Skip to content

build(deps): bump the patch-updates group with 4 updates#414

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/patch-updates-9e61a05221
Closed

build(deps): bump the patch-updates group with 4 updates#414
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/patch-updates-9e61a05221

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps the patch-updates group with 4 updates: github.com/evstack/ev-node, golang.org/x/net, google.golang.org/genproto/googleapis/api and google.golang.org/grpc.

Updates github.com/evstack/ev-node from 1.1.1 to 1.1.4

Release notes

Sourced from github.com/evstack/ev-node's releases.

v1.1.3

This is a targeted bugfix release addressing a transaction queue backlog issue under heavy load. Operators running sequencer nodes with high transaction throughput are strongly encouraged to upgrade.

Full Changelog

For a complete list of all changes including new features, improvements, and bug fixes, see CHANGELOG.md.

Images

  • ghcr.io/evstack/ev-node-evm:v1.1.3
  • ghcr.io/evstack/ev-node-grpc:v1.1.3
  • ghcr.io/evstack/ev-node-testapp:v1.1.3

v1.1.2

This is a maintenance and improvement release that includes performance optimizations, new observability and connectivity features, and breaking changes to the gRPC execution layer. Operators running execution/grpc integrations must review the changes below before upgrading.

Full Changelog

For a complete list of all changes including new features, improvements, and bug fixes, see CHANGELOG.md.

Images

  • ghcr.io/evstack/ev-node-evm:v1.1.2
  • ghcr.io/evstack/ev-node-grpc:v1.1.2
  • ghcr.io/evstack/ev-node-testapp:v1.1.2
Changelog

Sourced from github.com/evstack/ev-node's changelog.

v1.1.4

Fixed

  • DA client falls back to HTTP polling with Retrieve when the WebSocket connection fails, instead of trying to use the WS-only Subscribe over HTTP. A background goroutine retries WS every 30s so transient outages don't force a permanent downgrade #3361

v1.1.3

Fixed

  • Drain the pending tx queue in merged batches with a durable WAL-backed ack, fixing severe queue backlog under heavy tx load. Tx dedup moved from the reaper cache into the sequencer queue #3351

v1.1.2

Changes

  • Add max bytes contraints in simple solo sequnecer #3312
  • Add support for otlp in execution/grpc. #3300
  • Optimization of mutex usage in cache for reaper #3286
  • Add Unix domain socket support for gRPC execution endpoints via unix:///path/to/socket #3297
  • BREAKING: (execution/grpc)
    • Move execution service where it belongs in execution/grpc. #3302
    • Replace legacy gRPC execution txs payload fields with tx_batch so clients and servers use contiguous transaction buffers #3297
  • Optimize metadata writes by making it async in cache store #3298
  • Reduce tx cache retention to avoid OOM under (really) heavy tx load #3299

Fixed

  • Increase P2P pubsub max message size to match DefaultMaxBlobSize, preventing fullnode desync on large blocks #3344.
Commits

Updates golang.org/x/net from 0.53.0 to 0.55.0

Commits
  • 7770ec4 go.mod: update golang.org/x dependencies
  • 4ece7b6 html: escape greater-than symbol in doctype identifiers
  • 08be507 html: improve Noah's Ark clause performance
  • a8fb2fe html: properly render fostered elements in foreign content
  • 0dc5b7a html: properly check namespace in "in body" any other end tag
  • a452f3c html: ignore duplicate attributes during tokenization
  • f865199 quic: fix appendMaxDataFrame erroneously accumulating sentLimit
  • 210ed3c quic: establish a "happened-before" relationship between stream write and read
  • ad8140e quic: fix buffer slicing when handling overlapping stream data
  • 23ee2ef http2: avoid API changes when built with go1.27
  • Additional commits viewable in compare view

Updates google.golang.org/genproto/googleapis/api from 0.0.0-20260401024825-9d38bb4040a9 to 0.0.0-20260526163538-3dc84a4a5aaa

Commits

Updates google.golang.org/grpc from 1.81.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

  • xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)

Bug Fixes

  • otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the patch-updates group with 4 updates
91f93a1 
Bumps the patch-updates group with 4 updates: [github.com/evstack/ev-node](https://github.com/evstack/ev-node), [golang.org/x/net](https://github.com/golang/net), [google.golang.org/genproto/googleapis/api](https://github.com/googleapis/go-genproto) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).


Updates `github.com/evstack/ev-node` from 1.1.1 to 1.1.4
- [Release notes](https://github.com/evstack/ev-node/releases)
- [Changelog](https://github.com/evstack/ev-node/blob/main/CHANGELOG.md)
- [Commits](evstack/ev-node@v1.1.1...v1.1.4)

Updates `golang.org/x/net` from 0.53.0 to 0.55.0
- [Commits](golang/net@v0.53.0...v0.55.0)

Updates `google.golang.org/genproto/googleapis/api` from 0.0.0-20260401024825-9d38bb4040a9 to 0.0.0-20260526163538-3dc84a4a5aaa
- [Commits](https://github.com/googleapis/go-genproto/commits)

Updates `google.golang.org/grpc` from 1.81.0 to 1.81.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.0...v1.81.1)

---
updated-dependencies:
- dependency-name: github.com/evstack/ev-node
  dependency-version: 1.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: golang.org/x/net
  dependency-version: 0.55.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: patch-updates
- dependency-name: google.golang.org/genproto/googleapis/api
  dependency-version: 0.0.0-20260526163538-3dc84a4a5aaa
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: T:dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from a team as a code owner June 23, 2026 07:04
@tac0turtle tac0turtle closed this Jun 23, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/go_modules/patch-updates-9e61a05221 branch June 23, 2026 09:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tac0turtle