build(deps): Bump attestant/vouch from 1.12.0 to 1.12.1 in /testutil/compose/static/vouch#4323
Merged
obol-bulldozer[bot] merged 1 commit intomainfrom Feb 16, 2026
Conversation
Bumps attestant/vouch from 1.12.0 to 1.12.1. --- updated-dependencies: - dependency-name: attestant/vouch dependency-version: 1.12.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
dependencies
|
KaloyanTanev
approved these changes
Feb 16, 2026
KaloyanTanev
added
the
merge when ready
obol-bulldozer
bot
deleted the
dependabot/docker/testutil/compose/static/vouch/attestant/vouch-1.12.1
branch
KaloyanTanev
pushed a commit
that referenced
this pull request
Feb 18, 2026
…compose/static/vouch (#4323) Bumps attestant/vouch from 1.12.0 to 1.12.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
KaloyanTanev
added a commit
that referenced
this pull request
Feb 18, 2026
* chore(deps): update docker/build-push-action action to v6.19.0 (#4315) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/build-push-action](https://redirect.github.com/docker/build-push-action) | action | minor | `v6.18.0` → `v6.19.0` | --- ### Release Notes <details> <summary>docker/build-push-action (docker/build-push-action)</summary> ### [`v6.19.0`](https://redirect.github.com/docker/build-push-action/releases/tag/v6.19.0) [Compare Source](https://redirect.github.com/docker/build-push-action/compare/v6.18.0...v6.19.0) - Scope default git auth token to `github.com` by [@​crazy-max](https://redirect.github.com/crazy-max) in [#​1451](https://redirect.github.com/docker/build-push-action/pull/1451) - Bump brace-expansion from 1.1.11 to 1.1.12 in [#​1396](https://redirect.github.com/docker/build-push-action/pull/1396) - Bump form-data from 2.5.1 to 2.5.5 in [#​1391](https://redirect.github.com/docker/build-push-action/pull/1391) - Bump js-yaml from 3.14.1 to 3.14.2 in [#​1429](https://redirect.github.com/docker/build-push-action/pull/1429) - Bump lodash from 4.17.21 to 4.17.23 in [#​1446](https://redirect.github.com/docker/build-push-action/pull/1446) - Bump tmp from 0.2.3 to 0.2.4 in [#​1398](https://redirect.github.com/docker/build-push-action/pull/1398) - Bump undici from 5.28.4 to 5.29.0 in [#​1397](https://redirect.github.com/docker/build-push-action/pull/1397) **Full Changelog**: <docker/build-push-action@v6.18.0...v6.19.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/ObolNetwork/charon). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Ny4wIiwidXBkYXRlZEluVmVyIjoiNDIuOTcuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> * build(deps): Bump golang from 1.25.7-alpine to 1.26.0-alpine in /testutil/promrated (#4318) Bumps golang from 1.25.7-alpine to 1.26.0-alpine. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> * chore(deps): update github/codeql-action action to v4.32.3 (#4320) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | `v4.32.2` → `v4.32.3` | --- ### Release Notes <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v4.32.3`](https://redirect.github.com/github/codeql-action/releases/tag/v4.32.3) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v4.32.2...v4.32.3) - Added experimental support for testing connections to [private package registries](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries). This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. [#​3466](https://redirect.github.com/github/codeql-action/pull/3466) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/ObolNetwork/charon). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44LjUiLCJ1cGRhdGVkSW5WZXIiOiI0My44LjUiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=--> * build(deps): Bump chainsafe/lodestar from v1.39.1 to v1.40.0 in /testutil/compose/static/lodestar (#4317) Bumps chainsafe/lodestar from v1.39.1 to v1.40.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> * chore(deps): update docker/build-push-action action to v6.19.2 (#4319) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/build-push-action](https://redirect.github.com/docker/build-push-action) | action | patch | `v6.19.0` → `v6.19.2` | --- ### Release Notes <details> <summary>docker/build-push-action (docker/build-push-action)</summary> ### [`v6.19.2`](https://redirect.github.com/docker/build-push-action/compare/v6.19.1...v6.19.2) [Compare Source](https://redirect.github.com/docker/build-push-action/compare/v6.19.1...v6.19.2) ### [`v6.19.1`](https://redirect.github.com/docker/build-push-action/compare/v6.19.0...v6.19.1) [Compare Source](https://redirect.github.com/docker/build-push-action/compare/v6.19.0...v6.19.1) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/ObolNetwork/charon). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Ny4wIiwidXBkYXRlZEluVmVyIjoiNDIuOTcuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> * build(deps): Bump github.com/pion/dtls/v3 from 3.0.6 to 3.1.1 in the go_modules group across 1 directory (#4321) Bumps the go_modules group with 1 update in the / directory: [github.com/pion/dtls/v3](https://github.com/pion/dtls). Updates `github.com/pion/dtls/v3` from 3.0.6 to 3.1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pion/dtls/releases">github.com/pion/dtls/v3's releases</a>.</em></p> <blockquote> <h2>v3.1.1</h2> <h2>Changelog</h2> <ul> <li>fa21c26d6a87d05d6b967ffaa43e58491682120d Retract v3.1.0</li> <li>dc45e23f50fc687947b665ff2b86caed830d91f0 Fix OpenSSL Interop for RSA SignatureHashAlgos</li> </ul> <h2>v3.1.0</h2> <p>Options patterns, Security fix and performance improvements.</p> <h2>Changelog</h2> <ul> <li>61762dee8217991882c5eb79856b9e7a73ee349f Use sequence number for nonce in GCM ciphers (<a href="https://redirect.github.com/pion/dtls/issues/796">#796</a>)</li> <li>46ee7c34b3f145288c8dcafd602da5a1da1a6f82 Refactor Common AEAD Code in Ciphersuite Package (<a href="https://redirect.github.com/pion/dtls/issues/789">#789</a>)</li> <li>10bd10a491cd7df04c77dc0119df7a50761d5b8f Prefer server srtp protection profiles ordering</li> <li>93c26776d1a7eeb9175b99c83e400ae44af7782f Fix rare flaky test</li> <li>d46d2a7626a2623250e73d737eb6f3a98b200694 Fix Bug in signature_algorithms_cert Handling (<a href="https://redirect.github.com/pion/dtls/issues/791">#791</a>)</li> <li>acad848193f1cbefbc8d44964f7f09712943b2c3 DTLS 1.3 signature_algorithms_cert Extension (<a href="https://redirect.github.com/pion/dtls/issues/788">#788</a>)</li> <li>0a5b31170d06ff4ca783d5dee861f06006ac2a18 Introduce options patterns</li> <li>9495bef1367503d0b2dc44fd3a358fe30bf948ea DTLS 1.3 RSA-PSS Signature Scheme Support (<a href="https://redirect.github.com/pion/dtls/issues/778">#778</a>)</li> <li>f1c63e9eb2918e4ffb424e025ddc9e34c6e2526d Refactor error types for 1.3 extensions (<a href="https://redirect.github.com/pion/dtls/issues/787">#787</a>)</li> <li>bed33fe14d7c3c8826a5abe1727d76d180357023 Add PreSharedKey extensions for DTLS 1.3 (<a href="https://redirect.github.com/pion/dtls/issues/773">#773</a>)</li> <li>01f7ba5fd42a22633c6459e3f0c71ed17eea4b3d Update CI configs to v0.11.37</li> <li>5b824b03ce1e91a52fe84243cd6afceb063dfd70 CCM Encrypt Speed + Memory Mgmt Improvements (<a href="https://redirect.github.com/pion/dtls/issues/784">#784</a>)</li> <li>100a3aaf71a4d36a48a72997d723fb22abfcba7e GCM Speed + Memory Mgmt Improvements (<a href="https://redirect.github.com/pion/dtls/issues/783">#783</a>)</li> <li>199a75385e95c9272f916368279312524fdbc82f Add Ciphersuite Benchmark Tests (<a href="https://redirect.github.com/pion/dtls/issues/781">#781</a>)</li> <li>6b2fbf107d632def6eebd0708c3131082dbd5540 Fix Race Condition in TestListenerCustomConnIDs (<a href="https://redirect.github.com/pion/dtls/issues/782">#782</a>)</li> <li>8ea3afcf5ac731635569174ef594b14b5694b1ec Fix intermittent unit test failures (<a href="https://redirect.github.com/pion/dtls/issues/780">#780</a>)</li> <li>c6db81b140b648a66a551d0d836fd3ee256814f4 Update README</li> <li>44160f0f4f2676a332e7fcbe9ed62ffe1cef3cc9 DTLS 1.3 CertificateRequest + Certificate Messages (<a href="https://redirect.github.com/pion/dtls/issues/774">#774</a>)</li> <li>91214624d12c49031af056799189acc3e072e750 Add Cookie extension for DTLS 1.3 (<a href="https://redirect.github.com/pion/dtls/issues/770">#770</a>)</li> </ul> <h2>v3.0.11</h2> <p><a href="https://github.com/pion/dtls/commit/90e241cfec2985715efdd3d005972847462a67d6">Backport security fix for</a> <a href="https://github.com/advisories/GHSA-9f3f-wv7r-qc8r">https://github.com/advisories/GHSA-9f3f-wv7r-qc8r</a> (CVE-2026-26014)</p> <p>This is the only release with the security fix for Go v1.21.</p> <h2>v3.0.10</h2> <h2>Changelog</h2> <ul> <li>713910a964f7026715069716e245483f51e74eaf Upgrade to pion/transport/v4</li> <li>e0d31600d0a99bdde26c549fdbf0668f863f05bd Add the key share extension (<a href="https://redirect.github.com/pion/dtls/issues/749">#749</a>)</li> <li>7a57e2689ed88d7e1a8357ce1aa9c87bdec38636 Update CI configs to v0.11.36</li> <li>08d8c3e0ba82aa8a550abec1f3abb6852cddc597 Fix gosec slice bounds warnings (<a href="https://redirect.github.com/pion/dtls/issues/764">#764</a>)</li> <li>7b9612e8c727eee1de08e5b895e12fae61301212 Handshake fragments assembly refactoring (<a href="https://redirect.github.com/pion/dtls/issues/762">#762</a>)</li> </ul> <h2>v3.0.9</h2> <h2>Changelog</h2> <ul> <li>ab5f89bfbc2b5de63f72069b763335073726000c Implement TLS_EMPTY_RENEGOTIATION_INFO_SCSV</li> <li>d5761acdb281969ec0b7e2d3a7f1848a1618a84f Prevent negative intervals</li> </ul> <h2>v3.0.8</h2> <h2>Changelog</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pion/dtls/commit/fa21c26d6a87d05d6b967ffaa43e58491682120d"><code>fa21c26</code></a> Retract v3.1.0</li> <li><a href="https://github.com/pion/dtls/commit/dc45e23f50fc687947b665ff2b86caed830d91f0"><code>dc45e23</code></a> Fix OpenSSL Interop for RSA SignatureHashAlgos</li> <li><a href="https://github.com/pion/dtls/commit/61762dee8217991882c5eb79856b9e7a73ee349f"><code>61762de</code></a> Use sequence number for nonce in GCM ciphers (<a href="https://redirect.github.com/pion/dtls/issues/796">#796</a>)</li> <li><a href="https://github.com/pion/dtls/commit/46ee7c34b3f145288c8dcafd602da5a1da1a6f82"><code>46ee7c3</code></a> Refactor Common AEAD Code in Ciphersuite Package (<a href="https://redirect.github.com/pion/dtls/issues/789">#789</a>)</li> <li><a href="https://github.com/pion/dtls/commit/10bd10a491cd7df04c77dc0119df7a50761d5b8f"><code>10bd10a</code></a> Prefer server srtp protection profiles ordering</li> <li><a href="https://github.com/pion/dtls/commit/93c26776d1a7eeb9175b99c83e400ae44af7782f"><code>93c2677</code></a> Fix rare flaky test</li> <li><a href="https://github.com/pion/dtls/commit/d46d2a7626a2623250e73d737eb6f3a98b200694"><code>d46d2a7</code></a> Fix Bug in signature_algorithms_cert Handling (<a href="https://redirect.github.com/pion/dtls/issues/791">#791</a>)</li> <li><a href="https://github.com/pion/dtls/commit/acad848193f1cbefbc8d44964f7f09712943b2c3"><code>acad848</code></a> DTLS 1.3 signature_algorithms_cert Extension (<a href="https://redirect.github.com/pion/dtls/issues/788">#788</a>)</li> <li><a href="https://github.com/pion/dtls/commit/0a5b31170d06ff4ca783d5dee861f06006ac2a18"><code>0a5b311</code></a> Introduce options patterns</li> <li><a href="https://github.com/pion/dtls/commit/9495bef1367503d0b2dc44fd3a358fe30bf948ea"><code>9495bef</code></a> DTLS 1.3 RSA-PSS Signature Scheme Support (<a href="https://redirect.github.com/pion/dtls/issues/778">#778</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pion/dtls/compare/v3.0.6...v3.1.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ObolNetwork/charon/network/alerts). </details> * build(deps): Bump golang from 1.25.7-bookworm to 1.26.0-bookworm (#4316) Bumps golang from 1.25.7-bookworm to 1.26.0-bookworm. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> * core: 0-based index for parsig metric (#4322) The metric was reporting a 1-based indices, however, everywhere in grafana we have them as 0-based. category: bug ticket: none * build(deps): Bump attestant/vouch from 1.12.0 to 1.12.1 in /testutil/compose/static/vouch (#4323) Bumps attestant/vouch from 1.12.0 to 1.12.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> * build(deps): Bump github.com/ethereum/go-ethereum from 1.16.8 to 1.17.0 (#4325) Bumps [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum) from 1.16.8 to 1.17.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ethereum/go-ethereum/releases">github.com/ethereum/go-ethereum's releases</a>.</em></p> <blockquote> <h2>Eezo-Inlaid Circuitry (v1.17.0)</h2> <!-- raw HTML omitted --> <p>This is a feature release, with all accumulated development from the last 3 months. See below for the highlights.</p> <p>Note that this release contains multiple critical security fixes, as well as many bug fixes, and is recommended for all users. However, if you are cautious about upgrades, you can also install v1.16.9 which has just the critical security fixes. Specifically, this release fixes <a href="https://github.com/ethereum/go-ethereum/security/advisories/GHSA-689v-6xwf-5jf3">CVE-2026-26313</a>, <a href="https://github.com/ethereum/go-ethereum/security/advisories/GHSA-2gjw-fg97-vg3r">CVE-2026-26314</a>, <a href="https://github.com/ethereum/go-ethereum/security/advisories/GHSA-m6j8-rg6r-7mv8">CVE-2026-26315</a>.</p> <p>We recommend recreating your p2p node key after installing this update, which you can do by removing the <code>DATADIR/geth/nodekey</code> file before restarting geth. Note this will cause a change in the p2p node ID, which may break static peering setups.</p> <h2>Highlights</h2> <h3>Path-based Archive Node with Proofs</h3> <p>The path-based archive node can now serve proofs (via <code>eth_getProof</code>) for the state of older blocks.</p> <p>You can configure the block range that supports proving independently from other archive state availability. Specifically, you can use the <code>--history.trienode</code> command-line flag to set the amount of blocks for which tree nodes will be tracked.</p> <p>This feature is disabled by default. Note that state history cannot easily be recovered once deleted, as it can only be generated by processing blocks. However, you can enable trienode history (and/or state history) at any time to turn a full node into a partial archive node, keeping state from that point in time onwards.</p> <p><a href="https://redirect.github.com/ethereum/go-ethereum/issues/32727">#32727</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/32621">#32621</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33551">#33551</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/32981">#32981</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33399">#33399</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/32913">#32913</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33303">#33303</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33584">#33584</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33329">#33329</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33681">#33681</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33103">#33103</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33098">#33098</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33515">#33515</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/32247">#32247</a></p> <h3>EraE History Support</h3> <p>Geth now suports the <a href="https://redirect.github.com/eth-clients/e2store-format-specs/pull/16">EraE</a> file format, an archival format for post-merge chain history.</p> <p><a href="https://redirect.github.com/ethereum/go-ethereum/issues/32157">#32157</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33827">#33827</a></p> <h3>OpenTelemetry Tracing</h3> <p>OpenTelemetry tracing is now supported by the RPC server, including support for distributed tracing. We have also added some tracing spans for block processing via the engine API, i.e. <code>engine_newPayload</code>.</p> <p><a href="https://redirect.github.com/ethereum/go-ethereum/issues/33599">#33599</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33452">#33452</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33780">#33780</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33521">#33521</a></p> <h2>All Changes</h2> <h3>Geth CLI</h3> <ul> <li>The <code>geth version-check</code> subcommand has been removed. This command checked the geth website for signed vulnerability notices, and would tell if updates are necessary (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/33498">#33498</a>)</li> <li>There is now a <code>--miner.maxblobs</code> command-line flag to set a limit on blobs included in built blocks (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/33129">#33129</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33302">#33302</a>)</li> <li>Geth now supports continuous profiling with Grafana Pyroscope (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/33623">#33623</a>)</li> <li>A rare bug that could halt block production in <code>geth --dev</code> mode was fixed (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/33146">#33146</a>)</li> <li>A new <code>--rpc.rangelimit</code> flag configures the maximum block range for <code>eth_getLogs</code> (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/33163">#33163</a>)</li> <li><code>geth --exitwhensynced</code> will now set the <code>finalized</code> and <code>safe</code> block (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/33038">#33038</a>)</li> <li><code>geth --ethstats</code> now reports the newPayload processing time to the stats server (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/33395">#33395</a>)</li> <li>A lot of minor issues in Geth's command-line flag processing