Skip to content

Comments

Update module github.com/ethereum/go-ethereum to v1.17.0 [SECURITY]#29

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/go-github.com-ethereum-go-ethereum-vulnerability
Open

Update module github.com/ethereum/go-ethereum to v1.17.0 [SECURITY]#29
renovate[bot] wants to merge 1 commit intomainfrom
renovate/go-github.com-ethereum-go-ethereum-vulnerability

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jan 14, 2026
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
github.com/ethereum/go-ethereum v1.14.13v1.17.0 age confidence

GitHub Vulnerability Alerts

CVE-2026-22862

Impact

A vulnerable node can be forced to shutdown/crash using a specially crafted message.
More details to be released later.

Credit

This issue was reported to the Ethereum Foundation Bug Bounty Program by DELENE TCHIO ROMUALD.

CVE-2026-22868

Impact

An attacker can cause high CPU usage by sending a specially crafted p2p message.
More details to be released later.

Credit

This issue was reported to the Ethereum Foundation Bug Bounty Program by @​Yenya030

CVE-2026-26313

Impact

An attacker can cause high memory usage by sending a specially-crafted p2p message.
More details to be released later.

Patches

The issue is resolved in the v1.17.0 release.

Credit

This issue was reported to the Ethereum Foundation Bug Bounty Program by @​revofusion

CVE-2026-26314

Impact

A vulnerable node can be forced to shutdown/crash using a specially crafted message.
More details to be released later.

Patches

The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth.

Credit

This issue was reported to the Ethereum Foundation Bug Bounty Program by Waleed Ahmed from vulsight.com

CVE-2026-26315

Impact

Through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key.

Patches

The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth. We recommend rotating the node key after applying the upgrade, which can be done by removing the file <datadir>/geth/nodekey before starting Geth.

Credit

The issue was reported as a public pull request to go-ethereum by @​fengjian.

Release Notes

ethereum/go-ethereum (github.com/ethereum/go-ethereum)

v1.17.0: Eezo-Inlaid Circuitry (v1.17.0)

Compare Source

This is a feature release, with all accumulated development from the last 3 months. See below for the highlights.

Note that this release contains multiple critical security fixes, as well as many bug fixes, and is recommended for all users. However, if you are cautious about upgrades, you can also install v1.16.9 which has just the critical security fixes. Specifically, this release fixes CVE-2026-26313, CVE-2026-26314, CVE-2026-26315.

We recommend recreating your p2p node key after installing this update, which you can do by removing the DATADIR/geth/nodekey file before restarting geth. Note this will cause a change in the p2p node ID, which may break static peering setups.

Highlights
Path-based Archive Node with Proofs

The path-based archive node can now serve proofs (via eth_getProof) for the state of older blocks.

You can configure the block range that supports proving independently from other archive state availability. Specifically, you can use the --history.trienode command-line flag to set the amount of blocks for which tree nodes will be tracked.

This feature is disabled by default. Note that state history cannot easily be recovered once deleted, as it can only be generated by processing blocks. However, you can enable trienode history (and/or state history) at any time to turn a full node into a partial archive node, keeping state from that point in time onwards.

#​32727, #​32621, #​33551, #​32981, #​33399, #​32913, #​33303, #​33584, #​33329, #​33681, #​33103, #​33098, #​33515, #​32247

EraE History Support

Geth now suports the EraE file format, an archival format for post-merge chain history.

#​32157, #​33827

OpenTelemetry Tracing

OpenTelemetry tracing is now supported by the RPC server, including support for distributed tracing.
We have also added some tracing spans for block processing via the engine API, i.e. engine_newPayload.

#​33599, #​33452, #​33780, #​33521

All Changes
Geth CLI
  • The geth version-check subcommand has been removed. This command checked the geth website for signed vulnerability notices, and would tell if updates are necessary (#​33498)
  • There is now a --miner.maxblobs command-line flag to set a limit on blobs included in built blocks (#​33129, #​33302)
  • Geth now supports continuous profiling with Grafana Pyroscope (#​33623)
  • A rare bug that could halt block production in geth --dev mode was fixed (#​33146)
  • A new --rpc.rangelimit flag configures the maximum block range for eth_getLogs (#​33163)
  • geth --exitwhensynced will now set the finalized and safe block (#​33038)
  • geth --ethstats now reports the newPayload processing time to the stats server (#​33395)
  • A lot of minor issues in Geth's command-line flag processing have been fixed (#​33379, #​33338, #​33330, #​32999, #​33279, #​33252)
  • The evm blocktest command can now read filenames from stdin when no path is provided (#​32824)
Fork Implementation
Core
  • The crypto/ecies library allowed extraction of the private key used for key derivation via observation of response timing. We recommend rotating the node key after applying this update. (#​33669)
  • When a missing block is encountered during tx unindexing, Geth will now skip it and move on instead of entering an infinite loop. (#​33573)
  • Geth now optionally collect and export metrics about the total state size (#​33254, #​33376, #​33415)
  • There is a new OnStateUpdate hook, which is called after all state of a block has been committed. This gives access to the changeset of the block. (#​33490)
  • Some minor tracing bugs have been fixed (#​32919, #​33148, #​33644, #​33214)
  • Various minor issues in the freezer database have also been fixed (#​33747, #​33025, #​33203, #​33344)
  • The setHead operation now unsets the finalized block, in cases where the rolled-back block range extends before it. (#​33486)
  • The SignatureValues method of types.Signer now reports an error for invalid signature sizes (#​33647)
  • Geth prints detailed log messages for 'slow blocks' (#​33655, #​33525, #​33442, #​32812, #​33659, #​33532)
  • Pebble configuration has been tweaked for improved performance (#​33697, #​33353, #​33315)
  • A rare crash in the log indexer related to reorg handling has been fixed (#​33810)
  • Internal state diff size accounting has been corrected, so state diffs will now be flushed to the disk store less often (#​33505)
  • Since the keccak256 hash function variant used by Ethereum no longer has a fast-path in the standard library, we have vendored the keccak implementation back into our repository (#​33323)
Library
  • The RLP library now has a RawList type for dealing with un-decoded lists in a more convenient way (#​33755, #​33834, #​33840, #​33841)
  • The low-level RLP iterator and uses of it have been improved (#​33245, #​33188, #​33820)
  • Clef can now sign blob transactions with cell proofs (#​32910)
  • Fixed some corner-case bugs in metrics exporting (#​33749, #​33748)
  • The hardware wallet library now supports the Ledger Nano Gen5 and correctly enables EIP-712 signing for all supported versions. (#​33297, #​33113)
  • SignTextWithPassphrase now works correctly with all supported hardware wallets (#​33138)
  • Some minor bugs were fixed in the keystore implementation (#​33606, #​33602, #​33090)
  • The bitutil.XORBytes function has been deprecated in favor of stdlib package crypto/subtle (#​33331)
  • A memory leak in the beacon chain light client was fixed (#​33483)
RPC
  • eth_getTransactionByHash now returns the blockTimestamp as part of the transaction object (#​33709)
  • Error codes for some conditions in eth_simulateV1, eth_getLogs, eth_getStorageAt have been improved to better comply with the execution RPC spec (#​33007, #​33320, #​33282)
  • eth_simulateV1 now selects the correct set of precompiles for the simulated header (#​33363)
  • eth_sendTransaction and eth_fillTransaction now default to EIP-1559 (#​33058)
  • The GraphQL implementation has received some bug fixes for cases where a resolved item is not found. (#​33184, #​33225)
  • In GraphQL, the gasPrice is now retrievable for transaction types 0x3 and 0x4 (#​33542)
  • The RPC server now enables plain-text HTTP2 for improved performance (#​33812)
  • The RPC client no longer sends spurious RST_STREAM HTTP2 frames (#​33122)
  • Some minor JSON encoding bugs have been fixed in ethclient (#​33693, #​33242, #​33464)
  • The gethclient has a new wrapper of the callTracer (#​31510)
  • In the callTracer, reported logs now contain an index field which is the index of the log within the transaction (#​33629)
P2P Networking
  • The transaction pool heartbeat mechanism had some fixes for potential resource leaks (#​33704)
  • The eth and snap protocol implementations nows validates most p2p messages before decoding their content. This improves security and sync performance in some cases. (#​33835)
  • The blob transaction pool has seen some bug fixes and now accepts nonce-gapped transactions to a very limited extent (#​32717, #​33775, #​33474, #​33352, #​33301, #​33260)
  • Snap sync status is now tracked better, ensuring a snap sync will not be triggered accidentally by the engine API (#​33157)
  • The snap sync scheduler was improved to better protect the trie database against accidential mutations while the node is processing blocks. This resolves some edge cases where the database could be corrupted (#​33428)
  • The header sync implementation was fixed to better deal with setHead operations during sync (#​33481)
  • Peer connections delivering stale transactions will be penalized less, since delivery of a few stale transactions is a common occurrence. (#​32725)
  • Peers announcing transactions of one type, and delivering a different type, are now disconnected as penalty (#​33378)
  • Similarly, peers delivering invalid KZG proofs will now be disconnected (5b99d2b)
  • The transaction pool has new metrics for the number of accounts with transactions (#​33646, #​33654)

For a full rundown of the changes please consult the Geth 1.17.0 release milestone.

As with all our previous releases, you can find the:

v1.16.9: Shield Focusing Module (v1.16.9)

Compare Source

This is a security hot-fix release. Specifically, this release fixes CVE-2026-26314, CVE-2026-26315.

We recommend recreating your p2p node key after installing this update, which you can do by removing the DATADIR/geth/nodekey file before restarting geth. Note this will cause a change in the p2p node ID, which may break static peering setups.

As with all our previous releases, you can find the:

v1.16.8: Moisture Filters (v1.16.8)

Compare Source

This is a security fix release and is recommended for all users. It resolves two p2p
vulnerabilities reported through the Ethereum Foundation bug bounty program.

As with all our previous releases, you can find the:

v1.16.7: Ballistic Drift Stabilizer (v1.16.7)

Compare Source

This is a re-roll of v1.16.6, including an important fix in the KZG cryptography library.

This release enables the Fusaka hardfork on Ethereum mainnet.

The Fusaka fork is scheduled to occur at 2025-12-03 21:49:11 UTC.
Please upgrade your node to v1.16.7 in time for the fork.

This release also enables two blob-parameter-only (BPO) upgrades.
These upgrades change protocol parameters to increase the available blob capacity.

  • BPO1 on2025-12-09
  • BPO2 on 2026-01-07
Fusaka
  • Set mainnet timestamps for Osaka (#​33063)
  • Enable Fusaka for geth --dev mode (#​32917)
RPC
  • Add eth_sendRawTransactionSync which waits until either a timeout or the transaction is mined. This feature is mostly useful on L2s with lower blocktimes. (#​32830, #​32930, #​32929)
  • Add support for eth_simulateV1 in ethclient (#​32856)
  • Fix for an issue that might crash debug_traceCall (#​33015)
  • Fix for an issuer where local transactions were not persisted to the journal (#​32921)
Core
Networking
  • New metrics for tracking slow peers (#​32964)
  • Fix for an issue where disconnected peers were not removed in txFetcher (#​32947)

For a full rundown of the changes please consult the Geth 1.16.6 and 1.16.7 release milestones.

As with all our previous releases, you can find the:

v1.16.6: Leather Wrapping (v1.16.6)

Compare Source

⚠️ Do not use v1.16.6 for the Fusaka upgrade! Please use v1.16.7, which contains an important security fix. ⚠️

This release enables the Fusaka hardfork on Ethereum mainnet
The fork is scheduled to occur at 2025-12-03 21:49:11 UTC.
This release also enables the BPO1 and BPO2 forks for mainnet at 2025-12-09 and 2026-01-07 respectively.

Fusaka
  • Set mainnet timestamps for Osaka (#​33063)
  • Enable Fusaka for geth --dev mode (#​32917)
RPC
  • Add eth_sendRawTransactionSync which waits until either a timeout or the transaction is mined. This feature is mostly useful on L2s with lower blocktimes. (#​32830, #​32930, #​32929)
  • Add support for eth_simulateV1 in ethclient (#​32856)
  • Fix for an issue that might crash debug_traceCall (#​33015)
  • Fix for an issuer where local transactions were not persisted to the journal (#​32921)
Core
Networking
  • New metrics for tracking slow peers (#​32964)
  • Fix for an issue where disconnected peers were not removed in txFetcher (#​32947)

For a full rundown of the changes please consult the Geth 1.16.6 release milestone.

As with all our previous releases, you can find the:

v1.16.5: Coolant Cells (v1.16.5)

Compare Source

This is a maintenance release. We are issuing this release mostly to add a conversion path for blob proofs submitted via eth_sendRawTransaction. See https://blog.ethereum.org/2025/10/15/fusaka-blob-update for more information.

RPC
  • eth_sendRawTransaction has an upgrade path for blob proofs after the Fusaka fork. Note this is temporary. We will remove support for blob proof conversion during the v1.17.x release cycle, please update RPC client libraries to support cell-level (v1) proofs. (#​32849)
  • eth_subscribe now supports a transactionReceipts subscription. There is also a wrapper in ethclient for this new subscription type. (#​32697, #​32869)
  • eth_simulateV1 was fixed to return the block timestamp in logs, like eth_getLogs does. (#​32831)
  • In the abigen v2 runtime, BoundContract.Transfer will now verify that the contract has a payable fallback or receive method. (#​32374)
  • A keccak256preimage tracer has been added. (#​32569)
Networking
  • The eth protocol handler will now drop peers sending duplicated transactions. This is to unify behavior with other client implementations. (#​32728)
  • A regression in the discovery system could cause high CPU usage under synthetic conditions (i.e. in tests). (#​32912)
  • A very rare shutdown hang related to peer discovery is resolved. (#​32572)
  • The eth protocol test suite has a new post-merge test chain and saw some bug fixes for flakey tests. (#​32834, #​32850)
Core
  • Our freezer implementation now supports partial reads, i.e. reading just a slice out of a larger stored value. This functionality is used for the archive node state history. (#​32132)
  • The trie database now implements a storage layer for 'trie history', a precursor to serving historical state proofs for the path-based archive node. (#​32596)
  • The txpool/valid.meter metric has been corrected. (#​32845)
  • The engine API saw some fixes related to fork compatibility checks. (#​32800, #​32731)

For a full rundown of the changes please consult the Geth 1.16.5 release milestone.

As with all our previous releases, you can find the:

v1.16.4: Bioelectric Infusers (v1.16.4)

Compare Source

This release enables the Osaka (Fusaka) fork on testnets. We also enable two blob-parameter only (BPO) forks for the testnets.

  • Holesky

    • Osaka at time 1759308480 (2025-10-01 08:48:00 UTC)
    • BPO1 at time 1759800000 (2025-10-07 01:20:00 UTC)
    • BPO2 at time 1760389824 (2025-10-13 21:10:24 UTC)

  • Sepolia

    • Osaka at time 1760427360 (2025-10-14 07:36:00 UTC)
    • BPO1 at time 1761017184 (2025-10-21 03:26:24 UTC)
    • BPO2 at time 1761607008 (2025-10-27 23:16:48 UTC)

  • Hoodi

    • Osaka at time 1761677592 (2025-10-28 18:53:12 UTC)
    • BPO1 at time 1762365720 (2025-11-05 18:02:00 UTC)
    • BPO2 at time 1762955544 (2025-11-12 13:52:24 UTC)

With BPO1 and BPO2, the blob capacity of these networks will increase as follows:

  • BPO1: max blobs/block: 15, target: 10
  • BPO2: max blobs/block: 21, target: 14

As of this release, the default block gas limit is set to 60M gas.
This is the recommended limit that we, as client authors, feel comfortable with.

CLI commands
  • geth snapshot and related commands no longer fail due to not finding the trie journal file. (#​32531)
  • A regression in geth snapshot dump and geth export-preimages is resolved. (#​32650)
  • We have added an experimental zkVM 'guest program', keeper, to the source tree. (#​32543, #​32638, #​32736)
RPC
  • eth_call and related operations were fixed to not apply the EIP-7825 per-transaction gas limit when executing under Osaka fork rules. (#​32641)
  • For eth_getLogs and other log filtering operations, it is now possible to configure the number of addresses allowed in the filter using the --rpc.logquerylimit flag. (#​32327)
  • Starting Geth with the --state.size-tracking option enables collection of precise state size numbers, which can be read using the debug_stateSize endpoint. (#​32362)
  • The new debug_executionWitness and debug_executionWitnessByHash methods create a block witness for stateless execution. (#​32216)
Tracing & ABIGEN
  • There is a new CodeChangeV2 hook, with a CodeChangeReason parameter. (#​32525, #​32535)
  • In certain corner-cases related to SELFDESTRUCT, OnBalanceChange was not invoked. (#​32526)
  • BoundContract in accounts/abi/bind/v2 now exposes an Address method. (#​32559)
Core
  • The EVM MODEXP precompiled account has seen some optimizations to improve performance for worst-case inputs. We are especially grateful for @​GottfriedHerold's work on improving the underlying math/big library. (#​32527, #​32553, #​32568, #​32576)
  • The blobpool will now perform a migration to the v1 blob proof format around the time of the fork. (#​31966, #​32577, #​32534, #​32656, #​32716)
  • engine_getBlobs has been updated for improved spec compliance and to deal with the conversion of the blob tx proofs. (#​32536, #​32538, #​32578)
  • The path-based state database has seen some fixes to prevent database corruption, which could sometimes occur when Geth is terminated abnormally, e.g. by a short stop timeout in Docker. (#​32557, #​32447)
  • All engine API operations, and eth_config, now support BPO-style forks. (#​32589, #​32615, #​32636, #​32579)
  • This release includes some work towards supporting historical state proofs in the path-based archive node implementation. (#​32418, #​32523, #​32649)
  • Pebble stall counter are now correctly reported for each opened database. (#​32563)
Networking
  • The node discovery iterator was updated to improved geth startup time and reactivity when the node table becomes empty. (#​32517, #​32518)
  • A hang in the 'eth' protocol test suite was resolved. (#​32551)
Build
  • The KZG proof libraries have been updated to the latest release to fix a vulnerability. Fortunately, the vulnerability would only have become usable after the Osaka fork, so there is no risk for users of current versions. (#​32640, #​32639)
  • go-ethereum now requires Go 1.24 or later. (#​32584, #​32598)
  • This release is built with Go 1.25.1 (#​32593)
  • execution-spec-tests has been bumped to v5.1.0 (#​32592, #​32742)

v1.16.3: Impact Restrictors (v1.16.3)

Compare Source

What's Changed

This is a maintenance release to prepare for the Fusaka release next week. It contains a state history rewrite, fixes for the Osaka devnets, performance improvements, and a few bug fixes.

Fusaka
  • Fix: use blob parameters from current header #​32424
  • Convert legacy sidecar in Osaka #​32347
Core
  • Stabilize tx relay peer selection #​31714
  • Reduced number of allocation when comparing transactions #​31912
  • Rework tracer and track origin value of dirty nodes #​32306
  • Avoids loading the same blob tx multiple times #​32190
  • Fix modexp input check #​32363
  • GetBlockReceipts also handles pending blocks #​32461
  • Tree node prefetching for increased loader performance #​32134
  • Parallelized db inspect #​32506
RPC
  • Apply precompile overrides in DoEstimateGas #​31795
  • Fix uncle reward accounting in supply_tracer #​31882
  • Checks ErrGasLimitTooHigh in conditions in gas estimator #​32348
  • Implement EIP-7910 - eth_config JSON-RPC Method #​32239
  • Add SetWebsocketReadLimit in RPC Server #​32279
  • graphql: add query depth limit to prevent DoS attacks #​32344
  • Adds codeHash to prestateTracer's account structure #​32391
  • Remove deprecated method debug_seedHash #​32495
Others

For a full rundown of the changes please consult the Geth 1.16.3 release milestone.

As with all our previous releases, you can find the:

v1.16.2: Sprouted Seed Vial (v1.16.2)

Compare Source

This is a maintenance release that includes implementations of the Fusaka EIPs, along with
several new features, optimizations, and bug fixes. Upgrading to this version is optional,
but feedback from those who do is greatly appreciated.

Fusaka:
  • Implement EIP-7825 - Transaction Gas Limit Cap. (#​31824,#​32230)
  • Implement EIP-7934 - RLP Execution Block Size Limit. (#​31990)
  • Implement EIP-7939 - CLZ opcode. (#​31989,#​32172)
  • Implement EIP-7918 - Blob base fee bounded by execution cost. (#​31965)
  • Implement EIP-7951 - Precompile for secp256r1 Curve Support. (#​31991)
  • Implement EIP-7892 - Blob Parameter Only Hardforks. (#​32193)
  • Implement EIP-7883 - ModExp Gas Cost Increase. (#​32231)
  • Add Block-level accessList structure. (#​31948)
  • Limit the max blobs in blob transaction. (#​32246)
Core:
  • Reduce the memory allocation in trie hash function. (#​31902)
  • Improve the background sync mechanism of the freezer. (#​32135)
  • Introduce file-based state journal. (#​32060)
  • Fix the dropping oversized transaction announcements. (#​32210)
  • Fix the condition that disables direct ancient sync mode. (#​32188)
  • Add an interface for the jump destination analysis cache. (#​32143)
  • Fix incorrect address length in historical state reader. (#​32248)
  • Fix a dead lock in state history indexer. (#​32260)
  • Expose SigHash of SetCodeAuthorization for customized signing. (#​32298)
RPC:
  • Reject eth_getLogs requests that include both block hash and block range. (#​31877)
  • Fix block overrides in debug_traceCall. (#​32183)
  • Introduce debug_sync to perform a trusted full chain sync. (#​32177,#​32149)
Others:
  • Add automatic package aliasing in rlp code generator. (#​31148)
  • Add the metrics for tracking snap sync duration. (#​32258)
  • Update checkpoints for blsync and filtermaps. (#​32336)
  • Add test suite for ENRRequest. (#​32303)

For a full rundown of the changes please consult the Geth 1.16.2 release milestone.

As with all our previous releases, you can find the:

v1.16.1: Repair Actuals (v1.16.1)

Compare Source

This is a patch release, fixing some regressions with v1.16.0.

  • abigen v2 now creates TryPack methods that return an error for invalid parameter values. (#​31692)
  • geth --vmtrace, enabling the live tracer, did not work due to a bug. (#​32107)
  • The blockTimestamp as returned by eth_getLogs is now hex-encoded. (#​32129)
  • eth_getLogs and related endpoints now limit the number of queried addresses to 1000. (#​31876)
  • eth_getTransactionReceipt should be a bit faster. (#​32021)
  • A buggy interaction of the new archive node and snap sync is resolved. (#​32104)
  • A rare crash in geth --dev mode related to debug_setHead is resolved. (#​31871)
  • Release archives now contain statically-linked binaries. (#​32118)

For a full rundown of the changes please consult the Geth 1.16.1 release milestone.

As with all our previous releases, you can find the:

v1.16.0: Terran Rivets (v1.16.0)

Compare Source

We are proud to present the v1.16.0 release, introducing path-based archive node and several other improvements to the state database implementation. There is also the usual amount of bug fixes and small improvements.

Archive Node

This release includes a new, experimental implementation of the archive node (--gcmode=archive). As an archive node, Geth stores all historical states, and can thus retrieve account balances, nonces and storage values at old blocks.

In previous versions of Geth, running as an archive node was only possible using the legacy 'hash-based' state storage scheme (--state.scheme=hash). When syncing mainnet the resulting database would reach sizes larger than 20TB, and it all had to be stored on a high-speed SSD.

The new implementation provides the state archive in combination with 'path-based' storage (--state.scheme=path). Comparing to hash-based storage, there are three basic advantages:

  • Geth can be configured to store historical states on a dedicated disk, and it doesn't have to be an SSD (it will be ~3x faster to access when stored on SSD though).
  • For the full state history of mainnet, the state database will have a size of ~1.9TB (this is without the tx-by-hash index and log index).
  • The amount of historical state kept by the node is configurable as well. By default, Geth will keep historical state for the last 90k blocks, and older state is pruned from disk automatically as the chain advances. You can set the number of states to keep with the --history.state flag.

Notably, there is also one drawback with the new archive

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
Copy link
Contributor Author

renovate bot commented Jan 14, 2026
edited
Loading

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 6 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.22.5 -> 1.24.0
golang.org/x/crypto v0.32.0 -> v0.44.0
github.com/holiman/uint256 v1.3.1 -> v1.3.2
go.opentelemetry.io/proto/otlp v1.3.1 -> v1.9.0
golang.org/x/sys v0.29.0 -> v0.39.0
golang.org/x/text v0.21.0 -> v0.31.0
google.golang.org/protobuf v1.36.1 -> v1.36.11

@renovate renovate bot force-pushed the renovate/go-github.com-ethereum-go-ethereum-vulnerability branch from 1a933ca to 9f68e79 Compare February 2, 2026 19:39
@renovate renovate bot force-pushed the renovate/go-github.com-ethereum-go-ethereum-vulnerability branch from 9f68e79 to 6c45650 Compare February 12, 2026 17:32
@renovate renovate bot force-pushed the renovate/go-github.com-ethereum-go-ethereum-vulnerability branch from 6c45650 to a817aa1 Compare February 19, 2026 22:33
@renovate renovate bot changed the title Update module github.com/ethereum/go-ethereum to v1.16.8 [SECURITY] Update module github.com/ethereum/go-ethereum to v1.17.0 [SECURITY] Feb 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants