fix(deps): bump go-ethereum, tar, edwards25519

[Fletch153]

Dependabot Security Alert Fixes

Repository: smartcontractkit/chainlink-starknet
Ecosystems: Go, npm
Alerts: 20 open | 10 fixed | 10 blocked

Fixed Alerts

#	CVE	Severity	CVSS	Dependency	Ecosystem	Fix
377	CVE-2026-26314	High	-	go-ethereum	Go (relayer)	v1.16.8 → v1.17.0
378	CVE-2026-26314	High	-	go-ethereum	Go (monitoring)	v1.16.8 → v1.17.0
379	CVE-2026-26314	High	-	go-ethereum	Go (integration-tests)	v1.16.8 → v1.17.0
380	CVE-2026-26313	Medium	-	go-ethereum	Go (relayer)	v1.16.8 → v1.17.0
381	CVE-2026-26313	Medium	-	go-ethereum	Go (monitoring)	v1.16.8 → v1.17.0
383	CVE-2026-26315	Medium	-	go-ethereum	Go (relayer)	v1.16.8 → v1.17.0
384	CVE-2026-26315	Medium	-	go-ethereum	Go (monitoring)	v1.16.8 → v1.17.0
385	CVE-2026-26315	Medium	-	go-ethereum	Go (integration-tests)	v1.16.8 → v1.17.0
382	CVE-2026-26958	Low	-	filippo.io/edwards25519	Go (integration-tests)	v1.1.0 → v1.1.1
375	CVE-2026-26960	High	7.1	tar	npm	7.5.7 → 7.5.9

Blocked Alerts

#	CVE	Severity	Dependency	Reason
373	CVE-2026-26014	Medium	pion/dtls/v2	No patched version exists
353	CVE-2025-14505	Low	elliptic	No patched version exists
143	CVE-2024-24828	Medium	pkg	Unmaintained, no patch
387, 290, 149	Multiple	High/Medium	axios (×3 CVEs)	Pinned by @chainlink/gauntlet-core@0.3.1 at ^0.24.0
360	CVE-2026-22036	Medium	undici	Pinned by hardhat@2.28.4 at ^5.14.0
316	CVE-2025-54798	Low	tmp	Pinned by solc@0.8.26 at exact 0.0.33
215	CVE-2024-47764	Low	cookie	Pinned by @sentry/node@5.30.0 at ^0.4.1

How these changes were made

1. Bumped go-ethereum to v1.17.0 and ran go mod tidy in all 3 Go modules (relayer, monitoring, integration-tests).
2. Bumped edwards25519 to v1.1.1 in integration-tests.
3. Regenerated yarn.lock to pick up tar 7.5.9.

Verification

• go build ./... and go test ./... pass in relayer and monitoring
• integration-tests builds (tests require infrastructure)
• yarn install and yarn build pass

🤖 Generated with Claude Code

[github-actions]

👋 Fletch153, thanks for creating this pull request!

To help reviewers, please consider creating future PRs as drafts first. This allows you to self-review and make any final changes before notifying the team.

Once you're ready, you can mark it as "Ready for review" to request feedback. Thanks!

[cawthorne]

Does the integration test also fail on develop? If that is bottomed out I will approve.

[cl-sonarqube-production]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube