chore(deps): bump the go_modules group across 1 directory with 4 updates

[dependabot]

Bumps the go_modules group with 4 updates in the / directory: golang.org/x/crypto, github.com/consensys/gnark-crypto, github.com/go-chi/chi/v5 and github.com/ethereum/go-ethereum.

Updates golang.org/x/crypto from 0.40.0 to 0.45.0

Commits

• 4e0068c go.mod: update golang.org/x dependencies
• e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
• f91f7a7 ssh/agent: prevent panic on malformed constraint
• 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
• bcf6a84 acme: pass context to request
• b4f2b62 ssh: fix error message on unsupported cipher
• 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
• 122a78f go.mod: update golang.org/x dependencies
• c0531f9 all: eliminate vet diagnostics
• 0997000 all: fix some comments
• Additional commits viewable in compare view

Updates github.com/consensys/gnark-crypto from 0.18.0 to 0.18.1

Release notes

Sourced from github.com/consensys/gnark-crypto's releases.

v0.18.1

Full Changelog: Consensys/gnark-crypto@v0.18.0...v0.18.1

Changelog

Sourced from github.com/consensys/gnark-crypto's changelog.

[v0.18.1] - 2025-10-28

Docs

• add CHANGELOG for 0.18.1

Perf

• limit memory allocation during Vector deserialization (#759)

Commits

• fb04e95 docs: add CHANGELOG for 0.18.1
• 0a4d04a perf: limit memory allocation during Vector deserialization (#759)
• See full diff in compare view

Updates github.com/go-chi/chi/v5 from 5.0.12 to 5.2.2

Release notes

Sourced from github.com/go-chi/chi/v5's releases.

v5.2.2

What's Changed

• Use strings.Cut in a few places by @​JRaspass in go-chi/chi#971
• Fix non-constant format strings in t.Fatalf by @​JRaspass in go-chi/chi#972
• Apply fieldalignment fixes to optimize struct memory layout by @​pixel365 in go-chi/chi#974
• go 1.24 by @​pkieltyka in go-chi/chi#977
• chore: delint ioutil usage by @​costela in go-chi/chi#962
• Fixed typo in Router interface definition by @​mithileshgupta12 in go-chi/chi#958
• Add support for TinyGo by @​efraimbart in go-chi/chi#978
• Exclude middleware/profiler.go in TinyGo, as there's no net/http/pprof pkg by @​cxjava in go-chi/chi#982
• Make use of strings.Cut by @​scop in go-chi/chi#1005
• Change install command format to code block by @​sglkc in go-chi/chi#1001
• Correct documentation by @​mrdomino in go-chi/chi#992

Security fix

• Fixes GHSA-vrw8-fxc6-2r93 - "Host Header Injection Leads to Open Redirect in RedirectSlashes" commit
  • a lower-severity Open Redirect that can't be exploited in browser or email client, as it requires manipulation of a Host header
  • reported by Anuraag Baishya, @​anuraagbaishya. Thank you!

New Contributors

• @​pixel365 made their first contribution in go-chi/chi#974
• @​mithileshgupta12 made their first contribution in go-chi/chi#958
• @​efraimbart made their first contribution in go-chi/chi#978
• @​cxjava made their first contribution in go-chi/chi#982
• @​sglkc made their first contribution in go-chi/chi#1001
• @​mrdomino made their first contribution in go-chi/chi#992

Full Changelog: go-chi/chi@v5.2.1...v5.2.2

v5.2.1

⚠️ Chi supports Go 1.20+

Starting this release, we will now support the four most recent major versions of Go. See go-chi/chi#963 for related discussion.

What's Changed

• Support the four most recent major versions of Go by @​VojtechVitek in go-chi/chi#969

Full Changelog: go-chi/chi@v5.2.0...v5.2.1

v5.2.0

What's Changed

• update credits section to link to goji license by @​pkieltyka in go-chi/chi#944
• go 1.23 by @​pkieltyka in go-chi/chi#945
• Make Context.RoutePattern() nil-safe by @​gaiaz-iusipov in go-chi/chi#927
• govet: Fix non-constant format string by @​marcofranssen in go-chi/chi#952
• Add Find to Routes interface by @​joeriddles in go-chi/chi#872
• Fix grammar error by @​AntonC9018 in go-chi/chi#917
• feat(): add CF-Connecting-IP by @​n33pm in go-chi/chi#908
  • Revert "feat(): add CF-Connecting-IP" by @​VojtechVitek in go-chi/chi#966

... (truncated)

Changelog

Sourced from github.com/go-chi/chi/v5's changelog.

Changelog

Commits

• 23c395f Correct documentation (#992)
• 5516d14 docs: change install code to code block (#1001)
• e235052 Make use of strings.Cut (#1005)
• 1be7ad9 Merge commit from fork
• d7034fd Exclude profiler when use tinygo (#982)
• d047034 support tinygo (#978)
• fe2c065 Fixed the typo (#958)
• 1aae5b2 chore: delint ioutil usage (#962)
• c6225e3 go 1.24 (#977)
• e846b83 Apply fieldalignment fixes to optimize struct memory layout (#974)
• Additional commits viewable in compare view

Updates github.com/ethereum/go-ethereum from 1.16.0 to 1.16.8

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Moisture Filters (v1.16.8)

This is a security fix release and is recommended for all users. It resolves two p2p vulnerabilities reported through the Ethereum Foundation bug bounty program.

---

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go (use "stable" tag).
• Ubuntu packages in our Launchpad PPA repository.
• macOS packages in our Homebrew Tap repository.

Ballistic Drift Stabilizer (v1.16.7)

This is a re-roll of v1.16.6, including an important fix in the KZG cryptography library.

This release enables the Fusaka hardfork on Ethereum mainnet.

The Fusaka fork is scheduled to occur at 2025-12-03 21:49:11 UTC. Please upgrade your node to v1.16.7 in time for the fork.

This release also enables two blob-parameter-only (BPO) upgrades. These upgrades change protocol parameters to increase the available blob capacity.

• BPO1 on2025-12-09
• BPO2 on 2026-01-07

Fusaka

• Set mainnet timestamps for Osaka (#33063)
• Enable Fusaka for geth --dev mode (#32917)

RPC

• Add eth_sendRawTransactionSync which waits until either a timeout or the transaction is mined. This feature is mostly useful on L2s with lower blocktimes. (#32830, #32930, #32929)
• Add support for eth_simulateV1 in ethclient (#32856)
• Fix for an issue that might crash debug_traceCall (#33015)
• Fix for an issuer where local transactions were not persisted to the journal (#32921)

Core

• Fix for a cryptographic vulnerability in c-kzg-4844. This is only exploitable post-Fusaka. (#33093)
• Add geth --genesis flag as an alternative to running geth init genesis.json (#32844)
• Fix for receipt insertion during ERA file import. (#32934)
• Work on getting the trie node history in order to serve historical eth_getProof request with the new path-based archive node. (#32907, #32914, #32937)
• Further work on cmd/keeper, our guest program for zkVMs (#32816)
• Various optimizations (#32971, #32916, #32965, #32946)

... (truncated)

Commits

• abeb78c Merge branch 'dos-fixes' into release/1.16
• ce43eb9 version: release go-ethereum v1.16.8 stable
• 638741b crypto/ecies: use aes blocksize
• fdfd123 core/txpool: drop peers on invalid KZG proofs
• 8ecb686 version: begin v1.16.8 release cycle
• b9f3a3d Merge branch 'master' into release/1.16
• 07129d2 version: release go-ethereum v1.16.7 stable
• 653f8d4 go.mod: update to c-kzg v2.1.5 (#33093)
• 5b77af3 version: begin v1.16.7 release cycle
• 386c3de Merge branch 'master' into release/1.16
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[coveralls]

Pull Request Test Coverage Report for Build 21404086488

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 68.819%

---

Totals
Change from base Build 21404033705:	0.0%
Covered Lines:	14849
Relevant Lines:	21577

---

💛 - Coveralls