build(deps): Bump the all-go group across 6 directories with 4 updates

[dependabot]

Bumps the all-go group with 1 update in the / directory: golang.org/x/net.
Bumps the all-go group with 1 update in the /execution/evm directory: github.com/ethereum/go-ethereum.
Bumps the all-go group with 1 update in the /execution/grpc directory: github.com/evstack/ev-node.
Bumps the all-go group with 1 update in the /sequencers/single directory: github.com/evstack/ev-node.
Bumps the all-go group with 1 update in the /test/docker-e2e directory: github.com/celestiaorg/tastora.
Bumps the all-go group with 1 update in the /test/e2e directory: github.com/ethereum/go-ethereum.

Updates golang.org/x/net from 0.45.0 to 0.46.0

Commits

• 2002a06 go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates github.com/ethereum/go-ethereum from 1.16.4 to 1.16.5

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Coolant Cells (v1.16.5)

This is a maintenance release. We are issuing this release mostly to add a conversion path for blob proofs submitted via eth_sendRawTransaction. See https://blog.ethereum.org/2025/10/15/fusaka-blob-update for more information.

RPC

• eth_sendRawTransaction has an upgrade path for blob proofs after the Fusaka fork. Note this is temporary. We will remove support for blob proof conversion during the v1.17.x release cycle, please update RPC client libraries to support cell-level (v1) proofs. (#32849)
• eth_subscribe now supports a transactionReceipts subscription. There is also a wrapper in ethclient for this new subscription type. (#32697, #32869)
• eth_simulateV1 was fixed to return the block timestamp in logs, like eth_getLogs does. (#32831)
• In the abigen v2 runtime, BoundContract.Transfer will now verify that the contract has a payable fallback or receive method. (#32374)
• A keccak256preimage tracer has been added. (#32569)

Networking

• The eth protocol handler will now drop peers sending duplicated transactions. This is to unify behavior with other client implementations. (#32728)
• A regression in the discovery system could cause high CPU usage under synthetic conditions (i.e. in tests). (#32912)
• A very rare shutdown hang related to peer discovery is resolved. (#32572)
• The eth protocol test suite has a new post-merge test chain and saw some bug fixes for flakey tests. (#32834, #32850)

Core

• Our freezer implementation now supports partial reads, i.e. reading just a slice out of a larger stored value. This functionality is used for the archive node state history. (#32132)
• The trie database now implements a storage layer for 'trie history', a precursor to serving historical state proofs for the path-based archive node. (#32596)
• The txpool/valid.meter metric has been corrected. (#32845)
• The engine API saw some fixes related to fork compatibility checks. (#32800, #32731)

For a full rundown of the changes please consult the Geth 1.16.5 release milestone.

---

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go.
• Ubuntu packages in our Launchpad PPA repository.
• OSX packages in our Homebrew Tap repository.

Commits

• 737ffd1 Merge branch 'master' into release/1.16
• 32ccb54 version: release go-ethereum v1.16.5 stable
• 7c107c2 p2p/discover: remove hot-spin in table refresh trigger (#32912)
• 40505a9 eth/protocols/eth: reject message containing duplicated txs and drop peer (#3...
• 3cfc334 rpc: fix flaky test TestServerWebsocketReadLimit (#32889)
• f6064f3 internal/ethapi: convert legacy blobtx proofs in sendRawTransaction (#32849)
• 55a5320 accounts/abi: check presence of payable fallback or receive before proceeding...
• e03d97a core/txpool/legacypool: fix pricedList updates (#32906)
• fb8d229 eth: do not warn on switching from snap sync to full sync (#32900)
• 00f6f2b eth/catalyst: remove useless log on enabling Engine API (#32901)
• Additional commits viewable in compare view

Updates github.com/evstack/ev-node from 1.0.0-beta.7 to 1.0.0-beta.8

Commits

• de40783 chore: fix some comments (#2762)
• 5a0a8fa feat: add Prometheus metrics for DA submission failures (#2756)
• c315175 build(deps): Bump the all-go group across 5 directories with 6 updates (#2757)
• 0dc7b27 fix(block/syncing): save data to p2p stores (#2736)
• f09e382 chore: remove extra spaces in the comments (#2754)
• 390f559 build(deps): Bump the go_modules group across 3 directories with 1 update (#2...
• See full diff in compare view

Updates github.com/evstack/ev-node from 1.0.0-beta.7 to 1.0.0-beta.8

Commits

• de40783 chore: fix some comments (#2762)
• 5a0a8fa feat: add Prometheus metrics for DA submission failures (#2756)
• c315175 build(deps): Bump the all-go group across 5 directories with 6 updates (#2757)
• 0dc7b27 fix(block/syncing): save data to p2p stores (#2736)
• f09e382 chore: remove extra spaces in the comments (#2754)
• 390f559 build(deps): Bump the go_modules group across 3 directories with 1 update (#2...
• See full diff in compare view

