Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the go_modules group across 2 directories with 4 updates #65

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump the go_modules group across 2 directories with 4 updates #65

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 20, 2024

Bumps the go_modules group with 2 updates in the / directory: github.com/cometbft/cometbft and github.com/cosmos/cosmos-sdk.
Bumps the go_modules group with 3 updates in the /tests/e2e directory: github.com/cometbft/cometbft, google.golang.org/protobuf and github.com/docker/docker.

Updates github.com/cometbft/cometbft from 0.37.2 to 0.38.6

Release notes

Sourced from github.com/cometbft/cometbft's releases.

v0.38.6

See the CHANGELOG for this release.

v0.38.5

See the CHANGELOG for this release.

v0.38.4

See the CHANGELOG for this release.

v0.38.3

See the CHANGELOG for this release.

v0.38.2

See the CHANGELOG for this release.

v0.38.1

See the CHANGELOG for this release.

v0.38.0

See the CHANGELOG for this release.

v0.38.0-rc3

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-rc2

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-rc1

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-alpha.2

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-alpha.1

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.37.5

See the CHANGELOG for this release.

v0.37.4

See the CHANGELOG for this release.

v0.37.3

See the CHANGELOG for this release.

Changelog

Sourced from github.com/cometbft/cometbft's changelog.

v0.38.6

March 12, 2024

This release fixes a security bug in the light client. It also introduces many improvements to the block sync in collaboration with the Osmosis team.

BUG FIXES

  • [privval] Retry accepting a connection (#2047)
  • [state] Fix rollback to a specific height (#2136)

FEATURES

  • [e2e] Add block_max_bytes option to the manifest file. (#2362)

IMPROVEMENTS

  • [blocksync] Avoid double-calling types.BlockFromProto for performance reasons (#2016)
  • [e2e] Add manifest option load_max_txs to limit the number of transactions generated by the load command. (#2094)
  • [jsonrpc] enable HTTP basic auth in websocket client (#2434)
  • [blocksync] make the max number of downloaded blocks dynamic. Previously it was a const 600. Now it's peersCount * maxPendingRequestsPerPeer (20) #2467
  • [blocksync] Request a block from peer B if we are approaching pool's height (less than 50 blocks) and the current peer A is slow in sending us the block #2475
  • [blocksync] Request the block N from peer B immediately after getting NoBlockResponse from peer A #2475
  • [blocksync] Sort peers by download rate (the fastest peer is picked first) #2475

v0.38.5

January 24, 2024

This release fixes a problem introduced in v0.38.3: if an application updates the value of ConsensusParam VoteExtensionsEnableHeight to the same value (actually a "noop" update) this is accepted in v0.38.2 but rejected under some conditions in v0.38.3 and v0.38.4. Even if rejecting a useless update would make sense in general, in a point release we should not reject a set of inputs to a function that was previuosly accepted (unless there is a good reason for it). The goal of this release is to accept again all "noop" updates, like v0.38.2 did.

... (truncated)

Commits
  • 1519562 Release v0.38.6 (#2592)
  • 9db2930 fix(blocksync): use timer instead of time.After (backport #2584) (#2587)
  • 6cf6978 feat(blocksync): sort peers by download rate & multiple requests for closer b...
  • 6d606ce feat(blocksync): set the max number of (concurrently) downloaded blocks (back...
  • d27a96e build(deps): Bump docker/build-push-action from 5.1.0 to 5.2.0 (#2567)
  • 2a10503 build(deps): Bump bufbuild/buf-setup-action from 1.29.0 to 1.30.0 (#2566)
  • f356b79 spec(abci): fixes the spec to inform about the presence of invalid extensions...
  • 6ddf85b build(deps): Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 (#2509)
  • 99c1816 ci: check metrics generation in CI checks (backport #2483) (#2485)
  • 91413e6 docs(changelog): add missing entry for #2136 (backport #2459) (#2464)
  • Additional commits viewable in compare view

Updates github.com/cosmos/cosmos-sdk from 0.47.6 to 0.50.5

Release notes

Sourced from github.com/cosmos/cosmos-sdk's releases.

v0.50.5

Cosmos SDK v0.50.5 Release Notes

💬 Release Discussion

🚀 Highlights

This is time for another patch release of Cosmos SDK Eden. This release includes a few notable fixes:

  • Fix a bypass delegator slashing: GHSA-86h5-xcpx-cfqc
  • Fix an issue in baseapp.ValidateVoteExtensions helper: GHSA-95rx-m9m5-m94v
  • Allow to provide custom signers for x/auth/tx using depinject

We recommended to upgrade to this patch release as soon as possible.
When upgrading from <= v0.50.4, please ensure that 2/3 of the validator power upgrade to v0.50.5.

📝 Changelog

Check out the changelog for an exhaustive list of changes, or compare changes from the last release.

Refer to the upgrading guide when migrating from v0.47.x to v0.50.1. Note, that the next SDK release, v0.51, will not include x/params migration, when migrating from < v0.47, v0.50.x or v0.47.x, is a mandatory migration.

v0.50.4

Cosmos SDK v0.50.4 Release Notes

💬 Release Discussion

🚀 Highlights

Some months ago Cosmos SDK Eden was released. Missed the announcement? Read it here. For this month patch release of the v0.50.x line, a few features and improvements were added to the SDK.

Notably, we added and fixed the following:

  • Adds in-place testnet CLI command for creating testnets from local state (kudos to @​czarcas7ic)
  • Multiple fixes in baseapp, with fixes in DefaultProposalHandler and vote extensions
  • Add a missed check in x/auth/vesting: GHSA-4j93-fm92-rp4m

We recommended to upgrade to this patch release as soon as possible.
When upgrading from <= v0.50.3, please ensure that 2/3 of the validator power upgrade to v0.50.4.

📝 Changelog

Check out the changelog for an exhaustive list of changes, or compare changes from the last release.

Refer to the upgrading guide when migrating from v0.47.x to v0.50.1. Note, that the next SDK release, v0.51.0, will not include x/params migration, when migrating from < v0.47, v0.50.x or v0.47.x, is a mandatory migration.

... (truncated)

Changelog

Sourced from github.com/cosmos/cosmos-sdk's changelog.

v0.50.5 - 2024-03-12

Features

  • (baseapp) #19626 Add DisableBlockGasMeter option to BaseApp, which removes the block gas meter during transaction execution.

Improvements

  • (x/distribution) #19707 Add autocli config for DelegationTotalRewards for CLI consistency with q rewards commands in previous versions.
  • (x/auth) #19651 Allow empty public keys in GetSignBytesAdapter.

Bug Fixes

  • (x/gov) #19725 Fetch a failed proposal tally from proposal.FinalTallyResult in the gprc query.
  • (types) #19709 Fix skip staking genesis export when using CoreAppModuleAdaptor / CoreAppModuleBasicAdaptor for it.
  • (x/auth) #19549 Accept custom get signers when injecting x/auth/tx.
  • (x/staking) Fix a possible bypass of delegator slashing: GHSA-86h5-xcpx-cfqc
  • (baseapp) Fix a bug in baseapp.ValidateVoteExtensions helper (GHSA-95rx-m9m5-m94v). The helper has been fixed and for avoiding API breaking changes currentHeight and chainID arguments are ignored. Those arguments are removed from the helper in v0.51+.

v0.50.4 - 2023-02-19

Features

  • (server) #19280 Adds in-place testnet CLI command.

Improvements

  • (client) #19393 Add ReadDefaultValuesFromDefaultClientConfig to populate the default values from the default client config in client.Context without creating a app folder.

Bug Fixes

  • (x/auth/vesting) GHSA-4j93-fm92-rp4m Add BlockedAddr check in CreatePeriodicVestingAccount.
  • (baseapp) #19338 Set HeaderInfo in context when calling setState.
  • (baseapp): #19200 Ensure that sdk side ve math matches cometbft.
  • #19106 Allow empty public keys when setting signatures. Public keys aren't needed for every transaction.
  • (baseapp) #19198 Remove usage of pointers in logs in all optimistic execution goroutines.
  • (baseapp) #19177 Fix baseapp DefaultProposalHandler same-sender non-sequential sequence.
  • (crypto) #19371 Avoid CLI redundant log in stdout, log to stderr instead.

v0.50.3 - 2023-01-15

Features

  • (types) #18991 Add SignerExtractionAdapter to PriorityNonceMempool/Config and provide Default implementation matching existing behavior.
  • (gRPC) #19043 Add halt_height to the gRPC /cosmos/base/node/v1beta1/config request.

Improvements

  • (x/bank) #18956 Introduced a new DenomOwnersByQuery query method for DenomOwners, which accepts the denom value as a query string parameter, resolving issues with denoms containing slashes.
  • (x/gov) #18707 Improve genesis validation.

... (truncated)

Commits

Updates google.golang.org/protobuf from 1.31.0 to 1.33.0

Updates github.com/cometbft/cometbft from 0.37.2 to 0.38.6

Release notes

Sourced from github.com/cometbft/cometbft's releases.

v0.38.6

See the CHANGELOG for this release.

v0.38.5

See the CHANGELOG for this release.

v0.38.4

See the CHANGELOG for this release.

v0.38.3

See the CHANGELOG for this release.

v0.38.2

See the CHANGELOG for this release.

v0.38.1

See the CHANGELOG for this release.

v0.38.0

See the CHANGELOG for this release.

v0.38.0-rc3

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-rc2

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-rc1

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-alpha.2

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-alpha.1

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.37.5

See the CHANGELOG for this release.

v0.37.4

See the CHANGELOG for this release.

v0.37.3

See the CHANGELOG for this release.

Changelog

Sourced from github.com/cometbft/cometbft's changelog.

v0.38.6

March 12, 2024

This release fixes a security bug in the light client. It also introduces many improvements to the block sync in collaboration with the Osmosis team.

BUG FIXES

  • [privval] Retry accepting a connection (#2047)
  • [state] Fix rollback to a specific height (#2136)

FEATURES

  • [e2e] Add block_max_bytes option to the manifest file. (#2362)

IMPROVEMENTS

  • [blocksync] Avoid double-calling types.BlockFromProto for performance reasons (#2016)
  • [e2e] Add manifest option load_max_txs to limit the number of transactions generated by the load command. (#2094)
  • [jsonrpc] enable HTTP basic auth in websocket client (#2434)
  • [blocksync] make the max number of downloaded blocks dynamic. Previously it was a const 600. Now it's peersCount * maxPendingRequestsPerPeer (20) #2467
  • [blocksync] Request a block from peer B if we are approaching pool's height (less than 50 blocks) and the current peer A is slow in sending us the block #2475
  • [blocksync] Request the block N from peer B immediately after getting NoBlockResponse from peer A #2475
  • [blocksync] Sort peers by download rate (the fastest peer is picked first) #2475

v0.38.5

January 24, 2024

This release fixes a problem introduced in v0.38.3: if an application updates the value of ConsensusParam VoteExtensionsEnableHeight to the same value (actually a "noop" update) this is accepted in v0.38.2 but rejected under some conditions in v0.38.3 and v0.38.4. Even if rejecting a useless update would make sense in general, in a point release we should not reject a set of inputs to a function that was previuosly accepted (unless there is a good reason for it). The goal of this release is to accept again all "noop" updates, like v0.38.2 did.

... (truncated)

Commits
  • 1519562 Release v0.38.6 (#2592)
  • 9db2930 fix(blocksync): use timer instead of time.After (backport #2584) (#2587)
  • 6cf6978 feat(blocksync): sort peers by download rate & multiple requests for closer b...
  • 6d606ce feat(blocksync): set the max number of (concurrently) downloaded blocks (back...
  • d27a96e build(deps): Bump docker/build-push-action from 5.1.0 to 5.2.0 (#2567)
  • 2a10503 build(deps): Bump bufbuild/buf-setup-action from 1.29.0 to 1.30.0 (#2566)
  • f356b79 spec(abci): fixes the spec to inform about the presence of invalid extensions...
  • 6ddf85b build(deps): Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 (#2509)
  • 99c1816 ci: check metrics generation in CI checks (backport #2483) (#2485)
  • 91413e6 docs(changelog): add missing entry for #2136 (backport #2459) (#2464)
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.31.0 to 1.33.0

Updates github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v24.0.9

24.0.9

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains security fixes for the following CVEs affecting Docker Engine and its components.

CVE Component Fix version Severity
CVE-2024-21626 runc 1.1.12 High, CVSS 8.6
CVE-2024-24557 Docker Engine 24.0.9 Medium, CVSS 6.9

Important ⚠️

Note that this release of Docker Engine doesn't include fixes for the following known vulnerabilities in BuildKit:

To address these vulnerabilities, upgrade to Docker Engine v25.0.2.

For more information about the security issues addressed in this release, and the unaddressed vulnerabilities in BuildKit, refer to the blog post. For details about each vulnerability, see the relevant security advisory:

Packaging updates

v24.0.8

24.0.8

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • Live restore: Containers with auto remove (docker run --rm) are no longer forcibly removed on engine restart. moby/moby#46857

... (truncated)

Commits
  • fca702d Merge pull request from GHSA-xw73-rw38-6vjc
  • f78a772 Merge pull request #47281 from thaJeztah/24.0_backport_bump_containerd_binary...
  • 61afffe Merge pull request #47270 from thaJeztah/24.0_backport_bump_runc_binary_1.1.12
  • b38e74c Merge pull request #47276 from thaJeztah/24.0_backport_bump_runc_1.1.12
  • dac5663 update containerd binary to v1.7.13
  • 20e1af3 vendor: github.com/opencontainers/runc v1.1.12
  • 858919d update runc binary to v1.1.12
  • 141ad39 Merge pull request #47266 from vvoland/ci-fix-makeps1-templatefail-24
  • db968c6 hack/make.ps1: Fix go list pattern
  • 61c51fb Merge pull request #47221 from vvoland/pkg-pools-close-noop-24
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the go_modules group across 2 directories with 4 up…
bd0473c 
…dates

Bumps the go_modules group with 2 updates in the / directory: [github.com/cometbft/cometbft](https://github.com/cometbft/cometbft) and [github.com/cosmos/cosmos-sdk](https://github.com/cosmos/cosmos-sdk).
Bumps the go_modules group with 3 updates in the /tests/e2e directory: [github.com/cometbft/cometbft](https://github.com/cometbft/cometbft), google.golang.org/protobuf and [github.com/docker/docker](https://github.com/docker/docker).


Updates `github.com/cometbft/cometbft` from 0.37.2 to 0.38.6
- [Release notes](https://github.com/cometbft/cometbft/releases)
- [Changelog](https://github.com/cometbft/cometbft/blob/v0.38.6/CHANGELOG.md)
- [Commits](cometbft/cometbft@v0.37.2...v0.38.6)

Updates `github.com/cosmos/cosmos-sdk` from 0.47.6 to 0.50.5
- [Release notes](https://github.com/cosmos/cosmos-sdk/releases)
- [Changelog](https://github.com/cosmos/cosmos-sdk/blob/main/CHANGELOG.md)
- [Commits](cosmos/cosmos-sdk@v0.47.6...v0.50.5)

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `github.com/cometbft/cometbft` from 0.37.2 to 0.38.6
- [Release notes](https://github.com/cometbft/cometbft/releases)
- [Changelog](https://github.com/cometbft/cometbft/blob/v0.38.6/CHANGELOG.md)
- [Commits](cometbft/cometbft@v0.37.2...v0.38.6)

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `github.com/docker/docker` from 24.0.7+incompatible to 24.0.9+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v24.0.7...v24.0.9)

---
updated-dependencies:
- dependency-name: github.com/cometbft/cometbft
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: github.com/cosmos/cosmos-sdk
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: github.com/cometbft/cometbft
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: github.com/docker/docker
  dependency-type: indirect
  dependency-group: go_modules-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 20, 2024
@dependabot dependabot bot mentioned this pull request Mar 20, 2024
Closed
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 5, 2024

Superseded by #68.

@dependabot dependabot bot closed this Apr 5, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/go_modules-security-group-e07dea4c94 branch April 5, 2024 17:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidterpay davidterpay Awaiting requested review from davidterpay

@nivasan1 nivasan1 Awaiting requested review from nivasan1

@aljo242 aljo242 Awaiting requested review from aljo242 aljo242 is a code owner

@Eric-Warehime Eric-Warehime Awaiting requested review from Eric-Warehime Eric-Warehime is a code owner

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants