chore(deps): bump c-kzg from 2.1.5 to 2.1.6

[dependabot]

Bumps c-kzg from 2.1.5 to 2.1.6.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, rust. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[claude]

Claude finished @dependabot[bot]'s task —— View job

---

PR Review: c-kzg Dependency Bump

Reviewing the c-kzg dependency update from 2.1.5 to 2.1.6.

Todo List:

• Analyze changed files
• Review dependency changes and compatibility
• Run build to verify compatibility (blocked - requires approval)
• Run tests to ensure functionality (blocked - requires approval)
• Check for security implications
• Provide comprehensive review feedback

Code Quality and Best Practices ✅

• Change is minimal and focused: Only updates the version number in crates/node/Cargo.toml:68
• Proper dependency management: Cargo.lock correctly reflects the version update
• Clean patch version bump: 2.1.5 → 2.1.6 indicates bug fixes or minor improvements

c-kzg Usage Analysis 📋

The c-kzg library is used for KZG (Kate-Zaverucha-Goldberg) cryptographic operations, specifically for EIP-4844 blob transactions:

Location: crates/node/src/txpool.rs:15,583,621,623

• Imported as c_kzg::KzgSettings
• Used in transaction validation for blob transactions
• Initialized asynchronously for EIP-4844 support
• Critical for Ethereum blob transaction validation

Potential Issues 🟢

Low Risk Assessment:

• Breaking Changes: Unlikely in patch version (2.1.5 → 2.1.6)
• API Compatibility: KzgSettings interface should remain stable
• Integration Impact: Minimal - used only through stable reth transaction pool APIs

Performance Considerations ⚡

No Performance Impact Expected:

• Patch version typically contains bug fixes or optimizations
• KZG operations are initialization-only in this codebase
• Used asynchronously, won't block main execution

Security Concerns 🔒

Positive Security Impact:

• Cryptographic Library: Updates often include security fixes
• Blob Transaction Security: Critical for EIP-4844 validation integrity
• Dependency Supply Chain: Regular updates reduce vulnerability windows

Test Coverage 🧪

Cannot Verify (build/test commands blocked):

• Would recommend running: just test to verify blob transaction tests
• Should test EIP-4844 specific functionality
• Integration tests should validate KZG settings initialization

Recommendation ✅

APPROVE - This is a safe, low-risk dependency update that:

1. Follows semantic versioning (patch update)
2. Updates a critical cryptographic library
3. Maintains API compatibility
4. Likely includes security/bug fixes
5. Has minimal integration surface area

Next Steps:

• Merge after CI passes
• Monitor for any EIP-4844 blob transaction issues
• Consider testing blob transaction validation after deployment