chore(deps): bump zebra-chain from 6.0.1 to 6.0.2 in /packages/wasm-utxo

[dependabot]

Bumps zebra-chain from 6.0.1 to 6.0.2.

Changelog

Sourced from zebra-chain's changelog.

CHANGELOG

All notable changes to Zebra are documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Added

• Sentry events now carry SENTRY_ENVIRONMENT, git.ref, git.sha, and CI context (CI_PR_NUMBER, CI_TEST_ID, GITHUB_*) when present (#10490)
• opentelemetry is now part of the default-release-binaries feature set; export stays disabled until OTEL_EXPORTER_OTLP_ENDPOINT (or the tracing config) is set (#10490)
• Public benchmark dashboard at zebra.zfnd.org/dev/bench covering Groth16, Halo2, Sapling, RedPallas, block, and transaction benchmarks (#10444)

Changed

• Upgrade Sentry SDK to 0.47 and switch its transport feature from reqwest to ureq (#10490)
• zebrad::sentry is now crate-private; downstream code should not import it directly (#10490)

Zebra 4.3.1 - 2026-04-17

This release fixes four important security issues:

• CVE-2026-40880: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks
• CVE-2026-XXXXX: Consensus Divergence in Transparent Sighash Hash-Type Handling
• CVE-2026-XXXXX: rk Identity Point Panic in Transaction Verification
• CVE-2026-40881: addr/addrv2 Deserialization Resource Exhaustion

We recommend node operators to update to 4.3.1 as soon as possible. All previous Zebra versions are vulnerable to these issues.

Added

• Dockerized mining setup (#10301)

Fixed

• Fixed a panic that could be triggered in the RPC interface on HTTP errors, such as resetting the connection halfway through a request. We do not consider this a critical issue since the RPC port is security-sensitive and should not be opened publicly, but we plan to update our documentation to make this clear.

Changed

• The Dockerfile and docker-compose.yml were changed to expose the P2P port by default. This is important for the network since it allows other peers to connect to the node. Note that if you deploy Zebra behind a firewall or NAT

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.