Update starkbank-ecdsa and starkcore

[lucasmiranda-stark]

No description provided.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[rafaelcabral-stark]

@claude review

[claude]

This is a major version bump for starkbank-ecdsa (1.x → 2.x), which is used in signature verification and key handling — worth a human checking that the v2.0.0 API is still compatible with the existing usages.

Extended reasoning...

Overview

This PR updates two dependencies in pom.xml and adds a corresponding CHANGELOG entry:

• starkbank-ecdsa: 1.0.2 → 2.0.0 (major version bump)
• starkcore: 0.4.3 → 0.5.0 (minor version bump)

Security risks

starkbank-ecdsa is used in security-critical code paths in this SDK — specifically signature verification (Parse.java, Event.java, Response.java) and key handling (Key.java, User.java, Cache.java, Check.java). A MAJOR version bump by semver convention implies breaking API changes, which could potentially affect how signatures are produced or validated. If the upstream library changed default curves, hash algorithms, or serialization formats, the impact could be subtle and security-relevant.

Level of scrutiny

Dependency bumps in security-critical paths warrant human review even when the diff itself is trivial. The risk is not in the diff but in the upstream changes — which are not visible from this PR. A human reviewer should confirm the build passes, the test suite (which exercises signature verification) is green, and that the v2.0.0 API surface remains compatible with the existing import sites.

Other factors

The bug hunting system reported no issues, but it cannot verify upstream library compatibility from this diff alone. The CHANGELOG entry is appropriate. starkcore 0.4.3 → 0.5.0 is a minor bump and lower risk.