have been fixed (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/33379">#33379</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33338">#33338</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33330">#33330</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/32999">#32999</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33279">#33279</a>, <a href="https://redirect.github.com/ethereum/go-ethereum/issues/33252">#33252</a>)</li> <li>The <code>evm blocktest</code> command can now read filenames from stdin when no path is provided (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/32824">#32824</a>)</li> </ul> <h3>Fork Implementation</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ethereum/go-ethereum/commit/0cf3d3ba4f7062fd2bbf2bda10972d528974e876"><code>0cf3d3b</code></a> version: release go-ethereum v1.17.0 stable</li> <li><a href="https://github.com/ethereum/go-ethereum/commit/9b78f45e337f01e66b505c35b74415751b2a0a28"><code>9b78f45</code></a> crypto/secp256k1: fix coordinate check</li> <li><a href="https://github.com/ethereum/go-ethereum/commit/c709c19b40f4b6655d7944c3fb0c36a14c6774d6"><code>c709c19</code></a> eth/catalyst: add initial OpenTelemetry tracing for newPayload (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/33521">#33521</a>)</li> <li><a href="https://github.com/ethereum/go-ethereum/commit/550ca91b179493e5c0394ee644efed3deefb890e"><code>550ca91</code></a> consensus/misc: hardening header verification (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/33860">#33860</a>)</li> <li><a href="https://github.com/ethereum/go-ethereum/commit/a4b3898f9041fd7c77130dc17ba2b80441a998af"><code>a4b3898</code></a> internal/telemetry: don't create internal spans without parents (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/33780">#33780</a>)</li> <li><a href="https://github.com/ethereum/go-ethereum/commit/0cba803fbafb12e9daaea53b76de847842ab3055"><code>0cba803</code></a> eth/protocols/eth, eth/protocols/snap: delayed p2p message decoding (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/33835">#33835</a>)</li> <li><a href="https://github.com/ethereum/go-ethereum/commit/ad88b68a467b6b3cb9d6a8a24f0ec74e8aa77565"><code>ad88b68</code></a> internal/download: show progress bar only if server gives length (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/33842">#33842</a>)</li> <li><a href="https://github.com/ethereum/go-ethereum/commit/c50e5edfafe408d911f3cdd2191a6808dc95cb42"><code>c50e5ed</code></a> cmd/geth, internal/telemetry: wire OpenTelemetry tracing via CLI flags (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/33484">#33484</a>)</li> <li><a href="https://github.com/ethereum/go-ethereum/commit/d8b92cb9e60fc8785c84f1afb35e64c9312eb35d"><code>d8b92cb</code></a> rpc,internal/telemetry: fix deferred spanEnd to capture errors via pointer (#...</li> <li><a href="https://github.com/ethereum/go-ethereum/commit/ac85a6f25449a7b96505637e18c988b3142d47bf"><code>ac85a6f</code></a> rlp: add back Iterator.Count, with fixes (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/33841">#33841</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ethereum/go-ethereum/compare/v1.16.8...v1.17.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> * chore(deps): update dependency go to 1.26 (#4314) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [go](https://redirect.github.com/actions/go-versions) | uses-with | minor | `1.25` → `1.26` | --- ### Release Notes <details> <summary>actions/go-versions (go)</summary> ### [`v1.26.0`](https://redirect.github.com/actions/go-versions/releases/tag/1.26.0-21889650668): 1.26.0 [Compare Source](https://redirect.github.com/actions/go-versions/compare/1.25.7-21696103256...1.26.0-21889650668) Go 1.26.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/ObolNetwork/charon). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Ny4wIiwidXBkYXRlZEluVmVyIjoiNDMuOC41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> * app: fetch only the requested indices from cache (#4327) 1. Fetch only the requested validator indices from cache 2. Make a request to the BN if some of the requested indices are missing 3. Store the newly fetched indices in the cache, amending the previous epoch category: feature ticket: #4009 --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps attestant/vouch from 1.12.0 to 1.12.1.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)