chore: bump saorsa-core to 0.14.1 and saorsa-pqc to 0.5

[mickvandijke]

Summary

• Bump saorsa-core from 0.14.0 to 0.14.1
• Bump saorsa-pqc from 0.4.0 to 0.5

Test plan

• Verify cargo build --release succeeds
• Verify cargo test passes
• Verify node starts and connects to bootstrap peers

🤖 Generated with Claude Code

[greptile-apps]

Greptile Summary

This PR bumps two core dependencies: saorsa-core from 0.14.0 to 0.14.1 (a patch-level update, backward compatible) and saorsa-pqc from 0.4.0 to 0.5 (a minor version jump that is treated as a potentially breaking change under Cargo's pre-1.0 semver rules).

Key observations:

• The saorsa-core bump is a patch release and should be safe with no API changes.
• The saorsa-pqc 0.4.x → 0.5.x bump crosses a minor version boundary in a pre-1.0 crate. In Cargo's SemVer interpretation, this is a compatible-but-potentially-breaking change. The test plan items (build, tests, network connectivity) should be completed and checked off to confirm the upgrade compiles and behaves correctly.
• The Cargo.lock file is excluded from version control via .gitignore. While this is intentional for this project, it means reproducible builds depend solely on the Cargo.toml version constraints rather than a pinned lockfile. This is a pre-existing pattern in this repo, not introduced by this PR.

Confidence Score: 4/5

• This PR is safe to merge once the test plan (build, tests, node connectivity) is verified — the changes are minimal and well-scoped.
• Only two dependency version lines changed. The saorsa-core patch bump is inherently safe. The saorsa-pqc minor bump may introduce breaking API changes (pre-1.0 semver), but this is easily caught by cargo build. The unchecked test plan items are the main remaining risk before merging.
• No files require special attention beyond confirming the test plan passes.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[saorsa-node v0.3.2] --> B[saorsa-core]
    A --> C[saorsa-pqc]
    B --> |before| D["saorsa-core = 0.14.0\n(>=0.14.0, <0.15.0)"]
    B --> |after| E["saorsa-core = 0.14.1\n(>=0.14.1, <0.15.0)\n✅ Patch bump — backward compatible"]
    C --> |before| F["saorsa-pqc = 0.4.0\n(>=0.4.0, <0.5.0)"]
    C --> |after| G["saorsa-pqc = 0.5\n(>=0.5.0, <0.6.0)\n⚠️ Minor bump — potentially breaking in pre-1.0"]

Loading

_{Last reviewed commit: a85b21e}

[Copilot]

Pull request overview

Updates Rust crate dependencies for saorsa-node to pick up the latest fixes/changes from the Saorsa ecosystem libraries.

Changes:

• Bump saorsa-core from 0.14.0 to 0.14.1
• Bump saorsa-pqc from 0.4.0 to 0.5

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[dirvine]

Thanks Mick. I checked the dependency bump and it looks good; the earlier CI failure was dependency publication timing rather than a source regression.