Updates github.com/celestiaorg/tastora from 0.7.1 to 0.7.3

Release notes

Sourced from github.com/celestiaorg/tastora's releases.

v0.7.3

What's Changed

• chore: remove unused reth flag by @​chatton in celestiaorg/tastora#142

Full Changelog: celestiaorg/tastora@v0.7.2...v0.7.3

v0.7.2

What's Changed

• Fix cel-key interactive prompts by @​gupadhyaya in celestiaorg/tastora#140
• feat: add support for submitting and passing governance proposals by @​chatton in celestiaorg/tastora#141

New Contributors

• @​gupadhyaya made their first contribution in celestiaorg/tastora#140

Full Changelog: celestiaorg/tastora@v0.7.1...v0.7.2

Commits

• 6fc9624 chore: remove unused reth flag (#142)
• f695705 feat: add support for submitting and passing governance proposals (#141)
• b39f25c make cel-key non-interactive (#140)
• See full diff in compare view

Updates github.com/ethereum/go-ethereum from 1.16.4 to 1.16.5

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Coolant Cells (v1.16.5)

This is a maintenance release. We are issuing this release mostly to add a conversion path for blob proofs submitted via eth_sendRawTransaction. See https://blog.ethereum.org/2025/10/15/fusaka-blob-update for more information.

RPC

• eth_sendRawTransaction has an upgrade path for blob proofs after the Fusaka fork. Note this is temporary. We will remove support for blob proof conversion during the v1.17.x release cycle, please update RPC client libraries to support cell-level (v1) proofs. (#32849)
• eth_subscribe now supports a transactionReceipts subscription. There is also a wrapper in ethclient for this new subscription type. (#32697, #32869)
• eth_simulateV1 was fixed to return the block timestamp in logs, like eth_getLogs does. (#32831)
• In the abigen v2 runtime, BoundContract.Transfer will now verify that the contract has a payable fallback or receive method. (#32374)
• A keccak256preimage tracer has been added. (#32569)

Networking

• The eth protocol handler will now drop peers sending duplicated transactions. This is to unify behavior with other client implementations. (#32728)
• A regression in the discovery system could cause high CPU usage under synthetic conditions (i.e. in tests). (#32912)
• A very rare shutdown hang related to peer discovery is resolved. (#32572)
• The eth protocol test suite has a new post-merge test chain and saw some bug fixes for flakey tests. (#32834, #32850)

Core

• Our freezer implementation now supports partial reads, i.e. reading just a slice out of a larger stored value. This functionality is used for the archive node state history. (#32132)
• The trie database now implements a storage layer for 'trie history', a precursor to serving historical state proofs for the path-based archive node. (#32596)
• The txpool/valid.meter metric has been corrected. (#32845)
• The engine API saw some fixes related to fork compatibility checks. (#32800, #32731)

For a full rundown of the changes please consult the Geth 1.16.5 release milestone.

---

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go.
• Ubuntu packages in our Launchpad PPA repository.
• OSX packages in our Homebrew Tap repository.

Commits

• 737ffd1 Merge branch 'master' into release/1.16
• 32ccb54 version: release go-ethereum v1.16.5 stable
• 7c107c2 p2p/discover: remove hot-spin in table refresh trigger (#32912)
• 40505a9 eth/protocols/eth: reject message containing duplicated txs and drop peer (#3...
• 3cfc334 rpc: fix flaky test TestServerWebsocketReadLimit (#32889)
• f6064f3 internal/ethapi: convert legacy blobtx proofs in sendRawTransaction (#32849)
• 55a5320 accounts/abi: check presence of payable fallback or receive before proceeding...
• e03d97a core/txpool/legacypool: fix pricedList updates (#32906)
• fb8d229 eth: do not warn on switching from snap sync to full sync (#32900)
• 00f6f2b eth/catalyst: remove useless log on enabling Engine API (#32901)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

The latest Buf updates on your PR. Results from workflow CI and Release / buf-check (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	⏩ skipped	✅ passed	✅ passed	Oct 21, 2025, 8:29 AM

[claude]

Claude finished @dependabot[bot]'s task —— View job

---

Reviewing Dependency Updates

Todo List:

• Read changed files to understand version bumps
• Analyze release notes and changelogs
• Check for breaking changes
• Assess security implications
• Provide comprehensive review feedback

---

Dependency Update Review Summary

This PR bumps 4 dependencies across 6 directories. All updates are patch or minor version bumps with no breaking changes. The updates include important bug fixes and security improvements.

Detailed Analysis

1. golang.org/x/net (0.45.0 → 0.46.0) ✅

Scope: Root module only
Type: Minor version bump
Risk: Low

Assessment:

• Standard golang.org/x dependency update
• No breaking changes expected in minor version bumps
• Updates golang.org/x dependencies (likely includes security patches)

Recommendation: ✅ Safe to merge

---

2. github.com/ethereum/go-ethereum (1.16.4 → 1.16.5) ✅

Scope: execution/evm and test/e2e modules
Type: Patch release - "Coolant Cells (v1.16.5)"
Risk: Low

Key Changes:

• RPC Improvements:

  • Blob proof conversion path for eth_sendRawTransaction (Fusaka fork compatibility)
  • New transactionReceipts subscription support
  • Bug fixes for eth_simulateV1 timestamp handling
  • Added keccak256preimage tracer

• Networking Fixes:

  • Drops peers sending duplicate transactions (unifies behavior with other clients)
  • Fixes high CPU usage regression in discovery system (#32912)
  • Resolves rare shutdown hang in peer discovery (#32572)

• Core Improvements:

  • Freezer partial reads support
  • Trie history storage layer implementation
  • Fixed txpool/valid.meter metric
  • Engine API fork compatibility fixes

Security Impact: Positive - fixes peer handling and resource usage issues

Breaking Changes: None - this is a maintenance release with backward compatibility

Recommendation: ✅ Safe to merge - includes important bug fixes and performance improvements

---

3. github.com/evstack/ev-node (1.0.0-beta.7 → 1.0.0-beta.8) ✅

Scope: execution/grpc and sequencers/single modules
Type: Beta patch bump
Risk: Very Low (internal dependency)

Key Changes:

• Comment fixes (code clarity improvements)
• Prometheus metrics for DA submission failures (observability improvement)
• Bug fix: save data to p2p stores (fix(block/syncing): save data to p2p stores #2736)
• Dependency updates in upstream

Assessment:

• This is an internal ev-node dependency update
• Includes the fix from PR fix(block/syncing): save data to p2p stores #2736 for p2p store data persistence
• Adds useful monitoring metrics for DA failures
• No breaking changes

Recommendation: ✅ Safe to merge - includes important bug fix for p2p syncing

---

4. github.com/celestiaorg/tastora (0.7.1 → 0.7.3) ✅

Scope: test/docker-e2e module only
Type: Patch bump (test dependency)
Risk: Very Low

Key Changes:

• v0.7.3: Removed unused reth flag (cleanup)
• v0.7.2: Fixed cel-key interactive prompts, added governance proposal support

Assessment:

• Test-only dependency (docker-e2e suite)
• Minor improvements and bug fixes
• No impact on production code

Recommendation: ✅ Safe to merge - test infrastructure improvements only

---

Security Assessment

✅ No security vulnerabilities identified

All updates are maintenance releases with:

• Bug fixes and stability improvements
• Performance enhancements (go-ethereum discovery CPU usage fix)
• Better observability (ev-node Prometheus metrics)
• No known CVEs or security advisories

The go-ethereum update notably improves peer handling and resource management, which are positive security improvements.

---

Breaking Changes Assessment

✅ No breaking changes

All updates follow semantic versioning:

• Patch bumps: go-ethereum (1.16.4→1.16.5), tastora (0.7.1→0.7.3)
• Minor bump: golang.org/x/net (0.45.0→0.46.0)
• Beta bump: ev-node (beta.7→beta.8)

---

Testing & CI

The PR has:

• ✅ Buf checks passing
• ✅ Approval from @tac0turtle
• ⏳ Waiting for full CI suite to complete

Note: Since these are dependency updates, the existing test suite will validate compatibility. The CI pipeline should run:

• Unit tests across all modules
• Integration tests
• E2E tests (docker-e2e with new tastora version)
• Linting (golangci-lint)

---

Final Recommendation

✅ APPROVED - This dependency update is safe to merge once CI passes.

Reasoning:

1. All updates are maintenance releases with no breaking changes
2. Includes important bug fixes (go-ethereum discovery, ev-node p2p syncing)
3. Improves observability (DA metrics) and performance (CPU usage)
4. No security concerns identified
5. Test-only dependencies have minimal impact
6. Already approved by maintainer

Suggested next steps:

1. Wait for CI pipeline to complete successfully
2. Merge when all checks pass
3. Monitor for any runtime issues post-deployment (though risk is very low)

---

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 61.26%. Comparing base (0dba4e7) to head (8420bfb).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2772   +/-   ##
=======================================
  Coverage   61.26%   61.26%           
=======================================
  Files          81       81           
  Lines        8589     8589           
=======================================
  Hits         5262     5262           
  Misses       2830     2830           
  Partials      497      497           

Flag	Coverage Δ
combined	61.26% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.