build(deps): bump the go_modules group across 5 directories with 15 updates by dependabot[bot] · Pull Request #16 · celestiaorg/popsigner

dependabot · 2026-03-19T02:27:40Z

Bumps the go_modules group with 2 updates in the / directory: filippo.io/edwards25519 and google.golang.org/grpc.
Bumps the go_modules group with 6 updates in the /control-plane directory:

Package	From	To
golang.org/x/crypto	`0.42.0`	`0.45.0`
github.com/go-chi/chi/v5	`5.1.0`	`5.2.2`
github.com/redis/go-redis/v9	`9.7.0`	`9.7.3`
github.com/consensys/gnark-crypto	`0.18.0`	`0.18.1`
github.com/go-viper/mapstructure/v2	`2.2.1`	`2.4.0`
github.com/quic-go/quic-go	`0.54.0`	`0.57.0`

Bumps the go_modules group with 1 update in the /plugin directory: google.golang.org/grpc.
Bumps the go_modules group with 3 updates in the /popctl directory: golang.org/x/crypto, github.com/consensys/gnark-crypto and github.com/ethereum/go-ethereum.
Bumps the go_modules group with 5 updates in the /sdk-go directory:

Package	From	To
cosmossdk.io/math	`1.3.0`	`1.4.0`
filippo.io/edwards25519	`1.0.0`	`1.1.1`
github.com/dvsekhvalnov/jose2go	`1.6.0`	`1.7.0`
github.com/cosmos/cosmos-sdk	`0.50.10`	`0.50.14`
github.com/cometbft/cometbft	`0.38.12`	`0.38.21`

Updates filippo.io/edwards25519 from 1.1.0 to 1.1.1

Commits

d1c650a extra: initialize receiver in MultiScalarMult
See full diff in compare view

Updates google.golang.org/grpc from 1.77.0 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

grpc: Remove the -dev suffix from the User-Agent header. (grpc/grpc-go#8902)

Release 1.79.0

API Changes

mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)

Special Thanks: @vanja-p

experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)

pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.

This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)

xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)

balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)

Special Thanks: @marek-szews

Bug Fixes

credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)

Special Thanks: @Atul1710

xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)

health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)

Special Thanks: @sanki92

transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)

Special Thanks: @joybestourous

server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)

Special Thanks: @joybestourous

Performance Improvements

credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)

mem: Optimize pooling and creation of buffer objects. (#8784)

transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

... (truncated)

Commits

dda86db Change version to 1.79.3 (#8983)
72186f1 grpc: enforce strict path checking for incoming requests on the server (#8981)
97ca352 Changing version to 1.79.3-dev (#8954)
8902ab6 Change the version to release 1.79.2 (#8947)
a928670 Cherry-pick #8874 to v1.79.x (#8904)
06df363 Change version to 1.79.2-dev (#8903)
782f2de Change version to 1.79.1 (#8902)
850eccb Change version to 1.79.1-dev (#8851)
765ff05 Change version to 1.79.0 (#8850)
68804be Cherry pick #8864 to v1.79.x (#8896)
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.42.0 to 0.45.0

Commits

4e0068c go.mod: update golang.org/x dependencies
e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
f91f7a7 ssh/agent: prevent panic on malformed constraint
2df4153 acme/autocert: let automatic renewal work with short lifetime certs
bcf6a84 acme: pass context to request
b4f2b62 ssh: fix error message on unsupported cipher
79ec3a5 ssh: allow to bind to a hostname in remote forwarding
122a78f go.mod: update golang.org/x dependencies
c0531f9 all: eliminate vet diagnostics
0997000 all: fix some comments
Additional commits viewable in compare view

Updates github.com/go-chi/chi/v5 from 5.1.0 to 5.2.2

Release notes

Sourced from github.com/go-chi/chi/v5's releases.

v5.2.2

What's Changed

Use strings.Cut in a few places by @JRaspass in go-chi/chi#971

Fix non-constant format strings in t.Fatalf by @JRaspass in go-chi/chi#972

Apply fieldalignment fixes to optimize struct memory layout by @pixel365 in go-chi/chi#974

go 1.24 by @pkieltyka in go-chi/chi#977

chore: delint ioutil usage by @costela in go-chi/chi#962

Fixed typo in Router interface definition by @mithileshgupta12 in go-chi/chi#958

Add support for TinyGo by @efraimbart in go-chi/chi#978

Exclude middleware/profiler.go in TinyGo, as there's no net/http/pprof pkg by @cxjava in go-chi/chi#982

Make use of strings.Cut by @scop in go-chi/chi#1005

Change install command format to code block by @sglkc in go-chi/chi#1001

Correct documentation by @mrdomino in go-chi/chi#992

Security fix

Fixes GHSA-vrw8-fxc6-2r93 - "Host Header Injection Leads to Open Redirect in RedirectSlashes" commit

a lower-severity Open Redirect that can't be exploited in browser or email client, as it requires manipulation of a Host header

reported by Anuraag Baishya, @anuraagbaishya. Thank you!

New Contributors

@pixel365 made their first contribution in go-chi/chi#974

@mithileshgupta12 made their first contribution in go-chi/chi#958

@efraimbart made their first contribution in go-chi/chi#978

@cxjava made their first contribution in go-chi/chi#982

@sglkc made their first contribution in go-chi/chi#1001

@mrdomino made their first contribution in go-chi/chi#992

Full Changelog: go-chi/chi@v5.2.1...v5.2.2

v5.2.1

⚠️ Chi supports Go 1.20+

Starting this release, we will now support the four most recent major versions of Go. See go-chi/chi#963 for related discussion.

What's Changed

Support the four most recent major versions of Go by @VojtechVitek in go-chi/chi#969

Full Changelog: go-chi/chi@v5.2.0...v5.2.1

v5.2.0

What's Changed

update credits section to link to goji license by @pkieltyka in go-chi/chi#944

go 1.23 by @pkieltyka in go-chi/chi#945

Make Context.RoutePattern() nil-safe by @gaiaz-iusipov in go-chi/chi#927

govet: Fix non-constant format string by @marcofranssen in go-chi/chi#952

Add Find to Routes interface by @joeriddles in go-chi/chi#872

Fix grammar error by @AntonC9018 in go-chi/chi#917

~~feat(): add CF-Connecting-IP by @n33pm in go-chi/chi#908~~

~~Revert "feat(): add CF-Connecting-IP" by @VojtechVitek in go-chi/chi#966~~

... (truncated)

Commits

23c395f Correct documentation (#992)
5516d14 docs: change install code to code block (#1001)
e235052 Make use of strings.Cut (#1005)
1be7ad9 Merge commit from fork
d7034fd Exclude profiler when use tinygo (#982)
d047034 support tinygo (#978)
fe2c065 Fixed the typo (#958)
1aae5b2 chore: delint ioutil usage (#962)
c6225e3 go 1.24 (#977)
e846b83 Apply fieldalignment fixes to optimize struct memory layout (#974)
Additional commits viewable in compare view

Updates github.com/redis/go-redis/v9 from 9.7.0 to 9.7.3

Release notes

Sourced from github.com/redis/go-redis/v9's releases.

v9.7.3

What's Changed

fix: handle network error on SETINFO (#3295) (CVE-2025-29923)

Deprecating misspelled DisableIndentity flag in the client options.

Introducing DisableIdentity flag in the client options.

Updating the documentation related to the new flag and the one that was deprecated.

Full Changelog: redis/go-redis@v9.7.1...v9.7.3

v9.7.1

Changes

Recognize byte slice for key argument in cluster client hash slot computation (#3049)

fix(search&aggregate):fix error overwrite and typo #3220 (#3224)

fix: linter configuration (#3279)

fix(search): if ft.aggregate use limit when limitoffset is zero (#3275)

Reinstate read-only lock on hooks access in dialHook to fix data race (#3225)

fix: flaky ClientKillByFilter test (#3268)

chore: fix some comments (#3226)

fix(aggregate, search): ft.aggregate bugfixes (#3263)

fix: add unstableresp3 to cluster client (#3266)

Fix race condition in clusterNodes.Addrs() (#3219)

SortByWithCount FTSearchOptions fix (#3201)

Eliminate redundant dial mutex causing unbounded connection queue contention (#3088)

Add guidance on unstable RESP3 support for RediSearch commands to README (#3177)

🚀 New Features

Add guidance on unstable RESP3 support for RediSearch commands to README (#3177)

🐛 Bug Fixes

fix(search): if ft.aggregate use limit when limitoffset is zero (#3275)

fix: add unstableresp3 to cluster client (#3266)

fix(aggregate, search): ft.aggregate bugfixes (#3263)

SortByWithCount FTSearchOptions fix (#3201)

Recognize byte slice for key argument in cluster client hash slot computation (#3049)

Contributors

We'd like to thank all the contributors who worked on this release!

@ofekshenawa, @Cgol9, @LINKIWI, @shawnwgit, @zhuhaicity, @bitsark, @vladvildanov, @ndyakov

Full Changelog: redis/go-redis@v9.7.0...v9.7.1

Commits

a29d91d release 9.7.3, retract 9.7.2 (#3314)
ce3034c bump version to 9.7.2
0af2b32 fix: handle network error on SETINFO (#3295) (CVE-2025-29923)
3d041a1 release: 9.7.1 patch (#3278)
See full diff in compare view

Updates github.com/consensys/gnark-crypto from 0.18.0 to 0.18.1

Release notes

Sourced from github.com/consensys/gnark-crypto's releases.

v0.18.1

Full Changelog: Consensys/gnark-crypto@v0.18.0...v0.18.1

Changelog

Sourced from github.com/consensys/gnark-crypto's changelog.

[v0.18.1] - 2025-10-28

Docs

add CHANGELOG for 0.18.1

Perf

limit memory allocation during Vector deserialization (#759)

Commits

fb04e95 docs: add CHANGELOG for 0.18.1
0a4d04a perf: limit memory allocation during Vector deserialization (#759)
See full diff in compare view

Updates github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.4.0

Release notes

Sourced from github.com/go-viper/mapstructure/v2's releases.

v2.4.0

What's Changed

refactor: replace interface{} with any by @sagikazarmark in go-viper/mapstructure#115

build(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by @dependabot[bot] in go-viper/mapstructure#114

Generic tests by @sagikazarmark in go-viper/mapstructure#118

Fix godoc reference link in README.md by @peczenyj in go-viper/mapstructure#107

feat: add StringToTimeLocationHookFunc to convert strings to *time.Location by @ErfanMomeniii in go-viper/mapstructure#117

feat: add back previous StringToSlice as a weak function by @sagikazarmark in go-viper/mapstructure#119

New Contributors

@ErfanMomeniii made their first contribution in go-viper/mapstructure#117

Full Changelog: go-viper/mapstructure@v2.3.0...v2.4.0

v2.3.0

What's Changed

build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in go-viper/mapstructure#46

build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by @dependabot in go-viper/mapstructure#47

[enhancement] Add check for reflect.Value in ComposeDecodeHookFunc by @mahadzaryab1 in go-viper/mapstructure#52

build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by @dependabot in go-viper/mapstructure#51

build(deps): bump actions/checkout from 4.2.0 to 4.2.2 by @dependabot in go-viper/mapstructure#50

build(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by @dependabot in go-viper/mapstructure#55

build(deps): bump actions/setup-go from 5.2.0 to 5.3.0 by @dependabot in go-viper/mapstructure#58

ci: add Go 1.24 to the test matrix by @sagikazarmark in go-viper/mapstructure#74

build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.5.0 by @dependabot in go-viper/mapstructure#72

build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 by @dependabot in go-viper/mapstructure#76

build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by @dependabot in go-viper/mapstructure#78

feat: add decode hook for netip.Prefix by @tklauser in go-viper/mapstructure#85

Updates by @sagikazarmark in go-viper/mapstructure#86

build(deps): bump github/codeql-action from 2.13.4 to 3.28.15 by @dependabot in go-viper/mapstructure#87

build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot in go-viper/mapstructure#93

build(deps): bump github/codeql-action from 3.28.15 to 3.28.17 by @dependabot in go-viper/mapstructure#92

build(deps): bump github/codeql-action from 3.28.17 to 3.28.19 by @dependabot in go-viper/mapstructure#97

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot in go-viper/mapstructure#96

Update README.md by @peczenyj in go-viper/mapstructure#90

Add omitzero tag. by @Crystalix007 in go-viper/mapstructure#98

Use error structs instead of duplicated strings by @m1k1o in go-viper/mapstructure#102

build(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by @dependabot in go-viper/mapstructure#101

feat: add common error interface by @sagikazarmark in go-viper/mapstructure#105

update linter by @sagikazarmark in go-viper/mapstructure#106

Feature allow unset pointer by @rostislaved in go-viper/mapstructure#80

New Contributors

@tklauser made their first contribution in go-viper/mapstructure#85

@peczenyj made their first contribution in go-viper/mapstructure#90

@Crystalix007 made their first contribution in go-viper/mapstructure#98

@rostislaved made their first contribution in go-viper/mapstructure#80

Full Changelog: go-viper/mapstructure@v2.2.1...v2.3.0

Commits

b9794a5 Merge pull request #119 from go-viper/string-to-weak-slice
17cdcb0 feat: add back previous StringToSlice as a weak function
3caca36 Merge pull request #117 from ErfanMomeniii/main
9a861bc Merge pull request #107 from peczenyj/patch-2
86ed5b5 refactor: update
ace5b4e chore: add interface any linter
1a4f1ae Merge pull request #118 from go-viper/generic-tests
a268909 fix: lint
17f1fd4 test: add more comments
b48c856 test: expand tests
Additional commits viewable in compare view

Updates github.com/quic-go/quic-go from 0.54.0 to 0.57.0

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.57.0

This release contains a fix for CVE-2025-64702 by reworking the HTTP/3 header processing logic:

Both client and server now send their respective header size constraints using the SETTINGS_MAX_FIELD_SECTION_SIZE setting: #5431

For any QPACK-related errors, the correct error code (QPACK_DECOMPRESSION_FAILED) is now used: #5439

QPACK header parsing is now incremental (instead of parsing all headers at once), which is ~5-10% faster and reduces allocations: #5435 (and quic-go/qpack#67)

The server now sends a 431 status code (Request Header Fields Too Large) when encountering HTTP header fields exceeding the size constraint: #5452

Breaking Changes

http3: Transport.MaxResponseBytes is now an int (before: int64): #5433

Notable Fixes

qlogwriter: fix storing of event schemas (this prevented qlog event logging from working for HTTP/3): #5430

http3: errors sending the request are now ignored, instead, the response from the server is read (thereby allowing the client to read the status code, for example): #5432

What's Changed

build(deps): bump golangci/golangci-lint-action from 8 to 9 by @dependabot[bot] in quic-go/quic-go#5426

qlogwriter: fix storing of event schemas by @marten-seemann in quic-go/quic-go#5430

http3: send SETTINGS_MAX_FIELD_SECTION_SIZE in the SETTINGS frame by @marten-seemann in quic-go/quic-go#5431

http3: read response after encountering error sending the request by @marten-seemann in quic-go/quic-go#5432

http3: make Transport.MaxResponseBytes an int by @marten-seemann in quic-go/quic-go#5433

http3: add a benchmark for header parsing by @marten-seemann in quic-go/quic-go#5435

update qpack to v0.6.0 by @marten-seemann in quic-go/quic-go#5434

http3: use QPACK_DECOMPRESSION_FAILED for QPACK errors by @marten-seemann in quic-go/quic-go#5439

add documentation for Conn.NextConnection by @marten-seemann in quic-go/quic-go#5442

ackhandler: don’t generate an immediate ACK for the first packet by @marten-seemann in quic-go/quic-go#5447

don’t arm connection timer for connection ID retirement by @marten-seemann in quic-go/quic-go#5449

README: add nodepass to list of projects by @yosebyte in quic-go/quic-go#5448

qlogwriter: use synctest to make tests deterministic by @marten-seemann in quic-go/quic-go#5454

http3: limit size of decompressed headers by @marten-seemann in quic-go/quic-go#5452

New Contributors

@yosebyte made their first contribution in quic-go/quic-go#5448

Full Changelog: quic-go/quic-go@v0.56.0...v0.57.0

v0.56.0

This release introduces qlog support for HTTP/3 (#5367, #5372, #5374, #5375, #5376, #5381, #5383).

For this, we completely changed how connection tracing works. Instead of a general-purpose logging.ConnectionTracer (which we removed entirely), we now have a qlog-specific tracer (#5356, #5417). quic-go users can now implement their own qlog events.

It also removes the Prometheus-based metrics collection. Please comment on the tracking issue (#5294) if you rely on metrics and are interested in seeing metrics brought back in a future release.

Notable Changes

replaced the unmaintained gojay with a custom, performance-optimized JSON encoder (#5353, #5371)

... (truncated)

Commits

5b2d212 http3: limit size of decompressed headers (#5452)
e80b378 qlogwriter: use synctest to make tests deterministic (#5454)
d43c589 README: add nodepass to list of projects (#5448)
ca2835d don’t arm connection timer for connection ID retirement (#5449)
e84ebae ackhandler: don’t generate an immediate ACK for the first packet (#5447)
d4d168f add documentation for Conn.NextConnection (#5442)
4cdebbe http3: use QPACK_DECOMPRESSION_FAILED for QPACK errors (#5439)
b7886d5 update qpack to v0.6.0 (#5434)
2fc9705 http3: add a benchmark for header parsing (#5435)
dafdd6f http3: make Transport.MaxResponseBytes an int (#5433)
Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.77.0 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

grpc: Remove the -dev suffix from the User-Agent header. (grpc/grpc-go#8902)

Release 1.79.0

API Changes

mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)

Special Thanks: @vanja-p

experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)

pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.

This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)

xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)

balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)

Special Thanks: @marek-szews

Bug Fixes

credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)

Special Thanks: @Atul1710

xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)

health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)

Special Thanks: @sanki92

transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)

Special Thanks: @joybestourous

server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)

Special Thanks: @joybestourous

Performance Improvements

credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)

mem: Optimize pooling and creation of buffer objects. (#8784)

transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

... (truncated)

Commits

dda86db Change version to 1.79.3 (#8983)
72186f1 grpc: enforce strict path checking for incoming requests on the server (#8981)
97ca352 Changing version to 1.79.3-dev (#8954)
8902ab6 Change the version to release 1.79.2 (#8947)
a928670 Cherry-pick #8874 to v1.79.x (#8904)
06df363 Change version to 1.79.2-dev (#8903)
782f2de Change version to 1.79.1 (#8902)
850eccb Change version to 1.79.1-dev (#8851)
765ff05 Change version to 1.79.0 (#8850)
68804be Cherry pick #8864 to v1.79.x (#8896)
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.22.0 to 0.45.0

Commits

4e0068c go.mod: update golang.org/x dependencies
e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
f91f7a7 ssh/agent: prevent panic on malformed constraint
2df4153 acme/autocert: let automatic renewal work with short lifetime certs
bcf6a84 acme: pass context to request
b4f2b62 ssh: fix error message on unsupported cipher
79ec3a5 ssh: allow to bind to a hostname in remote forwarding
122a78f go.mod: update golang.org/x dependencies
c0531f9 all: eliminate vet diagnostics
0997000 all: fix some comments
Additional commits viewable in compare view

Updates github.com/consensys/gnark-crypto from 0.12.1 to 0.18.1

Release notes

Sourced from github.com/consensys/gnark-crypto's releases.

v0.18.1

Full Changelog: Consensys/gnark-crypto@v0.18.0...v0.18.1

Changelog

Sourced from github.com/consensys/gnark-crypto's changelog.

[v0.18.1] - 2025-10-28

Docs

add CHANGELOG for 0.18.1

Perf

limit memory allocation during Vector deserialization (#759)

Commits

fb04e95 docs: add CHANGELOG for 0.18.1
0a4d04a perf: limit memory allocation during Vector deserialization (#759)
See full diff in compare view

Updates github.com/ethereum/go-ethereum from 1.14.12 to 1.17.0

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Eezo-Inlaid Circuitry (v1.17.0)

This is a feature release, with all accumulated development from the last 3 months. See below for the highlights.

Note that this release contains multiple critical security fixes, as well as many bug fixes, and is recommended for all users. However, if you are cautious about upgrades, you can also install v1.16.9 which has just the critical security fixes. Specifically, this release fixes CVE-2026-26313, CVE-2026-26314, CVE-2026-26315.

We recommend recreating your p2p node key after installing this update, which you can do by removing the DATADIR/geth/nodekey file before restarting geth. Note this will cause a change in the p2p node ID, which may break static peering setups.

Highlights

Path-based Archive Node with Proofs

The path-based archive node can now serve proofs (via eth_getProof) for the state of older blocks.

You can configure the block range that supports proving independently from other archive state availability. Specifically, you can use the --history.trienode command-line flag to set the amount of blocks for which tree nodes will be tracked.

This feature is disabled by default. Note that state history cannot easily be recovered once deleted, as it can only be generated by processing blocks. However, you can enable trienode history (and/or state history) at any time to turn a full node into a partial archive node, keeping state from that point in time onwards.

#32727, #32621, #33551, #32981, #33399, #32913, #33303, #33584, #33329, #33681, #33103, #33098, #33515, #32247

EraE History Support

Geth now suports the EraE file format, an archival format for post-merge chain history.

#32157, #33827

OpenTelemetry Tracing

OpenTelemetry tracing is now supported by the RPC se...
Description has been truncated

