +1/-1     
go.sum
Refresh go.sum for circl v1.6.3                                                   

go.sum

  • Replace checksums for circl v1.6.1 with v1.6.3.
  • Add new go.mod checksum entry for v1.6.3.
 +2/-2     

@dependabot
chore(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3
34595e8 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.6.1 to 1.6.3.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](cloudflare/circl@v1.6.1...v1.6.3)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-version: 1.6.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Feb 25, 2026
@pull-request-agent
Copy link

pull-request-agent bot commented Feb 25, 2026

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪
🧪 No relevant tests
🔒 Security concerns

Cryptography change:
Updating github.com/cloudflare/circl may alter cryptographic primitives’ implementations or defaults. Review the 1.6.2 and 1.6.3 release notes for security fixes or behavior changes (e.g., constant-time operations, parameter defaults), and run integration tests touching TLS/crypto code paths.

⚡ Recommended focus areas for review

Indirect Dep Bump

Verify that bumping github.com/cloudflare/circl to 1.6.3 as an indirect dependency does not introduce build incompatibilities or transitive changes affecting crypto behavior in downstream consumers.

 
github.com/cloudflare/circl v1.6.3 // indirect
Check Sums

Ensure the new go.sum entries for github.com/cloudflare/circl v1.6.3 match upstream and that module verification passes in CI across all supported platforms.

 
github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg8=
github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4=

@pull-request-agent
Copy link

pull-request-agent bot commented Feb 25, 2026

PR Code Suggestions ✨

No code suggestions found for the PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code Review effort 1/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants