chore(deps): bump alloy crates from 1.6.3 to 1.8.3

[randygrok]

Summary

• Bump 8 alloy crates from 1.6.3 to 1.8.3: alloy-eips, alloy-json-rpc, alloy-rpc-types-eth, alloy-signer, alloy-signer-local, alloy-serde, alloy-consensus-any, alloy-rpc-types-txpool
• Consolidates dependabot PRs chore(deps): bump alloy-rpc-types-eth from 1.7.3 to 1.8.3 #192, chore(deps): bump alloy-json-rpc from 1.7.3 to 1.8.3 #193, chore(deps): bump alloy-signer from 1.7.3 to 1.8.3 #194, chore(deps): bump alloy-consensus-any from 1.7.3 to 1.8.3 #195, chore(deps): bump alloy-eips from 1.7.3 to 1.8.3 #196, chore(deps): bump alloy-serde from 1.7.3 to 1.8.3 #197, chore(deps): bump alloy-rpc-types-txpool from 1.7.3 to 1.8.3 #198 (closed when branches were deleted) and chore(deps): bump alloy-signer-local from 1.7.3 to 1.8.3 #191
• These are semver-compatible minor bumps within alloy 1.x — no relation to the alloy-evm 0.x incompatibility tracked in alloy-evm cannot be bumped to 0.28 until reth updates its dependency #154

Summary by CodeRabbit

• Chores
  • Bumped Alloy ecosystem dependencies to version 1.8.3 across the workspace.
  • Updated cross-compilation build images to use a newer GCC/G++ toolchain for improved compatibility and build reliability.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 29454e63-8d8b-463b-909d-fcc11be3eb2a

📥 Commits

Reviewing files that changed from the base of the PR and between 4c7d45e and 8280740.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• Dockerfile.cross-aarch64
• Dockerfile.cross-x86_64

✅ Files skipped from review due to trivial changes (1)

• Dockerfile.cross-x86_64

---

📝 Walkthrough

Walkthrough

Updated Alloy workspace dependency versions in Cargo.toml from 1.6.3 → 1.8.3 for multiple crates; updated cross-compilation toolchains in two Dockerfiles to install and use GCC/G++ 10 (including Debian alternatives and target-specific CC/CXX envs).

Changes

Cohort / File(s)	Summary
Dependency Version Bumps Cargo.toml	Bumped many Alloy workspace dependencies (e.g., alloy, alloy-eips, alloy-network, alloy-provider, alloy-rpc-client, alloy-rpc-types, alloy-json-rpc, alloy-signer, alloy-serde, alloy-consensus, alloy-genesis, alloy-rpc-types-txpool, etc.) from 1.6.3 → 1.8.3. Preserved feature lists and default-features = false where present.
Cross toolchain updates Dockerfile.cross-aarch64, Dockerfile.cross-x86_64	Install gcc-10/g++-10; configure Debian alternatives so /usr/bin/gcc and /usr/bin/g++ point to version 10; update target ENV vars for x86_64 to x86_64-linux-gnu-gcc-10 / x86_64-linux-gnu-g++-10. Minor newline fix in one file.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• tac0turtle

Poem

🐰 Hop, hop — new toolchains in tune,
Crates leapt forward beneath the moon.
GCC ten hums, versions climb with flair,
Builds bounce lightly on updated air.
🌿 — a rabbit’s cheery compile-time prayer

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description provides a clear summary and context, but lacks several required template sections including Type of Change checkboxes, Testing details, and other checklist items.	Complete the pull request description by adding Type of Change selection, Testing section describing verification steps, and marking applicable checklist items to follow the repository template.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the primary change: bumping alloy crate versions from 1.6.3 to 1.8.3, which is the main focus of the pull request.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/bump-alloy-1.8.3

Warning

Review ran into problems

🔥 Problems

Timed out fetching pipeline failures after 30000ms

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Claude finished @randygrok's task —— View job

---

Pull Request Review: Alloy Crate Version Bump

I've reviewed this PR for the alloy crate version bumps from 1.6.3 to 1.8.3. Here's my comprehensive analysis:

Todo List:

• Read repository guidelines (CLAUDE.md, AGENTS.md)
• Review Cargo.toml dependency changes for consistency
• Analyze Docker file modifications
• Check for potential breaking changes or security implications
• Assess test coverage requirements
• Provide comprehensive review feedback

---

✅ Code Quality and Best Practices

Excellent consistency: All alloy dependencies have been properly aligned to version 1.8.3 across the workspace. The version bumps are systematic and complete.

Good commit structure: The changes are logically separated into two commits:

• ab4b2b1 and 4c7d45e: Alloy dependency bumps
• 8280740: GCC upgrade to resolve aws-lc-sys compilation issue

Proper workspace management: All version changes are in the [workspace.dependencies] section, ensuring consistency across all crates in the workspace.

⚠️ Potential Issues

Critical Finding: Mixed Concerns in PR

This PR includes both dependency updates AND infrastructure changes (GCC upgrade in Docker files). While both changes are necessary, they address different problems:

• Alloy bumps: Standard dependency maintenance
• GCC upgrade: Fix for aws-lc-sys crate compilation issue (GCC 9 memcmp bug)

Recommendation: Consider splitting these into separate PRs in the future for cleaner change tracking.

Version Compatibility

No breaking changes expected: The bump from 1.6.3 to 1.8.3 represents semver-compatible minor version increases within the alloy 1.x series. Based on my analysis of the codebase usage patterns in files like:

• crates/node/src/attributes.rs - Uses standard alloy consensus and primitives types
• crates/ev-primitives/src/pool.rs - Uses alloy transaction envelope derivation macros

The API surface being used should remain stable.

🔒 Security Considerations

Positive security impact:

• Minor version bumps typically include security patches and bug fixes
• The GCC upgrade resolves a known compiler bug that could affect cryptographic operations
• No new attack surface introduced by these changes

Dependency verification: All alloy crates are properly version-pinned, preventing unexpected transitive dependency updates.

🚀 Performance Considerations

Likely neutral to positive impact:

• Minor version bumps in the alloy ecosystem often include performance optimizations
• No architectural changes that would impact performance
• The GCC upgrade may provide better optimization capabilities

🧪 Test Coverage Assessment

Current situation: The codebase has comprehensive integration tests in crates/tests/ covering:

• Engine API interactions (test_evolve_engine_api.rs)
• E2E scenarios (e2e_tests.rs)
• Deploy allowlist functionality (test_deploy_allowlist.rs)

Recommendation:

• ✅ The existing test suite should adequately cover the dependency changes
• ✅ Integration tests will catch any API compatibility issues
• ⚠️ Consider running the full test suite (just test) before merging to verify compatibility

📋 Additional Recommendations

1. Verification Steps: Run just check-all and just test to ensure:

   • All code compiles cleanly with new alloy versions
   • Integration tests pass with updated dependencies
   • No clippy warnings introduced

2. Documentation: The PR description adequately explains the changes and references the consolidated dependabot PRs.

3. Rollback Plan: If issues arise, the changes are easily reversible by reverting to the previous alloy versions.

✅ Overall Assessment

This is a well-executed dependency maintenance PR. The alloy version bumps are systematic, consistent, and follow best practices. The mixed concerns (dependency updates + GCC upgrade) are both necessary but ideally would be separate PRs.

Approval Recommendation: ✅ APPROVE with suggestion to run full test suite before merge.

The changes are low-risk, maintain API compatibility, and improve the project's dependency currency.

---

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

Cargo.toml (1)

91-97: Consider bumping the umbrella alloy crate to match the sub-crates.

The umbrella alloy crate remains at 1.6.3, but several of its re-exported sub-crates (alloy-signer, alloy-signer-local, etc.) are now at 1.8.3. This could cause version conflicts when features like signers re-export types from the signer crates.

If the sub-crate bumps are intentional and verified to work, this is fine. Otherwise, consider aligning all alloy crates to a consistent version.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Cargo.toml` around lines 91 - 97, The Cargo.toml lists the umbrella
dependency "alloy" at version "1.6.3" while several re-exported sub-crates are
at 1.8.3; update the "alloy" dependency entry (the alloy = { ... } block) to the
matching version (e.g., "1.8.3") or otherwise align all alloy-family crate
versions so the "signers" and other features re-export consistent types, and
then run cargo update/build to verify no version conflicts.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Cargo.toml`:
- Around line 111-112: Update the alloy-consensus dependency declaration in
Cargo.toml to match the resolved version in Cargo.lock by changing the version
for alloy-consensus from "1.6.3" to "1.8.3" so the declared crate version
(alloy-consensus) aligns with the resolved version used by the build; leave
alloy-consensus-any unchanged.

---

Nitpick comments:
In `@Cargo.toml`:
- Around line 91-97: The Cargo.toml lists the umbrella dependency "alloy" at
version "1.6.3" while several re-exported sub-crates are at 1.8.3; update the
"alloy" dependency entry (the alloy = { ... } block) to the matching version
(e.g., "1.8.3") or otherwise align all alloy-family crate versions so the
"signers" and other features re-export consistent types, and then run cargo
update/build to verify no version conflicts.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7ddfa929-0181-4e69-8935-0510fabaa89f

📥 Commits

Reviewing files that changed from the base of the PR and between 899f2fa and ab4b2b1.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• Cargo.toml