build(deps): Bump github.com/ethereum/go-ethereum from 1.16.7 to 1.16.8 in /execution/evm/test in the go_modules group across 1 directory

[dependabot]

Bumps the go_modules group with 1 update in the /execution/evm/test directory: github.com/ethereum/go-ethereum.

Updates github.com/ethereum/go-ethereum from 1.16.7 to 1.16.8

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Moisture Filters (v1.16.8)

This is a security fix release and is recommended for all users. It resolves two p2p vulnerabilities reported through the Ethereum Foundation bug bounty program.

---

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go (use "stable" tag).
• Ubuntu packages in our Launchpad PPA repository.
• macOS packages in our Homebrew Tap repository.

Commits

• abeb78c Merge branch 'dos-fixes' into release/1.16
• ce43eb9 version: release go-ethereum v1.16.8 stable
• 638741b crypto/ecies: use aes blocksize
• fdfd123 core/txpool: drop peers on invalid KZG proofs
• 8ecb686 version: begin v1.16.8 release cycle
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

The latest Buf updates on your PR. Results from workflow CI / buf-check (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	⏩ skipped	✅ passed	✅ passed	Jan 14, 2026, 9:44 AM

[claude]

Claude finished @dependabot[bot]'s task in 1m 41s —— View job

---

Comprehensive Code Review ✅

Summary

This PR updates github.com/ethereum/go-ethereum from v1.16.7 to v1.16.8 across multiple modules in the ev-node codebase. This is a security patch release that addresses two P2P vulnerabilities reported through the Ethereum Foundation bug bounty program.

Review Findings

✅ Positive Aspects

1. Security-Critical Update: This update resolves two P2P security vulnerabilities:

   • crypto/ecies: Fixed AES block size handling (commit 638741b)
   • core/txpool: Added peer dropping on invalid KZG proofs (commit fdfd123)

2. Version Consistency: The update has been applied consistently across all affected modules:

   • execution/evm/test/go.mod: ✅ v1.16.8 (line 7)
   • execution/evm/go.mod: ✅ v1.16.8 (line 6)
   • apps/evm/go.mod: ✅ v1.16.8 (line 15)
   • test/e2e/go.mod: ✅ v1.16.8 (line 13)
   • test/docker-e2e/go.mod: ✅ v1.16.8 (line 8)

3. Proper Dependency Management: Follow-up commits properly updated other go.mod files:

   • Commit 0a97463: Ran make deps after Dependabot update
   • Commit 497ddbb: Updated other go.mods

4. CI Status: Most checks are passing:

   • ✅ All linting checks passed (golangci-lint, hadolint, yamllint, markdown-lint, goreleaser-check)
   • ✅ Proto/buf checks passed
   • ✅ Go mod tidy check passed
   • ⏳ Unit tests, integration tests, and builds are in progress

🔍 Code Quality & Architecture Assessment

Security

• ✅ CRITICAL: This update addresses known P2P vulnerabilities and should be prioritized
• ✅ No secrets or sensitive data exposed in changes
• ✅ The security fixes specifically address:
  • Cryptographic primitive handling (ECIES encryption)
  • Network-level DoS protection (invalid KZG proof handling)

Dependency Management

• ✅ All go.sum files properly updated with correct checksums
• ✅ No indirect dependency conflicts introduced
• ✅ Modular go.mod structure maintained across test directories

Testing & Reliability

• ⏳ CI pipeline running - awaiting test results
• ✅ The update is a patch version (1.16.7 → 1.16.8), indicating no breaking API changes expected per semantic versioning

📋 Potential Concerns & Recommendations

1. Breaking Changes: Based on the release notes, this is a pure security fix with no breaking changes. The commits only touch internal P2P handling.

2. Performance Impact: The crypto/ecies fix uses proper AES block size, which might have marginal performance characteristics, but this is unlikely to be noticeable.

3. Network Behavior: The txpool change to drop peers on invalid KZG proofs is more aggressive peer management. This is a positive security improvement but could potentially affect peer connectivity in edge cases with buggy peers.

🎯 Recommendations

1. ✅ Approve and Merge: This is a security-critical patch that should be merged promptly once CI passes.

2. ✅ No Additional Testing Required: Given this is a patch release focused on security fixes in go-ethereum internals, no additional ev-node specific tests are needed beyond the existing CI suite.

3. ✅ Monitor After Deployment: After merging, monitor for:

   • Any unexpected peer disconnections (due to the KZG proof validation changes)
   • Normal P2P network behavior
   • No regression in block processing or sync performance

📊 Final Assessment

Category	Status	Notes
Security	✅ APPROVED	Addresses critical P2P vulnerabilities
Code Quality	✅ APPROVED	Consistent version updates across modules
Architecture	✅ APPROVED	No architectural changes
Testing	⏳ PENDING	CI in progress, expected to pass
Documentation	✅ APPROVED	Standard Dependabot PR format
Performance	✅ APPROVED	No negative impact expected

Conclusion

✅ APPROVED - This PR should be merged as soon as CI passes. The update addresses important security vulnerabilities in go-ethereum's P2P layer and has been properly applied across all affected modules. No code changes or additional testing are required.

The changes are minimal (only version number updates in go.mod and go.sum files), and the upstream security fixes are well-scoped to internal P2P handling. This is exactly the type of dependency update that should be prioritized and merged quickly.

---

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.74%. Comparing base (4ce58c2) to head (497ddbb).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2974      +/-   ##
==========================================
- Coverage   57.88%   57.74%   -0.14%     
==========================================
  Files          98       98              
  Lines        9394     9394              
==========================================
- Hits         5438     5425      -13     
- Misses       3352     3365      +13     
  Partials      604      604              

Flag	Coverage Δ
combined	57.74% <ø> (-0.14%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.