Bump the dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the dependencies group with 4 updates in the / directory: github.com/attestantio/go-eth2-client, github.com/ethereum/go-ethereum, github.com/itchyny/gojq and github.com/lib/pq.

Updates github.com/attestantio/go-eth2-client from 0.27.1 to 0.28.0

Changelog

Sourced from github.com/attestantio/go-eth2-client's changelog.

0.28.0:

• update dependency for go-bitfield to get from offchain instead of prysmatic org

0.27.2:

• add /eth/v1/beacon/blobs/ endpoint support
• update go version to 1.25
• updated spec conformance tests for latest forks
• updated linters and corresponding fixes

Commits

• 9616db6 Merge pull request #278 from attestantio/release_go_eth2_client
• ec91bf6 Lint.
• 60ad4c7 Add release information.
• 43433ff Update go-bitfield refs to OffchainLabs and fix linter issues #276
• 3109c2f Merge pull request #277 from attestantio/release_27_2
• e8d3f36 Fix linter.
• be371ef Release 0.27.2
• ca04703 Merge pull request #274 from attestantio/update_go_version_and_golangci_lint
• 1bfc628 Merge pull request #273 from pk910/pk910/add-blobs-request
• dd39e83 fix typo in filename
• Additional commits viewable in compare view

Updates github.com/ethereum/go-ethereum from 1.16.8 to 1.17.0

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Eezo-Inlaid Circuitry (v1.17.0)

This is a feature release, with all accumulated development from the last 3 months. See below for the highlights.

Note that this release contains multiple critical security fixes, as well as many bug fixes, and is recommended for all users. However, if you are cautious about upgrades, you can also install v1.16.9 which has just the critical security fixes. Specifically, this release fixes CVE-2026-26313, CVE-2026-26314, CVE-2026-26315.

We recommend recreating your p2p node key after installing this update, which you can do by removing the DATADIR/geth/nodekey file before restarting geth. Note this will cause a change in the p2p node ID, which may break static peering setups.

Highlights

Path-based Archive Node with Proofs

The path-based archive node can now serve proofs (via eth_getProof) for the state of older blocks.

You can configure the block range that supports proving independently from other archive state availability. Specifically, you can use the --history.trienode command-line flag to set the amount of blocks for which tree nodes will be tracked.

This feature is disabled by default. Note that state history cannot easily be recovered once deleted, as it can only be generated by processing blocks. However, you can enable trienode history (and/or state history) at any time to turn a full node into a partial archive node, keeping state from that point in time onwards.

#32727, #32621, #33551, #32981, #33399, #32913, #33303, #33584, #33329, #33681, #33103, #33098, #33515, #32247

EraE History Support

Geth now suports the EraE file format, an archival format for post-merge chain history.

#32157, #33827

OpenTelemetry Tracing

OpenTelemetry tracing is now supported by the RPC server, including support for distributed tracing. We have also added some tracing spans for block processing via the engine API, i.e. engine_newPayload.

#33599, #33452, #33780, #33521

All Changes

Geth CLI

• The geth version-check subcommand has been removed. This command checked the geth website for signed vulnerability notices, and would tell if updates are necessary (#33498)
• There is now a --miner.maxblobs command-line flag to set a limit on blobs included in built blocks (#33129, #33302)
• Geth now supports continuous profiling with Grafana Pyroscope (#33623)
• A rare bug that could halt block production in geth --dev mode was fixed (#33146)
• A new --rpc.rangelimit flag configures the maximum block range for eth_getLogs (#33163)
• geth --exitwhensynced will now set the finalized and safe block (#33038)
• geth --ethstats now reports the newPayload processing time to the stats server (#33395)
• A lot of minor issues in Geth's command-line flag processing have been fixed (#33379, #33338, #33330, #32999, #33279, #33252)
• The evm blocktest command can now read filenames from stdin when no path is provided (#32824)

Fork Implementation

... (truncated)

Commits

• 0cf3d3b version: release go-ethereum v1.17.0 stable
• 9b78f45 crypto/secp256k1: fix coordinate check
• c709c19 eth/catalyst: add initial OpenTelemetry tracing for newPayload (#33521)
• 550ca91 consensus/misc: hardening header verification (#33860)
• a4b3898 internal/telemetry: don't create internal spans without parents (#33780)
• 0cba803 eth/protocols/eth, eth/protocols/snap: delayed p2p message decoding (#33835)
• ad88b68 internal/download: show progress bar only if server gives length (#33842)
• c50e5ed cmd/geth, internal/telemetry: wire OpenTelemetry tracing via CLI flags (#33484)
• d8b92cb rpc,internal/telemetry: fix deferred spanEnd to capture errors via pointer (#...
• ac85a6f rlp: add back Iterator.Count, with fixes (#33841)
• Additional commits viewable in compare view

Updates github.com/itchyny/gojq from 0.12.17 to 0.12.18

Release notes

Sourced from github.com/itchyny/gojq's releases.

Release v0.12.18

• implement trimstr/1, toboolean/0 function
• fix last/1 to be included in builtins/0
• fix --indent 0 to preserve newlines
• fix string repetition to emit error when the result is too large
• increase the array index limit to 536870912 (2^29)
• stop numeric normalization for concurrent execution (see 1ace748d08df)
• support binding expressions with binary operators (1 + 2 as $x | -$x)
• improve gojq.NewIter to be a generic function
• improve logic for getting file contents on JSON parse error
• improve JSON parsing to preserve the precision of floating-point numbers
• improve YAML parsing performance and preserve the precision of large integers
• improve performance and reduce memory allocation of long-running queries

Changelog

Sourced from github.com/itchyny/gojq's changelog.

v0.12.18 (2025-12-02)

• implement trimstr/1, toboolean/0 function
• fix last/1 to be included in builtins/0
• fix --indent 0 to preserve newlines
• fix string repetition to emit error when the result is too large
• increase the array index limit to 536870912 (2^29)
• stop numeric normalization for concurrent execution (see 1ace748d08df)
• support binding expressions with binary operators (1 + 2 as $x | -$x)
• improve gojq.NewIter to be a generic function
• improve logic for getting file contents on JSON parse error
• improve JSON parsing to preserve the precision of floating-point numbers
• improve YAML parsing performance and preserve the precision of large integers
• improve performance and reduce memory allocation of long-running queries

Commits

• fa534a1 bump up version to 0.12.18
• d7e1531 update CHANGELOG.md for v0.12.18
• 672cc79 update dependencies
• 2263e18 update actions/checkout to v6
• 5d8a53c add more tests for empty strings and NO_COLOR
• 97274d3 make use of cmp package for comparisons
• 3e31863 merge identical cases for getting operator functions
• e4d456b avoid variable names that shadow built-in functions
• 19a3975 stop replacing capturing group syntax
• 5bb6d33 support binding expressions with binary operators (fix #283)
• Additional commits viewable in compare view

Updates github.com/lib/pq from 1.10.9 to 1.11.2

Release notes

Sourced from github.com/lib/pq's releases.

v1.11.2

This fixes two regressions:

• Don't send startup parameters if there is no value, improving compatibility with Supavisor (#1260).

• Don't send dbname as a startup parameter if database=[..] is used in the connection string. It's recommended to use dbname=, as database= is not a libpq option, and only worked by accident previously. (#1261)

#1260: lib/pq#1260 #1261: lib/pq#1261

v1.11.1

This fixes two regressions present in the v1.11.0 release:

• Fix build on 32bit systems, Windows, and Plan 9 (#1253).

• Named []byte types and pointers to []byte (e.g. *[]byte, json.RawMessage) would be treated as an array instead of bytea (#1252).

#1252: lib/pq#1252 #1253: lib/pq#1253

v1.11.0

This version of pq requires Go 1.21 or newer.

pq now supports only maintained PostgreSQL releases, which is PostgreSQL 14 and newer. Previously PostgreSQL 8.4 and newer were supported.

Features

• The pq.Error.Error() text includes the position of the error (if reported by PostgreSQL) and SQLSTATE code (#1219, #1224):

  pq: column "columndoesntexist" does not exist at column 8 (42703)
  pq: syntax error at or near ")" at position 2:71 (42601)
  

• The pq.Error.ErrorWithDetail() method prints a more detailed multiline message, with the Detail, Hint, and error position (if any) (#1219):

  ERROR:   syntax error at or near ")" (42601)
  CONTEXT: line 12, column 1:
   10 |     name           varchar,
   11 |     version        varchar,
   12 | );
        ^
  
  

• Add Config, NewConfig(), and NewConnectorConfig() to supply connection details in a more structured way (#1240).

• Support hostaddr and $PGHOSTADDR (#1243).

• Support multiple values in host, port, and hostaddr, which are each tried in order, or randomly if load_balance_hosts=random is set (#1246).

• Support target_session_attrs connection parameter (#1246).

... (truncated)

Changelog

Sourced from github.com/lib/pq's changelog.

v1.11.2 (2026-02-10)

This fixes two regressions:

• Don't send startup parameters if there is no value, improving compatibility with Supavisor (#1260).

• Don't send dbname as a startup parameter if database=[..] is used in the connection string. It's recommended to use dbname=, as database= is not a libpq option, and only worked by accident previously. (#1261)

#1260: lib/pq#1260 #1261: lib/pq#1261

v1.11.1 (2026-01-29)

This fixes two regressions present in the v1.11.0 release:

• Fix build on 32bit systems, Windows, and Plan 9 (#1253).

• Named []byte types and pointers to []byte (e.g. *[]byte, json.RawMessage) would be treated as an array instead of bytea (#1252).

#1252: lib/pq#1252 #1253: lib/pq#1253

v1.11.0 (2026-01-28)

This version of pq requires Go 1.21 or newer.

pq now supports only maintained PostgreSQL releases, which is PostgreSQL 14 and newer. Previously PostgreSQL 8.4 and newer were supported.

Features

• The pq.Error.Error() text includes the position of the error (if reported by PostgreSQL) and SQLSTATE code (#1219, #1224):

  pq: column "columndoesntexist" does not exist at column 8 (42703)
  pq: syntax error at or near ")" at position 2:71 (42601)
  

• The pq.Error.ErrorWithDetail() method prints a more detailed multiline message, with the Detail, Hint, and error position (if any) (#1219):

  ERROR:   syntax error at or near ")" (42601)
  CONTEXT: line 12, column 1:
   10 |     name           varchar,
   11 |     version        varchar,
   12 | );
  
  

... (truncated)

Commits

• 1412805 Don't send empty startup parameters
• 0c529db Don't send dbname= as a startup parameter when database= is used
• eec526c Release v1.11.1 (#1255)
• 1928a1d Fix []byte types incorrectly converted to PostgreSQL array (#1252)
• 9e2aa8e Run staticcheck on all GOOS/GOARCH combinations
• c9320c4 Fix build on Windows and Plan9
• 2809526 Fix build on 32bit systems
• 8e88f7e Release 1.11.0
• 0ad3049 Handle pre-protocol errors to prevent memory exhaustion
• f1fae2e Add pqtest.Fake.Close()
• Additional commits viewable in compare view

Updates golang.org/x/text from 0.28.0 to 0.31.0

Commits

• e7ff6b3 go.mod: update golang.org/x dependencies
• fbf012b all: use reflect.TypeFor instead of reflect.TypeOf
• c6abd03 go.mod: update golang.org/x dependencies
• 42f038d x/text: fix nil dereference in gotext extract
• a42f0e2 all: use built-in max/min to simplify the code
• e69f31b go.mod: update golang.org/x dependencies
• 60c9786 all: upgrade go directive to at least 1.24.0 [generated]
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions