Skip to content

chore(deps): bump zebra-chain from 6.0.1 to 7.0.0 in /packages/wasm-utxo#277

Merged
davidkaplanbitgo merged 1 commit intomasterfrom
dependabot/cargo/packages/wasm-utxo/zebra-chain-7.0.0
May 8, 2026
Merged

chore(deps): bump zebra-chain from 6.0.1 to 7.0.0 in /packages/wasm-utxo#277
davidkaplanbitgo merged 1 commit intomasterfrom
dependabot/cargo/packages/wasm-utxo/zebra-chain-7.0.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 8, 2026

Bumps zebra-chain from 6.0.1 to 7.0.0.

Changelog

Sourced from zebra-chain's changelog.

CHANGELOG

All notable changes to Zebra are documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Added

  • Startup warning on Linux when net.ipv4.tcp_slow_start_after_idle is enabled (which resets TCP congestion windows between block requests and significantly reduces single-peer block-propagation throughput on long-haul links), with a "Linux TCP tuning for block propagation" troubleshooting section (#10513)

Zebra 4.4.1 - 2026-05-04

This release fixes one critical security issue. We recommend node operators update to 4.4.1.

Security

  • Reject V5 transparent inputs signed with SIGHASH_SINGLE (or SIGHASH_SINGLE|ANYONECANPAY) when the input has no transparent output at the same index (GHSA-pvmv-cwg8-v6c8). Follow-up to GHSA-cwfq-rfcr-8hmp.

Thanks to @​sangsoo-osec, @​zmanian, and @​fivelittleducks for reporting the issue.

Zebra 4.4.0 - 2026-05-01

This release includes several security and bug fixes. We recommend node operators update to 4.4.0.

Security

  • Fix sigops counting (GHSA-jv4h-j224-23cc).
  • Consensus-divergence defense-in-depth follow-up to GHSA-8m29-fpq5-89jj: the V5 sighash callback now substitutes a per-call CSPRNG-derived sighash when rejecting undefined ZIP 244 hash-type bytes, so any peer-supplied signature fails to verify and the block is rejected in agreement with zcashd (GHSA-gq4h-3grw-2rhv, #10524).
  • Allocation amplification in inbound network deserializers: validate coinbase Sapling spend count, coinbase data size, and Equihash solution size before allocating, and enforce the 160-entry cap in read_headers (GHSA-438q-jx8f-cccv, #10525, #10526, #10527, #10528).

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump zebra-chain from 6.0.1 to 7.0.0 in /packages/wasm-utxo
33842dc 
Bumps [zebra-chain](https://github.com/ZcashFoundation/zebra) from 6.0.1 to 7.0.0.
- [Release notes](https://github.com/ZcashFoundation/zebra/releases)
- [Changelog](https://github.com/ZcashFoundation/zebra/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ZcashFoundation/zebra/commits)

---
updated-dependencies:
- dependency-name: zebra-chain
  dependency-version: 7.0.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Used by dependabot for dependency updates rust Pull requests that update rust code labels May 8, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 8, 2026 11:48
@dependabot dependabot Bot mentioned this pull request May 8, 2026
Closed
@davidkaplanbitgo davidkaplanbitgo merged commit 40dcbee into master May 8, 2026
13 checks passed
@davidkaplanbitgo davidkaplanbitgo deleted the dependabot/cargo/packages/wasm-utxo/zebra-chain-7.0.0 branch May 8, 2026 14:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davidkaplanbitgo davidkaplanbitgo davidkaplanbitgo approved these changes

Assignees

No one assigned

Labels

dependencies Used by dependabot for dependency updates rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@davidkaplanbitgo