chore(deps): bump tempo dependencies to 7d809cf

[github-actions]

Tempo Dependency Updates

Bumped all tempo* dependencies from 8032a6f to 7d809cf.

Commits

• ec847e0 feat(payload): use sparse trie state root in builder (#3476)
• 9e4b4d9 fix: terminate payload job if proposal is interrupted (#3451)
• ea2e896 feat: TempoEvm::validate_transaction (#3478)
• 65954eb test(rpc): avoid watch race in flaky fee manager test (#3481)
• d22fe3a feat: allow skipping liquidity check in EVM validation (#3485)
• 1ef8db5 feat(rpc): add tempo_simulateV1 with TIP-20 token metadata enrichment (#3449)
• 273ab44 fix(tempoup): fetch GPG key over HTTPS instead of HKP (#3356)
• 5c87327 deps: update reth from main (2026-04-07) (#3464)
• d49f2f4 refactor: unify transaction validation logic between pool and evm (#3463)
• e10e74a fix(ci): alloy release workflow (#3477)
• c3fae75 test(precompiles): TIP-1022 virtual address and Recipient coverage (#3432)
• 3ef30fa fix(ci): alloy release (#3495)
• effd5cb chore: release tempo-alloy@1.5.1, tempo-contracts@1.5.1 and 1 more (#3497)
• 86ffb0f refactor: remove AA 2d txs re-injection on reorg (#3488)
• a50cfc3 fix: properly estimate gas for CREATE transactions from empty accounts (#3358)
• 6d9906f refactor: unify expiry tracking (#3486)
• e2d7d11 fix(tx-pool): always read validator preferences from state (#3225)
• 08cdecd fix(revm): gate sig type check behind t1 (#3491)
• 2d2ec71 fix(revm): recheck T3 scope validation gas (#3484)
• fd4f91d perf(payload): keep shared-trie proposal builds alive until finalize (#3505)
• 56d1e7e feat(rpc): remove decimals from response, add e2e test (#3489)
• 45b10bf refactor: unify handling of expiring nonce txs (#3504)
• d75aa56 chore(ci): update release PR changelogs workflow (#3507)
• 194dec5 fix: enable TLS for OTLP HTTP exporter (#3508)
• 7cd108d fix(tx-pool): route mark_invalid only to the pool that yielded the transaction (#3289)
• acc5532 chore(precompile): add unit tests (#3499)
• a051232 fix(transaction-pool): evict txs after fee payer balance changes (#3454)
• 9628645 fix(transaction-pool): clear stale expiry tracking (#3452)
• 5babf5d fix(payload): account for AMM haircut in best-payload fee comparison (#3294)
• 45f4a9c feat(bench): add --tip20-virtual-weight for virtual address transfer benchmarking (#3503)
• 5743f14 feat(chainspec): add TempoHardfork::from_chain_and_timestamp (#3514)
• c3edee7 feat: allow pruning history (#3511)
• ebebfc6 fix(tx-pool): track AA authorization authorities in validator (#3268)
• 641c606 fix(account-keychain): clamp T3 refund spending limits (#3483)
• d7d8754 fix(rpc): accept scoped access-key selectors in fill and estimate (#3506)
• d190366 fix(consensus): keep scheme for last 2 epochs around (#3520)
• 39dde3d fix(rpc): don't override fill_transaction (#3513)
• af535b2 fix: use consistent rlp encoding (#3443)
• cbd0e04 chore(bench): default existing_recipients to true (#3523)
• 04abac5 fix(consensus): use finalized state for v2 init check during DKG catch-up (#3524)
• 6fd036c chore(precompiles): keychain boundary tests (#3521)
• c913bea fix(tests): stabilize tempo transaction RPC integration tests (#3528)
• f29cbcb fix(bench): enable TLS for tempo-bench reqwest (#3530)
• 04a2e73 refactor(consensus): remove enable-subblocks CLI flag (#3510)
• 978a0e6 chore(consensus): requires registered scheme when verifying all blocks (#3516)
• a20e2e4 fix(identityTransition): cross-check finalization digest & try continue walking if partially completed (#3512)
• 5c30f54 fix(primitives): use nonzero key expiry (#3500)
• 1055c14 fix: re-validate transactions on policy change (#3532)
• e719d61 fix: use resolved fee token when checking policy updates (#3539)
• 7d809cf feat: send new AA transactions to the best txs iterator (#3541)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	cargo/​tempo-alloy@​1.5.0 ⏵ 1.5.1
	cargo/​tempo-primitives@​1.5.0 ⏵ 1.5.1
	cargo/​toml_edit@​0.25.10%2Bspec-1.1.0 ⏵ 0.25.11+spec-1.1.0
	cargo/​clap_complete@​4.6.0 ⏵ 4.6.1	+1		+1
	cargo/​tempo-contracts@​1.5.0 ⏵ 1.5.1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: cargo reth-rpc-traits is 98.0% likely obfuscated Confidence: 0.98 Location: Package overview From: ? → cargo/reth-rpc-traits@0.1.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/reth-rpc-traits@0.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report