build(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3

[dependabot]

Bumps github.com/cloudflare/circl from 1.6.1 to 1.6.3.

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.6.3

Fix a bug on ecc/p384 scalar multiplication.

What's Changed

• sign/mldsa: Check opts for nil value by @​armfazh in cloudflare/circl#582
• ecc/p384: Point addition must handle point doubling case. by @​armfazh in cloudflare/circl#583
• Release CIRCL v1.6.3 by @​armfazh in cloudflare/circl#584

Full Changelog: cloudflare/circl@v1.6.2...v1.6.3

CIRCL v1.6.2

• New SLH-DSA, improvements in ML-DSA for arm64.
• Tested compilation on WASM.

What's Changed

• Optimize pairing product computation by moving exponentiations to G1. by @​dfaranha in cloudflare/circl#547
• sign: Adding SLH-DSA signature by @​armfazh in cloudflare/circl#512
• Update code generators to CIRCL v1.6.1. by @​armfazh in cloudflare/circl#548
• ML-DSA: Add preliminary Wycheproof test vectors by @​bwesterb in cloudflare/circl#552
• go fmt by @​bwesterb in cloudflare/circl#554
• gz-compressing test vectors, use of HexBytes and ReadGzip functions. by @​armfazh in cloudflare/circl#555
• group: Removes use of elliptic Marshal and Unmarshal functions. by @​armfazh in cloudflare/circl#556
• Support encoding/decoding ML-DSA private keys (as long as they contain seeds) by @​bwesterb in cloudflare/circl#559
• Update to golangci-lint v2 by @​bwesterb in cloudflare/circl#560
• Preparation for ARM64 Implementation of poly operations for dilithium package. by @​elementrics in cloudflare/circl#562
• prepare power2Round for custom implementations in assembly by @​elementrics in cloudflare/circl#564
• ARM64 implementation for poly.PackLe16 by @​elementrics in cloudflare/circl#563
• add arm64 version of polyMulBy2toD by @​elementrics in cloudflare/circl#565
• add arm64 version of polySub by @​elementrics in cloudflare/circl#566
• group: add byteLen method for short groups and RandomScalar uses rand.Int by @​armfazh in cloudflare/circl#568
• add arm64 version of poly.Add/Sub by @​elementrics in cloudflare/circl#572
• group: Adding cryptobyte marshaling to scalars by @​armfazh in cloudflare/circl#569
• Bumping up to Go1.25 by @​armfazh in cloudflare/circl#574
• ci: Including WASM compilation. by @​armfazh in cloudflare/circl#577
• Revert to using package-declared HPKE errors for shortkem instead of standard library errors by @​harshiniwho in cloudflare/circl#578
• Release v1.6.2 by @​armfazh in cloudflare/circl#579

New Contributors

• @​dfaranha made their first contribution in cloudflare/circl#547
• @​elementrics made their first contribution in cloudflare/circl#562
• @​harshiniwho made their first contribution in cloudflare/circl#578

Full Changelog: cloudflare/circl@v1.6.1...v1.6.2

Commits

• 24ae53c Release CIRCL v1.6.3
• 581020b Rename method to oddMultiplesProjective.
• 12209a4 Removing unused cmov for jacobian points.
• fcba359 ecc/p384: use of complete projective formulas for scalar multiplication.
• 5e1bae8 ecc/p384: handle point doubling in point addition with Jacobian coordinates.
• 3416046 Check opts for nil value.
• a763d47 Release CIRCL v1.6.2
• 3c70bf9 Bump x/crypto x/sys dependencies.
• 3f0f15b Revert to using package-declared HPKE errors for shortkem instead of standard...
• 23491bd Adding generic Power2Round method.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by CodeRabbit

• Chores
  • Updated an indirect dependency library to the latest patch version.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 8f7910f and 5b7b6bc.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

---

Walkthrough

Updated an indirect dependency in go.mod, upgrading the cloudflare/circl package from v1.6.1 to v1.6.3. No changes to other dependencies or project configuration.

Changes

Cohort / File(s)	Summary
Dependency Update go.mod	Bumped github.com/cloudflare/circl from v1.6.1 to v1.6.3 (indirect dependency).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes the main change: a dependency version bump for github.com/cloudflare/circl from 1.6.1 to 1.6.3, which matches the raw summary and PR objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/go_modules/github.com/cloudflare/circl-1.6.3

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}