…pdates Bumps the go_modules group with 2 updates in the / directory: [filippo.io/edwards25519](https://github.com/FiloSottile/edwards25519) and [google.golang.org/grpc](https://github.com/grpc/grpc-go). Bumps the go_modules group with 6 updates in the /control-plane directory: | Package | From | To | | --- | --- | --- | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.42.0` | `0.45.0` | | [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.1.0` | `5.2.2` | | [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) | `9.7.0` | `9.7.3` | | [github.com/consensys/gnark-crypto](https://github.com/consensys/gnark-crypto) | `0.18.0` | `0.18.1` | | [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) | `2.2.1` | `2.4.0` | | [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) | `0.54.0` | `0.57.0` | Bumps the go_modules group with 1 update in the /plugin directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go). Bumps the go_modules group with 3 updates in the /popctl directory: [golang.org/x/crypto](https://github.com/golang/crypto), [github.com/consensys/gnark-crypto](https://github.com/consensys/gnark-crypto) and [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum). Bumps the go_modules group with 5 updates in the /sdk-go directory: | Package | From | To | | --- | --- | --- | | [cosmossdk.io/math](https://github.com/cosmos/cosmos-sdk) | `1.3.0` | `1.4.0` | | [filippo.io/edwards25519](https://github.com/FiloSottile/edwards25519) | `1.0.0` | `1.1.1` | | [github.com/dvsekhvalnov/jose2go](https://github.com/dvsekhvalnov/jose2go) | `1.6.0` | `1.7.0` | | [github.com/cosmos/cosmos-sdk](https://github.com/cosmos/cosmos-sdk) | `0.50.10` | `0.50.14` | | [github.com/cometbft/cometbft](https://github.com/cometbft/cometbft) | `0.38.12` | `0.38.21` | Updates `filippo.io/edwards25519` from 1.1.0 to 1.1.1 - [Commits](FiloSottile/edwards25519@v1.1.0...v1.1.1) Updates `google.golang.org/grpc` from 1.77.0 to 1.79.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.77.0...v1.79.3) Updates `golang.org/x/crypto` from 0.42.0 to 0.45.0 - [Commits](golang/crypto@v0.42.0...v0.45.0) Updates `github.com/go-chi/chi/v5` from 5.1.0 to 5.2.2 - [Release notes](https://github.com/go-chi/chi/releases) - [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md) - [Commits](go-chi/chi@v5.1.0...v5.2.2) Updates `github.com/redis/go-redis/v9` from 9.7.0 to 9.7.3 - [Release notes](https://github.com/redis/go-redis/releases) - [Changelog](https://github.com/redis/go-redis/blob/master/RELEASE-NOTES.md) - [Commits](redis/go-redis@v9.7.0...v9.7.3) Updates `github.com/consensys/gnark-crypto` from 0.18.0 to 0.18.1 - [Release notes](https://github.com/consensys/gnark-crypto/releases) - [Changelog](https://github.com/Consensys/gnark-crypto/blob/master/CHANGELOG.md) - [Commits](Consensys/gnark-crypto@v0.18.0...v0.18.1) Updates `github.com/go-viper/mapstructure/v2` from 2.2.1 to 2.4.0 - [Release notes](https://github.com/go-viper/mapstructure/releases) - [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md) - [Commits](go-viper/mapstructure@v2.2.1...v2.4.0) Updates `github.com/quic-go/quic-go` from 0.54.0 to 0.57.0 - [Release notes](https://github.com/quic-go/quic-go/releases) - [Commits](quic-go/quic-go@v0.54.0...v0.57.0) Updates `google.golang.org/grpc` from 1.77.0 to 1.79.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.77.0...v1.79.3) Updates `golang.org/x/crypto` from 0.22.0 to 0.45.0 - [Commits](golang/crypto@v0.42.0...v0.45.0) Updates `github.com/consensys/gnark-crypto` from 0.12.1 to 0.18.1 - [Release notes](https://github.com/consensys/gnark-crypto/releases) - [Changelog](https://github.com/Consensys/gnark-crypto/blob/master/CHANGELOG.md) - [Commits](Consensys/gnark-crypto@v0.18.0...v0.18.1) Updates `github.com/ethereum/go-ethereum` from 1.14.12 to 1.17.0 - [Release notes](https://github.com/ethereum/go-ethereum/releases) - [Commits](ethereum/go-ethereum@v1.14.12...v1.17.0) Updates `cosmossdk.io/math` from 1.3.0 to 1.4.0 - [Release notes](https://github.com/cosmos/cosmos-sdk/releases) - [Changelog](https://github.com/cosmos/cosmos-sdk/blob/main/CHANGELOG.md) - [Commits](cosmos/cosmos-sdk@log/v1.3.0...log/v1.4.0) Updates `filippo.io/edwards25519` from 1.0.0 to 1.1.1 - [Commits](FiloSottile/edwards25519@v1.1.0...v1.1.1) Updates `github.com/dvsekhvalnov/jose2go` from 1.6.0 to 1.7.0 - [Commits](dvsekhvalnov/jose2go@v1.6.0...v1.7.0) Updates `golang.org/x/crypto` from 0.26.0 to 0.32.0 - [Commits](golang/crypto@v0.42.0...v0.45.0) Updates `golang.org/x/net` from 0.28.0 to 0.34.0 - [Commits](golang/net@v0.28.0...v0.34.0) Updates `google.golang.org/grpc` from 1.64.1 to 1.70.0 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.77.0...v1.79.3) Updates `github.com/cosmos/cosmos-sdk` from 0.50.10 to 0.50.14 - [Release notes](https://github.com/cosmos/cosmos-sdk/releases) - [Changelog](https://github.com/cosmos/cosmos-sdk/blob/v0.50.14/CHANGELOG.md) - [Commits](cosmos/cosmos-sdk@v0.50.10...v0.50.14) Updates `github.com/cometbft/cometbft` from 0.38.12 to 0.38.21 - [Release notes](https://github.com/cometbft/cometbft/releases) - [Changelog](https://github.com/cometbft/cometbft/blob/main/CHANGELOG.md) - [Commits](cometbft/cometbft@v0.38.12...v0.38.21) Updates `github.com/golang/glog` from 1.2.0 to 1.2.3 - [Release notes](https://github.com/golang/glog/releases) - [Commits](golang/glog@v1.2.0...v1.2.3) --- updated-dependencies: - dependency-name: filippo.io/edwards25519 dependency-version: 1.1.1 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/grpc dependency-version: 1.79.3 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/go-chi/chi/v5 dependency-version: 5.2.2 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/redis/go-redis/v9 dependency-version: 9.7.3 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/consensys/gnark-crypto dependency-version: 0.18.1 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/go-viper/mapstructure/v2 dependency-version: 2.4.0 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/quic-go/quic-go dependency-version: 0.57.0 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/grpc dependency-version: 1.79.3 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/consensys/gnark-crypto dependency-version: 0.18.1 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/ethereum/go-ethereum dependency-version: 1.17.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: cosmossdk.io/math dependency-version: 1.4.0 dependency-type: indirect dependency-group: go_modules - dependency-name: filippo.io/edwards25519 dependency-version: 1.1.1 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/dvsekhvalnov/jose2go dependency-version: 1.7.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/crypto dependency-version: 0.32.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.34.0 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/grpc dependency-version: 1.70.0 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/cosmos/cosmos-sdk dependency-version: 0.50.14 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/cometbft/cometbft dependency-version: 0.38.21 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/golang/glog dependency-version: 1.2.3 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 19, 2026

dependabot bot mentioned this pull request Mar 19, 2026

build(deps): bump the go_modules group across 4 directories with 14 updates #13

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the go_modules group across 5 directories with 15 updates#16

build(deps): bump the go_modules group across 5 directories with 15 updates#16
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go_modules-9f3271234f

dependabot bot commented on behalf of github Mar 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 19, 2026

Release 1.79.3

Security

Release 1.79.2

Bug Fixes

Release 1.79.1

Bug Fixes

Release 1.79.0

API Changes

Behavior Changes

New Features

Bug Fixes

Performance Improvements

v5.2.2

What's Changed

Security fix

New Contributors

v5.2.1

⚠️ Chi supports Go 1.20+

What's Changed

v5.2.0

What's Changed

v9.7.3

What's Changed

v9.7.1

Changes

🚀 New Features

🐛 Bug Fixes

Contributors

v0.18.1

[v0.18.1] - 2025-10-28

Docs

Perf

v2.4.0

What's Changed

New Contributors

v2.3.0

What's Changed

New Contributors

v0.57.0

Breaking Changes

Notable Fixes

What's Changed

New Contributors

v0.56.0

Notable Changes

Release 1.79.3

Security

Release 1.79.2

Bug Fixes

Release 1.79.1

Bug Fixes

Release 1.79.0

API Changes

Behavior Changes

New Features

Bug Fixes

Performance Improvements

v0.18.1

[v0.18.1] - 2025-10-28

Docs

Perf

Eezo-Inlaid Circuitry (v1.17.0)

Highlights

Path-based Archive Node with Proofs

EraE History Support

OpenTelemetry Tracing

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants