3,204 commits this week - Cardano Updates

Jun 13, 5-6 AM (3)

Jun 13, 6-7 AM (7)

Jun 13, 7-8 AM (5)

Jun 13, 8-9 AM (6)

Jun 13, 9-10 AM (14)

Jun 13, 10-11 AM (12)

Jun 13, 11-12 PM (2)

Jun 13, 12-1 PM (23)

Jun 13, 1-2 PM (21)

Jun 13, 2-3 PM (8)

Jun 13, 3-4 PM (1)

Jun 13, 4-5 PM (4)

Jun 13, 5-6 PM (4)

Jun 13, 6-7 PM (3)

Jun 13, 7-8 PM (3)

Jun 13, 8-9 PM (7)

Jun 13, 9-10 PM (16)

Jun 13, 10-11 PM (19)

Jun 13, 11-12 AM (24)

Jun 14, 12-1 AM (18)

Jun 14, 1-2 AM (0)

Jun 14, 2-3 AM (0)

Jun 14, 3-4 AM (0)

Jun 14, 4-5 AM (2)

Jun 14, 5-6 AM (0)

Jun 14, 6-7 AM (2)

Jun 14, 7-8 AM (3)

Jun 14, 8-9 AM (0)

Jun 14, 9-10 AM (1)

Jun 14, 10-11 AM (2)

Jun 14, 11-12 PM (10)

Jun 14, 12-1 PM (8)

Jun 14, 1-2 PM (4)

Jun 14, 2-3 PM (8)

Jun 14, 3-4 PM (2)

Jun 14, 4-5 PM (1)

Jun 14, 5-6 PM (1)

Jun 14, 6-7 PM (0)

Jun 14, 7-8 PM (11)

Jun 14, 8-9 PM (1)

Jun 14, 9-10 PM (13)

Jun 14, 10-11 PM (29)

Jun 14, 11-12 AM (23)

Jun 15, 12-1 AM (8)

Jun 15, 1-2 AM (10)

Jun 15, 2-3 AM (4)

Jun 15, 3-4 AM (4)

Jun 15, 4-5 AM (1)

Jun 15, 5-6 AM (4)

Jun 15, 6-7 AM (6)

Jun 15, 7-8 AM (41)

Jun 15, 8-9 AM (26)

Jun 15, 9-10 AM (11)

Jun 15, 10-11 AM (35)

Jun 15, 11-12 PM (25)

Jun 15, 12-1 PM (40)

Jun 15, 1-2 PM (26)

Jun 15, 2-3 PM (21)

Jun 15, 3-4 PM (24)

Jun 15, 4-5 PM (21)

Jun 15, 5-6 PM (13)

Jun 15, 6-7 PM (13)

Jun 15, 7-8 PM (7)

Jun 15, 8-9 PM (26)

Jun 15, 9-10 PM (20)

Jun 15, 10-11 PM (22)

Jun 15, 11-12 AM (39)

Jun 16, 12-1 AM (11)

Jun 16, 1-2 AM (5)

Jun 16, 2-3 AM (1)

Jun 16, 3-4 AM (9)

Jun 16, 4-5 AM (6)

Jun 16, 5-6 AM (1)

Jun 16, 6-7 AM (16)

Jun 16, 7-8 AM (81)

Jun 16, 8-9 AM (18)

Jun 16, 9-10 AM (28)

Jun 16, 10-11 AM (22)

Jun 16, 11-12 PM (31)

Jun 16, 12-1 PM (37)

Jun 16, 1-2 PM (49)

Jun 16, 2-3 PM (34)

Jun 16, 3-4 PM (28)

Jun 16, 4-5 PM (37)

Jun 16, 5-6 PM (17)

Jun 16, 6-7 PM (26)

Jun 16, 7-8 PM (9)

Jun 16, 8-9 PM (11)

Jun 16, 9-10 PM (4)

Jun 16, 10-11 PM (31)

Jun 16, 11-12 AM (9)

Jun 17, 12-1 AM (8)

Jun 17, 1-2 AM (8)

Jun 17, 2-3 AM (11)

Jun 17, 3-4 AM (4)

Jun 17, 4-5 AM (1)

Jun 17, 5-6 AM (6)

Jun 17, 6-7 AM (99)

Jun 17, 7-8 AM (33)

Jun 17, 8-9 AM (22)

Jun 17, 9-10 AM (56)

Jun 17, 10-11 AM (18)

Jun 17, 11-12 PM (19)

Jun 17, 12-1 PM (57)

Jun 17, 1-2 PM (28)

Jun 17, 2-3 PM (37)

Jun 17, 3-4 PM (26)

Jun 17, 4-5 PM (19)

Jun 17, 5-6 PM (16)

Jun 17, 6-7 PM (10)

Jun 17, 7-8 PM (14)

Jun 17, 8-9 PM (12)

Jun 17, 9-10 PM (37)

Jun 17, 10-11 PM (29)

Jun 17, 11-12 AM (14)

Jun 18, 12-1 AM (12)

Jun 18, 1-2 AM (8)

Jun 18, 2-3 AM (5)

Jun 18, 3-4 AM (11)

Jun 18, 4-5 AM (11)

Jun 18, 5-6 AM (11)

Jun 18, 6-7 AM (9)

Jun 18, 7-8 AM (19)

Jun 18, 8-9 AM (83)

Jun 18, 9-10 AM (45)

Jun 18, 10-11 AM (51)

Jun 18, 11-12 PM (23)

Jun 18, 12-1 PM (67)

Jun 18, 1-2 PM (14)

Jun 18, 2-3 PM (53)

Jun 18, 3-4 PM (44)

Jun 18, 4-5 PM (64)

Jun 18, 5-6 PM (24)

Jun 18, 6-7 PM (21)

Jun 18, 7-8 PM (13)

Jun 18, 8-9 PM (17)

Jun 18, 9-10 PM (23)

Jun 18, 10-11 PM (30)

Jun 18, 11-12 AM (26)

Jun 19, 12-1 AM (13)

Jun 19, 1-2 AM (9)

Jun 19, 2-3 AM (5)

Jun 19, 3-4 AM (2)

Jun 19, 4-5 AM (11)

Jun 19, 5-6 AM (4)

Jun 19, 6-7 AM (92)

Jun 19, 7-8 AM (18)

Jun 19, 8-9 AM (37)

Jun 19, 9-10 AM (39)

Jun 19, 10-11 AM (27)

Jun 19, 11-12 PM (30)

Jun 19, 12-1 PM (53)

Jun 19, 1-2 PM (66)

Jun 19, 2-3 PM (32)

Jun 19, 3-4 PM (61)

Jun 19, 4-5 PM (9)

Jun 19, 5-6 PM (4)

Jun 19, 6-7 PM (17)

Jun 19, 7-8 PM (16)

Jun 19, 8-9 PM (11)

Jun 19, 9-10 PM (45)

Jun 19, 10-11 PM (30)

Jun 19, 11-12 AM (8)

Jun 20, 12-1 AM (4)

Jun 20, 1-2 AM (0)

Jun 20, 2-3 AM (4)

Jun 20, 3-4 AM (1)

Jun 20, 4-5 AM (1)

Jun 20, 5-6 AM (0)

3,204 commits this week Jun 13, 2026 - Jun 20, 2026

rhyslbw · Sat, 20 Jun 26 05:15:30 +0000 · cardano-js-sdk

chore(deps): bump uuid, ip-address, axios & express-openapi-validator

Consolidates the pure dependency version bumps that stack on top of the
Node 22 upgrade. Each is a behaviour-preserving bump that closes (or
hardens against) Dependabot alerts on consumer-facing and build-context
deps; no public API changes.

- uuid 8/9/10 -> ^11.1.1 across cardano-services, e2e, projection-typeorm,
  web-extension, wallet; drop now-redundant @types/uuid (uuid 11 ships
  its own types).
- core: ip-address ^9.0.5 -> ^10.2.0.
- axios relocked within ^1.7.4 to 1.18.0.
- cardano-services: express-openapi-validator ^4.13.8 -> ^5.6.2
  (pulls multer 2.x, removing the vulnerable multer 1.x). v5 renames
  the OpenAPIV3.Document type to DocumentV3 — updated in openApi.ts and
  its test.

Audits the wave in docs/security/dependency-vulnerability-audit-2026-06-19.md
(follow-up section): OSV.dev clean for every resolved version, 0 residual
advisories in CISA KEV, production closure clean, no lockfile downgrades,
per-tier blast-radius diagrams, and the lone publisher transition (multer
linusu -> ulisesgascon) annotated as a known maintenance handoff.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

9d3f2957 · chore/dep-bumps · 10/273 ++ 137 --

cardano-bot · Sat, 20 Jun 26 04:48:35 +0000 · pool_groups

Scheduled update

216cbb1d · main · 3/14 ++ 26 --

dependabot[bot] · Sat, 20 Jun 26 03:22:57 +0000 · cardano-ledger

Bump actions/checkout from 6 to 7 in the actions group

Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout).


Updates `actions/checkout` from 6 to 7
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <[email protected]>

7a9855a1 · dependabot/github_actions/actions-640176b5ab · 5/16 ++ 16 --

Kammerlo · Sat, 20 Jun 26 03:06:23 +0000 · cardano-blueprint-and-ecosystem-monitoring

chore: bump library versions to latest

370f2147 · automated/version-bump · 106/172 ++ 69 --

arepala-uml · Sat, 20 Jun 26 03:03:12 +0000 · cardano-up-packages

feat(dingo): enable API mode and expose REST ports (#248)

Signed-off-by: Akhil Repala <[email protected]>

4ae5fd27 · main · 1/12 ++ 0 --

arepala-uml · Sat, 20 Jun 26 03:02:43 +0000 · dingo

feat(midnight): Added midnight indexer metadata models and updated the database readme as well with new models (#2578)

Signed-off-by: Akhil Repala <[email protected]>

1dd5ba0f · main · 4/244 ++ 0 --

IOHK · Sat, 20 Jun 26 01:28:39 +0000 · haskell.nix

Update Hackage and Stackage

04de9703 · master · 1/9 ++ 9 --

upptime-bot · Sat, 20 Jun 26 01:10:21 +0000 · cf-cip1694-ballot-status

:arrow_up: Update @upptime to v1.43.0

dc52d99e · main · 8/17 ++ 17 --

upptime-bot · Sat, 20 Jun 26 01:09:34 +0000 · cf-summit-evoting-status

:pencil: Update summary in README [skip ci] [upptime]

8df9c936 · main · 1/9 ++ 9 --

upptime-bot · Sat, 20 Jun 26 01:09:34 +0000 · cf-summit-evoting-status

:card_file_box: Update status summary [skip ci] [upptime]

80226a6b · main · 1/52 ++ 48 --

upptime-bot · Sat, 20 Jun 26 00:59:52 +0000 · cf-cip1694-ballot-status

:card_file_box: Update status summary [skip ci] [upptime]

c1c90bf9 · main · 1/26 ++ 26 --

upptime-bot · Sat, 20 Jun 26 00:59:52 +0000 · cf-cip1694-ballot-status

:pencil: Update summary in README [skip ci] [upptime]

eb1586e1 · main · 1/5 ++ 5 --

axo-bot · Sat, 20 Jun 26 00:42:00 +0000 · homebrew-tap

dolos 1.3.1

d93e1588 · main · 1/7 ++ 7 --

IOHK · Sat, 20 Jun 26 00:39:52 +0000 · stackage.nix

Automatic Update

58b68ed3 · master · 3/3,674 ++ 1 --

upptime-bot · Sat, 20 Jun 26 00:39:21 +0000 · cf-summit-evoting-status

:arrow_up: Update @upptime to v1.43.0

855a2a8b · main · 8/17 ++ 17 --

scarmuega · Sat, 20 Jun 26 00:25:04 +0000 · dolos

release: v1.3.1

534158e2 · main · 3/21 ++ 10 --

scarmuega · Sat, 20 Jun 26 00:23:50 +0000 · dolos

fix(cli): keep snapshot progress bar live during ranged download (#1026)

6d01a9d0 · main · 2/36 ++ 15 --

scarmuega · Sat, 20 Jun 26 00:03:30 +0000 · dolos

fix(bootstrap): keep snapshot progress bar live during ranged download

The bar only advanced once per completed 64 MiB chunk, so it sat still for
seconds at a time and looked frozen even though the download was progressing.

Increment progress as bytes arrive within each chunk (rolling a failed attempt's
bytes back before retry so the count never overshoots the total), and enable a
steady tick so the bar keeps redrawing while the downloader is blocked on window
backpressure.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

e6bda992 · fix/bootstrap-progress-bar · 2/36 ++ 15 --

scarmuega · Fri, 19 Jun 26 23:55:33 +0000 · dolos

fix(bootstrap): keep snapshot progress bar live during ranged download

The bar only advanced once per completed 64 MiB chunk, so it sat still for
seconds at a time and looked frozen even though the download was progressing.

Increment progress as bytes arrive within each chunk (rolling a failed attempt's
bytes back before retry so the count never overshoots the total), and enable a
steady tick so the bar keeps redrawing while the downloader is blocked on window
backpressure.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

bdb68fa5 · fix/bootstrap-ranged-download · 2/36 ++ 15 --