build(deps): Bump the all-go group across 8 directories with 7 updates

[dependabot]

Bumps the all-go group with 5 updates in the / directory:

Package	From	To
github.com/aws/aws-sdk-go-v2/service/kms	1.50.5	1.51.0
github.com/aws/smithy-go	1.25.0	1.25.1
github.com/libp2p/go-libp2p-pubsub	0.15.0	0.16.0
github.com/rs/zerolog	1.35.0	1.35.1
google.golang.org/api	0.274.0	0.276.0

Bumps the all-go group with 1 update in the /apps/evm directory: github.com/rs/zerolog.
Bumps the all-go group with 1 update in the /apps/grpc directory: github.com/rs/zerolog.
Bumps the all-go group with 1 update in the /apps/testapp directory: github.com/rs/zerolog.
Bumps the all-go group with 2 updates in the /execution/evm directory: github.com/rs/zerolog and github.com/evstack/ev-node.
Bumps the all-go group with 1 update in the /execution/grpc directory: github.com/evstack/ev-node.
Bumps the all-go group with 1 update in the /test/docker-e2e directory: github.com/celestiaorg/tastora.
Bumps the all-go group with 2 updates in the /test/e2e directory: github.com/rs/zerolog and github.com/celestiaorg/tastora.

Updates github.com/aws/aws-sdk-go-v2/service/kms from 1.50.5 to 1.51.0

Commits

• e9b00e2 Release 2024-02-22
• 0cfc53e Regenerated Clients
• 92d6c19 Update API model
• 18adb31 add middleware snapshot tests (#2513)
• 7888f0e Release 2024-02-21
• 4a9cd1d Regenerated Clients
• bebcd8c Update SDK's smithy-go dependency to v1.20.1
• 374e0b9 Update API model
• 98b0dc8 dep: drop dependency on go-cmp in protocol tests (#2506)
• de4f646 Release 2024-02-20
• Additional commits viewable in compare view

Updates github.com/aws/smithy-go from 1.25.0 to 1.25.1

Changelog

Sourced from github.com/aws/smithy-go's changelog.

Release (2026-04-23)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.25.1
  • Bug Fix: Fixed a memory leak in the LRU cache implementation used by some AWS services.

Release (2026-04-15)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.25.0
  • Feature: Add support for endpointBdd trait

Release (2026-04-02)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.24.3
  • Bug Fix: Add additional sigv4 configuration.
• github.com/aws/smithy-go/aws-http-auth: v1.1.3
  • Bug Fix: Add additional sigv4 configuration.

Release (2026-02-27)

General Highlights

• Dependency Update: Bump minimum go version to 1.24.

Release (2026-02-20)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.24.1
  • Feature: Add new middleware functions to get event stream output from middleware

Release (2025-12-01)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.24.0

... (truncated)

Commits

• e094f45 Release 2026-04-23
• 214d45b changelog
• 3477da0 fix lrucache memory leak on existing item put (#652)
• 0d0b4d0 Bump Smithy version to 1.69.0 (#650)
• be5e5ef check @​enum on strings for cbor (#649)
• 5beb80e Ensure javadoc uses utf-8 (#648)
• See full diff in compare view

Updates github.com/libp2p/go-libp2p-pubsub from 0.15.0 to 0.16.0

Release notes

Sourced from github.com/libp2p/go-libp2p-pubsub's releases.

