chore(deps): bump the go_modules group across 1 directory with 11 updates by dependabot[bot] · Pull Request #1 · Akusher23/node

dependabot · 2026-02-15T07:44:46Z

Bumps the go_modules group with 9 updates in the / directory:

Package	From	To
github.com/cometbft/cometbft	`0.38.17`	`0.38.21`
github.com/cosmos/cosmos-sdk	`0.50.13`	`0.50.14`
github.com/cosmos/ibc-go/v8	`8.5.2`	`8.7.0`
github.com/hashicorp/go-getter	`1.7.5`	`1.7.9`
github.com/dvsekhvalnov/jose2go	`1.6.0`	`1.7.0`
github.com/golang/glog	`1.2.3`	`1.2.4`
github.com/ulikunitz/xz	`0.5.11`	`0.5.14`
golang.org/x/oauth2	`0.24.0`	`0.27.0`
github.com/consensys/gnark-crypto	`0.12.1`	`0.18.1`

Updates github.com/cometbft/cometbft from 0.38.17 to 0.38.21

Release notes

Sourced from github.com/cometbft/cometbft's releases.

v0.38.21

What's Changed

chore(statesync): add max snapshot chunks configuration (v0.38.x) by @mattac21 in cometbft/cometbft#5548

test: add unit tests for TotalVotingPowerSafe (backport #5570) by @mergify[bot] in cometbft/cometbft#5581

Full Changelog: cometbft/cometbft@v0.38.20...v0.38.21

v0.38.20

What's Changed

Create NOTICE (backport #5495) by @mergify[bot] in cometbft/cometbft#5496

chore: add voting power validation (v0.38.x) by @technicallyty in cometbft/cometbft#5520

Full Changelog: cometbft/cometbft@v0.38.19...v0.38.20

v0.38.19

This is a security patch release to the CometBFT v0.38.x family that fixes GHSA-hrhf-2vcr-ghch

What's Changed

chore: fix test docker image by @aljo242 in cometbft/cometbft#5299

chore: refactor changelogs by @aljo242 in cometbft/cometbft#5303

chore: update and fix mockery tooling on v0.38 by @aljo242 in cometbft/cometbft#5301

chore: fix the linter by @aljo242 in cometbft/cometbft#5304

fix(store): Properly prune extended commits (backport #5276) by @mergify[bot] in cometbft/cometbft#5313

chore: clean up the repo by @aljo242 in cometbft/cometbft#5315

fix: remove exposed dockertest port to unblock postgres test by @almk-dev in cometbft/cometbft#5325

fix(consensus/reactor): reject oversized proposals (backport #5324) by @mergify[bot] in cometbft/cometbft#5407

GHSA-hrhf-2vcr-ghch

Full Changelog: cometbft/cometbft@v0.38.18...v0.38.19

v0.38.18

What's Changed

fix: remove redundant error check for PubKeyToProto by @islishude in cometbft/cometbft#4917

ci: remove govulncheck (backport #4946) by @mergify[bot] in cometbft/cometbft#4961

build(deps): Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 by @dependabot[bot] in cometbft/cometbft#4936

fix(ci): Fix docker builds (backport #4949) by @mergify[bot] in cometbft/cometbft#4963

build(deps): Bump docker/build-push-action from 6.13.0 to 6.14.0 by @dependabot[bot] in cometbft/cometbft#4972

build(deps): Bump docker/setup-buildx-action from 3.9.0 to 3.10.0 by @dependabot[bot] in cometbft/cometbft#5008

build(deps): Bump docker/build-push-action from 6.14.0 to 6.15.0 by @dependabot[bot] in cometbft/cometbft#5009

build(deps): Bump golang.org/x/sync from 0.10.0 to 0.11.0 by @dependabot[bot] in cometbft/cometbft#4990

build(deps): Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by @dependabot[bot] in cometbft/cometbft#4992

build(deps): Bump golang.org/x/net from 0.34.0 to 0.35.0 by @dependabot[bot] in cometbft/cometbft#4998

build(deps): Bump github.com/decred/dcrd/dcrec/secp256k1/v4 from 4.3.0 to 4.4.0 by @dependabot[bot] in cometbft/cometbft#4997

build(deps): Bump google.golang.org/protobuf from 1.36.4 to 1.36.5 by @dependabot[bot] in cometbft/cometbft#4994

build(deps): Bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 by @dependabot[bot] in cometbft/cometbft#4995

chore: fix typo in workflow_dispatch (backport #5164) by @mergify[bot] in cometbft/cometbft#5166

ci(testapp-docker): release two images, not one (backport #5014) by @mergify[bot] in cometbft/cometbft#5168

... (truncated)

Changelog

Sourced from github.com/cometbft/cometbft's changelog.

CHANGELOG

UNRELEASED

DEPENDENCIES

BUG FIXES

[types] Fix buffer offset bug in ProposerPriorityHash that caused hash collisions when validator priorities differed (#5613)

[p2p] fix(privval): Ephemeral Port Exhaustion (#5433)

IMPROVEMENTS

[mempool] feat!(mempool): introduce app-mempool & follower-mode. Improve lib-p2p integration (project Krakatoa).

[mempool] perf(mempool/cache): Optimize LRUTxCache.Remove to reduce lock contention and map access (#5244)

[e2e] add support for testing different keytypes, including BLS (#3513)

[crypto] Reduce BLS signature size to 48 bytes by increasing pubkey size to 192 bytes (#3624

[statesync] Add configurable max-snapshot-chunks parameter to validate max amount of chunks in a SnapshotResponse. (#5549)

FEATURES

[p2p] feat(lp2p): stop/reconnect peers that failed (#5618)

[p2p] Add experimental support for lib-p2p networking (#5463)

[crypto] Add support for BLS12-381 keys. Since the implementation needs cgo and brings in new dependencies, we use the bls12381 build flag to enable it (#2765)

[mempool] Add a metric (a counter) to measure whether a tx was received more than once. (#634)

[p2p] Rename IPeerSet#List to Copy, add Random, ForEach methods. Rename PeerSet#List to Copy, add Random, ForEach methods. (#2246)

[mempool] When the node is performing block sync or state sync, the mempool reactor now discards incoming transactions from peers, and does not propagate transactions to peers. (#785)

Optimized the PSQL indexer (#2142) thanks to external contributor @k0marov !

[p2p] make PeerSet.Remove more efficient (Author: @odeke-em) (#2246)

[light] Remove duplicated signature checks in light.VerifyNonAdjacent (#2365)

[state/indexer] Lower the heap allocation of transaction searches (#2839)

[libs/json] Lower the memory overhead of JSON encoding by using JSON encoders internally

... (truncated)

Commits

c56d64e Merge commit from fork
01d5ea5 test: add unit tests for TotalVotingPowerSafe (backport #5570) (#5581)
bd517d2 test: remove unnecessary loop variable capture
7c43155 test: add coverage for TotalVotingPowerSafe
eeb4a59 fix test cases in validation
161f7ac fix tests
a4e41a1 fix linter errors
26dc17f Add ValidateBlock tests for median time
c36a8ed fix verbs
dcf7e3b add test and fix a test
Additional commits viewable in compare view

Updates github.com/cosmos/cosmos-sdk from 0.50.13 to 0.50.14

Release notes

Sourced from github.com/cosmos/cosmos-sdk's releases.

v0.50.14

Cosmos SDK v0.50.14 Release Notes

🚀 Highlights

This patch release fixes GHSA-p22h-3m2v-cmgh. It resolves a x/distribution module issue that can halt chains when the historical rewards pool overflows. Chains using the x/distribution module are affected by this issue.

We recommended upgrading to this patch release as soon as possible.

This patch is state-breaking; chains must perform a coordinated upgrade. This patch cannot be applied in a rolling upgrade.

📝 Changelog

Check out the changelog for an exhaustive list of changes or compare changes from the last release.

Changelog

Sourced from github.com/cosmos/cosmos-sdk's changelog.

v0.50.14 - 2025-07-08

Bug Fixes

GHSA-p22h-3m2v-cmgh Fix x/distribution can halt when historical rewards overflow.

Commits

f2e6295 Merge commit from fork
See full diff in compare view

Updates github.com/cosmos/ibc-go/v8 from 8.5.2 to 8.7.0

Release notes

Sourced from github.com/cosmos/ibc-go/v8's releases.

v8.7.0

This release contains a fix for ISA-2025-001.

This version addresses a security vulnerability in IBC-go's deserialisation of acknowledgements and we strongly encourage everyone in the affected versions to update their chain immediately. This patch is not state-breaking, so chains can upgrade in a rolling manner. This does not have to be a co-ordinated upgrade. However, validators should upgrade as soon as possible when the release is made available. If the vulnerability is exploited before 2/3 is patched, the chain will halt.

Full Changelog: cosmos/ibc-go@v8.6.1...v8.7.0

To learn more about ibc-go versioning, please read our RELEASES.md.

IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.50.9 and ibc-go v8.5.1, please follow:

The migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x.

The migration from ibc-go v1 to v2.

The migration from ibc-go v2 to v3.

The migration from ibc-go v3 to v4.

The migration from ibc-go v4 to v5.

The migration from ibc-go v5 to v6.

The migration from ibc-go v6 to v7.

The migration from ibc-go v7 to v7.1.

The migration from ibc-go v7.2 to v7.3.

The migration from ibc-go v7 to v8.

The migration from ibc-go v8 to v8.1.

v8.6.1

This release contains a fix to ASA-2025-004

It is recommended to upgrade to this version as soon as possible.

Full Changelog: cosmos/ibc-go@v8.5.3...v8.6.1

To learn more about ibc-go versioning, please read our RELEASES.md.

IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.50.9 and ibc-go v8.5.1, please follow:

The migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x.

The migration from ibc-go v1 to v2.

The migration from ibc-go v2 to v3.

The migration from ibc-go v3 to v4.

The migration from ibc-go v4 to v5.

The migration from ibc-go v5 to v6.

The migration from ibc-go v6 to v7.

The migration from ibc-go v7 to v7.1.

The migration from ibc-go v7.2 to v7.3.

The migration from ibc-go v7 to v8.

The migration from ibc-go v8 to v8.1.

Changelog

Sourced from github.com/cosmos/ibc-go/v8's changelog.

v8.7.0 - 2025-03-12

ISA-2025-001 Fix ISA-2025-001

v8.6.1 - 2025-02-27

ASA-2025-004 Fix ASA-2025-004

Commits

53eaba1 chore: update changelog and retract v8.6.1
17b2240 Merge commit from fork
59987d5 fix: remove packet data remarshaling (#8065)
91dda01 chore: update redacted
d346160 Merge branch 'gjermund/redact-v8.0-to-v8.5.2' into release/v8.6.x
60137a2 Merge commit from fork
7ae302c chore: update changelog and redact
da27d9f chore: retract v8.5.3 (#7888)
f0a2873 Chore/revert ibc proto updates (#7887)
c3af326 chore: update changelog for v8.5.3 (#7876)
Additional commits viewable in compare view

Updates github.com/hashicorp/go-getter from 1.7.5 to 1.7.9

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.9

What's Changed

Speed up XZ decompression by 5x with bufio wrapper by @vsarunas in hashicorp/go-getter#520

Fix CI Workflow by @mohanmanikanta2299 in hashicorp/go-getter#522

test: Remove use of "mitchellh/go-testing-interface" for stdlib by @jrasell in hashicorp/go-getter#523

fix: url redact of multiple sshkey by @dduzgun-security in hashicorp/go-getter#528

Publish arm binaries by @sethvargo in hashicorp/go-getter#525

fix errcheck lint errors and run it as part of pr checks by @abhijeetviswa in hashicorp/go-getter#530

fix additional lint errors and increase linter scope by @abhijeetviswa in hashicorp/go-getter#531

IND-3728 enabling dependabot by @KaushikiAnand in hashicorp/go-getter#529

fix: go-getter subdir paths by @dduzgun-security in hashicorp/go-getter#540

New Contributors

@vsarunas made their first contribution in hashicorp/go-getter#520

@jrasell made their first contribution in hashicorp/go-getter#523

@sethvargo made their first contribution in hashicorp/go-getter#525

@abhijeetviswa made their first contribution in hashicorp/go-getter#530

@KaushikiAnand made their first contribution in hashicorp/go-getter#529

Full Changelog: hashicorp/go-getter@v1.7.8...v1.7.9

v1.7.8

What's Changed

sec: fix s3 and gcs host checks by @dduzgun-security in hashicorp/go-getter#512

Full Changelog: hashicorp/go-getter@v1.7.7...v1.7.8

v1.7.7

What's Changed

Clean up git repo on disk when the ref checkout fails by @james-warren0 in hashicorp/go-getter#504

[COMPLIANCE] Add Copyright and License Headers by @hashicorp-copywrite in hashicorp/go-getter#409

Add CODEOWNERS file in .github/CODEOWNERS by @mukeshjc in hashicorp/go-getter#505

IND-1804 Bump up dependencies to remediate vulnerabiities by @mohanmanikanta2299 in hashicorp/go-getter#513

Updating arguments in github release CI by @mohanmanikanta2299 in hashicorp/go-getter#514

Updating .goreleaser.yml file with valid version by @mohanmanikanta2299 in hashicorp/go-getter#515

New Contributors

@james-warren0 made their first contribution in hashicorp/go-getter#504

@mukeshjc made their first contribution in hashicorp/go-getter#505

@mohanmanikanta2299 made their first contribution in hashicorp/go-getter#513

Full Changelog: hashicorp/go-getter@v1.7.6...v1.7.7

v1.7.6

What's Changed

fix: Avoid panic when s3 URL is invalid by @liamg in hashicorp/go-getter#501

New Contributors

@liamg made their first contribution in hashicorp/go-getter#501

... (truncated)

Commits

e702211 Merge pull request #532 from hashicorp/dependabot/github_actions/actions-8948...
df0a14f [chore] : Bump the actions group with 8 updates
87541b2 fix: go-getter subdir paths (#540)
3713030 [Compliance] - PR Template Changes Required
af2dd3c Merge pull request #529 from hashicorp/dependabot-intge
bf52629 updating dependabot.yml
1f63e10 changelog added, updated dependabot.yaml
45af459 fix additional lint errors and increase linter scope
c8c6aba fix errcheck lint errors and run it as part of pr checks
9b76f98 copywrite header added
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.32.0 to 0.33.0

Commits

9290511 go.mod: update golang.org/x dependencies
fa5273e x509roots/fallback: update bundle
a8ea4be ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface
71d3a4c acme: support challenges that require the ACME client to send a non-empty JSO...
See full diff in compare view

Updates golang.org/x/net from 0.34.0 to 0.35.0

Commits

df97a48 go.mod: update golang.org/x dependencies
2dab271 route: treat short sockaddr lengths as unspecified
b914489 internal/http3: refactor in prep for sharing transport/server code
ebd23f8 route: fix parsing network address of length zero
938a9fb internal/http3: add request/response body transfer
145b2d7 internal/http3: add RoundTrip
5bda71a internal/http3: define connection and stream error types
3c1185a internal/http3: return error on mid-frame EOF
a6c2c7f http2, internal/httpcommon: factor out common request header logic for h2/h3
c72e89d internal/http3: QPACK encoding and decoding
Additional commits viewable in compare view

Updates github.com/dvsekhvalnov/jose2go from 1.6.0 to 1.7.0

Commits

0a0673d Merge pull request #34 from dvsekhvalnov/issue-33-deflate-limit
c3fff7c docs
e51b47f docs
c7dde52 fixing workflow
a194baa added go versions and OSs to matrix
f31cfc6 fixing yaml
1a4ba55 added matrix to workflow
d2baff2 go workflow
b14c81a added limitation for deflate decompression stream
See full diff in compare view

Updates github.com/golang/glog from 1.2.3 to 1.2.4

Release notes

Sourced from github.com/golang/glog's releases.

v1.2.4

What's Changed

Fail if log file already exists by @chressie in golang/glog#74:

glog: Don't try to create/rotate a given syncBuffer twice in the same second

glog: introduce createInDir function as in internal version

glog: have createInDir fail if the file already exists

Full Changelog: golang/glog@v1.2.3...v1.2.4

Commits

a0e3c40 glog: have createInDir fail if the file already exists
7139da2 glog: introduce createInDir function as in internal version
dd58629 glog: Don't try to create/rotate a given syncBuffer twice in the same second
See full diff in compare view

Updates github.com/ulikunitz/xz from 0.5.11 to 0.5.14

Commits

7184815 Preparation of release v0.5.14
88ddf1d Address Security Issue GHSA-jc7w-c686-c4v9
c8314b8 Add new package xio with WriteCloserStack
4f11dce Update README.md and SECURITY.md to address security questions
f56ebbf TODO.md: fix a typo
See full diff in compare view

Updates golang.org/x/oauth2 from 0.24.0 to 0.27.0

Commits

681b4d8 jws: split token into fixed number of parts
3f78298 all: upgrade go directive to at least 1.23.0 [generated]
109dabf endpoints: add links/provider for Discord
ac571fa oauth2: fix docs for Config.DeviceAuth
314ee5b endpoints: add patreon endpoint
b9c813b google: add warning about externally-provided credentials
49a531d all: make method and struct comments match the names
See full diff in compare view

Updates github.com/consensys/gnark-crypto from 0.12.1 to 0.18.1

Release notes

Sourced from github.com/consensys/gnark-crypto's releases.

v0.18.1

Full Changelog: Consensys/gnark-crypto@v0.18.0...v0.18.1

v0.18.0

What's Changed

perf: disable cobra bit reverse for small fields by @gbotrel in Consensys/gnark-crypto#662

perf: adds avx512 poseidon2 for small fields by @gbotrel in Consensys/gnark-crypto#665

GKR Gate Registry by @Tabaie in Consensys/gnark-crypto#652

chore: remove unused benchmark script by @ivokub in Consensys/gnark-crypto#675

Remove GKR from gnark-crypto by @Tabaie in Consensys/gnark-crypto#670

feat: make <31 bit field generated using uint32 by @gbotrel in Consensys/gnark-crypto#676

refactor: hash to curve by @ivokub in Consensys/gnark-crypto#674

fix: Eisenstein Half-GCD convergence by @feltroidprime in Consensys/gnark-crypto#680

feat/hashregistry by @Tabaie in Consensys/gnark-crypto#687

Feat/fftext by @YaoJGalteland in Consensys/gnark-crypto#684

Feat/vortex options by @ThomasPiellard in Consensys/gnark-crypto#689

[secp256k1]: replace outdated link to article by @gap-editor in Consensys/gnark-crypto#690

feat: remove dependency on internal package in ecc.go by @gbotrel in Consensys/gnark-crypto#693

New Contributors

@feltroidprime made their first contribution in Consensys/gnark-crypto#680

@YaoJGalteland made their first contribution in Consensys/gnark-crypto#684

@gap-editor made their first contribution in Consensys/gnark-crypto#690

Full Changelog: Consensys/gnark-crypto@v0.17.0...v0.18.0

v0.17.0

What's Changed

fix: missing Poseidon2 round keys by @Tabaie in Consensys/gnark-crypto#621

feat: Poseidon2 Hash Instantiation for BLS12-377 by @Tabaie in Consensys/gnark-crypto#623

feat: add Grumpkin elliptic curve (2-cycle with BN254) by @yelhousni in Consensys/gnark-crypto#625

Perf: Poseidon2 GKR circuit by @Tabaie in Consensys/gnark-crypto#628

feat: add sis avx512 and fft avx512 for koalabear by @gbotrel in Consensys/gnark-crypto#622

InterpolateOnRange refactor by @Tabaie in Consensys/gnark-crypto#634

chore: add auto close PR workflow by @gbotrel in Consensys/gnark-crypto#638

perf: subgroup membership by @yelhousni in Consensys/gnark-crypto#635

feat: poseidon2 for koala-bear, baby-bear and goldilocks by @yelhousni in Consensys/gnark-crypto#629

chore: generify poseidon2 parameters for other curves/fr by @yelhousni in Consensys/gnark-crypto#636

feat: baby-bear and koala-bear extensions of degree 4 by @yelhousni in Consensys/gnark-crypto#643

fix: ensure fast path is taken only with fixed bound and degree by @gbotrel in Consensys/gnark-crypto#651

Poseidon2 compression for small fields by @Tabaie in Consensys/gnark-crypto#644

fix: poseidon2 templates by @yelhousni in Consensys/gnark-crypto#648

test: improve NAF decomposition test coverage by @DeVikingMark in Consensys/gnark-crypto#617

refactor: generate code for poseidon2_test by @yelhousni in Consensys/gnark-crypto#660

test(bn254, bls12-381): test points intentionally not on sugroups G1/2 by @yelhousni in Consensys/gnark-crypto#658

refactor: generify small fields extensions by @yelhousni in Consensys/gnark-crypto#647

New Contributors

@DeVikingMark made their first contribution in Consensys/gnark-crypto#617

... (truncated)

Changelog

Sourced from github.com/consensys/gnark-crypto's changelog.

[v0.18.1] - 2025-10-28

Docs

add CHANGELOG for 0.18.1

Perf

limit memory allocation during Vector deserialization (#759)

[v0.18.0] - 2025-06-09

Build

deps: bump golang.org/x/crypto from 0.33.0 to 0.35.0 (#677)

Chore

remove unused benchmark script (#675)

Docs

replace outdated link to article (#690)

Experiment

vortex on koalabear (#645)

Feat

remove dependency on internal package in ecc.go (#693)

make <31 bit field generated using uint32 (#676)

Fix

remove unimplemented path from fft ext

Eisenstein Half-GCD convergence (#680)

Perf

adds avx512 poseidon2 for small fields (#665)

remove useless copies in e4 mul by elem (#667)

disable cobra bit reverse for small fields (#662)

Refactor

hash to curve (#674)

[v0.17.0] - 2025-03-11

Chore

remove useless github workflow

generify poseidon2 parameters for other curves/fr (#636)

add auto close PR workflow (#638)

Feat

baby-bear and koala-bear extensions of degree 4 (#643)

poseidon2 for koala-bear, baby-bear and goldilocks (#629)

add sis avx512 and fft avx512 for koalabear (#622)

... (truncated)

Commits

fb04e95 docs: add CHANGELOG for 0.18.1
0a4d04a perf: limit memory allocation during Vector deserialization (#759)
f8ab23a fix: remove unimplemented path from fft ext
2b70394 feat: remove dependency on internal package in ecc.go (#693)
ca72a0f docs: replace outdated link to article (#690)
21614bd Feat/vortex options (#689)
0517915 Feat/fftext (#684)
404f8e5 feat/hashregistry (#687)
5660088 fix: Eisenstein Half-GCD convergence (#680)
1873045 build(deps): bump golang.org/x/crypto from 0.33.0 to 0.35.0 (#677)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

…ates Bumps the go_modules group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/cometbft/cometbft](https://github.com/cometbft/cometbft) | `0.38.17` | `0.38.21` | | [github.com/cosmos/cosmos-sdk](https://github.com/cosmos/cosmos-sdk) | `0.50.13` | `0.50.14` | | [github.com/cosmos/ibc-go/v8](https://github.com/cosmos/ibc-go) | `8.5.2` | `8.7.0` | | [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) | `1.7.5` | `1.7.9` | | [github.com/dvsekhvalnov/jose2go](https://github.com/dvsekhvalnov/jose2go) | `1.6.0` | `1.7.0` | | [github.com/golang/glog](https://github.com/golang/glog) | `1.2.3` | `1.2.4` | | [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz) | `0.5.11` | `0.5.14` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.24.0` | `0.27.0` | | [github.com/consensys/gnark-crypto](https://github.com/consensys/gnark-crypto) | `0.12.1` | `0.18.1` | Updates `github.com/cometbft/cometbft` from 0.38.17 to 0.38.21 - [Release notes](https://github.com/cometbft/cometbft/releases) - [Changelog](https://github.com/cometbft/cometbft/blob/main/CHANGELOG.md) - [Commits](cometbft/cometbft@v0.38.17...v0.38.21) Updates `github.com/cosmos/cosmos-sdk` from 0.50.13 to 0.50.14 - [Release notes](https://github.com/cosmos/cosmos-sdk/releases) - [Changelog](https://github.com/cosmos/cosmos-sdk/blob/v0.50.14/CHANGELOG.md) - [Commits](cosmos/cosmos-sdk@v0.50.13...v0.50.14) Updates `github.com/cosmos/ibc-go/v8` from 8.5.2 to 8.7.0 - [Release notes](https://github.com/cosmos/ibc-go/releases) - [Changelog](https://github.com/cosmos/ibc-go/blob/v8.7.0/CHANGELOG.md) - [Commits](cosmos/ibc-go@v8.5.2...v8.7.0) Updates `github.com/hashicorp/go-getter` from 1.7.5 to 1.7.9 - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Commits](hashicorp/go-getter@v1.7.5...v1.7.9) Updates `golang.org/x/crypto` from 0.32.0 to 0.33.0 - [Commits](golang/crypto@v0.32.0...v0.33.0) Updates `golang.org/x/net` from 0.34.0 to 0.35.0 - [Commits](golang/net@v0.34.0...v0.35.0) Updates `github.com/dvsekhvalnov/jose2go` from 1.6.0 to 1.7.0 - [Commits](dvsekhvalnov/jose2go@v1.6.0...v1.7.0) Updates `github.com/golang/glog` from 1.2.3 to 1.2.4 - [Release notes](https://github.com/golang/glog/releases) - [Commits](golang/glog@v1.2.3...v1.2.4) Updates `github.com/ulikunitz/xz` from 0.5.11 to 0.5.14 - [Commits](ulikunitz/xz@v0.5.11...v0.5.14) Updates `golang.org/x/oauth2` from 0.24.0 to 0.27.0 - [Commits](golang/oauth2@v0.24.0...v0.27.0) Updates `github.com/consensys/gnark-crypto` from 0.12.1 to 0.18.1 - [Release notes](https://github.com/consensys/gnark-crypto/releases) - [Changelog](https://github.com/Consensys/gnark-crypto/blob/master/CHANGELOG.md) - [Commits](Consensys/gnark-crypto@v0.12.1...v0.18.1) --- updated-dependencies: - dependency-name: github.com/cometbft/cometbft dependency-version: 0.38.21 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/cosmos/cosmos-sdk dependency-version: 0.50.14 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/cosmos/ibc-go/v8 dependency-version: 8.7.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/hashicorp/go-getter dependency-version: 1.7.9 dependency-type: direct:production dependency-group: go_modules - dependency-name: golang.org/x/crypto dependency-version: 0.33.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.35.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/dvsekhvalnov/jose2go dependency-version: 1.7.0 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/golang/glog dependency-version: 1.2.4 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/ulikunitz/xz dependency-version: 0.5.14 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/oauth2 dependency-version: 0.27.0 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/consensys/gnark-crypto dependency-version: 0.18.1 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Feb 15, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the go_modules group across 1 directory with 11 updates#1

chore(deps): bump the go_modules group across 1 directory with 11 updates#1
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/go_modules/go_modules-ed20e8387d

dependabot Bot commented on behalf of github Feb 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Feb 15, 2026

v0.38.21

What's Changed

v0.38.20

What's Changed

v0.38.19

What's Changed

v0.38.18

What's Changed

CHANGELOG

UNRELEASED

DEPENDENCIES

BUG FIXES

IMPROVEMENTS

FEATURES

v0.50.14

Cosmos SDK v0.50.14 Release Notes

🚀 Highlights

📝 Changelog

v0.50.14 - 2025-07-08

Bug Fixes

v8.7.0

v8.6.1

v8.7.0 - 2025-03-12

v8.6.1 - 2025-02-27

v1.7.9

What's Changed

New Contributors

v1.7.8

What's Changed

v1.7.7

What's Changed

New Contributors

v1.7.6

What's Changed

New Contributors

v1.2.4

What's Changed

v0.18.1

v0.18.0

What's Changed

New Contributors

v0.17.0

What's Changed

New Contributors

[v0.18.1] - 2025-10-28

Docs

Perf

[v0.18.0] - 2025-06-09

Build

Chore

Docs

Experiment

Feat

Fix

Perf

Refactor

[v0.17.0] - 2025-03-11

Chore

Feat

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants