chore(deps): bump grpc, golangci-lint, atomicfile, build-push-action, bls-signatures

[lklimek]

Issue being fixed or feature implemented

Incorporates 4 open dependabot PRs (#1259, #1260, #1261, #1262) plus an update to the BLS signatures library into a single batched PR. All updates have been security-audited with govulncheck and manual CVE review.

What was done?

Five dependency updates, each as a separate commit:

1. github.com/creachadair/atomicfile 0.4.0 → 0.4.1 — maintenance release, no functional changes
2. google.golang.org/grpc 1.78.0 → 1.79.1 — HTTP/2 header size check fix, TLS authority port stripping fix, performance improvements
3. github.com/golangci/golangci-lint/v2 2.8.0 → 2.10.1 — go1.26 support, new gosec taint analysis rules (G701–G706), staticcheck 0.7.0, buildssa panic fix
4. docker/build-push-action 6.18.0 → 6.19.2 — GIT_AUTH_TOKEN credential scoping fix, JS dep CVE fixes (CVE-2025-7783 form-data Critical, CVE-2025-13465 lodash, CVE-2025-47279 undici)
5. dashpay/bls-signatures/go-bindings Dec 2024 → v1.3.6 (Oct 2025) — CI modernization, CMake updates, Windows build fix

Security audit results

• govulncheck: no vulnerabilities found
• Go deps: all security-critical packages (x/crypto v0.48.0, x/net v0.50.0, grpc v1.79.1, runc v1.3.3) at latest patched versions
• GitHub Actions: all action versions current
• CVEs fixed by this PR: CVE-2025-7783 (Critical), CVE-2025-13465 (Medium), CVE-2025-47279 (Medium) — all in docker/build-push-action JS transitive deps

Closes #1259, closes #1260, closes #1261, closes #1262

How Has This Been Tested?

• govulncheck ./... — no vulnerabilities
• go mod tidy — clean
• CI will validate build, lint, and tests

Breaking Changes

None

Checklist:

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added or updated relevant unit/integration/functional/e2e tests
• I have made corresponding changes to the documentation

Summary by CodeRabbit

• Chores
  • Updated GitHub Actions workflows to use the latest docker/build-push-action version
  • Updated Go module dependencies to latest compatible versions for improved security and stability

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request updates multiple dependencies across GitHub Actions workflows and Go modules. The docker/build-push-action action version is bumped from 6.18.0 to 6.19.2 in workflow files, while go.mod receives updates to several Go packages including gRPC (1.78.0 to 1.79.1), golangci-lint (2.8.0 to 2.10.1), and various linting tools.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflows .github/workflows/docker.yml, .github/workflows/e2e.yml	Updated docker/build-push-action from v6.18.0 to v6.19.2 across Docker build steps, including fixes for GIT_AUTH_TOKEN host handling and port preservation.
Go Module Dependencies go.mod	Bumped gRPC from v1.78.0 to v1.79.1 (includes API changes for experimental stats and weighted shuffling); upgraded golangci-lint from v2.8.0 to v2.10.1; bumped atomicfile to v0.4.1 and various indirect dependencies (gosec, honnef.co/go/tools, ginkgolinter); removed go.uber.org/automaxprocs; updated gogoproto and docker/cli replace directives.

Poem

🐰 Dependencies hop and skip so high,
Version bumps dance through the file—
gRPC soars to 1.79, golangci shines anew,
Workflows updated, linting true,
All the little packages in their rightful place! ✨

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	All four linked issues (#1259-#1262) are addressed: docker/build-push-action 6.18.0→6.19.2 with JS CVE fixes, creachadair/atomicfile 0.4.0→0.4.1, google.golang.org/grpc 1.78.0→1.79.1 with HTTP/2 and TLS fixes, golangci-lint 2.8.0→2.10.1 with go1.26 support and linter updates.
Out of Scope Changes check	✅ Passed	All changes are dependency updates directly corresponding to the five stated objectives. No unrelated modifications to source code, configuration, or functionality outside the dependency update scope are present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title accurately summarizes the main change: a batch of dependency version updates including grpc, golangci-lint, atomicfile, build-push-action, and bls-signatures.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/dependabot-updates

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}