v0.16.0

What's Changed

• Partial Messages Extension by @​MarcoPolo in libp2p/go-libp2p-pubsub#631
• rename PartialMessagesExtension for consistency by @​MarcoPolo in libp2p/go-libp2p-pubsub#656
• fix bug of not sending full messages to peers that requested partial by @​MarcoPolo in libp2p/go-libp2p-pubsub#657
• fix logic of omitting IDONTWANT to peers that support partial messages by @​MarcoPolo in libp2p/go-libp2p-pubsub#658
• fix stale comment in partialmessages by @​MarcoPolo in libp2p/go-libp2p-pubsub#659
• partialmessages: PublishPartial to peers in group state as well by @​MarcoPolo in libp2p/go-libp2p-pubsub#660
• optimize parts metadata msgs by @​MarcoPolo in libp2p/go-libp2p-pubsub#661
• partialmsgs: Add explicit eager push method by @​MarcoPolo in libp2p/go-libp2p-pubsub#662
• partialmsgs: Implement Partial Message gossip by @​MarcoPolo in libp2p/go-libp2p-pubsub#663
• Add Rpc.From() by @​MarcoPolo in libp2p/go-libp2p-pubsub#666
• Refactor parts metadata by @​MarcoPolo in libp2p/go-libp2p-pubsub#669
• Add threadsafe dynamic direct peer handling to GossipSub by @​cortze in libp2p/go-libp2p-pubsub#673
• Simplify partial messages by @​MarcoPolo in libp2p/go-libp2p-pubsub#671
• feat: FanoutOnly topic option by @​Wondertan in libp2p/go-libp2p-pubsub#676
• partialmsgs: Change Gossip Callback to have application call PublishPartial by @​MarcoPolo in libp2p/go-libp2p-pubsub#683
• partialmsgs: PeerRequestsPartial means PeerRequestsPartial by @​MarcoPolo in libp2p/go-libp2p-pubsub#685
• partialmsgs: remove unused struct by @​MarcoPolo in libp2p/go-libp2p-pubsub#684
• feat: add WithMessageFilter option to filter messages early in the notification pipeline by @​laciferin2024 in libp2p/go-libp2p-pubsub#678
• log on error when handling rpc in extensions by @​MarcoPolo in libp2p/go-libp2p-pubsub#668
• partialmessages: init fanout if empty by @​sukunrt in libp2p/go-libp2p-pubsub#690
• Fix leak around different lifecycles of inbound vs outbound streams. by @​MarcoPolo in libp2p/go-libp2p-pubsub#691
• rename {Add/Remove}Peer to On{New/Closed}OutboundStream by @​MarcoPolo in libp2p/go-libp2p-pubsub#692
• fix: properly log topic string by @​MarcoPolo in libp2p/go-libp2p-pubsub#694
• Release v0.16.0 by @​MarcoPolo in libp2p/go-libp2p-pubsub#693

New Contributors

• @​laciferin2024 made their first contribution in libp2p/go-libp2p-pubsub#678

Full Changelog: libp2p/go-libp2p-pubsub@v0.15.0...v0.16.0

Commits

• b14732c Release v0.16.0 (#693)
• 919bc3d fix: properly log topic string (#694)
• 5cde33c rename {Add/Remove}Peer to On{New/Closed}OutboundStream
• d8037f3 Fix leaked state with OnNewIncomingStream/onClosedIncomingStream
• d72f75f test: Add failing test demonstrating leak
• 7d62a30 partialmessages: init fanout if empty (#690)
• 12372d9 log on error when handling rpc in extensions (#668)
• a2ec129 feat: add WithMessageFilter option to filter messages early in the notificati...
• 0c36d10 partialmsgs: remove unused struct
• c945e5d partialmsgs: PeerRequestsPartial means PeerRequestsPartial
• Additional commits viewable in compare view

Updates github.com/rs/zerolog from 1.35.0 to 1.35.1

Commits

• 116c806 event: restore Err() logging when ErrorStackMarshaler returns nil (#763)
• See full diff in compare view

Updates google.golang.org/api from 0.274.0 to 0.276.0

Release notes

Sourced from google.golang.org/api's releases.

v0.276.0

0.276.0 (2026-04-14)

Features

• all: Auto-regenerate discovery clients (#3561) (dd3f1bb)
• all: Auto-regenerate discovery clients (#3565) (7c11b5a)
• all: Auto-regenerate discovery clients (#3566) (54188cf)

v0.275.0

0.275.0 (2026-04-07)

Features

• all: Auto-regenerate discovery clients (#3557) (2b2ef99)
• all: Auto-regenerate discovery clients (#3560) (9437d4d)

Changelog

Sourced from google.golang.org/api's changelog.

0.276.0 (2026-04-14)

Features

• all: Auto-regenerate discovery clients (#3561) (dd3f1bb)
• all: Auto-regenerate discovery clients (#3565) (7c11b5a)
• all: Auto-regenerate discovery clients (#3566) (54188cf)

0.275.0 (2026-04-07)

Features

• all: Auto-regenerate discovery clients (#3557) (2b2ef99)
• all: Auto-regenerate discovery clients (#3560) (9437d4d)

Commits

• 006c411 chore(main): release 0.276.0 (#3562)
• 54188cf feat(all): auto-regenerate discovery clients (#3566)
• 7c11b5a feat(all): auto-regenerate discovery clients (#3565)
• 2450322 chore: embargo discoveryengine:v1 from generation (#3564)
• 0c9c60f chore: embargo discoveryengine:v1alpha from generation (#3563)
• dd3f1bb feat(all): auto-regenerate discovery clients (#3561)
• d43aa15 chore(main): release 0.275.0 (#3558)
• 9437d4d feat(all): auto-regenerate discovery clients (#3560)
• 0a62c64 chore(all): update cloud.google.com/go/auth to v0.20.0 (#3559)
• 2b2ef99 feat(all): auto-regenerate discovery clients (#3557)
• See full diff in compare view

