build(deps): Bump the all-go group across 1 directory with 6 updates

[dependabot]

Bumps the all-go group with 4 updates in the / directory: github.com/aws/aws-sdk-go-v2, github.com/aws/aws-sdk-go-v2/config, github.com/aws/aws-sdk-go-v2/service/kms and golang.org/x/crypto.

Updates github.com/aws/aws-sdk-go-v2 from 1.41.11 to 1.42.0

Commits

• 9a3190f Release 2026-06-08
• b20dd5b Regenerated Clients
• 75a45ea Update API model
• e736f55 Add preview of changes for standard retry mode behind flag (#3400)
• ba08dc9 Release 2026-06-05.2
• 9a67e21 Revert schema serde (#3442)
• 51692f8 s3/transfermanager: avoid double-closing concurrentReader channel after read ...
• f696d5b Release 2026-06-05
• 7efb8fd Regenerated Clients
• 1a420c5 Update endpoints model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.22 to 1.32.24

Commits

• 9a3190f Release 2026-06-08
• b20dd5b Regenerated Clients
• 75a45ea Update API model
• e736f55 Add preview of changes for standard retry mode behind flag (#3400)
• ba08dc9 Release 2026-06-05.2
• 9a67e21 Revert schema serde (#3442)
• 51692f8 s3/transfermanager: avoid double-closing concurrentReader channel after read ...
• f696d5b Release 2026-06-05
• 7efb8fd Regenerated Clients
• 1a420c5 Update endpoints model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/kms from 1.53.2 to 1.53.4

Commits

• 9a3190f Release 2026-06-08
• b20dd5b Regenerated Clients
• 75a45ea Update API model
• e736f55 Add preview of changes for standard retry mode behind flag (#3400)
• ba08dc9 Release 2026-06-05.2
• 9a67e21 Revert schema serde (#3442)
• 51692f8 s3/transfermanager: avoid double-closing concurrentReader channel after read ...
• f696d5b Release 2026-06-05
• 7efb8fd Regenerated Clients
• 1a420c5 Update endpoints model
• Additional commits viewable in compare view

Updates github.com/aws/smithy-go from 1.27.0 to 1.27.1

Changelog

Sourced from github.com/aws/smithy-go's changelog.

Release (2026-06-05)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.27.2
  • Bug Fix: Fix incorrect serialization of unions in CBOR-based protocols.

Release (2026-06-04)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.27.1
  • Bug Fix: Fixed a deserialization failure in all protocols when encountering a union with explicit null members.
  • Bug Fix: Fixed a panic when deserializing nested unions in JSON- and CBOR-based protocols.

Release (2026-06-02)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.27.0
  • Feature: Add APIs for schema-based serialization.
  • Feature: Add support for all current AWS and Smithy protocols.
  • Bug Fix: Enforce max nesting depth of 128 on CBOR payloads.
• github.com/aws/smithy-go/aws-http-auth: v1.2.0
  • Feature: Add event stream signer.

Release (2026-05-27)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.26.0
  • Feature: Add StringSlice to endpoint rulesfn.

Release (2026-04-23)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.25.1
  • Bug Fix: Fixed a memory leak in the LRU cache implementation used by some AWS services.

... (truncated)

Commits

• 6a1dd2f Release 2026-06-04
• ec26415 fix nested union json ctx break/smithy.ReadUnion contract issue (#673)
• See full diff in compare view

Updates golang.org/x/crypto from 0.52.0 to 0.53.0

Commits

• 45460e0 go.mod: update golang.org/x dependencies
• d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
• e2ffffe ssh: reject incomplete gssapi-with-mic configurations
• 60e158a ssh/test: isolate CLI tests from user SSH config and agent
• 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
• 3872a2b ssh/knownhosts: verify declared key type matches decoded key
• 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
• 8f405a4 ssh: validate ECDSA curve matches expected algorithm
• bb41b3d ssh: improve DH GEX group selection using PreferredBits
• e04e721 ssh/agent: validate ed25519 private key length in Add
• Additional commits viewable in compare view

Updates golang.org/x/sync from 0.20.0 to 0.21.0

Commits

• 5071ed6 all: fix some comments to improve readability
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[claude]

Claude finished @julienrbrt's task in 1m 27s —— View job

---

Code Review

Tasks

• Gather context and analyze PR
• Review dependency changes for security and correctness
• Check for breaking changes
• Post final review

---

Summary

This is a routine Dependabot dependency bump across 6 Go modules (root, apps/evm, apps/grpc, apps/testapp, execution/evm, execution/evm/test, test/docker-e2e, test/e2e) touching 16 files. All changes are version bumps in go.mod/go.sum — no source code is modified. No issues found; safe to merge once CI passes.

---

Security Highlights

golang.org/x/crypto v0.52.0 → v0.53.0 — the most security-relevant update in this PR:

Fix	Impact
pkcs12: limit PBKDF iteration count to prevent CPU exhaustion	DoS mitigation — unbounded iterations could be exploited to peg CPU
ssh: reject incomplete gssapi-with-mic configurations	Prevents misconfigured SSH connections
ssh/knownhosts: reject lines with multiple or unknown markers	Stricter known-hosts parsing
ssh/knownhosts: verify declared key type matches decoded key	Prevents key-type spoofing
ssh: validate ECDSA curve matches expected algorithm	Crypto correctness guard

This upgrade is desirable and has no breaking API surface.

github.com/aws/smithy-go v1.27.0 → v1.27.1 — stability fixes relevant to the KMS integration:

• Fixed panic when deserializing nested unions in JSON/CBOR-based protocols
• Fixed deserialization failure when a union contains explicit null members

Both affect the AWS SDK protocols used by this project's KMS client code.

---

Dependency Change Breakdown

Package	Old	New	Type
aws-sdk-go-v2	v1.41.11	v1.42.0	minor
aws-sdk-go-v2/config	v1.32.22	v1.32.24	patch
aws-sdk-go-v2/service/kms	v1.53.2	v1.53.4	patch
aws/smithy-go	v1.27.0	v1.27.1	patch, bug fix
golang.org/x/crypto	v0.52.0	v0.53.0	security fixes
golang.org/x/sync	v0.20.0	v0.21.0	minor (comment fixes only)

Transitive updates pulled in via go mod tidy: aws-sdk-go-v2/{credentials,feature/ec2/imds,internal/configsources,internal/endpoints,internal/v4a,service/internal/*,service/{signin,sso,ssooidc,sts}} and golang.org/x/{mod,sys,telemetry,text,tools} — all patch/minor increments, consistent and expected.

---

Notable Observation in test/docker-e2e/go.mod

The docker-e2e module additionally bumps several indirect dependencies beyond the stated scope (IPFS/libp2p packages, cloud.google.com/go/auth, go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp, etc.). This is the expected result of go mod tidy cascading through the transitive dependency graph — there is nothing unusual here. The self-referential bump of github.com/evstack/ev-node from v1.1.1 → v1.1.2 (indirect in docker-e2e) reflects the newly published ev-node version referenced by that test module.

---

CI Status

Check	Status
Semantic Pull Request	✅ Passed
Dependabot Go Autofix	⏭️ Skipped (expected for grouped updates)
CI	⏳ Queued
PR #3349	⏳ Queued

No breaking changes in the AWS SDK v1 → v1.42 bump (minor, no API removals). The golang.org/x/sync v0.21.0 release notes confirm it's documentation-only. All hash entries in go.sum are consistent with the updated module versions.

Verdict: ✅ Approve once CI passes. The golang.org/x/crypto security fixes make this update actively beneficial.

[github-actions]

The latest Buf updates on your PR. Results from workflow CI / buf-check (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	⏩ skipped	✅ passed	✅ passed	Jun 12, 2026, 12:10 PM

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 60.99%. Comparing base (72c1d4f) to head (117c3de).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3349      +/-   ##
==========================================
- Coverage   61.02%   60.99%   -0.03%     
==========================================
  Files         127      127              
  Lines       13879    13879              
==========================================
- Hits         8469     8466       -3     
- Misses       4485     4489       +4     
+ Partials      925      924       -1     

Flag	Coverage Δ
combined	60.99% <ø> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.