chore(deps): bump reth-ethereum-payload-builder from v1.11.2 to v1.11.3

[dependabot]

Bumps reth-ethereum-payload-builder from v1.11.2 to v1.11.3.

Release notes

Sourced from reth-ethereum-payload-builder's releases.

Reth v1.11.3

Latest Release

[!IMPORTANT] This release replaces v1.11.x, and users must upgrade to v1.11.3

• fix(trie): panic in sparse trie proof workers

Update Steps

Nodes can be restarted using the new binary with no required update steps. Errors during payload validation may continue to be seen, but will not stall the node.

To fully fix errors such as those described in issue 22973, shut down the node and run:

reth db --datadir <datadir> repair-trie

This command will take up to 2 hours to complete for ethereum mainnet. Once complete, start reth node as normal.

Update Priority

This table provides priorities for which classes of users should update particular components.

User Class	Priority
Payload Builders	High
Non-Payload Builders	High

All Changes

• chore: release 1.11.3
• fix(trie): Reset proof v2 calculator on error (#22781)
• cherry-pick: fix don't produce both updates and removals for trie nodes (#22507)
• cherry-pick: install rayon panic handler (37f5b3a)

Binaries

See pre-built binaries documentation.

The binaries are signed with the PGP key: 50FB 7CC5 5B2E 8AFA 59FE 03B7 AA5E D56A 7FBF 253E

Reth

System	Architecture	Binary	PGP Signature
	x86_64	reth-v1.11.3-x86_64-unknown-linux-gnu.tar.gz	PGP Signature
	aarch64	reth-v1.11.3-aarch64-unknown-linux-gnu.tar.gz	PGP Signature

... (truncated)

Changelog

Sourced from reth-ethereum-payload-builder's changelog.

Releases

Release cadence

reth does not currently have a regular release cadence while it is still experimental software.

For maintainers

This section outlines how to cut a new release.

It is assumed that the commit that is being considered for release has been marked as stable, i.e. that there is an expectation of no major bugs.

Release PR

• Create a new branch (e.g. release/vx.y.z) and open a pull request for it
• Ensure all tests and lints pass for the chosen commit
• Version bump
  • Update the version in all Cargo.toml's
• Commit the changes
  • The message format should be release: vx.y.z, substituting x.y.z for the semver.
• The PR should be reviewed to see if anything was missed
• Once reviewed, merge the PR

Releasing

• Tag the new commit on main with vx.y.z (git tag vx.y.z SHA)
• Push the tag (git push origin vx.y.z)[^1]
• Update Homebrew Tap
• Run the release commit on the testing infrastructure for 1-3 days to check for inconsistencies and bugs
  • This testing infrastructure is going to sync and keep up with a live testnet, and includes monitoring of bandwidth, CPU, disk space etc.

Note

The v prefix for the tag is important! If it is missing, the release workflow will not run.

When the tag is pushed, the artifacts are built automatically and a draft release is added to the repository. This draft release includes a template that must be filled out, including:

• A summary of the release (highlights etc.)
• The update priority (see below)
• An auto-generated changelog

The release artifacts are automatically added to the draft release. Once ready, simply publish the release.

Release summaries

The release summary should include general notes on what the release contains that are important to operators. These changes can be found using the https://github.com/paradigmxyz/reth/labels/M-changelog label.

[^1]: It is possible to use git push --tags, but this is discouraged since it can be very difficult to get rid of bad tags.

Commits

• d6324d6 chore: release 1.11.3
• 5f3ade1 fix(trie): Reset proof v2 calculator on error (#22781)
• b053f6f cherry-pick: fix don't produce both updates and removals for trie nodes (#22507)
• 2a58e7a cherry-pick: install rayon panic handler (37f5b3a)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[randygrok]

Covered by #178

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

[claude]

Claude finished @dependabot[bot]'s task —— View job

---

PR Review for Dependabot Bump

I'll review this dependency bump PR and provide feedback on the requested areas.

Todo List:

• Read and analyze the Cargo.lock changes
• Review the reth v1.11.3 release notes and changes
• Assess code quality and best practices
• Check for potential bugs or issues
• Evaluate performance considerations
• Review security concerns
• Assess test coverage implications

---

Review Analysis

Code Quality and Best Practices ✅

• Consistent Version Management: The workspace properly uses a single version tag (v1.11.3) across all reth dependencies in Cargo.toml:25-83, ensuring consistency
• Proper Dependency Sourcing: All reth dependencies correctly reference the official repository with the specific git tag
• Lock File Integrity: The Cargo.lock shows clean updates with all 80+ reth packages consistently updated to the same commit hash (d6324d63e27ef6b7c49cdc9b1977c1b808234c7b)

Potential Bugs and Issues ⚠️

• Critical Fixes Included: This release specifically addresses important bugs:
  • Trie panic fix: Resolves panics in sparse trie proof workers
  • Rayon panic handler: Adds proper panic handling for parallel operations
  • Trie node conflicts: Fixes issues with both updates and removals for trie nodes
• No Breaking Changes: The dependency bump appears to be a patch release with backward compatibility

Performance Considerations ⚡

• Positive Impact: The trie fixes should improve reliability and reduce unexpected panics during high-load operations
• No Performance Regressions: Release notes don't indicate any performance impacts; changes are primarily bug fixes

Security Concerns 🔒

• High Priority Release: Upstream marks this as high priority for both payload builders and non-payload builders
• Vulnerability Fixes: The trie proof fixes address potential crash vulnerabilities that could affect network stability
• Verified Source: Dependencies come from the official reth repository with proper git tag verification

Test Coverage Implications 🧪

• Automated Testing Recommended: While this is a dependency update, the critical nature of the fixes suggests running comprehensive tests
• Database Repair Available: Release notes mention a reth db repair-trie command for existing installations, though this may not apply to ev-reth specifically

---

Overall Assessment ✅

This is a well-managed, critical dependency update that should be applied. The changes:

1. Fix critical stability issues in trie operations
2. Maintain API compatibility (no breaking changes)
3. Follow proper versioning practices
4. Include important security/stability fixes

Recommendation

✅ APPROVE - This dependency bump is recommended for immediate adoption due to:

• Critical bug fixes for trie operations
• High-priority security/stability improvements
• Proper version management
• No breaking changes

Note: This PR was already covered by #178, which suggests the team has already integrated these changes through the proper review process.

---