Skip to content

Bump the dependencies group with 5 updates#36

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/dependencies-27bb06645e
Open

Bump the dependencies group with 5 updates#36
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/dependencies-27bb06645e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 5 updates:

Package From To
github.com/ethereum/go-ethereum 1.17.3 1.17.4
github.com/pk910/dynamic-ssz 1.3.1 1.3.2
github.com/pressly/goose/v3 3.27.1 3.27.2
golang.org/x/crypto 0.50.0 0.52.0
golang.org/x/net 0.53.0 0.55.0

Updates github.com/ethereum/go-ethereum from 1.17.3 to 1.17.4

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Flexible Polymer Casing (v1.17.4)

This is a maintenance release with accumulated bug fixes and improvements, and is recommended for all users. It also continues the implementation work for the upcoming Amsterdam hardfork.

One thing worth highlighting:

Fork Implementation (Amsterdam)

  • EIP-7928: Block-Level Access Lists: the block access list is now constructed and verified during block execution, with the serving side of the eth/71 BAL messages implemented (#34652, #34803, #34879, #34957, #34967, #34972, #34977, #35110)
  • EIP-8189: snap/2, a new state-sync protocol based on block-level access lists, has been added (#34626, #34807, #35098, #35155, #35158, #35163, #35178, #35180, #35181)
  • EIP-8037: state-creation gas cost increase, has been implemented (#33601)
    • The tracing system provides a new OnGasChangeV2 hook for multi-dimensional gas (#34946)
  • engine_newPayloadWithWitnessV5 has been added and the witness format now uses the canonical spec field ordering (#35009)
  • The evm t8n tooling has been updated for Amsterdam, adding BAL and slot-number support and binary-trie leaf export (#34843, #35025)
  • For EIP-7843, the slot number is now set for the pending block post-Amsterdam (#34792, #35036)

Geth

  • Caches are now sized against the cgroup memory cap (e.g. Docker --memory) when one is set (#34947)
  • A number of small command-line flag and logging issues have been fixed (#33880, #34732, #34943, #34948, #35011, #35104, #35116, #35136)
  • A number of long-deprecated command-line flags have been removed (#35021)

RPC

  • eth_baseFee has been added, returning the base fee of the next block (#34904, #35023)

  • eth_capabilities has been added, letting clients discover which historical data a node can serve (#33886)

  • debug_clearTxpool has been added to clear the transaction pool (#33347, #35130)

  • State-reading methods (eth_getBalance, eth_getCode, eth_getStorageAt, etc.) now default the block parameter to latest when omitted (#35100)

  • Fixes for eth_simulateV1: an incorrect "base fee too low" error code and a pre-Shanghai withdrawal regression (#34951, #34939)

  • debug_setHead now propagates rewind errors instead of silently ignoring them (#35001)

  • EIP-7702 transactions with a nil To address are now rejected (#35094)

  • HTTP RPC responses now always set Content-Length, and a WebSocket handshake status-code bug was fixed (#35072, #35111)

  • The client can now configure trace-context propagation via the traceparent header, and response writes are now traced (#35132, #35049)

GraphQL

  • GraphQL request bodies are now limited to 5 MiB (#35034)
  • Log-range queries with begin > 0 and end == 0 are now rejected (#35032)
  • The Block.raw resolver now returns empty bytes when the block body is missing (#35027)

Core

  • A global cache for JUMPDEST bitmaps speeds up EVM execution (#34850)
  • EVM stack operations are now computed in place, avoiding per-operand copies (#35156)
  • New code-cache hit/miss meters have been added (#34821)
  • A shutdown race in snapshot generation has been fixed (#33540)

... (truncated)

Commits
  • 36a7dc7 version: release go-ethereum v1.17.4
  • 6b72f26 triedb/pathdb: log the expected version in obsolete-index cleanup (#35194)
  • e5ff359 p2p/discover: fix waiting wrong duration (#35002)
  • 7c9032d all: change reflect.Ptr to reflect.Pointer (#35176)
  • 8c540cb eth/catalyst: add testing_commitBlockV1 (#34995)
  • 7122ecc eth/protocols/snap: remove uncovered states before resuming (#35159)
  • 0e810e4 eth, triedb, internal: add snap/2 sync progress (#35178)
  • 1be5da2 eth/protocols/snap: redo the snap sync if the bal is unavailable (#35181)
  • ad68ce2 eth: reserve peer slot for usable snap peer (#35180)
  • cb387c9 cmd/devp2p/internal/ethtest: validate received txs, not the sent ones (#35170)
  • Additional commits viewable in compare view

Updates github.com/pk910/dynamic-ssz from 1.3.1 to 1.3.2

Release notes

Sourced from github.com/pk910/dynamic-ssz's releases.

v1.3.2

Added

  • Add support for ssz-type:"optional-list" to encode Go pointer fields as canonical SSZ List[T, 1]

Changed

  • Performance improvements in codegen marshal/unmarshal and hash-tree-root operations
  • Bump github.com/pk910/hashtree-bindings dependency to 0.2.2 for optimized riscv support
  • Update CI actions including codeql-action, checkout, and codecov-action

Fixed

  • Fix hash-tree-root mismatch for progressive bitlists with all-zero top chunks
  • Fix streaming reflection unmarshal panic on malformed nested lists
  • Fix various marshal/HTR/stream inconsistencies found by differential fuzzing
  • Fix unmarshaling empty lists to an empty slice
  • Fix type tree traversal for fully delegated types

Full changelog

  • 2333215 Merge pull request #189 from pk910/pk910/fix-codegen-test
  • 6d971ab Merge pull request #188 from pk910/pk910/bump-hashtree-bindings
  • 732c414 Merge pull request #187 from pk910/pk910/fix-streaming-panic
  • 6fdd16d Merge pull request #185 from pk910/pk910/intercept-delegated-type-tree
  • 58432e2 Merge pull request #186 from pk910/pk910/fix-progressive-bitlist-htr
  • afcddcd Merge pull request #183 from pk910/dependabot/github_actions/all-actions-bf88fb21ad
  • c0d28dc Merge pull request #184 from pk910/pk910/ai-fuzzing-fixes
  • 77c5ea8 Merge pull request #181 from pk910/pk910/unmarshal-empty-lists
  • 8276039 Merge pull request #180 from pk910/pk910/ai-fixes
  • 1be86bf Merge pull request #178 from pk910/pk910/bump-hashtreeroot
  • caca3ea Merge pull request #179 from pk910/pk910/perf-improvements
  • d5c3b32 Merge pull request #177 from pk910/pk910/security-fixes
  • d7be46b Merge pull request #176 from pk910/dependabot/github_actions/all-actions-882fedbe01
  • abba2b6 Merge pull request #175 from pk910/dependabot/github_actions/all-actions-a29ea715d6
  • a5486e7 Merge pull request #174 from pk910/pk910/optionals-as-list
  • 3491e0a Merge pull request #172 from pk910/dependabot/github_actions/all-actions-8abaa2cbc6
  • 111bcb2 Merge pull request #170 from pk910/dependabot/go_modules/examples/basic/all-go-deps-38c889d3f8
  • 75efe61 Merge pull request #171 from pk910/pk910/codegem-view-fix
Changelog

Sourced from github.com/pk910/dynamic-ssz's changelog.

[v1.3.2] 2026-06-21

Added

  • Add support for ssz-type:"optional-list" to encode Go pointer fields as canonical SSZ List[T, 1]

Changed

  • Performance improvements in codegen marshal/unmarshal and hash-tree-root operations
  • Bump github.com/pk910/hashtree-bindings dependency to 0.2.2 for optimized riscv support
  • Update CI actions including codeql-action, checkout, and codecov-action

Fixed

  • Fix hash-tree-root mismatch for progressive bitlists with all-zero top chunks
  • Fix streaming reflection unmarshal panic on malformed nested lists
  • Fix various marshal/HTR/stream inconsistencies found by differential fuzzing
  • Fix unmarshaling empty lists to an empty slice
  • Fix type tree traversal for fully delegated types

Commits
  • 86ca5e5 release 1.3.2
  • 2333215 Merge pull request #189 from pk910/pk910/fix-codegen-test
  • 0f2d5a6 skip StaticTrueShallow test without generated code
  • 6d971ab Merge pull request #188 from pk910/pk910/bump-hashtree-bindings
  • 732c414 Merge pull request #187 from pk910/pk910/fix-streaming-panic
  • 49a68f4 update nested dependencies
  • 5b2f818 bump hashtree-bindings for optimized riscv support
  • c7a031f apply copilot suggestion
  • 2e65a37 fix: streaming reflection unmarshal panics on malformed nested list
  • 6fdd16d Merge pull request #185 from pk910/pk910/intercept-delegated-type-tree
  • Additional commits viewable in compare view

Updates github.com/pressly/goose/v3 from 3.27.1 to 3.27.2

Release notes

Sourced from github.com/pressly/goose/v3's releases.

v3.27.2

Changed

  • Upgrade golang.org/x/crypto and golang.org/x/net to address security advisories (CVE fixes)
  • Various dependency upgrades
Changelog

Sourced from github.com/pressly/goose/v3's changelog.

[v3.27.2] - 2026-06-30

Changed

  • Upgrade golang.org/x/crypto and golang.org/x/net to address security advisories (CVE fixes)
  • Various dependency upgrades
Commits
  • b0f7076 release: v3.27.2
  • 6669df2 build(deps): bump github.com/opencontainers/runc from 1.3.3 to 1.3.6 in /inte...
  • f61f5b9 build(deps): bump the gomod group across 1 directory with 4 updates (#1086)
  • 90d5b3a build(deps): bump actions/checkout from 6 to 7 (#1081)
  • cef6bb7 build(deps): bump golang crypto and net to FIX CVEs (#1083)
  • f2c327a build(deps): bump the gomod group across 1 directory with 7 updates (#1079)
  • d0bee40 Docs: mention MariaDB support (#1071)
  • See full diff in compare view

Updates golang.org/x/crypto from 0.50.0 to 0.52.0

Commits
  • a1c0d99 go.mod: update golang.org/x dependencies
  • 3c7c869 ssh: fix deadlock on unexpected channel responses
  • 533fb3f ssh: fix source-address critical option bypass
  • abbc44d ssh: fix incorrect operator order
  • e052873 ssh: fix infinite loop on large channel writes due to integer overflow
  • b61cf85 ssh: enforce user presence verification for security keys
  • 9c2cd33 ssh: enforce strict limits on DSA key parameters
  • 8907318 ssh: reject RSA keys with excessively large moduli
  • ffd87b4 ssh: fix panic when authority callbacks are nil
  • 4e7a738 ssh: fix deadlock on unexpected global responses
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.53.0 to 0.55.0

Commits
  • 7770ec4 go.mod: update golang.org/x dependencies
  • 4ece7b6 html: escape greater-than symbol in doctype identifiers
  • 08be507 html: improve Noah's Ark clause performance
  • a8fb2fe html: properly render fostered elements in foreign content
  • 0dc5b7a html: properly check namespace in "in body" any other end tag
  • a452f3c html: ignore duplicate attributes during tokenization
  • f865199 quic: fix appendMaxDataFrame erroneously accumulating sentLimit
  • 210ed3c quic: establish a "happened-before" relationship between stream write and read
  • ad8140e quic: fix buffer slicing when handling overlapping stream data
  • 23ee2ef http2: avoid API changes when built with go1.27
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum) | `1.17.3` | `1.17.4` |
| [github.com/pk910/dynamic-ssz](https://github.com/pk910/dynamic-ssz) | `1.3.1` | `1.3.2` |
| [github.com/pressly/goose/v3](https://github.com/pressly/goose) | `3.27.1` | `3.27.2` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.50.0` | `0.52.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.53.0` | `0.55.0` |


Updates `github.com/ethereum/go-ethereum` from 1.17.3 to 1.17.4
- [Release notes](https://github.com/ethereum/go-ethereum/releases)
- [Commits](ethereum/go-ethereum@v1.17.3...v1.17.4)

Updates `github.com/pk910/dynamic-ssz` from 1.3.1 to 1.3.2
- [Release notes](https://github.com/pk910/dynamic-ssz/releases)
- [Changelog](https://github.com/pk910/dynamic-ssz/blob/master/CHANGELOG.md)
- [Commits](pk910/dynamic-ssz@v1.3.1...v1.3.2)

Updates `github.com/pressly/goose/v3` from 3.27.1 to 3.27.2
- [Release notes](https://github.com/pressly/goose/releases)
- [Changelog](https://github.com/pressly/goose/blob/main/CHANGELOG.md)
- [Commits](pressly/goose@v3.27.1...v3.27.2)

Updates `golang.org/x/crypto` from 0.50.0 to 0.52.0
- [Commits](golang/crypto@v0.50.0...v0.52.0)

Updates `golang.org/x/net` from 0.53.0 to 0.55.0
- [Commits](golang/net@v0.53.0...v0.55.0)

---
updated-dependencies:
- dependency-name: github.com/ethereum/go-ethereum
  dependency-version: 1.17.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github.com/pk910/dynamic-ssz
  dependency-version: 1.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github.com/pressly/goose/v3
  dependency-version: 3.27.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: golang.org/x/crypto
  dependency-version: 0.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: golang.org/x/net
  dependency-version: 0.55.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants