Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
build(deps): bump github.com/cosmos/ibc-go/v7 from 7.3.2 to 7.4.0 (#1322
) Bumps [github.com/cosmos/ibc-go/v7](https://github.com/cosmos/ibc-go) from 7.3.2 to 7.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cosmos/ibc-go/releases">github.com/cosmos/ibc-go/v7's releases</a>.</em></p> <blockquote> <h2>v7.4.0</h2> <p>This release includes a fix for the <a href="https://github.com/cosmos/ibc-go/security/advisories/GHSA-j496-crgh-34mx">ASA-2024-007 security advisory</a>. Credits to Maxwell Dulin (<a href="https://github.com/mdulin2"><code>@mdulin2</code></a>) at <a href="https://www.asymmetric.re/">Asymmetric Research</a> for the discovery and disclosure via our <a href="https://hackerone.com/cosmos">bug bounty program</a>.</p> <p>Please see the <a href="https://github.com/cosmos/ibc-go/blob/v7.4.0/CHANGELOG.md">v7.4.0 changelog</a> for the full set of changes included in this release.</p> <hr /> <p>To learn more about ibc-go versioning, please read our <a href="https://github.com/cosmos/ibc-go/blob/main/RELEASES.md">RELEASES.md</a>.</p> <p>IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.47.8 and ibc-go v7.4.0, please follow:</p> <ol> <li>The <a href="https://github.com/cosmos/ibc-go/blob/v7.4.0/docs/migrations/sdk-to-v1.md">migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x</a>.</li> <li>The <a href="https://github.com/cosmos/ibc-go/blob/v7.4.0/docs/migrations/v1-to-v2.md">migration from ibc-go v1 to v2</a>.</li> <li>The <a href="https://github.com/cosmos/ibc-go/blob/v7.4.0/docs/migrations/v2-to-v3.md">migration from ibc-go v2 to v3</a>.</li> <li>The <a href="https://github.com/cosmos/ibc-go/blob/v7.4.0/docs/migrations/v3-to-v4.md">migration from ibc-go v3 to v4</a>.</li> <li>The <a href="https://github.com/cosmos/ibc-go/blob/v7.4.0/docs/migrations/v4-to-v5.md">migration from ibc-go v4 to v5</a>.</li> <li>The <a href="https://github.com/cosmos/ibc-go/blob/v7.4.0/docs/migrations/v5-to-v6.md">migration from ibc-go v5 to v6</a>.</li> <li>The <a href="https://github.com/cosmos/ibc-go/blob/v7.4.0/docs/migrations/v6-to-v7.md">migration from ibc-go v6 to v7</a>.</li> </ol> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/cosmos/ibc-go/blob/v7.4.0/CHANGELOG.md">github.com/cosmos/ibc-go/v7's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/cosmos/ibc-go/releases/tag/v7.4.0">v7.4.0</a> - 2024-04-05</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cosmos/ibc-go/commit/802ca265dba74a293747e1ccb8b7999aa985af19"><code>802ca26</code></a> Update CHANGELOG.md</li> <li><a href="https://github.com/cosmos/ibc-go/commit/90c6f370fbdd8cfbbeedbf194906ac649c242fd3"><code>90c6f37</code></a> update changelog before v7.4.0</li> <li><a href="https://github.com/cosmos/ibc-go/commit/e78b3a2b9c9ce80a67d6b1c2b7f9abcb225cc219"><code>e78b3a2</code></a> Merge pull request from GHSA-j496-crgh-34mx</li> <li><a href="https://github.com/cosmos/ibc-go/commit/373fc7f54b2eb3965ca199703ef980099d73fba4"><code>373fc7f</code></a> Update CHANGELOG.md</li> <li>See full diff in <a href="https://github.com/cosmos/ibc-go/compare/v7.3.2...v7.4.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information
1 parent
82d1d44
commit 3ced38e