chore(deps): bump the go_modules group across 2 directories with 11 updates

[dependabot]

Bumps the go_modules group with 8 updates in the / directory:

Package	From	To
github.com/babylonlabs-io/babylon/v4	4.0.0	4.2.0
github.com/go-viper/mapstructure/v2	2.3.0	2.4.0
github.com/docker/docker	25.0.6+incompatible	25.0.13+incompatible
github.com/golang-jwt/jwt/v4	4.5.1	4.5.2
github.com/hashicorp/go-getter	1.7.8	1.7.9
github.com/opencontainers/runc	1.1.12	1.2.8
github.com/ulikunitz/xz	0.5.11	0.5.14
golang.org/x/crypto	0.41.0	0.45.0

Bumps the go_modules group with 7 updates in the /tools directory:

Package	From	To
github.com/cometbft/cometbft	0.38.17	0.38.19
github.com/cosmos/ibc-go/v8	8.4.0	8.7.0
github.com/go-viper/mapstructure/v2	2.3.0	2.4.0
github.com/hashicorp/go-getter	1.7.8	1.7.9
github.com/ulikunitz/xz	0.5.11	0.5.14
golang.org/x/crypto	0.38.0	0.45.0
github.com/consensys/gnark-crypto	0.16.0	0.18.1

Updates github.com/babylonlabs-io/babylon/v4 from 4.0.0 to 4.2.0

Release notes

Sourced from github.com/babylonlabs-io/babylon/v4's releases.

v4.2.0

🚀 Overview

Version v4.2.0

📄 Changelog

You can view the complete changelog here

🏗️ Binaries

If you prefer to build from source, use the following commands:

git clone https://github.com/babylonlabs-io/babylon.git
cd babylon
git checkout v4.2.0
# Only use the below command for mainnet
make build
# Only use the below command for testnet
BABYLON_BUILD_OPTIONS="testnet" make build

🐳 Docker Image

Image	Description
babylonlabs/babylond:v4.2.0	Mainnet image
babylonlabs/babylond:v4.2.0-testnet	Testnet image

v4.1.0

What's Changed

• fix(vote-ext): add unkown fields check (backport GHSA-2fcv-qww3-9v6h) by @​GAtom22 in babylonlabs-io/babylon#1873
• crypto: ensure BIP-322 signatures are using SIGHASH_ALL or SIGHASH_DEFAULT by @​SebastianElvis in https://github.com/babylonlabs-io/babylon/tree/6e8bdd328a47343fcd7ad98d1b0c7267860b019a

Full Changelog: babylonlabs-io/babylon@v4.0.0...v4.1.0

Changelog

Sourced from github.com/babylonlabs-io/babylon/v4's changelog.

v4.2.0

Bug Fixes

• GHSA-m6wq-66p2-c8pc fix: nil check of block hash in vote extension
• GHSA-4rmq-mc2c-r495 Fix conditional logic in AfterBtcDelegationUnbonded hook

v4.1.0

Bug fixes

• GHSA-2fcv-qww3-9v6h Add unkown fields check on vote extension validation
• GHSA-xq4h-wqm2-668w crypto: ensure BIP-322 signatures are using SIGHASH_ALL or SIGHASH_DEFAULT

Commits

• e65c3a5 chore: backport sec adv costk (#1890)
• f79ad58 chore: backport sec adv blk (#1889)
• 0b17a7f Bump reusable workflows version (#1859) (#1872)
• 6e8bdd3 Merge commit from fork
• fd0e8fa fix(vote-ext): add unkown fields check (backport GHSA-2fcv-qww3-9v6h) (#1873)
• See full diff in compare view

Updates github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0

Release notes

Sourced from github.com/go-viper/mapstructure/v2's releases.

v2.4.0

What's Changed

• refactor: replace interface{} with any by @​sagikazarmark in go-viper/mapstructure#115
• build(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by @​dependabot[bot] in go-viper/mapstructure#114
• Generic tests by @​sagikazarmark in go-viper/mapstructure#118
• Fix godoc reference link in README.md by @​peczenyj in go-viper/mapstructure#107
• feat: add StringToTimeLocationHookFunc to convert strings to *time.Location by @​ErfanMomeniii in go-viper/mapstructure#117
• feat: add back previous StringToSlice as a weak function by @​sagikazarmark in go-viper/mapstructure#119

New Contributors

• @​ErfanMomeniii made their first contribution in go-viper/mapstructure#117

Full Changelog: go-viper/mapstructure@v2.3.0...v2.4.0

Commits

• b9794a5 Merge pull request #119 from go-viper/string-to-weak-slice
• 17cdcb0 feat: add back previous StringToSlice as a weak function
• 3caca36 Merge pull request #117 from ErfanMomeniii/main
• 9a861bc Merge pull request #107 from peczenyj/patch-2
• 86ed5b5 refactor: update
• ace5b4e chore: add interface any linter
• 1a4f1ae Merge pull request #118 from go-viper/generic-tests
• a268909 fix: lint
• 17f1fd4 test: add more comments
• b48c856 test: expand tests
• Additional commits viewable in compare view

Updates github.com/docker/docker from 25.0.6+incompatible to 25.0.13+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v25.0.13

25.0.13

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

• moby/moby, 25.0.13 milestone
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Prevent restoration of iptables rules for deleted networks and containers on firewalld reload. moby/moby#50445
• Fix Swarm services becoming unreachable from published ports after a firewalld reload. moby/moby#50445
• Improve the reliability of the Swarm overlay network control plane by fixing longstanding issues with NetworkDB. moby/moby#50511
• Improve the reliability of Swarm overlay container networks by fixing longstanding issues with the overlay network driver. moby/moby#50551

v25.0.12

25.0.12

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

• moby/moby, 25.0.12 milestone
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Fix an issue where all new tasks in the Swarm could get stuck in the PENDING state forever after scaling up a service with placement preferences. moby/moby#50203
• Fix an issue which made DNS service discovery for Swarm services unreliable. moby/moby#50230

Packaging updates

• Update Go toolchain to go1.23.9. moby/moby#50053

v25.0.11

25.0.11

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

• moby/moby, 25.0.11 milestone
• Changes to the Engine API, see API version history.

Networking

• [25.0] Backport network fixes by @​dperny in moby/moby#50005

Known Issues

• Some Swarm services are not discoverable over DNS moby/moby#50129

Full Changelog: moby/moby@v25.0.10...v25.0.11

v25.0.10

25.0.10

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

... (truncated)

Commits

• 165516e Merge pull request #50551 from corhere/backport-25.0/libn/all-the-overlay-fixes
• f099e91 libnetwork: handle coalesced endpoint events
• bace1b8 libnetwork/d/overlay: handle coalesced peer updates
• f9e5429 libn/d/win/overlay: dedupe NetworkDB definitions
• fc3df55 libn/d/overlay: extract hashable address types
• b22872a libnetwork/driverapi: make EventNotify optional
• c7e17ae libn/networkdb: report prev value in update events
• d60c71a libnetwork/d/overlay: fix logical race conditions
• ad54b8f libn/d/overlay: fix encryption race conditions
• 8075689 libn/d/overlay: inline secMapWalk into only caller
• Additional commits viewable in compare view

Updates github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.2

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

Commits

• 2f0e9ad Backporting 0951d18 to v4
• See full diff in compare view

Updates github.com/hashicorp/go-getter from 1.7.8 to 1.7.9

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.9

What's Changed

• Speed up XZ decompression by 5x with bufio wrapper by @​vsarunas in hashicorp/go-getter#520
• Fix CI Workflow by @​mohanmanikanta2299 in hashicorp/go-getter#522
• test: Remove use of "mitchellh/go-testing-interface" for stdlib by @​jrasell in hashicorp/go-getter#523
• fix: url redact of multiple sshkey by @​dduzgun-security in hashicorp/go-getter#528
• Publish arm binaries by @​sethvargo in hashicorp/go-getter#525
• fix errcheck lint errors and run it as part of pr checks by @​abhijeetviswa in hashicorp/go-getter#530
• fix additional lint errors and increase linter scope by @​abhijeetviswa in hashicorp/go-getter#531
• IND-3728 enabling dependabot by @​KaushikiAnand in hashicorp/go-getter#529
• fix: go-getter subdir paths by @​dduzgun-security in hashicorp/go-getter#540

New Contributors

• @​vsarunas made their first contribution in hashicorp/go-getter#520
• @​jrasell made their first contribution in hashicorp/go-getter#523
• @​sethvargo made their first contribution in hashicorp/go-getter#525
• @​abhijeetviswa made their first contribution in hashicorp/go-getter#530
• @​KaushikiAnand made their first contribution in hashicorp/go-getter#529

Full Changelog: hashicorp/go-getter@v1.7.8...v1.7.9

Commits

• e702211 Merge pull request #532 from hashicorp/dependabot/github_actions/actions-8948...
• df0a14f [chore] : Bump the actions group with 8 updates
• 87541b2 fix: go-getter subdir paths (#540)
• 3713030 [Compliance] - PR Template Changes Required
• af2dd3c Merge pull request #529 from hashicorp/dependabot-intge
• bf52629 updating dependabot.yml
• 1f63e10 changelog added, updated dependabot.yaml
• 45af459 fix additional lint errors and increase linter scope
• c8c6aba fix errcheck lint errors and run it as part of pr checks
• 9b76f98 copywrite header added
• Additional commits viewable in compare view

Updates github.com/opencontainers/runc from 1.1.12 to 1.2.8

Release notes

Sourced from github.com/opencontainers/runc's releases.

runc v1.2.8 -- "鳥籠の中に囚われた屈辱を"

[!NOTE] Some vendors were given a pre-release version of this release. This public release includes two extra patches to fix regressions discovered very late during the embargo period and were thus not included in the pre-release versions. Please update to this version.

This release contains fixes for three high-severity security vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881). All three vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files.

Security

• CVE-2025-31133 exploits an issue with how masked paths are implemented in runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instead bind-mount the symlink target read-write. This issue affected all known runc versions.

• CVE-2025-52565 is very similar in concept and application to CVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console. This issue affected all versions of runc >= 1.0.0-rc3.

• CVE-2025-52881 is a more sophisticated variant of CVE-2019-19921, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation we applied for CVE-2019-19921 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files. This issue affects all known runc versions.

Static Linking Notices

The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a "work that uses the Library":

• libseccomp

... (truncated)

Changelog

Sourced from github.com/opencontainers/runc's changelog.

[1.2.8] - 2025-11-05

鳥籠の中に囚われた屈辱を

Security

This release includes fixes for the following high-severity security issues:

• CVE-2025-31133 exploits an issue with how masked paths are implemented in runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instead bind-mount the symlink target read-write. This issue affected all known runc versions.

• CVE-2025-52565 is very similar in concept and application to CVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console. This issue affected all versions of runc >= 1.0.0-rc3.

• CVE-2025-52881 is a more sophisticated variant of CVE-2019-19921, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation we applied for CVE-2019-19921 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files. This issue affects all known runc versions.

[1.4.0-rc.2] - 2025-10-10

私の役目は信じるかどうかではない。行うかどうかだ。

libcontainer API

• The deprecated libcontainer/userns package has been removed; use github.com/moby/sys/userns instead. (#4910, #4911)

Added

• Allow setting user.* sysctls for user-namespaced containers, as they are namespaced and thus safe to configure. (#4889, #4892)
• Add support for using clone3(2)'s CLONE_INTO_CGROUP flag when configuring the runc exec process. This also included some internal changes to how we add processes to containers. (#4822, #4812, #4920)
• Add support for configuring the NUMA pmemory policy for a container with set_mempolicy(2)opencontainers/runtime-spec#1282#4726, #4915)

... (truncated)

Commits

• eeb7e60 VERSION: release v1.2.8
• cdee962 merge private security patches into ghsa-release-1.2.8
• b4cb2f5 rootfs: re-allow dangling symlinks in mount targets
• ee56b85 openat2: improve resilience on busy systems
• 2462b68 Merge pull request #4943 from lifubang/backport-1.2-4934-4937
• 99e41a5 ci: only run lint-extra job on PRs to main
• f2a1c98 CI: remove deprecated lima-vm/lima-actions/ssh
• 8f90185 selinux: use safe procfs API for labels
• 948d6e9 rootfs: switch to fd-based handling of mountpoint targets
• 7aa42ad libct: align param type for mountCgroupV1/V2 functions
• Additional commits viewable in compare view

Updates github.com/ulikunitz/xz from 0.5.11 to 0.5.14

Commits

• 7184815 Preparation of release v0.5.14
• 88ddf1d Address Security Issue GHSA-jc7w-c686-c4v9
• c8314b8 Add new package xio with WriteCloserStack
• 4f11dce Update README.md and SECURITY.md to address security questions
• f56ebbf TODO.md: fix a typo
• See full diff in compare view

Updates golang.org/x/crypto from 0.41.0 to 0.45.0

Commits

• 4e0068c go.mod: update golang.org/x dependencies
• e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
• f91f7a7 ssh/agent: prevent panic on malformed constraint
• 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
• bcf6a84 acme: pass context to request
• b4f2b62 ssh: fix error message on unsupported cipher
• 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
• 122a78f go.mod: update golang.org/x dependencies
• c0531f9 all: eliminate vet diagnostics
• 0997000 all: fix some comments
• Additional commits viewable in compare view

Updates github.com/cometbft/cometbft from 0.38.17 to 0.38.19

Release notes

Sourced from github.com/cometbft/cometbft's releases.

v0.38.19

This is a security patch release to the CometBFT v0.38.x family that fixes GHSA-hrhf-2vcr-ghch

What's Changed

• chore: fix test docker image by @​aljo242 in cometbft/cometbft#5299
• chore: refactor changelogs by @​aljo242 in cometbft/cometbft#5303
• chore: update and fix mockery tooling on v0.38 by @​aljo242 in cometbft/cometbft#5301
• chore: fix the linter by @​aljo242 in cometbft/cometbft#5304
• fix(store): Properly prune extended commits (backport #5276) by @​mergify[bot] in cometbft/cometbft#5313
• chore: clean up the repo by @​aljo242 in cometbft/cometbft#5315
• fix: remove exposed dockertest port to unblock postgres test by @​almk-dev in cometbft/cometbft#5325
• fix(consensus/reactor): reject oversized proposals (backport #5324) by @​mergify[bot] in cometbft/cometbft#5407
• GHSA-hrhf-2vcr-ghch

Full Changelog: cometbft/cometbft@v0.38.18...v0.38.19

v0.38.18

What's Changed

• fix: remove redundant error check for PubKeyToProto by @​islishude in cometbft/cometbft#4917
• ci: remove govulncheck (backport #4946) by @​mergify[bot] in cometbft/cometbft#4961
• build(deps): Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 by @​dependabot[bot] in cometbft/cometbft#4936
• fix(ci): Fix docker builds (backport #4949) by @​mergify[bot] in cometbft/cometbft#4963
• build(deps): Bump docker/build-push-action from 6.13.0 to 6.14.0 by @​dependabot[bot] in cometbft/cometbft#4972
• build(deps): Bump docker/setup-buildx-action from 3.9.0 to 3.10.0 by @​dependabot[bot] in cometbft/cometbft#5008
• build(deps): Bump docker/build-push-action from 6.14.0 to 6.15.0 by @​dependabot[bot] in cometbft/cometbft#5009
• build(deps): Bump golang.org/x/sync from 0.10.0 to 0.11.0 by @​dependabot[bot] in cometbft/cometbft#4990
• build(deps): Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by @​dependabot[bot] in cometbft/cometbft#4992
• build(deps): Bump golang.org/x/net from 0.34.0 to 0.35.0 by @​dependabot[bot] in cometbft/cometbft#4998
• build(deps): Bump github.com/decred/dcrd/dcrec/secp256k1/v4 from 4.3.0 to 4.4.0 by @​dependabot[bot] in cometbft/cometbft#4997
• build(deps): Bump google.golang.org/protobuf from 1.36.4 to 1.36.5 by @​dependabot[bot] in cometbft/cometbft#4994
• build(deps): Bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 by @​dependabot[bot] in cometbft/cometbft#4995
• chore: fix typo in workflow_dispatch (backport #5164) by @​mergify[bot] in cometbft/cometbft#5166
• ci(testapp-docker): release two images, not one (backport #5014) by @​mergify[bot] in cometbft/cometbft#5168
• chore: add supported version to e2e image tag (backport #5169) by @​mergify[bot] in cometbft/cometbft#5171
• chore: remove tag from individual builds (backport #5173) by @​mergify[bot] in cometbft/cometbft#5174
• refactor: e2e-node docker build (backport #5176) by @​mergify[bot] in cometbft/cometbft#5178
• refactor: cometbft image build (backport #5179) by @​mergify[bot] in cometbft/cometbft#5181
• fix: add git to docker ignore (backport #5214) by @​mergify[bot] in cometbft/cometbft#5216
• fix: do multistage builds for e2e-node (backport #5220) by @​mergify[bot] in cometbft/cometbft#5222
• fix: add libs to e2e tests v0.38.x by @​zrbecker in cometbft/cometbft#5234
• chore: reindex to event sink from cli (backport #5209) by @​mergify[bot] in cometbft/cometbft#5240
• feat: precommit metrics by @​technicallyty in cometbft/cometbft#5251
• chore: prep release for v0.38.18 by @​technicallyty in cometbft/cometbft#5253

Full Changelog: cometbft/cometbft@v0.38.17...v0.38.18

Changelog

Sourced from github.com/cometbft/cometbft's changelog.

v0.38.19

October 14, 2025

This release fixes two security issues, including (ASA-2025-003). Users are encouraged to upgrade as soon as possible.

Additionally included is a bug fix to properly prune extended commits (with vote extensions).

BUG-FIXES

• [consensus] Reject oversized proposals (#5324)
• [store] Prune extended commits properly (5275)
• [bits] Validate BitArray mismatched Bits and Elems length (ASA-2025-003)

v0.38.18

July 3, 2025

Adds precommit metrics and reindex CLI command.

IMPROVEMENTS

• Adds metrics that emit precommit data; precommit quorum delay from proposal, and precommit vote count and stake weight within timeout commit period. (#5251)

Commits

• be5677c Merge commit from fork
• 2cd5d91 fix(consensus/reactor): reject oversized proposals (backport #5324) (#5407)
• bb538f0 fix: remove exposed dockertest port to unblock postgres test (#5325)
• 61b60f6 chore: clean up the repo (#5315)
• 9806733 fix(store): Properly prune extended commits (backport #5276) (#5313)
• c789138 chore: fix the linter (#5304)
• 840e709 chore: update and fix mockery tooling on v0.38 (#5301)
• 020c7cf chore: refactor changelogs (#5303)
• 91348c6 chore: fix test docker image (#5299)
• 5344a6e chore: prep release for v0.38.18 (#5253)
• Additional commits viewable in compare view

Updates github.com/cosmos/ibc-go/v8 from 8.4.0 to 8.7.0

Release notes

Sourced from github.com/cosmos/ibc-go/v8's releases.

v8.7.0

This release contains a fix for ISA-2025-001.

This version addresses a security vulnerability in IBC-go's deserialisation of acknowledgements and we strongly encourage everyone in the affected versions to update their chain immediately. This patch is not state-breaking, so chains can upgrade in a rolling manner. This does not have to be a co-ordinated upgrade. However, validators should upgrade as soon as possible when the release is made available. If the vulnerability is exploited before 2/3 is patched, the chain will halt.

Full Changelog: cosmos/ibc-go@v8.6.1...v8.7.0

---

To learn more about ibc-go versioning, please read our RELEASES.md.

IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.50.9 and ibc-go v8.5.1, please follow:

1. The migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x.
2. The migration from ibc-go v1 to v2.
3. The migration from ibc-go v2 to v3.
4. The migration from ibc-go v3 to v4.
5. The migration from ibc-go v4 to v5.
6. The migration from ibc-go v5 to v6.
7. The migration from ibc-go v6 to v7.
8. The migration from ibc-go v7 to v7.1.
9. The migration from ibc-go v7.2 to v7.3.
10. The migration from ibc-go v7 to v8.
11. The migration from ibc-go v8 to v8.1.

v8.6.1

This release contains a fix to ASA-2025-004

It is recommended to upgrade to this version as soon as possible.

Full Changelog: cosmos/ibc-go@v8.5.3...v8.6.1

---

To learn more about ibc-go versioning, please read our RELEASES.md.

IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.50.9 and ibc-go v8.5.1, please follow:

1. The migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x.
2. The migration from ibc-go v1 to v2.
3. The migration from ibc-go v2 to v3.
4. The migration from ibc-go v3 to v4.
5. The migration from ibc-go v4 to v5.
6. The migration from ibc-go v5 to v6.
7. The migration from ibc-go v6 to v7.
8. The migration from ibc-go v7 to v7.1.
9. The migration from ibc-go v7.2 to v7.3.
10. The migration from ibc-go v7 to v8.
11. The migration from ibc-go v8 to v8.1.

... (truncated)

Changelog

Sourced from github.com/cosmos/ibc-go/v8's changelog.

v8.7.0 - 2025-03-12

• ISA-2025-001 Fix ISA-2025-001

v8.6.1 - 2025-02-27

• ASA-2025-004 Fix ASA-2025-004

v8.5.2 - 2024-11-05

Testing

• #7430 Update the block proposer in test chains for each block.

Bug Fixes

• (core/03-connection) #7397 Skip the genesis validation connectionID for localhost client.

v8.5.1 - 2024-09-13

Bug Fixes

• (apps/27-interchain-accounts) #7277 Use GogoResolver when populating module query safe allow list to avoid panics from unresolvable protobuf dependencies.

v8.5.0 - 2024-08-30

Dependencies

• #6828 Bump Cosmos SDK to v0.50.9.
• #7222 Update ics23 to v0.11.0.

State Machine Breaking

• (core/03-connection) #7129 Remove verification of self client and consensus state from connection handshake.

Commits

• 53eaba1 chore: update changelog and retract v8.6.1
• 17b2240 Merge commit from fork
• 59987d5 fix: remove packet data remarshaling (#8065)
• 91dda01 chore: update redacted
• d346160 Merge branch 'gjermund/redact-v8.0-to-v8.5.2' into release/v8.6.x
• 60137a2 Merge commit from fork
• 7ae302c chore: update changelog and redact
• da27d9f chore: retract v8.5.3 (#7888)
• f0a2873 Chore/revert ibc proto updates (#7887)
• c3af326 chore: update changelog for v8.5.3 (#7876)
• Additional commits viewable in compare view

Updates github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0

Release notes

Sourced from github.com/go-viper/mapstructure/v2's releases.

v2.4.0

What's Changed

• refactor: replace interface{} with any by @​sagikazarmark in go-viper/mapstructure#115
• build(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by @​dependabot[bot] in go-viper/mapstructure#114
• Generic tests by @​sagikazarmark in go-viper/mapstructure#118
• Fix godoc reference link in README.md by @​peczenyj in go-viper/mapstructure#107
• feat: add StringToTimeLocationHookFunc to convert strings to *time.Location by @​ErfanMomeniii in go-viper/mapstructure#117
• feat: add back previous StringToSlice as a weak function by @​sagikazarmark in go-viper/mapstructure#119

New Contributors

• @​ErfanMomeniii made their first contribution in go-viper/mapstructure#117

Full Changelog: go-viper/mapstructure@v2.3.0...v2.4.0

Commits

• b9794a5 Merge pull request #119 from go-viper/string-to-weak-slice
• 17cdcb0 feat: add back previous StringToSlice as a weak function
• 3caca36 Merge pull request #117 from ErfanMomeniii/main
• 9a861bc Merge pull request #107 from peczenyj/patch-2
• 86ed5b5 refactor: update
• ace5b4e chore: add interface any linter
• 1a4f1ae Merge pull request #118 from go-viper/generic-tests
• a268909 fix: lint
• 17f1fd4 test: add more comments
• b48c856 test: expand tests
• Additional commits viewable in compare view

Updates github.com/hashicorp/go-getter from 1.7.8 to 1.7.9

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.9

What's Changed

• Speed up XZ decompression by 5x with bufio wrapper by @​vsarunas in hashicorp/go-getter#520
• Fix CI Workflow by @​mohanmanikanta2299 in hashicorp/go-getter#522
• test: Remove use of "mitchellh/go-testing-interface" for stdlib by @​jrasell in hashicorp/go-getter#523
• fix: url redact of multiple sshkey by @​dduzgun-security in hashicorp/go-getter#528
• Publish arm binaries by @​sethvargo in hashicorp/go-getter#525
• fix errcheck lint errors and run it as part of pr checks by @​abhijeetviswa in hashicorp/go-getter#530
• fix additional lint errors...

  Description has been truncated