Bump the all-dependencies group with 4 updates

[dependabot]

Bumps the all-dependencies group with 4 updates: github.com/mattn/go-sqlite3, github.com/oschwald/geoip2-golang, go.sia.tech/core and go.sia.tech/coreutils.

Updates github.com/mattn/go-sqlite3 from 1.14.28 to 1.14.30

Commits

• e63a0c3 fix test
• a9775d4 return error
• c857a95 drop call of AuthEnabled()
• eb86f08 check authEnabled
• 4372bf2 enable test for sqlite_userauth but it is dropped at least
• 69a843e fix GitHub workflow
• 4c1ac1e fix GitHub workflow
• a8be3f8 fix GitHub workflow
• 37998ab drop tests for userauth
• 5629687 update GitHub workflows
• Additional commits viewable in compare view

Updates github.com/oschwald/geoip2-golang from 1.11.0 to 1.13.0

Release notes

Sourced from github.com/oschwald/geoip2-golang's releases.

1.13.0

• Add support for GeoIP-City-Redacted-US and GeoIP-Enterprise-Redacted-US. Requested by Tom Anderson. GitHub #134.

Changelog

Sourced from github.com/oschwald/geoip2-golang's changelog.

2.0.0-beta.3 - 2025-07-07

• Add support for GeoIP-City-Redacted-US and GeoIP-Enterprise-Redacted-US. Requested by Tom Anderson. GitHub #134.
• Upgrade github.com/oschwald/maxminddb-golang/v2 to v2.0.0-beta.7.

2.0.0-beta.2 - 2025-06-28

• BREAKING CHANGE: Replaced IsZero() methods with HasData() methods on all result structs (including Names). The new methods provide clearer semantics: HasData() returns true when GeoIP data is found and false when no data is available. Unlike IsZero(), HasData() excludes Network and IPAddress fields from validation, allowing users to access network topology information even when no GeoIP data is found. The Network and IPAddress fields are now always populated for all lookups, regardless of whether GeoIP data is available.
• BREAKING CHANGE: Replaced all anonymous nested structs with named types to improve struct initialization ergonomics. All result structs (Enterprise, City, Country) now use named types like EnterpriseCityRecord, CityTraits, CountryRecord, etc. This makes it much easier to initialize structs in user code while maintaining the same JSON serialization behavior.
• BREAKING CHANGE: Changed Location.Latitude and Location.Longitude from float64 to *float64 to properly distinguish between missing coordinates and the valid location (0, 0). Missing coordinates are now represented as nil and are omitted from JSON output, while valid zero coordinates are preserved. This fixes the ambiguity where (0, 0) was incorrectly treated as "no data". Added Location.HasCoordinates() method for safe coordinate access. Reported by Nick Bruun. GitHub #5.

2.0.0-beta.1 - 2025-06-22

• BREAKING CHANGE: Updated to use maxminddb-golang/v2 which provides significant performance improvements and a more modern API.
• BREAKING CHANGE: All lookup methods now accept netip.Addr instead of net.IP. This provides better performance and aligns with modern Go networking practices.
• BREAKING CHANGE: Renamed IsoCode fields to ISOCode in all structs to follow proper capitalization for the ISO acronym. Closes GitHub issue #4.
• BREAKING CHANGE: Replaced map[string]string Names fields with structured Names type for significant performance improvements. This eliminates map allocation overhead, reducing memory usage by 34% and allocations by 56%.
• BREAKING CHANGE: Added JSON tags to all struct fields. JSON tags match the corresponding maxminddb tags where they exist. Custom fields (IPAddress and Network) use snake_case (ip_address and network).
• BREAKING CHANGE: Removed IsAnonymousProxy and IsSatelliteProvider fields from all Traits structs. These fields have been removed from MaxMind databases. Use the dedicated Anonymous IP database for anonymity detection instead.
• BREAKING CHANGE: Go 1.24 or greater is now required. This enables the use of omitzero in JSON tags to match MaxMind database behavior where empty values are not included.
• Added IsZero() method to all result structs (City, Country, Enterprise, ASN,

... (truncated)

Commits

• b651a19 Upgrade to golangci-lint v2
• 77feac3 Add support for Redacted US databases
• See full diff in compare view

Updates go.sia.tech/core from 0.14.3 to 0.16.0

Release notes

Sourced from go.sia.tech/core's releases.

0.16.0 (2025-07-28)

Breaking Changes

Add FinalCut difficulty adjustment

The v2 difficulty adjustment algorithm is buggy, leading to higher variance in observed block times. We've fixed the algorithm and confirmed that it exhibits the correct behavior in simulations.

Allow empty miner payout after FinalCut

A remnant of the old v1 types.Currency encoding persists in the Block.MinerPayouts field. In v2, only a single miner payout is allowed, so its value is fully determined by the sum of the block reward and miner fees. We can therefore omit the value entirely, eliminating a redundant source of truth. It was decided that requiring the value to be omitted was too onerous, as it would compel all miners to update. Making the omission optional allows us to enforce it as a hard requirement at some later time, after all miners have updated.

Add (State).PowTarget and deprecate v1 fields

The consensus.State type contains several redundant and unused PoW-related fields. However, since these fields were included in the Commitment hash, nodes still had to update them correctly. These fields are now zeroed after the hardfork height, so that the Commitment hash can hard-code them if desired.

Features

• Expose helper methods to compute the remaining allowance, collateral, risked collateral and risked revenue on the V2FileContract type.

Fixes

• Fixed issue with RPC validation functions not returning RPC errors.

0.15.0 (2025-07-25)

Breaking Changes

• Change Account.Token method to NewAccountToken function

Features

Added RPCRefreshPartial ID and RefreshContractPartialRollover helper

Previously, renters and hosts had to rollover all funds when refreshing a contract. With this change, renters can set their spendable allowance without forcing an increase and hosts only have to rollover their existing risked collateral and revenue. This change increases efficiency of refreshing without compromising the collateral guarantees of existing data or forcing hosts to lock additional collateral that won't be utilized.

Changelog

Sourced from go.sia.tech/core's changelog.

0.16.0 (2025-07-28)

Breaking Changes

Add FinalCut difficulty adjustment

The v2 difficulty adjustment algorithm is buggy, leading to higher variance in observed block times. We've fixed the algorithm and confirmed that it exhibits the correct behavior in simulations.

Allow empty miner payout after FinalCut

A remnant of the old v1 types.Currency encoding persists in the Block.MinerPayouts field. In v2, only a single miner payout is allowed, so its value is fully determined by the sum of the block reward and miner fees. We can therefore omit the value entirely, eliminating a redundant source of truth. It was decided that requiring the value to be omitted was too onerous, as it would compel all miners to update. Making the omission optional allows us to enforce it as a hard requirement at some later time, after all miners have updated.

Add (State).PowTarget and deprecate v1 fields

The consensus.State type contains several redundant and unused PoW-related fields. However, since these fields were included in the Commitment hash, nodes still had to update them correctly. These fields are now zeroed after the hardfork height, so that the Commitment hash can hard-code them if desired.

Features

• Expose helper methods to compute the remaining allowance, collateral, risked collateral and risked revenue on the V2FileContract type.

Fixes

• Fixed issue with RPC validation functions not returning RPC errors.

0.15.0 (2025-07-25)

Breaking Changes

• Change Account.Token method to NewAccountToken function

Features

Added RPCRefreshPartial ID and RefreshContractPartialRollover helper

Previously, renters and hosts had to rollover all funds when refreshing a contract. With this change, renters can set their spendable allowance without forcing an increase and hosts only have to rollover their existing risked collateral and revenue. This change increases efficiency of refreshing without compromising the collateral guarantees of existing data or forcing hosts to lock additional collateral that won't be utilized.

Commits

• 618d2be Merge pull request #343 from SiaFoundation/release
• afcfb86 chore: prepare release 0.16.0
• 4e6ad5b split changesets
• f621d12 Merge pull request #342 from SiaFoundation/chris/contract-helpers
• 9da887a inline
• c95222b fix RiskedHostRevenue
• f16b563 changelog
• 9940550 use helpers
• 5b24ef3 add contract helpers
• b1e0430 Merge pull request #332 from SiaFoundation/finalcut
• Additional commits viewable in compare view

Updates go.sia.tech/coreutils from 0.16.6-0.20250725192801-b7206fb99580 to 0.17.0

Release notes

Sourced from go.sia.tech/coreutils's releases.

0.17.0 (2025-07-29)

Breaking Changes

• Add method to get individual wallet event to SingleAddressWallet
• Removed unsupported testnets.
• Removed unused syncer interface from RHP4 server.

Added RPCRefreshPartialRollover

Previously, renters and hosts had to rollover all funds when refreshing a contract. With this change, renters can set their spendable allowance without forcing an increase and hosts only have to rollover their existing risked collateral and revenue. This change increases efficiency of refreshing without compromising the collateral guarantees of existing data or forcing hosts to lock additional collateral that won't be utilized.

Remove persistence for locked UTXOs

Now that the tpool is persisted, UTXOs that have been broadcast will be readded on startup. This should mean that locked UTXOs can be ephemeral again since their primary purpose is to prevent double spends during RPCs.

Removed deprecated V1 Syncer RPCs

Removed RPCSendBlocks and RPCSendBlk (made obsolete by RPCSendV2Blocks and RPCSendCheckpoint), as well as RPCRelayHeader and RPCSendTransactionSet (as no more v1 blocks or v1 transactions can be mined)

Features

• Added RPCSendHeaders to sync by block headers
• Added a check that consensus.Network is always exhaustive.
• Fix RPCError code in RPCVerifySector
• Periodically rebroadcast transactions created with SingleAddressWallet

Fixes

• Remove leftover utxo locking code from EphemeralWalletStore
• Return ErrNotAcceptingContracts in RPC form, renew, and refresh

Changelog

Sourced from go.sia.tech/coreutils's changelog.

0.17.0 (2025-07-29)

Breaking Changes

• Add method to get individual wallet event to SingleAddressWallet
• Removed unsupported testnets.
• Removed unused syncer interface from RHP4 server.

Added RPCRefreshPartialRollover

Previously, renters and hosts had to rollover all funds when refreshing a contract. With this change, renters can set their spendable allowance without forcing an increase and hosts only have to rollover their existing risked collateral and revenue. This change increases efficiency of refreshing without compromising the collateral guarantees of existing data or forcing hosts to lock additional collateral that won't be utilized.

Remove persistence for locked UTXOs

Now that the tpool is persisted, UTXOs that have been broadcast will be readded on startup. This should mean that locked UTXOs can be ephemeral again since their primary purpose is to prevent double spends during RPCs.

Removed deprecated V1 Syncer RPCs

Removed RPCSendBlocks and RPCSendBlk (made obsolete by RPCSendV2Blocks and RPCSendCheckpoint), as well as RPCRelayHeader and RPCSendTransactionSet (as no more v1 blocks or v1 transactions can be mined)

Features

• Added RPCSendHeaders to sync by block headers
• Added a check that consensus.Network is always exhaustive.
• Fix RPCError code in RPCVerifySector
• Periodically rebroadcast transactions created with SingleAddressWallet

Fixes

• Remove leftover utxo locking code from EphemeralWalletStore
• Return ErrNotAcceptingContracts in RPC form, renew, and refresh

0.16.5 (2025-07-07)

Features

• Remove RedistributeV1|2 in favour of Redistribute. Return the index so the caller can use it as the basis when broadcasting the transactions.

Fixes

• Remove faulty utxo release, it is redundant since we lock utxos as the final step.
• Use only confirmed UTXOs for contract formation and renewals.

0.16.4 (2025-07-01)

Fixes

• Fix incorrect ordering of contract expirations preventing a consensus resync from scratch

0.16.3 (2025-06-19)

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions