build(deps): bump github.com/BoltzExchange/boltz-client/v2 from 2.8.9 to 2.9.0

[dependabot]

Bumps github.com/BoltzExchange/boltz-client/v2 from 2.8.9 to 2.9.0.

Release notes

Sourced from github.com/BoltzExchange/boltz-client/v2's releases.

v2.9.0 - Paying debt

Summary

This release includes multiple bug fixes and internal refactors that make the client more reliable.

Highlights

• feat: retry reverse and chain claims by @​jackstar12 in BoltzExchange/boltz-client#570
• refactor: chain provider refactor by @​jackstar12 in BoltzExchange/boltz-client#569
• refactor: finalize chain and reverse swaps after claim by @​jackstar12 in BoltzExchange/boltz-client#573

Full Changelog: BoltzExchange/boltz-client@v2.8.8...v2.9.0

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. You'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/BoltzExchange/boltz-client/master/keys/michael.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming boltz-client-manifest-v2.9.0.txt.sig and boltz-client-manifest-v2.9.0.txt are in the current directory) with:

gpg --verify boltz-client-manifest-v2.9.0.txt.sig boltz-client-manifest-v2.9.0.txt

You should see the following if the verification was successful:

gpg: Signature made Mo 01 Jul 2024 00:40:51 CEST
gpg:                using RSA key C2640F630570F5EDEDE02DE684D249BA71685D46
gpg: Good signature from "Michael <me@michael1011.at>" [unknown]
gpg:                 aka "Michael <michael101101@me.com>" [unknown]

You should also verify that the hashes still match with the archive you've downloaded.

sha256sum --ignore-missing -c boltz-client-manifest-v2.9.0.txt

If your archive is valid, you should see the following output (depending on the archive you've downloaded):

boltz-client-linux-amd64-v2.9.0.tar.gz: OK

Changelog

Sourced from github.com/BoltzExchange/boltz-client/v2's changelog.

[v2.9.0] - 2025-10-21

Feat

• add esplora http client
• retry reverse and chain claims (#570)
• introduce WalletBackend interface

Fix

• check if chain swap is already claimed in status update
• aquire update lock before querying claimable swaps
• flaky status checks in reverse and chain tests
• check for successfull state and not status in cli
• sync loop synchronization
• check for confirmation when querying claimable swaps (#571)

Refactor

• finalize chain and reverse swaps after claim (#573)
• rm RequireConfirmed flag when finding output
• simplify manual claim test
• default electrum config
• use MultiChainProvider in rpcserver as default
• consolidate onchain interfaces into single ChainProvider
• abstract basic liquid wallet tests out into onchain package
• move sync loop out of liquid wallet

Commits

• a4867c1 chore: bump version to v2.9.0
• 157233a Merge pull request #576 from BoltzExchange/fix/cli-swapinfo-stream
• 08dccdd chore: refine wording of wallet credentials cli description
• 54e49de chore(deps): bump vite from 5.4.20 to 5.4.21 in /docs (#580)
• c543ae4 ci: skip flaky gdk tests
• 01b6e36 fix: check if chain swap is already claimed in status update
• e58159e fix: aquire update lock before querying claimable swaps
• 52a5511 chore: lint
• ec66959 chore: rm deprecated xpub from cli
• d6c666f fix: flaky status checks in reverse and chain tests
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)