Chore(deps): Bump pynacl from 1.5 to 1.6.0

[dependabot]

Bumps pynacl from 1.5 to 1.6.0.

Changelog

Sourced from pynacl's changelog.

1.6.0 (2025-09-11)

• BACKWARDS INCOMPATIBLE: Removed support for Python 3.6 and 3.7.
• Added support for the low level AEAD AES bindings.
• Added support for crypto_core_ed25519_from_uniform.
• Update libsodium to 1.0.20-stable (2025-08-27 build).
• Added support for free-threaded Python 3.14.
• Added support for Windows on ARM wheels.

1.5.0 (2022-01-07)

• BACKWARDS INCOMPATIBLE: Removed support for Python 2.7 and Python 3.5.
• BACKWARDS INCOMPATIBLE: We no longer distribute manylinux1 wheels.
• Added manylinux2014, manylinux_2_24, musllinux, and macOS universal2 wheels (the latter supports macOS arm64).
• Update libsodium to 1.0.18-stable (July 25, 2021 release).
• Add inline type hints.

1.4.0 (2020-05-25)

• Update libsodium to 1.0.18.
• BACKWARDS INCOMPATIBLE: We no longer distribute 32-bit manylinux1 wheels. Continuing to produce them was a maintenance burden.
• Added support for Python 3.8, and removed support for Python 3.4.
• Add low level bindings for extracting the seed and the public key from crypto_sign_ed25519 secret key
• Add low level bindings for deterministic random generation.
• Add wheel and setuptools setup_requirements in setup.py (#485)
• Fix checks on very slow builders (#481, #495)
• Add low-level bindings to ed25519 arithmetic functions
• Update low-level blake2b state implementation
• Fix wrong short-input behavior of SealedBox.decrypt() (#517)
• Raise CryptPrefixError exception instead of InvalidkeyError when trying to check a password against a verifier stored in a unknown format (#519)
• Add support for minimal builds of libsodium. Trying to call functions not available in a minimal build will raise an UnavailableError exception. To compile a minimal build of the bundled libsodium, set the SODIUM_INSTALL_MINIMAL environment variable to any non-empty string (e.g. SODIUM_INSTALL_MINIMAL=1) for setup.

1.3.0 2018-09-26

• Added support for Python 3.7.
• Update libsodium to 1.0.16.
• Run and test all code examples in PyNaCl docs through sphinx's doctest builder.

... (truncated)

Commits

• 3209bf1 release 1.6.0 (#891)
• 15bc45d upgrade to libsodium 1.0.20-stable 2025-08-27 build (#890)
• ac958e0 fix doc mistake (#892)
• 593fb5e update changelog and drop support for python 3.7 (#888)
• 7bc6126 fix var casing in wheel builder (#889)
• 59f9595 Support Python 3.14 and 3.14t (#880)
• 2860f98 Bump actions/setup-python from 5 to 6 (#887)
• b712d60 Update CI for the new staticnode location (#885)
• 1780489 Bump actions/checkout from 4.2.2 to 4.3.0 (#883)
• e03ffee Bump actions/download-artifact from 4.3.0 to 5.0.0 (#882)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Failed to retrieve llama text: Invalid URL '/completion': No scheme supplied. Perhaps you meant https:///completion?

[foxpatch-aleph]

The PR bumps pynacl from 1.5 to 1.6.1, but the diff shows a version mismatch: the PR title and description claim to upgrade to 1.6.0, while the actual change pins to 1.6.1. Additionally, the existing comment '# Needed now as default with _load_account changement' is stale and unclear — if pynacl still needs to be pinned to an exact version (rather than using a range like >=1.5), that rationale should be documented. The upgrade itself is low-risk and beneficial (libsodium 1.0.20, Python 3.14 support), but the version discrepancy between the PR description and the actual change needs clarification.

pyproject.toml (line 45): The PR description says this bumps pynacl to 1.6.0, but the diff pins to pynacl==1.6.1. These should match. Please clarify which version is intended and ensure the PR title/description is consistent with the actual change.

pyproject.toml (line 45): The trailing comment '# Needed now as default with _load_account changement' is stale and vague. If an exact pin is still required (rather than >=1.5,<2), the comment should explain why (e.g. a known API break at a specific version). If the pin is no longer necessary, consider relaxing it to a range.

[foxpatch-aleph]

The PR title and description claim to bump pynacl from 1.5 to 1.6.0, but the actual diff pins the version to 1.6.1, not 1.6.0. This is a mismatch between the stated intent and the actual change. Additionally, the pinned version constraint (==) is overly strict for a dependency bump — it prevents users from receiving patch updates and may cause conflicts with other packages. The comment about '_load_account changement' that motivated the original strict pin should be re-evaluated to determine if it still applies and whether a range specifier (e.g. >=1.6,<2) would be more appropriate.

pyproject.toml (line 45): Version mismatch: the PR description states it bumps pynacl to 1.6.0, but the diff pins to ==1.6.1. These should match. Dependabot generated this PR for 1.6.0, so either the version here is wrong, or the PR description is stale. Please align the two.

pyproject.toml (line 45): The strict == pin is very restrictive. The original comment says it was 'Needed now as default with _load_account changement' — if that constraint no longer applies (or if pynacl 1.6.x has stabilised the relevant API), consider relaxing to >=1.6,<2 to allow future patch/minor updates without manual PRs.