Bump the dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the dependencies group with 4 updates in the / directory: github.com/attestantio/go-eth2-client, github.com/ethereum/go-ethereum, github.com/itchyny/gojq and github.com/spf13/cobra.

Updates github.com/attestantio/go-eth2-client from 0.27.1 to 0.27.2

Changelog

Sourced from github.com/attestantio/go-eth2-client's changelog.

0.27.2:

• add /eth/v1/beacon/blobs/ endpoint support
• update go version to 1.25
• updated spec conformance tests for latest forks
• updated linters and corresponding fixes

Commits

• 3109c2f Merge pull request #277 from attestantio/release_27_2
• e8d3f36 Fix linter.
• be371ef Release 0.27.2
• ca04703 Merge pull request #274 from attestantio/update_go_version_and_golangci_lint
• 1bfc628 Merge pull request #273 from pk910/pk910/add-blobs-request
• dd39e83 fix typo in filename
• ae5191d Fix condition check for nil parameters in parameters.go.
• 7e57bf4 Refactor JSON marshaling methods to use fmt.Appendf for improved performance
• 0516b73 Fix displaced method comment for fetchStaticValues
• 1437996 Refactor service.go to reorganize and restore comments for clarity
• Additional commits viewable in compare view

Updates github.com/ethereum/go-ethereum from 1.16.5 to 1.16.7

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Ballistic Drift Stabilizer (v1.16.7)

This is a re-roll of v1.16.6, including an important fix in the KZG cryptography library.

This release enables the Fusaka hardfork on Ethereum mainnet.

The Fusaka fork is scheduled to occur at 2025-12-03 21:49:11 UTC. Please upgrade your node to v1.16.7 in time for the fork.

This release also enables two blob-parameter-only (BPO) upgrades. These upgrades change protocol parameters to increase the available blob capacity.

• BPO1 on2025-12-09
• BPO2 on 2026-01-07

Fusaka

• Set mainnet timestamps for Osaka (#33063)
• Enable Fusaka for geth --dev mode (#32917)

RPC

• Add eth_sendRawTransactionSync which waits until either a timeout or the transaction is mined. This feature is mostly useful on L2s with lower blocktimes. (#32830, #32930, #32929)
• Add support for eth_simulateV1 in ethclient (#32856)
• Fix for an issue that might crash debug_traceCall (#33015)
• Fix for an issuer where local transactions were not persisted to the journal (#32921)

Core

• Fix for a cryptographic vulnerability in c-kzg-4844. This is only exploitable post-Fusaka. (#33093)
• Add geth --genesis flag as an alternative to running geth init genesis.json (#32844)
• Fix for receipt insertion during ERA file import. (#32934)
• Work on getting the trie node history in order to serve historical eth_getProof request with the new path-based archive node. (#32907, #32914, #32937)
• Further work on cmd/keeper, our guest program for zkVMs (#32816)
• Various optimizations (#32971, #32916, #32965, #32946)

Networking

• New metrics for tracking slow peers (#32964)
• Fix for an issue where disconnected peers were not removed in txFetcher (#32947)

---

For a full rundown of the changes please consult the Geth 1.16.6 and 1.16.7 release milestones.

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go (use "stable" tag).

... (truncated)

Commits

• b9f3a3d Merge branch 'master' into release/1.16
• 07129d2 version: release go-ethereum v1.16.7 stable
• 653f8d4 go.mod: update to c-kzg v2.1.5 (#33093)
• 5b77af3 version: begin v1.16.7 release cycle
• 386c3de Merge branch 'master' into release/1.16
• 044828e version: release go-ethereum v1.16.6
• 0250724 params: set osaka and BPO1 & BPO2 mainnet dates (#33063)
• 28c59b7 core/rawdb: fix db inspector by supporting trienode history (#33087)
• 18a9027 common: fix duration comparison in PrettyAge (#33064)
• e6d34c1 eth/tracers: fix prestateTracer for EIP-6780 SELFDESTRUCT (#33050)
• Additional commits viewable in compare view

Updates github.com/itchyny/gojq from 0.12.17 to 0.12.18

Release notes

Sourced from github.com/itchyny/gojq's releases.

Release v0.12.18

• implement trimstr/1, toboolean/0 function
• fix last/1 to be included in builtins/0
• fix --indent 0 to preserve newlines
• fix string repetition to emit error when the result is too large
• increase the array index limit to 536870912 (2^29)
• stop numeric normalization for concurrent execution (see 1ace748d08df)
• support binding expressions with binary operators (1 + 2 as $x | -$x)
• improve gojq.NewIter to be a generic function
• improve logic for getting file contents on JSON parse error
• improve JSON parsing to preserve the precision of floating-point numbers
• improve YAML parsing performance and preserve the precision of large integers
• improve performance and reduce memory allocation of long-running queries

Changelog

Sourced from github.com/itchyny/gojq's changelog.

v0.12.18 (2025-12-02)

• implement trimstr/1, toboolean/0 function
• fix last/1 to be included in builtins/0
• fix --indent 0 to preserve newlines
• fix string repetition to emit error when the result is too large
• increase the array index limit to 536870912 (2^29)
• stop numeric normalization for concurrent execution (see 1ace748d08df)
• support binding expressions with binary operators (1 + 2 as $x | -$x)
• improve gojq.NewIter to be a generic function
• improve logic for getting file contents on JSON parse error
• improve JSON parsing to preserve the precision of floating-point numbers
• improve YAML parsing performance and preserve the precision of large integers
• improve performance and reduce memory allocation of long-running queries

Commits

• fa534a1 bump up version to 0.12.18
• d7e1531 update CHANGELOG.md for v0.12.18
• 672cc79 update dependencies
• 2263e18 update actions/checkout to v6
• 5d8a53c add more tests for empty strings and NO_COLOR
• 97274d3 make use of cmp package for comparisons
• 3e31863 merge identical cases for getting operator functions
• e4d456b avoid variable names that shadow built-in functions
• 19a3975 stop replacing capturing group syntax
• 5bb6d33 support binding expressions with binary operators (fix #283)
• Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.10.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

• chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

• Fix linter and allow CI to pass by @​marckhouzam in spf13/cobra#2327
• fix: actions/setup-go v6 by @​jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

• Add documentation for repeated flags functionality by @​rvergis in spf13/cobra#2316

🍂 Refactors

• refactor: replace several vars with consts by @​htoyoda18 in spf13/cobra#2328
• refactor: change minUsagePadding from var to const by @​ssam18 in spf13/cobra#2325

🤗 New Contributors

• @​rvergis made their first contribution in spf13/cobra#2316
• @​htoyoda18 made their first contribution in spf13/cobra#2328
• @​ssam18 made their first contribution in spf13/cobra#2325
• @​dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

Commits

• 88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
• 346d408 fix: actions/setup-go v6 (#2337)
• fc81d20 refactor: change minUsagePadding from var to const (#2325)
• 117698a refactor: replace several vars with consts (#2328)
• e2dd29d Add documentation for repeated flags functionality (#2316)
• 0629892 Fix linter (#2327)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions