feat: bump secp256k1 0.30→0.31 + sha2 0.10→0.11

[satyakwok]

Cluster B of the major-bump audit.

Changes

• secp256k1 0.30 → 0.31
• sha2 0.10 → 0.11

API migrations

Old	New
SecretKey::from_slice(&bytes)	SecretKey::from_byte_array([u8; 32])
Message::from_digest_slice(&digest)	Message::from_digest([u8; 32])
secp.sign_ecdsa(&msg, &sk)	secp.sign_ecdsa(msg, &sk) (msg now by value)

Verification

cargo test --features wallet — 5/5 pass, including well_known_metamask_test_key_derives_correct_address which verifies signing path against MetaMask's canonical test key.

Supersedes #8 (secp256k1) and #12 (sha2).

Summary by CodeRabbit

• Chores
  • Updated wallet signing dependencies to latest versions for improved security and stability.
  • Enhanced private key validation with stricter length checks and improved error handling in wallet signing operations.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 856c1feb-08ae-4887-9389-817f2e45b714

📥 Commits

Reviewing files that changed from the base of the PR and between 0d83bdb and 4f0a566.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock, !**/*.lock

📒 Files selected for processing (2)

• Cargo.toml
• src/wallet.rs

---

📝 Walkthrough

Walkthrough

This PR upgrades two wallet/signing dependencies in the Rust SDK: secp256k1 from 0.30 to 0.31 and sha2 from 0.10 to 0.11. The code in src/wallet.rs was updated to adapt to the new APIs. The from_private_key_hex method now decodes directly into a fixed-size [u8; 32] array and constructs the secret key using the new from_byte_array method. The build_and_sign_transfer method now converts the SHA-256 digest into a [u8; 32] array before creating the secp256k1 message using the new Message::from_digest API.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description provides the core information (what changed, API migrations, and verification), but diverges from the repository's template structure and omits several required checkboxes.	Align with the repository template by adding Scope, Checks, Linked issue, and Deploy impact sections with appropriate checkboxes to clarify testing status and deployment implications.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: bumping two critical cryptographic dependencies (secp256k1 and sha2) with their specific version transitions.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/bump-secp256k1-sha2

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}