Skip to content

chore(deps): Bump github.com/blinklabs-io/gouroboros from 0.186.2 to 0.187.3#345

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/blinklabs-io/gouroboros-0.187.3
Open

chore(deps): Bump github.com/blinklabs-io/gouroboros from 0.186.2 to 0.187.3#345
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/blinklabs-io/gouroboros-0.187.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/blinklabs-io/gouroboros from 0.186.2 to 0.187.3.

Release notes

Sourced from github.com/blinklabs-io/gouroboros's releases.

v0.187.3

What's Changed

Full Changelog: blinklabs-io/gouroboros@v0.187.2...v0.187.3

v0.187.2

What's Changed

Full Changelog: blinklabs-io/gouroboros@v0.187.1...v0.187.2

v0.187.1

What's Changed

Full Changelog: blinklabs-io/gouroboros@v0.187.0...v0.187.1

v0.187.0

What's Changed

Full Changelog: blinklabs-io/gouroboros@v0.186.3...v0.187.0

v0.186.3

What's Changed

Full Changelog: blinklabs-io/gouroboros@v0.186.2...v0.186.3

Changelog

Sourced from github.com/blinklabs-io/gouroboros's changelog.

v0.187.3

  • Date: 2026-07-07
  • Version: 0.187.3

Summary

This release improves Conway redeemer decoding so block syncing keeps moving when duplicate redeemer keys appear in block data accepted by cardano-node.

Bug Fixes

  • Fixed Conway redeemer decoding so duplicate (tag, index) keys now trigger lenient decoding after a duplicate map key error, while redeemer hashes still come from the original CBOR bytes.

v0.187.1

  • Date: 2026-07-07
  • Version: 0.187.1

Summary

This release improves Dijkstra block compatibility and restores correct validation for genesis staking pool metadata and VRF keys.

Breaking Changes

  • Updated Dijkstra block bodies to the new Transactions, InvalidTransactions, LeiosCertificate, and PerasCertificate layout, and applications that read or build Dijkstra blocks must now validate them with blake2b256(block_body).

Bug Fixes

  • Fixed genesis staking pool parsing so Shelley publicKey, vrf, owners, and metadata aliases load correctly and pools validate with the expected VRF key hash.

  • Improved Dijkstra decoding and encoding so inline transactions, transaction offsets, and Plutus V4 witness script offsets match the reference CDDL.

v0.187.0

  • Date: 2026-07-06
  • Version: 0.187.0

Summary

This release adds Dijkstra reference-script size checks and updates Leios certificate handling for prototype-2026w27, including a breaking accessor update for downstream consumers.

New Features

  • Added Dijkstra reference-script size limit enforcement so oversized scripts now fail against configured per-transaction and per-block limits with typed errors.

Breaking Changes

  • Updated Leios block headers to expose typed LeiosCertified and LeiosAnnouncement accessors instead of LeiosEndorserBlockRef, and the decoder now rejects malformed placeholder certificates and other wrongly shaped payloads.

Bug Fixes

... (truncated)

Commits
  • 4230f19 fix(conway): tolerate duplicate redeemer key (#1872)
  • 57d0e89 docs(release-notes): v0.187.1 (#1862)
  • 6140c6f fix(leios): fix vote message (#1863)
  • 267610d fix(ledger): match Leios/Musashi CDDL exactly at a24a2d69b (#1861)
  • 436c731 docs(release-notes): v0.187.0 (#1858)
  • caa295c docs(release-notes): v0.186.3 (#1856)
  • 47f246a fix(ledger): parse genesis staking pool vrf/owners/metadata fields (#1859)
  • 9adf670 fix(leios): block encoding for prototype-2026w27 (#1857)
  • 2fb769f feat(dijkstra): Enforce Dijkstra reference script size limits (#1852)
  • 20561ba chore(deps): bump golangci/golangci-lint-action from 9.2.1 to 9.3.0 (#1854)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by cubic

Upgrade github.com/blinklabs-io/gouroboros to v0.187.3 to pull in recent ledger fixes and updated Dijkstra/Leios handling. Improves robustness when syncing Conway blocks and enforces reference-script limits.

  • Dependencies

    • Bump github.com/blinklabs-io/gouroboros from 0.186.2 to 0.187.3.
  • Migration

    • If you parse/build Dijkstra blocks, update to the new block body layout and validate with blake2b256(block_body).
    • If you consume Leios certificates, switch to the new typed accessors for LeiosCertified and LeiosAnnouncement.

Written for commit 26cbb8c. Summary will update on new commits.

Review in cubic

Bumps [github.com/blinklabs-io/gouroboros](https://github.com/blinklabs-io/gouroboros) from 0.186.2 to 0.187.3.
- [Release notes](https://github.com/blinklabs-io/gouroboros/releases)
- [Changelog](https://github.com/blinklabs-io/gouroboros/blob/main/RELEASE_NOTES.md)
- [Commits](blinklabs-io/gouroboros@v0.186.2...v0.187.3)

---
updated-dependencies:
- dependency-name: github.com/blinklabs-io/gouroboros
  dependency-version: 0.187.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 13, 2026
@dependabot
dependabot Bot requested a review from a team as a code owner July 13, 2026 09:03
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants