build(deps): Bump the all-go group across 5 directories with 14 updates

[dependabot]

Bumps the all-go group with 9 updates in the / directory:

Package	From	To
cloud.google.com/go/kms	1.27.0	1.29.0
connectrpc.com/connect	1.19.1	1.19.2
github.com/aws/aws-sdk-go-v2	1.41.5	1.41.6
github.com/aws/aws-sdk-go-v2/config	1.32.14	1.32.16
github.com/aws/aws-sdk-go-v2/service/kms	1.50.4	1.50.5
github.com/celestiaorg/nmt	0.24.2	0.24.3
github.com/libp2p/go-libp2p-kad-dht	0.39.0	0.39.1
golang.org/x/crypto	0.49.0	0.50.0
golang.org/x/net	0.52.0	0.53.0

Bumps the all-go group with 1 update in the /execution/evm directory: github.com/evstack/ev-node.
Bumps the all-go group with 3 updates in the /execution/grpc directory: connectrpc.com/connect, golang.org/x/net and github.com/evstack/ev-node.
Bumps the all-go group with 2 updates in the /test/docker-e2e directory: github.com/celestiaorg/tastora and github.com/evstack/ev-node/execution/evm.
Bumps the all-go group with 1 update in the /test/e2e directory: github.com/celestiaorg/tastora.

Updates cloud.google.com/go/kms from 1.27.0 to 1.29.0

Release notes

Sourced from cloud.google.com/go/kms's releases.

kms: v1.29.0

v1.29.0 (2026-04-13)

retail: v1.29.0

v1.29.0 (2026-04-13)

Changelog

Sourced from cloud.google.com/go/kms's changelog.

1.29.0 (2024-05-29)

Features

• documentai: Make Layout Parser generally available in V1 (#10277) (dafecc9)

1.28.1 (2024-05-16)

Documentation

• documentai: Clarify the unavailability of some features (652ba8f)
• documentai: Updated comments (292e812)

1.28.0 (2024-05-01)

Features

• documentai: A new message FoundationModelTuningOptions is added (1d757c6)
• documentai: Support Chunk header and footer in Doc AI external proto (1d757c6)

Bug Fixes

• documentai: Bump x/net to v0.24.0 (ba31ed5)

Commits

• 664da02 chore: librarian release pull request: 20260326T071503Z (#14266)
• 0b388a0 chore: create empty README.md (#14263)
• 8d67792 feat(bigquery): add tracing telemetry to Table and Routine operations (#14216)
• 54f46f7 chore: format repo metadata (#14262)
• 9b18aaf chore: format snippet metadata (#14261)
• d5a18a4 feat(firestore): add raw execute options and move options (#14259)
• 18946f1 Fspq fix stages (#14253)
• 5bf0cf4 chore: update librarian-go image SHA (#14258)
• 009dc43 chore: update image SHA (#14256)
• 5e50d57 chore: librarian generate pull request: 20260325T071032Z (#14251)
• Additional commits viewable in compare view

Updates connectrpc.com/connect from 1.19.1 to 1.19.2

Release notes

Sourced from connectrpc.com/connect's releases.

v1.19.2

What's Changed

Governance

• Add @​timostamm as a maintainer in connectrpc/connect-go#905 🎉

Bugfixes

• Use 'deadline_exceeded' instead of 'canceled' on HTTP/2 cancelation when appropriate by @​jhump in connectrpc/connect-go#904
• Fix nil pointer deref in duplexHTTPCall under concurrent Send + CloseAndReceive by @​simonferquel in connectrpc/connect-go#919

Other changes

• Refactor memhttptest to work with Go 1.25 synctest by @​codefromthecrypt in connectrpc/connect-go#881
• Doc clarifications by @​emcfarlane (#911, #912) and @​stefanvanburen (#906)

New Contributors

• @​codefromthecrypt made their first contribution in connectrpc/connect-go#881
• @​simonferquel made their first contribution in connectrpc/connect-go#919

Full Changelog: connectrpc/connect-go@v1.19.1...v1.19.2

Commits

• 1c195ae Prepare for v1.19.2 (#920)
• 96abc6b Upgrade golangci-lint to v2 (#917)
• be72fa5 Clarify concurrent use semantics for streaming types (#911)
• 299d2e7 Fix nil pointer deref in duplexHTTPCall under concurrent Send + CloseAndRecei...
• e299aa6 Bump google.golang.org/grpc from 1.76.0 to 1.79.3 in /internal/conformance (#...
• 7b531c0 Clarify UnaryFunc response type (#912)
• 02f23a3 Fix typo in RELEASE.md (#906)
• ec6f523 Add Timo Stamm to maintainers (#905)
• 59cc697 Use 'deadline_exceeded' instead of 'canceled' on HTTP/2 cancelation when appr...
• e9aff4a Bump connectrpc.com/conformance from 1.0.4 to 1.0.5 in /internal/conformance ...
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2 from 1.41.5 to 1.41.6

Commits

• 9bc9c51 Release 2026-04-17
• 2b41455 Regenerated Clients
• 2327a1b Update endpoints model
• 9225797 Update API model
• 7b6f675 Bump smithy-go to 1.25 (again) (#3390)
• c8b6a97 Release 2026-04-16
• 4a05c2b Regenerated Clients
• 6cd4cc9 Update endpoints model
• 3153bed Update API model
• fe3cef6 Make AccountIDEndpointRouting aware of bdd endpoints (#3387)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.14 to 1.32.16

Commits

• 9bc9c51 Release 2026-04-17
• 2b41455 Regenerated Clients
• 2327a1b Update endpoints model
• 9225797 Update API model
• 7b6f675 Bump smithy-go to 1.25 (again) (#3390)
• c8b6a97 Release 2026-04-16
• 4a05c2b Regenerated Clients
• 6cd4cc9 Update endpoints model
• 3153bed Update API model
• fe3cef6 Make AccountIDEndpointRouting aware of bdd endpoints (#3387)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/kms from 1.50.4 to 1.50.5

Commits

• 61ed638 Release 2024-06-03
• 7aa6c91 Regenerated Clients
• 69b45ee Update endpoints model
• 3f8909d Update API model
• e3c589f add missing deprecation docs on global EndpointResolver interfaces (#2665)
• 4d3e8fd fix s3 expected bucket owner presigning (#2662)
• 75ab304 Release 2024-05-31
• 3e8a5ac Regenerated Clients
• 961e44f Update API model
• 5edcd29 Release 2024-05-30
• Additional commits viewable in compare view

Updates github.com/aws/smithy-go from 1.24.3 to 1.25.0

Release notes

Sourced from github.com/aws/smithy-go's releases.

v1.25.0

Release (2026-04-15)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.25.0
  • Feature: Add support for endpointBdd trait

Changelog

Sourced from github.com/aws/smithy-go's changelog.

Release (2026-04-15)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.25.0
  • Feature: Add support for endpointBdd trait

Release (2026-04-02)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.24.3
  • Bug Fix: Add additional sigv4 configuration.
• github.com/aws/smithy-go/aws-http-auth: v1.1.3
  • Bug Fix: Add additional sigv4 configuration.

Release (2026-02-27)

General Highlights

• Dependency Update: Bump minimum go version to 1.24.

Release (2026-02-20)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.24.1
  • Feature: Add new middleware functions to get event stream output from middleware

Release (2025-12-01)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.24.0
  • Feature: Improve allocation footprint of the middleware stack. This should convey a ~10% reduction in allocations per SDK request.

Release (2025-11-03)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.23.2

... (truncated)

Commits

• 73bb8a7 Release 2026-04-15
• f056c6f Changelog
• ee36afc Implement BDD generator for @​endpointBdd Smithy trait (#647)
• See full diff in compare view

Updates github.com/celestiaorg/nmt from 0.24.2 to 0.24.3

Release notes

Sourced from github.com/celestiaorg/nmt's releases.

v0.24.3

What's Changed

• chore: add CODEOWNERS with protocol team by @​rootulp in celestiaorg/nmt#314
• chore(deps): bump actions/checkout from 5 to 6 by @​dependabot[bot] in celestiaorg/nmt#311
• chore(deps): bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in celestiaorg/nmt#310
• chore: add CLAUDE.md with Hacken bug bounty PR guidelines by @​rootulp in celestiaorg/nmt#315
• ci: fix code scanning alerts by @​rootulp in celestiaorg/nmt#319
• fix: reject truncated proofs in validateCompleteness (GHSA-r9fq-g486-v8pg) by @​rootulp in celestiaorg/nmt#317

Full Changelog: celestiaorg/nmt@v0.24.2...v0.24.3

Commits

• ed1aab0 fix: reject truncated proofs in validateCompleteness (GHSA-r9fq-g486-v8pg) (#...
• 7b18923 ci: fix code scanning alerts (#319)
• d0a6f62 chore: add CLAUDE.md with Hacken bug bounty PR guidelines (#315)
• 8678385 chore(deps): bump golangci/golangci-lint-action from 8 to 9 (#310)
• 34d7314 chore(deps): bump actions/checkout from 5 to 6 (#311)
• b643cfc chore: add CODEOWNERS with protocol team (#314)
• See full diff in compare view

Updates github.com/libp2p/go-libp2p-kad-dht from 0.39.0 to 0.39.1

Release notes

Sourced from github.com/libp2p/go-libp2p-kad-dht's releases.

v0.39.1

[!NOTE] This release was brought to you by the Shipyard team.

What's Changed

• tests: fix flaky TestStartProvidingSingle by @​guillaumemichel in libp2p/go-libp2p-kad-dht#1242
• fix(provider): reduce provide log verbosity by @​lidel in libp2p/go-libp2p-kad-dht#1243
• fix: data race on AddrInfo.Addrs in queryPeer by @​lidel in libp2p/go-libp2p-kad-dht#1244

Full Changelog: libp2p/go-libp2p-kad-dht@v0.39.0...v0.39.1

Commits

• bef178c chore: release v0.39.1 (#1245)
• 248f53b fix: data race on AddrInfo.Addrs in queryPeer (#1244)
• e8f6083 fix(provider): reduce provide log verbosity (#1243)
• f9a090e tests: fix flaky TestStartProvidingSingle (#1242)
• See full diff in compare view

Updates golang.org/x/crypto from 0.49.0 to 0.50.0

Commits

• 03ca0dc go.mod: update golang.org/x dependencies
• 8400f4a ssh: respect signer's algorithm preference in pickSignatureAlgorithm
• 81c6cb3 ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength
• See full diff in compare view

Updates golang.org/x/net from 0.52.0 to 0.53.0

Commits

• a8d1fc1 go.mod: update golang.org/x dependencies
• 056ac74 quic: avoid depending on golang.org/x/sys/unix
• c85f611 http3: add http3 package for testing in std
• 805fc81 http2: add transport API tests
• e63b894 http2: support testing via net/http.Transport.RoundTrip
• 9ee1e48 http2/hpack: prevent HeaderField from escaping during encoding
• 1e71bd8 http2: prevent hanging Transport due to bad SETTINGS frame
• 7bca150 internal/http3: respect net/http Server Shutdown context when shutting down
• 44c41be internal/http3: prevent server from holding mutex when sleeping during shutdown
• 228a67a internal/http3: add CloseIdleConnections support in transport
• Additional commits viewable in compare view

Updates google.golang.org/api from 0.273.1 to 0.274.0

Release notes

Sourced from google.golang.org/api's releases.

v0.274.0

0.274.0 (2026-04-02)

Features

• all: Auto-regenerate discovery clients (#3555) (0e634ae)

Changelog

Sourced from google.golang.org/api's changelog.

0.274.0 (2026-04-02)

Features

• all: Auto-regenerate discovery clients (#3555) (0e634ae)

Commits

• 6c759a2 chore(main): release 0.274.0 (#3556)
• 0e634ae feat(all): auto-regenerate discovery clients (#3555)
• 0f75259 chore: embargo aiplatform:v1beta1 temporarily (#3554)
• See full diff in compare view

Updates github.com/evstack/ev-node from 1.0.0 to 1.1.0

Release notes

Sourced from github.com/evstack/ev-node's releases.

v1.1.0

This is a minor feature and bugfix release building on v1.0.0. It introduces AWS & GCP KMS signer backend support. Additionally several internal improvements have happened, notably publisher-mode synchronization for failover scenarios, forced inclusion namespace event subscriptions.

Upgrade from v1.0.0 is recommended for all operators for enhanced stability.

Full Changelog

For a complete list of all changes including new features, improvements, and bug fixes, see CHANGELOG.md.

Images

• ghcr.io/evstack/ev-node-evm:v1.1.0
• ghcr.io/evstack/ev-node-grpc:v1.1.0-rc.2
• ghcr.io/evstack/ev-node-testapp:v1.1.0

v1.1.0-rc.2 (2026-04-07)

ev-node v1.1.0-rc.2

⚠️ This is a draft release. Please verify its content before publishing

This is a maintenance and reliability release candidate, containing targeted: improvements to P2P stability, failover handling, and execution layer correctness.

Operators running v1.1.0-rc.1 are encouraged to upgrade.

Tested upgrade paths

• ev-node v1.0.0-rc.1 -> ev-node v1.1.0-rc.2

---

Full Changelog

For a complete list of all changes including new features, improvements, and bug fixes, see CHANGELOG.md.

Images

• ghcr.io/evstack/ev-node-evm:v1.1.0-rc.2
• ghcr.io/evstack/ev-node-grpc:v1.1.0-rc.2
• ghcr.io/evstack/ev-node-testapp:v1.1.0-rc.2

v1.1.0-rc.1 (2026-03-31)

ev-node v1.1.0-rc.1

This is a release candidate for v1.1.0, focused on new features and stability improvements. It introduces:

• AWS & GCP KMS signer backend support
• Forced inclusion namespace event subscriptions
• Several bug fixes addressing memory management, sync reliability, and DA client resilience.

Operators running v1.0.0 are encouraged to test this release candidate before the stable v1.1.0 release.

Tested upgrade paths

• ev-node v1.0.0 -> ev-node v1.1.0-rc.1

... (truncated)

Changelog

Sourced from github.com/evstack/ev-node's changelog.

v1.1.0

No changes from v1.1.0-rc.2.

v1.1.0-rc.2

Changes

• Added publisher-mode synchronization option for failover scenarios with early P2P infrastructure readiness #3222
• Improve P2P transient network failure #3212
• Improve execution/evm check for stored meta not stale #3221

v1.1.0-rc.1

Added

• Add AWS & GCP KMS signer backend #3171
• Subscribe to forced inclusion namespace events #3146
• Display block source in sync log #3193

Fixed

• Avoid evicting yet to be processed heights #3204
• Bound Badger index cache memory to prevent growth with chain length 3209
• Refetch latest da height instead of da height +1 when P2P is offline #3201
• Fix race on startup sync. #3162
• Strict raft state. #3167
• Retry fetching the timestamp on error in da-client #3166

Commits

• 6f09600 chore: correct vm ui link and include in json benchmark result (#3234)
• 536f57e build(deps): Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.87.1 to 1.99...
• d2a29e8 chore: prep rc.2 (#3231)
• d163059 fix: Publisher-mode synchronization option for failover scenario (#3222)
• 04c9cad feat(pkg/p2p): reconnect on disconnected peers (#3212)
• ff88b95 build(deps): Bump the all-go group across 4 directories with 11 updates (#3228)
• 3d5591d build(deps): Bump defu from 6.1.4 to 6.1.6 in /docs in the npm_and_yarn group...
• a8bd8b2 build(deps): Bump benchmark-action/github-action-benchmark from 1.21.0 to 1.2...
• 920f0c9 build(deps): Bump extractions/setup-just from 3 to 4 (#3227)
• 022b565 chore: Better check for stored meta not stale (#3221)
• Additional commits viewable in compare view

Updates connectrpc.com/connect from 1.19.1 to 1.19.2

Release notes

Sourced from connectrpc.com/connect's releases.

v1.19.2

What's Changed

Governance

• Add @​timostamm as a maintainer in connectrpc/connect-go#905 🎉

Bugfixes

• Use 'deadline_exceeded' instead of 'canceled' on HTTP/2 cancelation when appropriate by @​jhump in connectrpc/connect-go#904
• Fix nil pointer deref in duplexHTTPCall under concurrent Send + CloseAndReceive by @​simonferquel in connectrpc/connect-go#919

Other changes

• Refactor memhttptest to work with Go 1.25 synctest by @​codefromthecrypt in connectrpc/connect-go#881
• Doc clarifications by @​emcfarlane (#911, #912) and @​stefanvanburen (#906)

New Contributors

• @​codefromthecrypt made their first contribution in connectrpc/connect-go#881
• @​simonferquel made their first contribution in connectrpc/connect-go#919

Full Changelog: connectrpc/connect-go@v1.19.1...v1.19.2

Commits

• 1c195ae Prepare for v1.19.2 (#920)
• 96abc6b Upgrade golangci-lint to v2 (#917)
• be72fa5 Clarify concurrent use semantics for streaming types (#911)
• 299d2e7 Fix nil pointer deref in duplexHTTPCall under concurrent Send + CloseAndRecei...
• e299aa6 Bump google.golang.org/grpc from 1.76.0 to 1.79.3 in /internal/conformance (#...
• 7b531c0 Clarify UnaryFunc response type (#912)
• 02f23a3 Fix typo in RELEASE.md (#906)
• ec6f523 Add Timo Stamm to maintainers (#905)
• 59cc697 Use 'deadline_exceeded' instead of 'canceled' on HTTP/2 cancelation when appr...
• e9aff4a Bump connectrpc.com/conformance from 1.0.4 to 1.0.5 in /internal/conformance ...
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.52.0 to 0.53.0

Commits

• a8d1fc1 go.mod: update golang.org/x dependencies
• 056ac74 quic: avoid depending on golang.org/x/sys/unix
• c85f611 http3: add http3 package for testing in std
• 805fc81 http2: add transport API tests
• e63b894 http2: support testing via net/http.Transport.RoundTrip
• 9ee1e48 http2/hpack: prevent HeaderField from escaping during encoding
• 1e71bd8 http2: prevent hanging Transport due to bad SETTINGS frame
• 7bca150 internal/http3: respect net/http Server Shutdown context when shutting down
• 44c41be internal/http3: prevent server from holding mutex when sleeping during shutdown
• 228a67a internal/http3: add CloseIdleConnections support in transport
• Additional commits viewable in compare view

Updates github.com/evstack/ev-node from 1.0.0 to 1.1.0

Release notes

Sourced from github.com/evstack/ev-node's releases.

v1.1.0

This is a minor feature and bugfix release building on v1.0.0. It introduces AWS & GCP KMS signer backend support. Additionally several internal improvements have happened, notably publisher-mode synchronization for failover scenarios, forced inclusion namespace event subscriptions.

Upgrade from v1.0.0 is recommended for all operators for enhanced stability.

Full Changelog

For a complete list of all changes including new features, improvements, and bug fixes, see CHANGELOG.md.

Images

• ghcr.io/evstack/ev-node-evm:v1.1.0
• ghcr.io/evstack/ev-node-grpc:v1.1.0-rc.2
• ghcr.io/evstack/ev-node-testapp:v1.1.0

v1.1.0-rc.2 (2026-04-07)

ev-node v1.1.0-rc.2

⚠️ This is a draft release. Please verify its content before publishing

This is a maintenance and reliability release candidate, containing targeted: improvements to P2P stability, failover handling, and execution layer correctness.

Operators running v1.1.0-rc.1 are encouraged to upgrade.

Tested upgrade paths

• ev-node v1.0.0-rc.1 -> ev-node v1.1.0-rc.2

---

Full Changelog

For a complete list of all changes including new features, improvements, and bug fixes, see CHANGELOG.md.

Images

• ghcr.io/evstack/ev-node-evm:v1.1.0-rc.2
• ghcr.io/evstack/ev-node-grpc:v1.1.0-rc.2
• ghcr.io/evstack/ev-node-testapp:v1.1.0-rc.2

v1.1.0-rc.1 (2026-03-31)

ev-node v1.1.0-rc.1

This is a release candidate for v1.1.0, focused on new features and stability improvements. It introduces:

• AWS & GCP KMS signer backend support
• Forced inclusion namespace event subscriptions
• Several bug fixes addressing memory management, sync reliability, and DA client resilience.

Operators running v1.0.0 are encouraged to test this release candidate before the stable v1.1.0 release.

Tested upgrade paths

• ev-node v1.0.0 -> ev-node v1.1.0-rc.1

... (truncated)

Changelog

Sourced from github.com/evstack/ev-node's changelog.

v1.1.0

No changes from v1.1.0-rc.2.

v1.1.0-rc.2

Changes

• Added publisher-mode synchronization option for failover scenarios with early P2P infrastructure readiness #3222
• Improve P2P transient network failure #3212
• Improve execution/evm check for stored meta not stale #3221

v1.1.0-rc.1

Added

• Add AWS & GCP KMS signer backend #3171
• Subscribe to forced inclusion namespace events #3146
• Display block source in sync log #3193

Fixed

• Avoid evicting yet to be processed heights #3204
• Bound Badger index cache memory to prevent growth with chain length 3209
• Refetch latest da height instead of da height +1 when P2P is offline #3201
• Fix race on startup sync. #3162
• Strict raft state. #3167
• Retry fetching the timestamp on error in da-client #3166

Commits

• 6f09600 chore: correct vm ui link and include in json benchmark result (#3234)
• 536f57e build(deps): Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.87.1 to 1.99...
• d2a29e8 chore: prep rc.2 (#3231)
• d163059 fix: Publisher-mode synchronization option for failover scenario (#3222)
• 04c9cad feat(pkg/p2p): reconnect on disconnected peers (#3212)
• ff88b95 build(deps): Bump the all-go group across 4 directories with 11 updates (#3228)
• 3d5591d build(deps): Bump defu from 6.1.4 to 6.1.6 in /docs in the npm_and_yarn group...
• a8bd8b2 build(deps): Bump benchmark-action/github-action-benchmark from 1.21.0 to 1.2...
• 920f0c9 build(deps): Bump extractions/setup-just from 3 to 4 (#3227)
• 022b565 chore: Better check for stored meta not stale (#3221)
• Additional commits viewable in compare view

Updates github.com/celestiaorg/tastora from 0.17.0 to 0.19.0

Release notes

Sourced from github.com/celestiaorg/tastora's releases.

v0.19.0

What's Changed

• chore: migrate from Docker/Moby v28 to v29 modular Go modules by @​rootulp in celestiaorg/tastora#195

Full Changelog: celestiaorg/tastora@v0.18.0...v0.19.0

v0.18.0

What's Changed

• fix: flaky TestDockerKeyringTestSuite/TestBackend by @​rootulp in celestiaorg/tastora#192
• ci: add merge_group trigger to workflows by @​rootulp in celestiaorg/tastora#193
• chore: Update CODEOWNERS by @​rootulp in celestiaorg/tastora#190
• feat: add WithBlockWaitTimeout to ChainBuilder by @​rootulp in celestiaorg/tastora#189

Full Changelog: celestiaorg/tastora@v0.17.0...v0.18.0

Commits

• 6f9af02 chore: migrate from Docker/Moby v28 to v29 modular Go modules (#195)
• 73cff81 feat: add WithBlockWaitTimeout to ChainBuilder (#189)
• cfce4f0 chore: Update CODEOWNERS (#190)
• 08cea29 Merge pull request #193 from celestiaorg/fix/add-merge-group-trigger
• 792abd0 ci: add merge_group trigger to workflows
• f46602e Merge pull request #192 from rootulp/rootulp/fix-flaky-docker-keyring-test
• 700a7ac fix: log error when dockerKeyring initialization fails in Backend()
• 3e03c33 fix(test): wait for exec completion in DockerKeyringTestSuite setup
• See full diff in compare view

Updates github.com/evstack/ev-node/execution/evm from 1.0.0 to 1.0.1

Changelog

Sourced from github.com/evstack/ev-node/execution/evm's changelog.

Changelog

[Unreleased]

Fixed

• Raft HA production hardening: leader fencing on SIGTERM, FSM data race, follower restart crash, log compaction config, and election timeout validation #3230

Changes

• Improve P2P gossiping by switching pubsub internals from GossipSub to FloodSub #3263
• Add sequencer_blocks_synchronized_total Prometheus counter metric tracking blocks synced by source (DA/P2P) #3259
• Make it easier to override DefaultMaxBlobSize by ldflags #3235
• Add solo sequencer (simple in memory single sequencer without force inclusion) #3235
• Improve reaper to sustain txs burst better #3236

v1.1.0

No changes from v1.1.0-rc.2.

v1.1.0-rc.2

Changes

• Added publisher-mode synchronization option for failover scenarios with early P2P infrastructure readiness #3222
• Improve P2P transient network failure #3212
• Improve execution/evm check for stored meta not stale #3221

v1.1.0-rc.1

Added

• Add AWS & GCP KMS signer backend #3171
• Subscribe to forced inclusion namespace events #3146
• Display block source in sync log #3193

Fixed

• Avoid evicting yet to be processed heights #3204
• Bound Badger index cache memory to prevent growth with chain length 3209
• Refetch latest da height instead of da height +1 when P2P is offline #3201
• Fix race on startup sync. #3162
• Strict raft state. #3167

... (truncated)

Commits

• d163059 fix: Publisher-mode synchronization option for failover scenario (#3222)
• 04c9cad feat(pkg/p2p): reconnect on disconnected peers (#3212)
• ff88b95 build(deps): Bump the all-go group across 4 directories with 11 updates (#3228)
• 3d5591d build(deps): Bump defu from 6.1.4 to 6.1.6 in /docs in the npm_and_yarn group...
• a8bd8b2 build(deps): Bump benchmark-action/github-action-benchmark from 1.21.0 to 1.2...
• 920f0c9 build(deps): Bump extractions/setup-just from 3 to 4 (#3227)
• 022b565 chore: Better check for stored meta not stale (#3221)
• 4840f50 chore: mixed benchmark test (#3223)
• cc9f965 ci: optimize Go and Docker layer caching (#3213)
• 4a70e0b chore: prep app for v1.1.0-rc.1 (#3220)
• Additional commits viewable in compare view

Updates github.com/celestiaorg/tastora from 0.16.1-0.20260312082036-2ee1b0a2ac4e to 0.19.0

Release notes

Sourced from github.com/celestiaorg/tastora's releases.

v0.19.0

What's Changed

• chore: migrate from Docker/Moby v28 to v29 modular Go modules by @​rootulp in celestiaorg/tastora#195

Full Changelog: celestiaorg/tastora@v0.18.0...v0.19.0

v0.18.0

What's Changed

<...

Description has been truncated

[github-actions]

The latest Buf updates on your PR. Results from workflow CI / buf-check (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	⏩ skipped	✅ passed	✅ passed	Apr 21, 2026, 12:28 PM

[claude]

Claude finished @julienrbrt's task in 2m 4s —— View job

---

PR Review

• Gather context and read repository guidelines
• Analyze dependency updates for security and correctness
• Review go.mod changes across all directories
• Provide comprehensive review feedback

---

Summary

This is a dependabot-driven dependency bump across 5 Go modules. All changes are confined to go.mod/go.sum files — no source code was modified. The PR includes a notable security fix and several important bug fixes, and has a manually applied tastora downgrade on top of the dependabot commit.

---

Security

github.com/celestiaorg/nmt v0.24.2 → v0.24.3 — This is the most important update in this PR. It patches GHSA-r9fq-g486-v8pg, which fixes validateCompleteness to reject truncated proofs. Since ev-node uses NMT for Data Availability verification, this is a meaningful security hardening — truncated proofs could previously bypass completeness checks. The fix is present in all affected modules: root go.mod, test/docker-e2e/go.mod, and test/e2e/go.mod.

---

Notable Bug Fixes

connectrpc.com/connect v1.19.1 → v1.19.2

• Fixes a nil pointer dereference in duplexHTTPCall under concurrent Send + CloseAndReceive — directly relevant to ev-node's gRPC execution layer.
• Corrects HTTP/2 cancellation semantics (deadline_exceeded vs canceled) for better timeout propagation.

github.com/libp2p/go-libp2p-kad-dht v0.39.0 → v0.39.1

• Fixes a data race on AddrInfo.Addrs in queryPeer — worth picking up given this codebase runs with -race detection in tests.
• Reduces noisy provide log verbosity.

golang.org/x/net v0.52.0 → v0.53.0

• Prevents a hanging HTTP/2 Transport caused by bad SETTINGS frames.
• Prevents HeaderField from escaping during encoding (potential memory/correctness issue).

---

Dependency Update Notes

github.com/evstack/ev-node v1.0.0 → v1.1.0 (in execution/evm, execution/grpc, test/docker-e2e, test/e2e)
These modules reference the main ev-node package as an external dependency (typical for the multi-module layout). v1.1.0 brings publisher-mode sync, P2P reconnection improvements, and better stale-meta detection. The update looks appropriate.

github.com/aws/smithy-go v1.24.3 → v1.25.0
Minor feature release adding endpointBdd trait support. No breaking changes expected for the KMS signer use case.

Go toolchain bump: go 1.25.6 → go 1.25.7 (in execution/evm, execution/grpc, test/docker-e2e)
Standard patch-level toolchain update. Fine.

---

Tastora Downgrade — Attention Needed

The dependabot commit bumped celestiaorg/tastora to v0.19.0 in both test/docker-e2e and test/e2e, but commit ebebcd0 ("downgrade tastora" by @julienrbrt) reverted those:

Module	Dependabot target	Current state
test/docker-e2e	v0.19.0	v0.17.0
test/e2e	v0.19.0	v0.16.1-0.20260312082036-2ee1b0a2ac4e (pseudoversion)

The v0.19.0 bump would have migrated from Docker/Moby v28 to v29's modular Go module layout (introducing moby/moby/api, moby/sys/atomicwriter). The revert avoids those new transitive deps. However:

• The commit message "downgrade tastora" has no explanation.
• test/e2e is pinned to a pseudoversion, not even an official release — this is worth tracking and updating to a proper release when compatibility allows.

Minor suggestion: it would be helpful to document why tastora v0.19.0 was skipped (e.g., a comment in the go.mod or a follow-up issue) so future dependabot PRs don't repeat the same bump-and-revert cycle.

---

Overall Assessment

The PR is well-formed: all changes are mechanical dependency bumps, CI passes, coverage is stable, and the security fix in celestiaorg/nmt makes this worth merging promptly. The tastora situation is a minor process concern, not a blocker. The manual downgrade was done by a maintainer and the PR already has an approval.

Recommendation: Approve and merge. The celestiaorg/nmt security fix alone justifies prompt merging.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 62.56%. Comparing base (c753c0b) to head (b65f035).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3271      +/-   ##
==========================================
- Coverage   62.58%   62.56%   -0.03%     
==========================================
  Files         122      122              
  Lines       13020    13020              
==========================================
- Hits         8149     8146       -3     
- Misses       3986     3988       +2     
- Partials      885      886       +1     

Flag	Coverage Δ
combined	62.56% <ø> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.