build(deps): Bump the all-go group across 2 directories with 2 updates

[dependabot]

Bumps the all-go group with 1 update in the /da directory: github.com/filecoin-project/go-jsonrpc.
Bumps the all-go group with 1 update in the /test/docker-e2e directory: github.com/ethereum/go-ethereum.

Updates github.com/filecoin-project/go-jsonrpc from 0.8.0 to 0.9.0

Release notes

Sourced from github.com/filecoin-project/go-jsonrpc's releases.

v0.9.0

What's Changed

• ci: uci/update-go by @​web3-bot in filecoin-project/go-jsonrpc#137
• fix(http): always set Content-Type to application/json by @​rjan90 in filecoin-project/go-jsonrpc#139

New Contributors

• @​rjan90 made their first contribution in filecoin-project/go-jsonrpc#139

Full Changelog: filecoin-project/go-jsonrpc@v0.8.0...v0.9.0

Commits

• 8e5f77c chore: v0.9.0 bump (#140)
• cbb61bb fix(http): always set Content-Type to application/json (#139)
• bd8f54a ci: uci/update-go (#137)
• See full diff in compare view

Updates github.com/ethereum/go-ethereum from 1.16.3 to 1.16.5

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Coolant Cells (v1.16.5)

This is a maintenance release. We are issuing this release mostly to add a conversion path for blob proofs submitted via eth_sendRawTransaction. See https://blog.ethereum.org/2025/10/15/fusaka-blob-update for more information.

RPC

• eth_sendRawTransaction has an upgrade path for blob proofs after the Fusaka fork. Note this is temporary. We will remove support for blob proof conversion during the v1.17.x release cycle, please update RPC client libraries to support cell-level (v1) proofs. (#32849)
• eth_subscribe now supports a transactionReceipts subscription. There is also a wrapper in ethclient for this new subscription type. (#32697, #32869)
• eth_simulateV1 was fixed to return the block timestamp in logs, like eth_getLogs does. (#32831)
• In the abigen v2 runtime, BoundContract.Transfer will now verify that the contract has a payable fallback or receive method. (#32374)
• A keccak256preimage tracer has been added. (#32569)

Networking

• The eth protocol handler will now drop peers sending duplicated transactions. This is to unify behavior with other client implementations. (#32728)
• A regression in the discovery system could cause high CPU usage under synthetic conditions (i.e. in tests). (#32912)
• A very rare shutdown hang related to peer discovery is resolved. (#32572)
• The eth protocol test suite has a new post-merge test chain and saw some bug fixes for flakey tests. (#32834, #32850)

Core

• Our freezer implementation now supports partial reads, i.e. reading just a slice out of a larger stored value. This functionality is used for the archive node state history. (#32132)
• The trie database now implements a storage layer for 'trie history', a precursor to serving historical state proofs for the path-based archive node. (#32596)
• The txpool/valid.meter metric has been corrected. (#32845)
• The engine API saw some fixes related to fork compatibility checks. (#32800, #32731)

For a full rundown of the changes please consult the Geth 1.16.5 release milestone.

---

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go.
• Ubuntu packages in our Launchpad PPA repository.
• OSX packages in our Homebrew Tap repository.

Bioelectric Infusers (v1.16.4)

This release enables the Osaka (Fusaka) fork on testnets. We also enable two blob-parameter only (BPO) forks for the testnets.

• Holesky

  • Osaka at time 1759308480 (2025-10-01 08:48:00 UTC)
  • BPO1 at time 1759800000 (2025-10-07 01:20:00 UTC)
  • BPO2 at time 1760389824 (2025-10-13 21:10:24 UTC)

• Sepolia

  • Osaka at time 1760427360 (2025-10-14 07:36:00 UTC)

... (truncated)

Commits

• 737ffd1 Merge branch 'master' into release/1.16
• 32ccb54 version: release go-ethereum v1.16.5 stable
• 7c107c2 p2p/discover: remove hot-spin in table refresh trigger (#32912)
• 40505a9 eth/protocols/eth: reject message containing duplicated txs and drop peer (#3...
• 3cfc334 rpc: fix flaky test TestServerWebsocketReadLimit (#32889)
• f6064f3 internal/ethapi: convert legacy blobtx proofs in sendRawTransaction (#32849)
• 55a5320 accounts/abi: check presence of payable fallback or receive before proceeding...
• e03d97a core/txpool/legacypool: fix pricedList updates (#32906)
• fb8d229 eth: do not warn on switching from snap sync to full sync (#32900)
• 00f6f2b eth/catalyst: remove useless log on enabling Engine API (#32901)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

The latest Buf updates on your PR. Results from workflow CI and Release / buf-check (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	⏩ skipped	✅ passed	✅ passed	Oct 28, 2025, 10:42 AM

[claude]

Claude finished @dependabot[bot]'s task —— View job

---

Dependency Update Review

I've completed my review of this Dependabot PR that bumps two Go dependencies. Here's my comprehensive analysis:

---

Summary

This PR updates:

• github.com/filecoin-project/go-jsonrpc from 0.8.0 to 0.9.0 (in /da directory and transitive updates)
• github.com/ethereum/go-ethereum from 1.16.3 to 1.16.5 (in /test/docker-e2e directory)

Overall Assessment: ✅ APPROVE - Safe to merge after CI passes

---

1. Code Quality & Architecture Review

go-jsonrpc Update (0.8.0 → 0.9.0)

Usage Analysis:

• This library is used extensively in da/jsonrpc/ for both client and server implementations
• Client: da/jsonrpc/client.go:240 - Creates RPC clients using jsonrpc.NewMergeClient
• Server: da/jsonrpc/server.go:89 - Creates RPC servers using jsonrpc.NewServer
• Error handling: da/jsonrpc/errors.go - Maps custom errors for RPC serialization

Changes in v0.9.0:

• Primary change: Always sets Content-Type to application/json in HTTP responses (PR #139)
• Updated Go toolchain support (PR #137)

Impact Assessment:

• ✅ No breaking changes - This is a bug fix that ensures proper Content-Type headers
• ✅ Improves standards compliance - Better HTTP header handling
• ✅ No API changes - All existing usages remain compatible

go-ethereum Update (1.16.3 → 1.16.5)

Usage Analysis:

• Used in test infrastructure (test/docker-e2e/) and execution layer (execution/evm/)
• Primary imports: ethclient, common, crypto primitives
• Test file: test/docker-e2e/upgrade_test.go:21-22 uses ethclient for E2E testing

Changes in v1.16.5:

• Critical: Blob proof conversion path for Fusaka fork (temporary, to be removed in v1.17.x)
• New RPC subscription: transactionReceipts
• Networking improvements: drops peers sending duplicate transactions
• Bug fixes for discovery CPU usage and shutdown hangs
• Archive node improvements (trie history, freezer partial reads)

Impact Assessment:

• ✅ Backward compatible - Maintenance release with no breaking changes
• ✅ Testing scope - Only used in test/E2E infrastructure, not production code
• ⚠️ Note: Blob proof conversion is temporary - monitor for v1.17.x deprecation

---

2. Error Handling & Resilience

go-jsonrpc

• ✅ Current code properly wraps RPC errors with context
• ✅ Custom error mapping is preserved (getKnownErrorsMapping())
• ✅ Context cancellation is properly handled throughout

go-ethereum

• ✅ Used primarily in test infrastructure
• ✅ E2E tests include timeout and error handling
• ✅ No changes to production error handling paths

---

3. Security Review

go-jsonrpc (0.9.0)

• ✅ No security concerns - Bug fix for HTTP headers
• ✅ Authentication still uses Bearer tokens (client.go:226)
• ✅ Authorization headers properly configured

go-ethereum (1.16.5)

• ✅ Security improvements included:
  • Peer validation (drops duplicates)
  • Fork compatibility checks fixed
  • No known vulnerabilities addressed in release notes
• ✅ Used in sandboxed test environment only
• ✅ No exposure to untrusted inputs in production

---

4. Performance & Resource Efficiency

go-jsonrpc

• ✅ Content-Type fix has negligible performance impact
• ✅ No changes to connection pooling or goroutine management
• ✅ Client cleanup properly implemented (multiClientCloser)

go-ethereum

• ✅ Performance improvements:
  • Discovery CPU usage regression fixed (#32912)
  • Rare shutdown hang resolved
  • Freezer partial reads optimization
• ✅ Only affects test infrastructure performance

---

5. Testing & Reliability

Current Test Coverage

• ✅ Buf checks: PASSED (protobuf linting and breaking changes)
• ⏳ CI/Release pipeline: QUEUED
• ⏳ Full test suite: PENDING

Recommendations

1. ✅ Wait for full CI pipeline to complete
2. ✅ Verify E2E tests pass (especially upgrade_test.go)
3. ✅ Monitor for any regression in DA layer communication

---

6. Documentation & Integration

go-jsonrpc

• ✅ No documentation updates needed - internal implementation detail
• ✅ API surface unchanged
• ✅ Server/client implementations remain compatible

go-ethereum

• ⚠️ Action item: Track blob proof deprecation timeline for v1.17.x
• ✅ No changes to testapp or production DA implementations
• ✅ E2E test documentation remains valid

---

Specific Concerns & Recommendations

Minor Observations

1. Transitive dependency updates (test/docker-e2e/go.mod):

   • github.com/crate-crypto/go-eth-kzg 1.3.0 → 1.4.0
   • github.com/ethereum/c-kzg-4844/v2 2.1.0 → 2.1.3
   • github.com/supranational/blst updated with post-Fusaka support
   • github.com/VictoriaMetrics/fastcache 1.12.2 → 1.13.0
   • All appear to be standard dependency chain updates ✅

2. Core version bump (test/docker-e2e):

   • github.com/evstack/ev-node/core v1.0.0-beta.2 → v1.0.0-beta.3
   • This is expected for internal module coherence ✅

3. No changes to production code - Only go.mod/go.sum updates ✅

---

Conclusion

Recommendation: ✅ APPROVE and MERGE after CI passes

Rationale:

1. Both updates are maintenance releases with no breaking changes
2. go-jsonrpc v0.9.0 is a bug fix that improves standards compliance
3. go-ethereum v1.16.5 includes important bug fixes and performance improvements
4. No changes to production code logic required
5. Existing test coverage should catch any compatibility issues
6. Security posture is maintained or improved

Pre-merge checklist:

• Review dependency changes
• Analyze code compatibility
• Check for security issues
• Verify no breaking changes
• Wait for CI to pass (in progress)
• Monitor post-merge for any issues

Post-merge monitoring:

• Watch for any DA layer communication issues
• Track go-ethereum v1.17.x blob proof deprecation timeline
• Verify E2E tests continue to pass in subsequent PRs

---

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 62.16%. Comparing base (b32b7f5) to head (c94e598).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2787   +/-   ##
=======================================
  Coverage   62.16%   62.16%           
=======================================
  Files          82       82           
  Lines        7205     7205           
=======================================
  Hits         4479     4479           
  Misses       2186     2186           
  Partials      540      540           

Flag	Coverage Δ
combined	62.16% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.