Skip to content

Bump github.com/cosmos/ibc-go/v8 from 8.5.2 to 8.7.0#16

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/cosmos/ibc-go/v8-8.7.0
Open

Bump github.com/cosmos/ibc-go/v8 from 8.5.2 to 8.7.0#16
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/cosmos/ibc-go/v8-8.7.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 13, 2025

Copy link
Copy Markdown

Bumps github.com/cosmos/ibc-go/v8 from 8.5.2 to 8.7.0.

Release notes

Sourced from github.com/cosmos/ibc-go/v8's releases.

v8.7.0

This release contains a fix for ISA-2025-001.

This version addresses a security vulnerability in IBC-go's deserialisation of acknowledgements and we strongly encourage everyone in the affected versions to update their chain immediately. This patch is not state-breaking, so chains can upgrade in a rolling manner. This does not have to be a co-ordinated upgrade. However, validators should upgrade as soon as possible when the release is made available. If the vulnerability is exploited before 2/3 is patched, the chain will halt.

Full Changelog: cosmos/ibc-go@v8.6.1...v8.7.0


To learn more about ibc-go versioning, please read our RELEASES.md.

IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.50.9 and ibc-go v8.5.1, please follow:

  1. The migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x.
  2. The migration from ibc-go v1 to v2.
  3. The migration from ibc-go v2 to v3.
  4. The migration from ibc-go v3 to v4.
  5. The migration from ibc-go v4 to v5.
  6. The migration from ibc-go v5 to v6.
  7. The migration from ibc-go v6 to v7.
  8. The migration from ibc-go v7 to v7.1.
  9. The migration from ibc-go v7.2 to v7.3.
  10. The migration from ibc-go v7 to v8.
  11. The migration from ibc-go v8 to v8.1.

v8.6.1

This release contains a fix to ASA-2025-004

It is recommended to upgrade to this version as soon as possible.

Full Changelog: cosmos/ibc-go@v8.5.3...v8.6.1


To learn more about ibc-go versioning, please read our RELEASES.md.

IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.50.9 and ibc-go v8.5.1, please follow:

  1. The migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x.
  2. The migration from ibc-go v1 to v2.
  3. The migration from ibc-go v2 to v3.
  4. The migration from ibc-go v3 to v4.
  5. The migration from ibc-go v4 to v5.
  6. The migration from ibc-go v5 to v6.
  7. The migration from ibc-go v6 to v7.
  8. The migration from ibc-go v7 to v7.1.
  9. The migration from ibc-go v7.2 to v7.3.
  10. The migration from ibc-go v7 to v8.
  11. The migration from ibc-go v8 to v8.1.
Changelog

Sourced from github.com/cosmos/ibc-go/v8's changelog.

v8.7.0 - 2025-03-12

v8.6.1 - 2025-02-27

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/cosmos/ibc-go/v8](https://github.com/cosmos/ibc-go) from 8.5.2 to 8.7.0.
- [Release notes](https://github.com/cosmos/ibc-go/releases)
- [Changelog](https://github.com/cosmos/ibc-go/blob/v8.7.0/CHANGELOG.md)
- [Commits](cosmos/ibc-go@v8.5.2...v8.7.0)

---
updated-dependencies:
- dependency-name: github.com/cosmos/ibc-go/v8
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 13, 2025
@github-actions

Copy link
Copy Markdown

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days-before-close if no further activity occurs.

2 similar comments
@github-actions

Copy link
Copy Markdown

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days-before-close if no further activity occurs.

@github-actions

Copy link
Copy Markdown

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days-before-close if no further activity occurs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants