Skip to content

chore(deps): bump the go-dependency-version-updates group across 4 directories with 12 updates#153

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/libs/common/main/go-dependency-version-updates-ab2659956f
Closed

chore(deps): bump the go-dependency-version-updates group across 4 directories with 12 updates#153
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/libs/common/main/go-dependency-version-updates-ab2659956f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-dependency-version-updates group with 6 updates in the /libs/common directory:

Package From To
github.com/aws/aws-sdk-go-v2 1.41.7 1.42.0
github.com/aws/aws-sdk-go-v2/config 1.32.18 1.32.25
github.com/aws/aws-sdk-go-v2/service/s3 1.101.0 1.104.0
github.com/ethereum/go-ethereum 1.17.3 1.17.4
github.com/redis/go-redis/v9 9.19.0 9.21.0
golang.org/x/crypto 0.52.0 0.53.0

Bumps the go-dependency-version-updates group with 3 updates in the /services/auth directory: github.com/ethereum/go-ethereum, golang.org/x/crypto and github.com/jackc/pgx/v5.
Bumps the go-dependency-version-updates group with 5 updates in the /services/gameplay directory:

Package From To
github.com/ethereum/go-ethereum 1.17.3 1.17.4
github.com/redis/go-redis/v9 9.19.0 9.21.0
github.com/jackc/pgx/v5 5.9.2 5.10.0
go.temporal.io/api 1.62.12 1.63.0
go.temporal.io/sdk 1.44.0 1.45.0

Bumps the go-dependency-version-updates group with 2 updates in the /services/users directory: github.com/ethereum/go-ethereum and github.com/jackc/pgx/v5.

Updates github.com/aws/aws-sdk-go-v2 from 1.41.7 to 1.42.0

Commits

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.18 to 1.32.25

Commits

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.17 to 1.19.24

Commits

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.101.0 to 1.104.0

Commits

Updates github.com/ethereum/go-ethereum from 1.17.3 to 1.17.4

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Flexible Polymer Casing (v1.17.4)

This is a maintenance release with accumulated bug fixes and improvements, and is recommended for all users. It also continues the implementation work for the upcoming Amsterdam hardfork.

One thing worth highlighting:

Fork Implementation (Amsterdam)

  • EIP-7928: Block-Level Access Lists: the block access list is now constructed and verified during block execution, with the serving side of the eth/71 BAL messages implemented (#34652, #34803, #34879, #34957, #34967, #34972, #34977, #35110)
  • EIP-8189: snap/2, a new state-sync protocol based on block-level access lists, has been added (#34626, #34807, #35098, #35155, #35158, #35163, #35178, #35180, #35181)
  • EIP-8037: state-creation gas cost increase, has been implemented (#33601)
    • The tracing system provides a new OnGasChangeV2 hook for multi-dimensional gas (#34946)
  • engine_newPayloadWithWitnessV5 has been added and the witness format now uses the canonical spec field ordering (#35009)
  • The evm t8n tooling has been updated for Amsterdam, adding BAL and slot-number support and binary-trie leaf export (#34843, #35025)
  • For EIP-7843, the slot number is now set for the pending block post-Amsterdam (#34792, #35036)

Geth

  • Caches are now sized against the cgroup memory cap (e.g. Docker --memory) when one is set (#34947)
  • A number of small command-line flag and logging issues have been fixed (#33880, #34732, #34943, #34948, #35011, #35104, #35116, #35136)
  • A number of long-deprecated command-line flags have been removed (#35021)

RPC

  • eth_baseFee has been added, returning the base fee of the next block (#34904, #35023)

  • eth_capabilities has been added, letting clients discover which historical data a node can serve (#33886)

  • debug_clearTxpool has been added to clear the transaction pool (#33347, #35130)

  • State-reading methods (eth_getBalance, eth_getCode, eth_getStorageAt, etc.) now default the block parameter to latest when omitted (#35100)

  • Fixes for eth_simulateV1: an incorrect "base fee too low" error code and a pre-Shanghai withdrawal regression (#34951, #34939)

  • debug_setHead now propagates rewind errors instead of silently ignoring them (#35001)

  • EIP-7702 transactions with a nil To address are now rejected (#35094)

  • HTTP RPC responses now always set Content-Length, and a WebSocket handshake status-code bug was fixed (#35072, #35111)

  • The client can now configure trace-context propagation via the traceparent header, and response writes are now traced (#35132, #35049)

GraphQL

  • GraphQL request bodies are now limited to 5 MiB (#35034)
  • Log-range queries with begin > 0 and end == 0 are now rejected (#35032)
  • The Block.raw resolver now returns empty bytes when the block body is missing (#35027)

Core

  • A global cache for JUMPDEST bitmaps speeds up EVM execution (#34850)
  • EVM stack operations are now computed in place, avoiding per-operand copies (#35156)
  • New code-cache hit/miss meters have been added (#34821)
  • A shutdown race in snapshot generation has been fixed (#33540)

... (truncated)

Commits
  • 36a7dc7 version: release go-ethereum v1.17.4
  • 6b72f26 triedb/pathdb: log the expected version in obsolete-index cleanup (#35194)
  • e5ff359 p2p/discover: fix waiting wrong duration (#35002)
  • 7c9032d all: change reflect.Ptr to reflect.Pointer (#35176)
  • 8c540cb eth/catalyst: add testing_commitBlockV1 (#34995)
  • 7122ecc eth/protocols/snap: remove uncovered states before resuming (#35159)
  • 0e810e4 eth, triedb, internal: add snap/2 sync progress (#35178)
  • 1be5da2 eth/protocols/snap: redo the snap sync if the bal is unavailable (#35181)
  • ad68ce2 eth: reserve peer slot for usable snap peer (#35180)
  • cb387c9 cmd/devp2p/internal/ethtest: validate received txs, not the sent ones (#35170)
  • Additional commits viewable in compare view

Updates github.com/redis/go-redis/v9 from 9.19.0 to 9.21.0

Release notes

Sourced from github.com/redis/go-redis/v9's releases.

9.21.0

This is a minor release adding new features and bug fixes. There are no breaking changes; upgrading from 9.20.x is a drop-in replacement.

🚀 Highlights

Zero-copy GetToBuffer / SetFromBuffer

Two new StringCmdable methods let callers read and write Redis string values directly into and from pre-allocated byte buffers, eliminating the per-call payload allocation that Get/Set incur:

GetToBuffer(ctx, key, buf) *ZeroCopyStringCmd   // reads into buf; ZeroCopyStringCmd { Val() int; Bytes() []byte; Result() (int, error) }
SetFromBuffer(ctx, key, buf) *StatusCmd

GetToBuffer decodes the bulk reply straight into the caller-owned buf (no intermediate allocation); a buffer that is too small returns an error after draining the payload, so the connection stays aligned for the next reply. SetFromBuffer is provided for API symmetry — it dispatches to the same []byte writer path as Set(ctx, key, buf, 0) and produces byte-identical output on the wire. Available on *Client, *ClusterClient, *Ring, *Conn and Pipeliner.

(#3834) by @​ndyakov

Explicit LIMIT 0 for stream trimming

Redis treats XTRIM/XADD approximate-trim (~) LIMIT 0 as "disable the trimming effort cap entirely", which differs from omitting LIMIT (the implicit 100 * stream-node-max-entries default). The command builders previously only emitted LIMIT when limit > 0, so callers could never send an explicit LIMIT 0. Following the KeepTTL = -1 precedent, the new XTrimLimitDisabled = -1 sentinel now emits an explicit LIMIT 0; limit == 0 keeps the historical no-LIMIT behavior, so existing callers produce byte-identical commands.

(#3848) by @​TheRealMal

✨ New Features

  • Zero-copy buffer string commands: new GetToBuffer / SetFromBuffer on StringCmdable and the ZeroCopyStringCmd result type, reading/writing string values into caller-owned buffers without per-call payload allocation (#3834) by @​ndyakov
  • XTrimLimitDisabled sentinel: XTRIM/XADD approximate trimming can now send an explicit LIMIT 0 to disable the trim effort cap, via the new XTrimLimitDisabled = -1 sentinel (#3848) by @​TheRealMal
  • PubSub health-check timeouts: channel.initHealthCheck now bounds the Ping it issues with a fresh per-check timeout context (the exported pingTimeout / reconnectTimeout) instead of context.TODO(), so a stuck health-check Ping can no longer block indefinitely (#3819) by @​abdellani
  • Skip redundant UNWATCH in Tx.Close: a transaction now tracks whether a WATCH is still active (watchArmed) and only issues UNWATCH on Close when it is, removing an extra round trip on the common WATCH/.../EXEC and no-key Watch paths while never returning a connection to the pool with an active watch (#3854) by @​fcostaoliveira

🐛 Bug Fixes

  • maintnotifications ModeAuto fail-open: ModeAuto now stays fail-open when the server does not support maintenance notifications — connections are retired and tracking is guarded during downgrade so the client keeps working instead of erroring (#3853) by @​terrorobe

👥 Contributors

We'd like to thank all the contributors who worked on this release!

@​abdellani, @​fcostaoliveira, @​ndyakov, @​terrorobe, @​TheRealMal

9.20.1

This is a patch release containing bug fixes only. There are no new features or breaking changes; upgrading from 9.20.0 is a drop-in replacement.

🚀 Highlights

RESP3 pub/sub message loss fixed

PeekPushNotificationName previously inspected only the bytes already buffered by bufio, so when a push frame header straddled a buffer fill boundary it could return a truncated notification name (e.g. "messa" instead of "message"). The push processor then mis-routed the frame and ReadReply silently dropped it, causing intermittent RESP3 pub/sub message loss. The peek now grows its window (36 bytes → up to 4 KiB) and reads more from the connection until the header is complete, cleanly separating incomplete prefixes from corrupt frames (including overflow-safe bulk-length handling). Fixes #3839.

... (truncated)

Changelog

Sourced from github.com/redis/go-redis/v9's changelog.

9.21.0 (2026-06-18)

This is a minor release adding new features and bug fixes. There are no breaking changes; upgrading from 9.20.x is a drop-in replacement.

🚀 Highlights

Zero-copy GetToBuffer / SetFromBuffer

Two new StringCmdable methods let callers read and write Redis string values directly into and from pre-allocated byte buffers, eliminating the per-call payload allocation that Get/Set incur:

GetToBuffer(ctx, key, buf) *ZeroCopyStringCmd   // reads into buf; ZeroCopyStringCmd { Val() int; Bytes() []byte; Result() (int, error) }
SetFromBuffer(ctx, key, buf) *StatusCmd

GetToBuffer decodes the bulk reply straight into the caller-owned buf (no intermediate allocation); a buffer that is too small returns an error after draining the payload, so the connection stays aligned for the next reply. SetFromBuffer is provided for API symmetry — it dispatches to the same []byte writer path as Set(ctx, key, buf, 0) and produces byte-identical output on the wire. Available on *Client, *ClusterClient, *Ring, *Conn and Pipeliner.

(#3834) by @​ndyakov

Explicit LIMIT 0 for stream trimming

Redis treats XTRIM/XADD approximate-trim (~) LIMIT 0 as "disable the trimming effort cap entirely", which differs from omitting LIMIT (the implicit 100 * stream-node-max-entries default). The command builders previously only emitted LIMIT when limit > 0, so callers could never send an explicit LIMIT 0. Following the KeepTTL = -1 precedent, the new XTrimLimitDisabled = -1 sentinel now emits an explicit LIMIT 0; limit == 0 keeps the historical no-LIMIT behavior, so existing callers produce byte-identical commands.

(#3848) by @​TheRealMal

✨ New Features

  • Zero-copy buffer string commands: new GetToBuffer / SetFromBuffer on StringCmdable and the ZeroCopyStringCmd result type, reading/writing string values into caller-owned buffers without per-call payload allocation (#3834) by @​ndyakov
  • XTrimLimitDisabled sentinel: XTRIM/XADD approximate trimming can now send an explicit LIMIT 0 to disable the trim effort cap, via the new XTrimLimitDisabled = -1 sentinel (#3848) by @​TheRealMal
  • PubSub health-check timeouts: channel.initHealthCheck now bounds the Ping it issues with a fresh per-check timeout context (the exported pingTimeout / reconnectTimeout) instead of context.TODO(), so a stuck health-check Ping can no longer block indefinitely (#3819) by @​abdellani
  • Skip redundant UNWATCH in Tx.Close: a transaction now tracks whether a WATCH is still active (watchArmed) and only issues UNWATCH on Close when it is, removing an extra round trip on the common WATCH/.../EXEC and no-key Watch paths while never returning a connection to the pool with an active watch (#3854) by @​fcostaoliveira

🐛 Bug Fixes

  • maintnotifications ModeAuto fail-open: ModeAuto now stays fail-open when the server does not support maintenance notifications — connections are retired and tracking is guarded during downgrade so the client keeps working instead of erroring (#3853) by @​terrorobe

👥 Contributors

We'd like to thank all the contributors who worked on this release!

@​abdellani, @​fcostaoliveira, @​ndyakov, @​terrorobe, @​TheRealMal


Full Changelog: redis/go-redis@v9.20.1...v9.21.0

9.20.1 (2026-06-11)

This is a patch release containing bug fixes only. There are no new features or breaking changes; upgrading from 9.20.0 is a drop-in replacement.

... (truncated)

Commits
  • 1551837 chore(release): 9.21.0 (#3857)
  • 1cfa927 fix(maintnotifications): keep ModeAuto fail-open (#3853)
  • 1f0ea0e feat(pubsub): introduce timeouts for Ping on channel.initHealthCheck (#3819)
  • 5484b0b feat(tx): skip redundant UNWATCH in Tx.Close when no WATCH is active (#3854)
  • bf57a51 chore(deps): bump rojopolis/spellcheck-github-actions (#3852)
  • 641294c feat(streams): support explicit LIMIT 0 in XTRIM/XADD trimming via XTrimLimit...
  • 74d9bb0 feat(command): add zero-copy GetToBuffer and SetFromBuffer (#3834)
  • a13416b chore(release): 9.20.1 (#3847)
  • 10dc44f fix(push): fix peeking when push name is truncated (#3842)
  • e1a2d68 fix(ft.hybrid): Always generate vector param names if they are not provided b...
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.52.0 to 0.53.0

Commits
  • 45460e0 go.mod: update golang.org/x dependencies
  • d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
  • e2ffffe ssh: reject incomplete gssapi-with-mic configurations
  • 60e158a ssh/test: isolate CLI tests from user SSH config and agent
  • 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
  • 3872a2b ssh/knownhosts: verify declared key type matches decoded key
  • 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
  • 8f405a4 ssh: validate ECDSA curve matches expected algorithm
  • bb41b3d ssh: improve DH GEX group selection using PreferredBits
  • e04e721 ssh/agent: validate ed25519 private key length in Add
  • Additional commits viewable in compare view

Updates golang.org/x/sync from 0.20.0 to 0.21.0

Commits

Updates golang.org/x/text from 0.37.0 to 0.38.0

Commits

Updates github.com/ethereum/go-ethereum from 1.17.3 to 1.17.4

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Flexible Polymer Casing (v1.17.4)

This is a maintenance release with accumulated bug fixes and improvements, and is recommended for all users. It also continues the implementation work for the upcoming Amsterdam hardfork.

One thing worth highlighting:

Fork Implementation (Amsterdam)

  • EIP-7928: Block-Level Access Lists: the block access list is now constructed and verified during block execution, with the serving side of the eth/71 BAL messages implemented (#34652, #34803, #34879, #34957, #34967, #34972, #34977, #35110)
  • EIP-8189: snap/2, a new state-sync protocol based on block-level access lists, has been added (#34626, #34807, #35098, #35155, #35158, #35163, #35178, #35180, #35181)
  • EIP-8037: state-creation gas cost increase, has been implemented (#33601)
    • The tracing system provides a new OnGasChangeV2 hook for multi-dimensional gas (#34946)
  • engine_newPayloadWithWitnessV5 has been added and the witness format now uses the canonical spec field ordering (#35009)
  • The evm t8n tooling has been updated for Amsterdam, adding BAL and slot-number support and binary-trie leaf export (#34843, #35025)
  • For EIP-7843, the slot number is now set for the pending block post-Amsterdam (#34792, #35036)

Geth

  • Caches are now sized against the cgroup memory cap (e.g. Docker --memory) when one is set (#34947)
  • A number of small command-line flag and logging issues have been fixed (#33880, #34732, #34943, #34948, #35011, #35104, #35116, #35136)
  • A number of long-deprecated command-line flags have been removed (#35021)

RPC

  • eth_baseFee has been added, returning the base fee of the next block (#34904, #35023)

  • eth_capabilities has been added, letting clients discover which historical data a node can serve (#33886)

  • debug_clearTxpool has been added to clear the transaction pool (#33347, #35130)

  • State-reading methods (eth_getBalance, eth_getCode, eth_getStorageAt, etc.) now default the block parameter to latest when omitted (#35100)

  • Fixes for eth_simulateV1: an incorrect "base fee too low" error code and a pre-Shanghai withdrawal regression (#34951, #34939)

  • debug_setHead now propagates rewind errors instead of silently ignoring them (#35001)

  • EIP-7702 transactions with a nil To address are now rejected (#35094)

  • HTTP RPC responses now always set Content-Length, and a WebSocket handshake status-code bug was fixed (#35072, #35111)

  • The client can now configure trace-context propagation via the traceparent header, and response writes are now traced (#35132, #35049)

GraphQL

  • GraphQL request bodies are now limited to 5 MiB (#35034)
  • Log-range queries with begin > 0 and end == 0 are now rejected (#35032)
  • The Block.raw resolver now returns empty bytes when the block body is missing (#35027)

Core

  • A global cache for JUMPDEST bitmaps speeds up EVM execution (#34850)
  • EVM stack operations are now computed in place, avoiding per-operand copies (#35156)
  • New code-cache hit/miss meters have been added (#34821)
  • A shutdown race in snapshot generation has been fixed (#33540)

... (truncated)

Commits
  • 36a7dc7 version: release go-ethereum v1.17.4
  • 6b72f26 triedb/pathdb: log the expected version in obsolete-index cleanup (#35194)
  • e5ff359 p2p/discover: fix waiting wrong duration (#35002)
  • 7c9032d all: change reflect.Ptr to reflect.Pointer (#35176)
  • 8c540cb eth/catalyst: add testing_commitBlockV1 (#34995)
  • 7122ecc eth/protocols/snap: remove uncovered states before resuming (#35159)
  • 0e810e4 eth, triedb, internal: add snap/2 sync progress (#35178)
  • 1be5da2 eth/protocols/snap: redo the snap sync if the bal is unavailable (#35181)
  • ad68ce2 eth: reserve peer slot for usable snap peer (#35180)
  • cb387c9 cmd/devp2p/internal/ethtest: validate received txs, not the sent ones (#35170)
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.52.0 to 0.53.0

Commits
  • 45460e0 go.mod: update golang.org/x dependencies
  • d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
  • e2ffffe ssh: reject incomplete gssapi-with-mic configurations
  • 60e158a ssh/test: isolate CLI tests from user SSH config and agent
  • 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
  • 3872a2b ssh/knownhosts: verify declared key type matches decoded key
  • 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
  • 8f405a4 ssh: validate ECDSA curve matches expected algorithm
  • bb41b3d ssh: improve DH GEX group selection using PreferredBits
  • e04e721 ssh/agent: validate ed25519 private key length in Add
  • Additional commits viewable in compare view

Updates golang.org/x/sync from 0.20.0 to 0.21.0

Commits

Updates github.com/jackc/pgx/v5 from 5.9.2 to 5.10.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.10.0 (June 3, 2026)

This release includes a significant amount of hardening against malicious or compromised PostgreSQL servers, contributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled message sizes, caps server-supplied SCRAM iteration counts, adds require_auth to restrict which authentication methods a server may use (mitigating downgrade attacks under sslmode=prefer), and ensures cancellation requests are sent over TLS when the original connection used TLS.

Features

  • Add require_auth to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)
  • Add ParseConfigOptions.ConnStringAllowedKeys to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)
  • Add StructArgs and StrictStructArgs for @-named queries (Tubelight30)
  • Add ErrConnClosed sentinel error and unwrap it from connLockError (Charlie Tonneslan)
  • pgxpool: check if connection is expired before acquire (arthurdotwork)

Security Hardening

  • Encrypt CancelRequest connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)
  • Cap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)
  • Default Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)
  • Bound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)
  • Bound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
  • Bound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
  • Bound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)
  • Document secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)
  • Fix panic on malformed geometric text; return an error instead (MaIII)

Fixes

  • Fix scanning "char" (OID 18) into *string in binary format (luongs3)
  • Fix handling of typed-nil driver.Valuer in array and composite codecs (Donncha Fahy)
  • Fix CopyData.Data hex decoding in UnmarshalJSON (Charlie Tonneslan)
  • Fix data race when context is cancelled during connect
  • Fix parseKeywordValueSettings rejecting trailing whitespace (alliasgher)
  • pgconn: preserve full error chain in normalizeTimeoutError (Charlie Tonneslan)
  • pgconn: use a fresh context for the fallback connection in connectPreferred (Charlie Tonneslan)
  • pgxpool: fix MaxLifetimeDestroyCount and ping order for acquire-time expiry check
  • Add missing error check of rows.Err to load types (Jen Altavilla)
Commits
  • 7293fb1 Update changelog for v5.10.0
  • 1ade285 pgconn: document secure connection configuration
  • b4d6d4d pgtype: bound range, multirange, and tsvector binary decoders
  • 0639b37 pgconn: add ParseConfigOptions.ConnStringAllowedKeys
  • b28e65b pgtype: bound array element count against remaining message bytes
  • cd1f389 pgtype: bound array binary decode element length against remaining bytes
  • ff27b5b pgtype: bound hstore binary decode against malicious server input
  • a6002e1 pgproto3: default Frontend max message body length to ~1 GiB
  • 44f6173 pgconn: cap server-supplied SCRAM iteration count
  • 1a976f7 pgconn: add require_auth to restrict accepted server auth methods
  • Additional commits viewable in compare view

Updates github.com/ethereum/go-ethereum from 1.17.3 to 1.17.4

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Flexible Polymer Casing (v1.17.4)

This is a maintenance release with accumulated bug fixes and improvements, and is recommended for all users. It also continues the implementation work for the upcoming Amsterdam hardfork.

One thing worth highlighting:

Fork Implementation (Amsterdam)

  • EIP-7928: Block-Level Access Lists: the block access list is now constructed and verified during block execution, with the serving side of the eth/71 BAL messages implemented (#34652, #34803, #34879, #34957, #34967, #34972, #34977, #35110)
  • EIP-8189: snap/2, a new state-sync protocol based on block-level access lists, has been added (#34626, #34807, #35098, #35155, #35158, #35163, #35178, #35180, #35181)
  • EIP-8037: state-creation gas cost increase, has been implemented (#33601)
    • The tracing system provides a new OnGasChangeV2 hook for multi-dimensional gas (#34946)
  • engine_newPayloadWithWitnessV5 has been added and the witness format now uses the canonical spec field ordering (#35009)
  • The evm t8n tooling has been updated for Amsterdam, adding BAL and slot-number support and binary-trie leaf export (#34843, #35025)
  • For EIP-7843, the slot number is now set for the pending block post-Amsterdam (#34792, #35036)

Geth

  • Caches are now sized against the cgroup memory cap (e.g. Docker --memory) when one is set (#34947)
  • A number of small command-line flag and logging issues have been fixed (#33880, #34732, #34943, #34948, #35011, #35104, #35116, #35136)
  • A number of long-deprecated command-line flags have been removed (#35021)

RPC

  • eth_baseFee has been added, returning the base fee of the next block (#34904, #35023)

  • eth_capabilities has been added, letting clients discover which historical data a node can serve (#33886)

  • debug_clearTxpool has been added to clear the transaction pool (#33347, #35130)

  • State-reading methods (eth_getBalance, eth_getCode, eth_getStorageAt, etc.) now default the block parameter to latest when omitted (#35100)

  • Fixes for eth_simulateV1: an incorrect "base fee too low" error code and a pre-Shanghai withdrawal regression (#34951, #34939)

  • debug_setHead now propagates rewind errors instead of silently ignoring them (#35001)

  • EIP-7702 transactions with a nil To address are now rejected (#35094)

  • HTTP RPC responses now always set Content-Length, and a WebSocket handshake status-code bug was fixed (#35072, #35111)

  • The client can now configure trace-context propagation via the traceparent header, and response writes are now traced (#35132, #35049)

GraphQL

  • GraphQL request bodies are now limited to 5 MiB (#35034)
  • Log-range queries with begin > 0 and end == 0 are now rejected (#35032)
  • The Block.raw resolver now returns empty bytes when the block body is missing (#35027)

Core

  • A global cache for JUMPDEST bitmaps speeds up EVM execution (

…rectories with 12 updates

Bumps the go-dependency-version-updates group with 6 updates in the /libs/common directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.41.7` | `1.42.0` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.18` | `1.32.25` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.101.0` | `1.104.0` |
| [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum) | `1.17.3` | `1.17.4` |
| [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) | `9.19.0` | `9.21.0` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.52.0` | `0.53.0` |

Bumps the go-dependency-version-updates group with 3 updates in the /services/auth directory: [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum), [golang.org/x/crypto](https://github.com/golang/crypto) and [github.com/jackc/pgx/v5](https://github.com/jackc/pgx).
Bumps the go-dependency-version-updates group with 5 updates in the /services/gameplay directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum) | `1.17.3` | `1.17.4` |
| [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) | `9.19.0` | `9.21.0` |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.9.2` | `5.10.0` |
| [go.temporal.io/api](https://github.com/temporalio/api-go) | `1.62.12` | `1.63.0` |
| [go.temporal.io/sdk](https://github.com/temporalio/sdk-go) | `1.44.0` | `1.45.0` |

Bumps the go-dependency-version-updates group with 2 updates in the /services/users directory: [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum) and [github.com/jackc/pgx/v5](https://github.com/jackc/pgx).


Updates `github.com/aws/aws-sdk-go-v2` from 1.41.7 to 1.42.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@v1.41.7...v1.42.0)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.32.18 to 1.32.25
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.32.18...config/v1.32.25)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.17 to 1.19.24
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@credentials/v1.19.17...credentials/v1.19.24)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.101.0 to 1.104.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.101.0...service/s3/v1.104.0)

Updates `github.com/ethereum/go-ethereum` from 1.17.3 to 1.17.4
- [Release notes](https://github.com/ethereum/go-ethereum/releases)
- [Commits](ethereum/go-ethereum@v1.17.3...v1.17.4)

Updates `github.com/redis/go-redis/v9` from 9.19.0 to 9.21.0
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/master/RELEASE-NOTES.md)
- [Commits](redis/go-redis@v9.19.0...v9.21.0)

Updates `golang.org/x/crypto` from 0.52.0 to 0.53.0
- [Commits](golang/crypto@v0.52.0...v0.53.0)

Updates `golang.org/x/sync` from 0.20.0 to 0.21.0
- [Commits](golang/sync@v0.20.0...v0.21.0)

Updates `golang.org/x/text` from 0.37.0 to 0.38.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.37.0...v0.38.0)

Updates `github.com/ethereum/go-ethereum` from 1.17.3 to 1.17.4
- [Release notes](https://github.com/ethereum/go-ethereum/releases)
- [Commits](ethereum/go-ethereum@v1.17.3...v1.17.4)

Updates `golang.org/x/crypto` from 0.52.0 to 0.53.0
- [Commits](golang/crypto@v0.52.0...v0.53.0)

Updates `golang.org/x/sync` from 0.20.0 to 0.21.0
- [Commits](golang/sync@v0.20.0...v0.21.0)

Updates `github.com/jackc/pgx/v5` from 5.9.2 to 5.10.0
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.9.2...v5.10.0)

Updates `github.com/ethereum/go-ethereum` from 1.17.3 to 1.17.4
- [Release notes](https://github.com/ethereum/go-ethereum/releases)
- [Commits](ethereum/go-ethereum@v1.17.3...v1.17.4)

Updates `github.com/redis/go-redis/v9` from 9.19.0 to 9.21.0
- [Release notes](https://github.com/redis/go-redis/releases)
- [Changelog](https://github.com/redis/go-redis/blob/master/RELEASE-NOTES.md)
- [Commits](redis/go-redis@v9.19.0...v9.21.0)

Updates `golang.org/x/sync` from 0.20.0 to 0.21.0
- [Commits](golang/sync@v0.20.0...v0.21.0)

Updates `github.com/jackc/pgx/v5` from 5.9.2 to 5.10.0
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.9.2...v5.10.0)

Updates `go.temporal.io/api` from 1.62.12 to 1.63.0
- [Release notes](https://github.com/temporalio/api-go/releases)
- [Commits](temporalio/api-go@v1.62.12...v1.63.0)

Updates `go.temporal.io/sdk` from 1.44.0 to 1.45.0
- [Release notes](https://github.com/temporalio/sdk-go/releases)
- [Changelog](https://github.com/temporalio/sdk-go/blob/main/CHANGELOG.md)
- [Commits](temporalio/sdk-go@v1.44.0...v1.45.0)

Updates `github.com/ethereum/go-ethereum` from 1.17.3 to 1.17.4
- [Release notes](https://github.com/ethereum/go-ethereum/releases)
- [Commits](ethereum/go-ethereum@v1.17.3...v1.17.4)

Updates `golang.org/x/sync` from 0.20.0 to 0.21.0
- [Commits](golang/sync@v0.20.0...v0.21.0)

Updates `github.com/jackc/pgx/v5` from 5.9.2 to 5.10.0
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.9.2...v5.10.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-version: 1.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependency-version-updates
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependency-version-updates
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-version: 1.19.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependency-version-updates
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.104.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependency-version-updates
- dependency-name: github.com/ethereum/go-ethereum
  dependency-version: 1.17.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependency-version-updates
- dependency-name: github.com/redis/go-redis/v9
  dependency-version: 9.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependency-version-updates
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependency-version-updates
- dependency-name: golang.org/x/sync
  dependency-version: 0.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependency-version-updates
- dependency-name: golang.org/x/text
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependency-version-updates
- dependency-name: github.com/ethereum/go-ethereum
  dependency-version: 1.17.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependency-version-updates
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependency-version-updates
- dependency-name: golang.org/x/sync
  dependency-version: 0.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependency-version-updates
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependency-version-updates
- dependency-name: github.com/ethereum/go-ethereum
  dependency-version: 1.17.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependency-version-updates
- dependency-name: github.com/redis/go-redis/v9
  dependency-version: 9.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependency-version-updates
- dependency-name: golang.org/x/sync
  dependency-version: 0.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependency-version-updates
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependency-version-updates
- dependency-name: go.temporal.io/api
  dependency-version: 1.63.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependency-version-updates
- dependency-name: go.temporal.io/sdk
  dependency-version: 1.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependency-version-updates
- dependency-name: github.com/ethereum/go-ethereum
  dependency-version: 1.17.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependency-version-updates
- dependency-name: golang.org/x/sync
  dependency-version: 0.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependency-version-updates
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependency-version-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 29, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 6, 2026
@dependabot dependabot Bot deleted the dependabot/go_modules/libs/common/main/go-dependency-version-updates-ab2659956f branch July 6, 2026 18:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants