build(deps): use mainline go-header

[julienrbrt]

celestiaorg/go-header#347 got merged. We can finally remove the replace.
I'll keep the repo around as archived not to break previous tags.

[github-actions]

The latest Buf updates on your PR. Results from workflow CI / buf-check (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	⏩ skipped	✅ passed	✅ passed	Jan 17, 2026, 12:10 AM

[claude]

Claude finished @julienrbrt's task in 2m 1s —— View job

---

Code Review Complete

After reviewing this PR, I've identified several critical consistency issues and architectural concerns that need to be addressed before merging.

---

Critical Issues

1. Inconsistent Go Version Across Monorepo 🔴

The most significant issue is the inconsistent Go version update across the repository's modules:

Updated to 1.25.0:

• Root go.mod:3
• apps/evm/go.mod:3
• apps/grpc/go.mod:3
• apps/testapp/go.mod:3
• execution/evm/go.mod:3
• test/e2e/go.mod:3

Still on older versions:

• core/go.mod:3 - Still on 1.24.1 (should be updated for consistency)

Root go.mod inconsistency:

• Root go.mod declares go 1.25.0 (line 3)
• But still references go-header v0.7.4 (line 10) instead of the updated v0.7.5-0.20260116211018-3f61d145c9d2

This creates a critical monorepo consistency problem:

• The root module has been bumped to Go 1.25.0 but hasn't updated the go-header dependency
• Submodules have both Go 1.25.0 AND the updated go-header version
• This asymmetry can lead to go.sum conflicts and unpredictable build behavior depending on which module is being built

Fix inconsistent go-header version in root go.mod →

2. Incomplete Dependency Updates 🟡

The PR successfully removes the replace directives for the forked go-header across most modules. However:

• Root module: Still references old version v0.7.4 instead of v0.7.5-0.20260116211018-3f61d145c9d2
• test/e2e module: Uses v0.7.4 as an indirect dependency (line 56), which is acceptable since it's indirect, but highlights the root issue

The pattern suggests the root go.mod was updated for Go version but not for the dependency version, creating inconsistency.

3. Core Module Go Version Not Updated 🟡

The core/go.mod file remains on go 1.24.1 while all other modules have been updated to 1.25.0. Given that:

• The core module is a zero-dependency package (as noted in the file comment)
• It's used by all other modules via replace directives
• Consistency across the monorepo is important for build reproducibility

This should be updated to 1.25.0 for consistency, even though it has no dependencies.

---

Architecture & Quality Review

Code Quality & Dependency Management ✅

Positive aspects:

• Successfully removes all replace directives for the forked go-header (pattern: replace github.com/celestiaorg/go-header => github.com/julienrbrt/go-header)
• Updates to mainline go-header version with proper pseudo-version: v0.7.5-0.20260116211018-3f61d145c9d2
• Indirect dependency updates are reasonable:
  • go.uber.org/zap: v1.27.0 → v1.27.1 (patch update)
  • golang.org/x/exp: date-based pseudo-version update (expected)
• Dockerfiles correctly updated to use golang:1.25-alpine images
• Documentation updated (docs/.vitepress/constants/constants.js)

Go 1.25.0 upgrade implications:

• Go 1.25 is a major release and may include breaking changes or new features
• The upgrade appears to be required by the go-header dependency (based on commit message "bump go because of dep" - commit 8031f6a)
• This is a reasonable dependency-driven upgrade

Error Handling & Resilience ✅

No error handling changes in this PR - purely dependency management.

Security ✅

• Removing the fork dependency is a security improvement - reduces supply chain risk
• Using mainline Celestia go-header library improves auditability and trust
• No credentials or secrets exposed

Performance & Resource Efficiency ✅

No performance impact expected - this is a build-time dependency change.

Testing & Reliability ⚠️

• CI passed: buf-check completed successfully
• No test changes required: This is a dependency update
• Risk: The inconsistent versions between root and submodules could cause issues if tests rely on root module behavior

Recommendation: After fixing the version consistency, run full test suite including:

• make test
• make test-integration
• make test-e2e

Documentation ✅

• PR description clearly explains the change
• Links to upstream PR: feat: Add DeleteRange method to Store celestiaorg/go-header#347
• Commit messages are clear

---

Specific File Reviews

go.mod (root) - Line 10

github.com/celestiaorg/go-header v0.7.4

❌ Must be updated to: v0.7.5-0.20260116211018-3f61d145c9d2

core/go.mod - Line 3

go 1.24.1

⚠️ Should be updated to: go 1.25.0 for consistency

apps/*/go.mod ✅

All correctly updated with:

• go 1.25.0
• github.com/celestiaorg/go-header v0.7.5-0.20260116211018-3f61d145c9d2
• No replace directive for go-header

Dockerfiles ✅

All correctly updated from golang:1.24-alpine → golang:1.25-alpine

---

Process Note ⏸️

Wondertan commented: "Pls hold on until we release it on monday"

This suggests the PR should wait for an official release before merging, likely to:

• Wait for a tagged release of go-header instead of using a pseudo-version
• Coordinate with upstream release timing
• Ensure proper version alignment

---

Recommendations

1. Before merging, fix the root go.mod to use v0.7.5-0.20260116211018-3f61d145c9d2 for go-header
2. Consider updating core/go.mod to Go 1.25.0 for consistency
3. Wait for upstream release as indicated by Wondertan's comment
4. After fixing, run make deps and make test-all to verify consistency
5. Verify that the pseudo-version v0.7.5-0.20260116211018-3f61d145c9d2 points to the correct commit in celestiaorg/go-header

---

Summary

This PR successfully removes the temporary fork dependency, which is excellent for maintainability. However, the root go.mod was not fully updated to match the submodules, creating a version inconsistency that could cause build issues. This appears to be an oversight in the update process rather than a design decision.

Verdict: ⚠️ Changes Requested - Fix root go.mod go-header version before merging.

---

[gemini-code-assist]

Summary of Changes

Hello @julienrbrt, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refactors the project's dependency configuration by eliminating a custom replace directive for the go-header library. This change was made possible by the recent integration of a related pull request into the upstream go-header repository, allowing for a direct and cleaner dependency on the mainline version. Additionally, the Go language version has been updated across relevant modules, alongside minor updates to other indirect dependencies, contributing to improved maintainability and leveraging the latest language features.

Highlights

• Dependency Management: The temporary replace directive for github.com/celestiaorg/go-header has been removed from all go.mod files, allowing the project to use the mainline version of the go-header library directly.
• Go-Header Version Update: The github.com/celestiaorg/go-header dependency has been updated from v0.7.4 to v0.7.5-0.20260116211018-3f61d145c9d2.
• Go Language Version Upgrade: The Go language version has been upgraded from 1.24.6 to 1.25.0 in the apps/evm, apps/grpc, and apps/testapp modules.
• Indirect Dependency Updates: Several indirect dependencies, including go.uber.org/zap and golang.org/x/exp, have been updated to their latest versions.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly removes the replace directive for the forked go-header dependency and updates it to a mainline version. This is a good cleanup. However, the dependency updates and the Go version bump to 1.25.0 have only been applied to the submodules in the apps/ directory, while the root go.mod remains unchanged. This inconsistency can lead to unpredictable behavior and build failures depending on the build context. I've left a specific comment on how to resolve this by centralizing the dependency management in the root go.mod file.

[gemini-code-assist]

The Go version is bumped to 1.25.0 here, but the root go.mod still uses 1.24.6. Similarly, go-header is updated in this submodule but not at the root. To maintain consistency in the monorepo, please update the Go version and dependencies in the root go.mod and then run go mod tidy across the submodules.

[gemini-code-assist]

The Go version and go-header dependency are updated here but not in the root go.mod. This should be made consistent across the repository to avoid build issues. Please update the dependencies and Go version at the root level and ensure all submodules are consistent.

[Wondertan]

Pls hold on until we release it on monday

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 58.98%. Comparing base (73297c1) to head (d941fdc).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2988   +/-   ##
=======================================
  Coverage   58.98%   58.98%           
=======================================
  Files         103      103           
  Lines        9902     9902           
=======================================
  Hits         5841     5841           
  Misses       3434     3434           
  Partials      627      627           

Flag	Coverage Δ
combined	58.98% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.