Updates github.com/rs/zerolog from 1.35.0 to 1.35.1

Commits

• 116c806 event: restore Err() logging when ErrorStackMarshaler returns nil (#763)
• See full diff in compare view

Updates github.com/rs/zerolog from 1.35.0 to 1.35.1

Commits

• 116c806 event: restore Err() logging when ErrorStackMarshaler returns nil (#763)
• See full diff in compare view

Updates github.com/rs/zerolog from 1.35.0 to 1.35.1

Commits

• 116c806 event: restore Err() logging when ErrorStackMarshaler returns nil (#763)
• See full diff in compare view

Updates github.com/rs/zerolog from 1.35.0 to 1.35.1

Commits

• 116c806 event: restore Err() logging when ErrorStackMarshaler returns nil (#763)
• See full diff in compare view

Updates github.com/evstack/ev-node from 1.1.0 to 1.1.1

Release notes

Sourced from github.com/evstack/ev-node's releases.

v1.1.1

This is a patch release focused on P2P reliability, bug fixes, and incremental improvements. Upgrading is recommended for all operators, particularly those experiencing P2P connectivity issues requiring node restarts.

Full Changelog

For a complete list of all changes including new features, improvements, and bug fixes, see CHANGELOG.md.

Images

• ghcr.io/evstack/ev-node-evm:v1.1.1
• ghcr.io/evstack/ev-node-grpc:v1.1.1
• ghcr.io/evstack/ev-node-testapp:v1.1.1

Changelog

Sourced from github.com/evstack/ev-node's changelog.

v1.1.1

Changes

• Improve P2P gossiping by switching pubsub internals from GossipSub to FloodSub #3263
• Add sequencer_blocks_synchronized_total Prometheus counter metric tracking blocks synced by source (DA/P2P) #3259
• Make it easier to override DefaultMaxBlobSize by ldflags #3235
• Add solo sequencer (simple in memory single sequencer without force inclusion) #3235
• Improve reaper to sustain txs burst better #3236

Fixed

• Replace persistent P2P connection gater with a no-op variant so stale blocklist entries can no longer prevent peers from connecting after a restart. The new p2p.disable_connection_gater flag (default true) can be set to false to re-enable peer filtering when experiencing P2P flooding #3273
• Raft HA production hardening: leader fencing on SIGTERM, FSM data race, follower restart crash, log compaction config, and election timeout validation #3230

Commits

• 36a7f15 chore: prep v1.1.1 (#3274)
• a0bc9d1 fix(pkg/p2p): replace persistent gater with no-op gater (#3273)
• cd76eab build(deps): Bump rustls-webpki from 0.103.10 to 0.103.13 in the cargo group ...
• c1d4996 build(deps): Bump the all-go group across 5 directories with 14 updates (#3271)
• c753c0b fix(rpc): derive /raft/node leadership from raft leader ID (#3266)
• 83edf6d refactor: modernize sync/atomic usage with typed atomic apis (#3269)
• 2eb15bd test: remove racy node startup from execution test (#3264)
• d9046e6 fix: raft HA production hardening — leader fencing, log compaction, election ...
• 4c7323f refactor(pkg/p2p): swap GossipSub by FloodSub (#3263)
• 77b39d4 build(deps): Bump dompurify from 3.3.2 to 3.4.0 in /docs in the npm_and_yarn ...
• Additional commits viewable in compare view

Updates github.com/evstack/ev-node from 1.1.0 to 1.1.1

Release notes

Sourced from github.com/evstack/ev-node's releases.

v1.1.1

This is a patch release focused on P2P reliability, bug fixes, and incremental improvements. Upgrading is recommended for all operators, particularly those experiencing P2P connectivity issues requiring node restarts.

Full Changelog

For a complete list of all changes including new features, improvements, and bug fixes, see CHANGELOG.md.

Images

• ghcr.io/evstack/ev-node-evm:v1.1.1
• ghcr.io/evstack/ev-node-grpc:v1.1.1
• ghcr.io/evstack/ev-node-testapp:v1.1.1

Changelog

Sourced from github.com/evstack/ev-node's changelog.

v1.1.1

Changes

• Improve P2P gossiping by switching pubsub internals from GossipSub to FloodSub #3263
• Add sequencer_blocks_synchronized_total Prometheus counter metric tracking blocks synced by source (DA/P2P) #3259
• Make it easier to override DefaultMaxBlobSize by ldflags #3235
• Add solo sequencer (simple in memory single sequencer without force inclusion) #3235
• Improve reaper to sustain txs burst better #3236

Fixed

• Replace persistent P2P connection gater with a no-op variant so stale blocklist entries can no longer prevent peers from connecting after a restart. The new p2p.disable_connection_gater flag (default true) can be set to false to re-enable peer filtering when experiencing P2P flooding #3273
• Raft HA production hardening: leader fencing on SIGTERM, FSM data race, follower restart crash, log compaction config, and election timeout validation #3230

Commits

• 36a7f15 chore: prep v1.1.1 (#3274)
• a0bc9d1 fix(pkg/p2p): replace persistent gater with no-op gater (#3273)
• cd76eab build(deps): Bump rustls-webpki from 0.103.10 to 0.103.13 in the cargo group ...
• c1d4996 build(deps): Bump the all-go group across 5 directories with 14 updates (#3271)
• c753c0b fix(rpc): derive /raft/node leadership from raft leader ID (#3266)
• 83edf6d refactor: modernize sync/atomic usage with typed atomic apis (#3269)
• 2eb15bd test: remove racy node startup from execution test (#3264)
• d9046e6 fix: raft HA production hardening — leader fencing, log compaction, election ...
• 4c7323f refactor(pkg/p2p): swap GossipSub by FloodSub (#3263)
• 77b39d4 build(deps): Bump dompurify from 3.3.2 to 3.4.0 in /docs in the npm_and_yarn ...
• Additional commits viewable in compare view

Updates github.com/celestiaorg/tastora from 0.17.0 to 0.19.0

Release notes

Sourced from github.com/celestiaorg/tastora's releases.

v0.19.0

What's Changed

• chore: migrate from Docker/Moby v28 to v29 modular Go modules by @​rootulp in celestiaorg/tastora#195

Full Changelog: celestiaorg/tastora@v0.18.0...v0.19.0

v0.18.0

What's Changed

• fix: flaky TestDockerKeyringTestSuite/TestBackend by @​rootulp in celestiaorg/tastora#192
• ci: add merge_group trigger to workflows by @​rootulp in celestiaorg/tastora#193
• chore: Update CODEOWNERS by @​rootulp in celestiaorg/tastora#190
• feat: add WithBlockWaitTimeout to ChainBuilder by @​rootulp in celestiaorg/tastora#189

Full Changelog: celestiaorg/tastora@v0.17.0...v0.18.0

Commits

• 6f9af02 chore: migrate from Docker/Moby v28 to v29 modular Go modules (#195)
• 73cff81 feat: add WithBlockWaitTimeout to ChainBuilder (#189)
• cfce4f0 chore: Update CODEOWNERS (#190)
• 08cea29 Merge pull request #193 from celestiaorg/fix/add-merge-group-trigger
• 792abd0 ci: add merge_group trigger to workflows
• f46602e Merge pull request #192 from rootulp/rootulp/fix-flaky-docker-keyring-test
• 700a7ac fix: log error when dockerKeyring initialization fails in Backend()
• 3e03c33 fix(test): wait for exec completion in DockerKeyringTestSuite setup
• See full diff in compare view

Updates github.com/rs/zerolog from 1.35.0 to 1.35.1

Commits

• 116c806 event: restore Err() logging when ErrorStackMarshaler returns nil (#763)
• See full diff in compare view

Updates github.com/celestiaorg/tastora from 0.16.1-0.20260312082036-2ee1b0a2ac4e to 0.19.0

Release notes

Sourced from github.com/celestiaorg/tastora's releases.

v0.19.0

What's Changed

• chore: migrate from Docker/Moby v28 to v29 modular Go modules by @​rootulp in celestiaorg/tastora#195

Full Changelog: celestiaorg/tastora@v0.18.0...v0.19.0

v0.18.0

What's Changed

• fix: flaky TestDockerKeyringTestSuite/TestBackend by @​rootulp in celestiaorg/tastora#192
• ci: add merge_group trigger to workflows by @​rootulp in celestiaorg/tastora#193
• chore: Update CODEOWNERS by @​rootulp in celestiaorg/tastora#190
• feat: add WithBlockWaitTimeout to ChainBuilder by @​rootulp in celestiaorg/tastora#189

Full Changelog: celestiaorg/tastora@v0.17.0...v0.18.0

Commits

• 6f9af02 chore: migrate from Docker/Moby v28 to v29 modular Go modules (#195)
• 73cff81 feat: add WithBlockWaitTimeout to ChainBuilder (#189)
• cfce4f0 chore: Update CODEOWNERS (#190)
• 08cea29 Merge pull request #193 from celestiaorg/fix/add-merge-group-trigger
• 792abd0 ci: add merge_group trigger to workflows
• f46602e Merge pull request #192 from rootulp/rootulp/fix-flaky-docker-keyring-test
• 700a7ac fix: log error when dockerKeyring initialization fails in Backend()
• 3e03c33 fix(test): wait for exec completion in DockerKeyringTestSuite setup
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

The latest Buf updates on your PR. Results from workflow CI / buf-check (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	⏩ skipped	✅ passed	✅ passed	Apr 28, 2026, 7:01 AM

[claude]

Claude finished @julienrbrt's task in 3m 34s —— View job

---

Code Review

• Gather context and read relevant files
• Analyze dependency updates for breaking changes and security implications
• Review go.mod/go.sum changes for consistency
• Provide final review summary

---

Summary

This is a routine dependabot dependency bump across 8 Go modules. All changes are go.mod/go.sum updates only — no production code was modified. The PR is safe to merge. A few observations below.

---

Notable Updates

github.com/libp2p/go-libp2p-pubsub 0.15.0 → 0.16.0 (root go.mod)

This is the most substantive change. v0.16.0 introduces a Partial Messages Extension and renames internal GossipSub extension methods ({Add/Remove}Peer → On{New/Closed}OutboundStream). However, this rename only affects the extension interface, not the FloodSub path. The codebase already migrated from GossipSub to FloodSub (a change in ev-node v1.1.1 itself), and the pubsub API surface used here — pubsub.NewFloodSub, pubsub.PubSub, pubsub.PubOpt, pubsub.ValidationError, pubsub.DefaultMsgIdFn — is unaffected. No code changes are required.

github.com/aws/smithy-go 1.25.0 → 1.25.1

Bug fix: memory leak in the LRU cache used by AWS services. Positive security/stability improvement.

github.com/rs/zerolog 1.35.0 → 1.35.1 (all 6 affected modules)

Bug fix: restores Err() logging when ErrorStackMarshaler returns nil. This project uses zerolog as its structured logger throughout, so the fix is relevant and worthwhile.

github.com/evstack/ev-node 1.1.0 → 1.1.1 (downstream modules only: execution/evm, execution/grpc, test/docker-e2e, test/e2e)

Picks up the P2P gater fix and Raft HA hardening from the patch release. Appropriate for downstream consumers.

OpenTelemetry instrumentation (otelgrpc 0.61.0 → 0.67.0, otelhttp 0.65.0 → 0.67.0)

Indirect dependencies pulled in transitively. The version jumps are larger than typical but these are indirect; no action needed.

---

Minor Observations

PR description discrepancy: The PR body states that github.com/celestiaorg/tastora was bumped in both test/docker-e2e and test/e2e. Reviewing the actual diffs, tastora was not changed in either module — it remains at v0.17.0 and v0.16.1-0.20260312082036-2ee1b0a2ac4e respectively. This is a dependabot description artifact and does not affect correctness.

Tastora version inconsistency (pre-existing, not introduced here): test/e2e/go.mod pins tastora at a pre-release pseudo-version (v0.16.1-0.20260312082036-2ee1b0a2ac4e) while test/docker-e2e/go.mod uses the stable v0.17.0. Since tastora is now at v0.19.0, a follow-up PR to align both test modules on the stable release would be a small hygiene improvement.

Symmetric go.sum: The +214/-214 line count in go.sum files is symmetric, confirming no extraneous or missing entries.

---

Verdict

✅ All changes are limited to dependency version bumps. No breaking API changes affect the codebase. The bug fixes in smithy-go (memory leak) and zerolog (error logging) are worthwhile. Ready to merge.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 62.47%. Comparing base (49ef5c9) to head (475a6fe).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3291      +/-   ##
==========================================
+ Coverage   62.45%   62.47%   +0.01%     
==========================================
  Files         122      122              
  Lines       13047    13047              
==========================================
+ Hits         8149     8151       +2     
+ Misses       4012     4010       -2     
  Partials      886      886              

Flag	Coverage Δ
combined	62.47% <ø> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.