Problem: security patch from ibc-go is not included

[mmsqe]

👮🏻👮🏻👮🏻 !!!! REFERENCE THE PROBLEM YOUR ARE SOLVING IN THE PR TITLE AND DESCRIBE YOUR SOLUTION HERE !!!! DO NOT FORGET !!!! 👮🏻👮🏻👮🏻

PR Checklist:

• Have you read the CONTRIBUTING.md?
• Does your PR follow the C4 patch requirements?
• Have you rebased your work on top of the latest master?
• Have you checked your code compiles? (make)
• Have you included tests for any non-trivial functionality?
• Have you checked your code passes the unit tests? (make test)
• Have you checked your code formatting is correct? (go fmt)
• Have you checked your basic code style is fine? (golangci-lint run)
• If you added any dependencies, have you checked they do not contain any known vulnerabilities? (go list -json -m all | nancy sleuth)
• If your changes affect the client infrastructure, have you run the integration test?
• If your changes affect public APIs, does your PR follow the C4 evolution of public contracts?
• If your code changes public APIs, have you incremented the crate version numbers and documented your changes in the CHANGELOG.md?
• If you are contributing for the first time, please read the agreement in CONTRIBUTING.md now and add a comment to this pull request stating that your PR is in accordance with the Developer's Certificate of Origin.

Thank you for your code, it's appreciated! :)

Summary by CodeRabbit

• Bug Fixes
  • Implemented a security patch to enhance system reliability.
• Chores
  • Upgraded key dependencies to their latest versions, ensuring improved performance and stability.

[coderabbitai]

Walkthrough

The changes update documentation and dependency settings. A new entry was added to the CHANGELOG.md under "Bug Fixes" to record a security patch from ibc-go v8.7.0 (referencing PR #1766). In addition, dependency versions in both go.mod and gomod2nix.toml were updated for the ibc-go modules, including its callbacks module, with corresponding version and hash modifications.

Changes

File(s)	Change Summary
CHANGELOG.md	Added new bug fix entry referencing PR #1766 to document inclusion of a security patch from ibc-go v8.7.0
go.mod, gomod2nix.toml	Updated dependency versions for github.com/cosmos/ibc-go/modules/apps/callbacks and github.com/cosmos/ibc-go/v8 from earlier versions to v8.7.0, including hash updates in TOML

Possibly related PRs

• Problem: ibc-go is not up to date #1701: Updates the CHANGELOG.md with an entry for an earlier ibc-go version, showing a similar approach to documenting security improvements.

Suggested labels

backport/v1.4.x

Suggested reviewers

• yihuang
• devashishdxt
• calvinaco

Poem

I'm a rabbit with a joyful hop,
Skipping through code, I just can't stop!
A patch secured, dependencies aligned,
In changelogs and mods, perfection defined.
Hoppy thanks to updates so fine—carrots and code combine!

(_/)
( •_•)
/ >🥕

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 995046a and 853c4bb.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (3)

• CHANGELOG.md (1 hunks)
• go.mod (1 hunks)
• gomod2nix.toml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: build (ubuntu-latest)

🔇 Additional comments (3)

CHANGELOG.md (1)

14-14: Changelog Entry for Security Patch is Clear and Informative

The new entry on line 14 under "Bug Fixes" for PR [#1766] clearly documents the inclusion of a security patch from ibc-go v8.7.0. This entry is concise and fits well with the other similar entries.

go.mod (1)

25-27: Updated ibc-go Dependency Versions

The dependency for github.com/cosmos/ibc-go/modules/apps/callbacks is updated to
v0.0.0-20250312150146-53eaba19375d // v8.7.0
and for github.com/cosmos/ibc-go/v8 to v8.7.0.
This correctly reflects the security patch update from ibc-go v8.7.0. Please verify that downstream code consuming these modules is compatible with any upstream changes induced by the version bump.

gomod2nix.toml (1)

192-200: Consistency in Module Version and Hash Updates

The changes in this file update the version and hash for both:
• github.com/cosmos/ibc-go/modules/apps/callbacks to version v0.0.0-20250312150146-53eaba19375d
• github.com/cosmos/ibc-go/v8 to version v8.7.0 (with the new expected hash)
These updates are in line with the changes made in go.mod and ensure consistency in the dependency resolution and reproducibility of builds.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 35.56%. Comparing base (a3c2f70) to head (853c4bb).
Report is 49 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #1766       +/-   ##
===========================================
+ Coverage   16.87%   35.56%   +18.69%     
===========================================
  Files          72      127       +55     
  Lines        6163    11966     +5803     
===========================================
+ Hits         1040     4256     +3216     
- Misses       5000     7282     +2282     
- Partials      123      428      +305     

see 71 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.