chore: pull cometbft v0.34.35 #1495

rootulp · 2024-09-20T18:38:17Z

Closes #1468 by pulling upstream v0.34.35 with these notable merge conflicts:

Our repo upgraded Go past what upstream has so I choose to retain the more recent Go version

Things we can do to make pulls easier to review in the future:

Delete docs/
Delete changelog/
Delete CHANGELOG.md, UPGRADING.md, SECURITY.md, code of conduct,
Update all Go versions in workflow files to use 'go.mod' instead of a version number

Testing

I used go mod replace and verified that celestia-app can use this version of celestia-core.

single-node.sh
mocha.sh

…#766) * Fix `TestStateOversizedBlock` (celestiaorg#755) * Fix TestStateOversizedBlock * Moved `findBlockSizeLimit` together with other aux functions (cherry picked from commit c58597d656d5c816334aff9ea8e600bdbc534817) # Conflicts: # consensus/state_test.go * Revert "Fix `TestStateOversizedBlock` (celestiaorg#755)" This reverts commit e7d2a127a26d4d833bae3aef0917bb6bca2cda5b. * Fix `TestStateOversizedBlock` (celestiaorg#755) * Fix TestStateOversizedBlock * Moved `findBlockSizeLimit` together with other aux functions --------- Co-authored-by: Sergio Mena <sergio@informal.systems>

…#788) (cherry picked from commit ecd5ee112533cda28900cbd75afb349f67da3fa5) Co-authored-by: Sergio Mena <sergio@informal.systems>

…aorg#794) * Unsafe int cast in `kill` command (celestiaorg#783) * Unsafe int cast in `kill` command * Revert "Unsafe int cast in `kill` command" This reverts commit bbd649bd372ca90f83dea7b424d67dafbd9eb541. * Changed strategy (cherry picked from commit 03c5e7727a03983b54623e731d5d3d8dd4ac75ec) # Conflicts: # cmd/cometbft/commands/debug/kill.go * Revert "Unsafe int cast in `kill` command (celestiaorg#783)" This reverts commit b7ab279a6df1f062bec60bcf95947d2a87f4ccec. * Unsafe int cast in `kill` command (celestiaorg#783) * Unsafe int cast in `kill` command * Revert "Unsafe int cast in `kill` command" This reverts commit bbd649bd372ca90f83dea7b424d67dafbd9eb541. * Changed strategy --------- Co-authored-by: Sergio Mena <sergio@informal.systems>

…lestiaorg#805) Bumps [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) from 1.17.0 to 1.18.0. - [Release notes](https://github.com/bufbuild/buf-setup-action/releases) - [Commits](bufbuild/buf-setup-action@v1.17.0...v1.18.0) --- updated-dependencies: - dependency-name: bufbuild/buf-setup-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…#798) Replaced int64 with big.int Co-authored-by: Lasaro <lasaro@informal.systems> Co-authored-by: Sergio Mena <sergio@informal.systems> Co-authored-by: Thane Thomson <connect@thanethomson.com>

…iaorg#829) (celestiaorg#838)

…elestiaorg#870) Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) from 1.23.0 to 1.24.0. - [Release notes](https://github.com/slackapi/slack-github-action/releases) - [Commits](slackapi/slack-github-action@v1.23.0...v1.24.0) --- updated-dependencies: - dependency-name: slackapi/slack-github-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…lestiaorg#871) Bumps [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) from 1.18.0 to 1.19.0. - [Release notes](https://github.com/bufbuild/buf-setup-action/releases) - [Commits](bufbuild/buf-setup-action@v1.18.0...v1.19.0) --- updated-dependencies: - dependency-name: bufbuild/buf-setup-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…lestiaorg#909) Bumps [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) from 1.19.0 to 1.20.0. - [Release notes](https://github.com/bufbuild/buf-setup-action/releases) - [Commits](bufbuild/buf-setup-action@v1.19.0...v1.20.0) --- updated-dependencies: - dependency-name: bufbuild/buf-setup-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

celestiaorg#890) (celestiaorg#927) * add a test to trigger the issue * add a fix (in particular, we track the sender when receiving a tx twice) * add a changelog * update fix and test wrt. v0.34.x --------- Co-authored-by: Daniel <daniel.cason@informal.systems> Co-authored-by: Pierre Sutra <0track@gmail.com>

…ackport celestiaorg#865) (celestiaorg#970) * fix: avoid recursive call after rename to (*PeerState).MarshalJSON (celestiaorg#865) * avoid recursive call after rename to (*PeerState).MarshalJSON * add test * add change doc * explain for nolint * fix lint * fix golangci-lint to v1.52.2 * fix golangci-lint to v1.52.2 * Revert "fix golangci-lint to v1.52.2" This reverts commit 598a9ef4c86fc29cf038251676c33a222217826c. * Revert "fix golangci-lint to v1.52.2" This reverts commit a8aad121e27382813e95b1911b1b560c62e1c7c3. * Reintroduced `cmtjson` * Avoid copying Mutex * Avoid copying Mutex -- 2nd try, more succint * Update .changelog/unreleased/bug-fixes/865-fix-peerstate-marshaljson.md * Update consensus/reactor_test.go --------- Co-authored-by: Sergio Mena <sergio@informal.systems> (cherry picked from commit f6ea09171a2bf9f695f59b65f5c51e4a8c168015) # Conflicts: # consensus/reactor_test.go * Revert "fix: avoid recursive call after rename to (*PeerState).MarshalJSON (celestiaorg#865)" * fix: avoid recursive call after rename to (*PeerState).MarshalJSON (celestiaorg#865) * avoid recursive call after rename to (*PeerState).MarshalJSON * add test * add change doc * explain for nolint * fix lint * fix golangci-lint to v1.52.2 * fix golangci-lint to v1.52.2 * Revert "fix golangci-lint to v1.52.2" This reverts commit 598a9ef4c86fc29cf038251676c33a222217826c. * Revert "fix golangci-lint to v1.52.2" This reverts commit a8aad121e27382813e95b1911b1b560c62e1c7c3. * Reintroduced `cmtjson` * Avoid copying Mutex * Avoid copying Mutex -- 2nd try, more succint * Update .changelog/unreleased/bug-fixes/865-fix-peerstate-marshaljson.md * Update consensus/reactor_test.go --------- Co-authored-by: Sergio Mena <sergio@informal.systems> --------- Co-authored-by: mmsqe <mavis@crypto.com> Co-authored-by: Sergio Mena <sergio@informal.systems>

* changelog: Clean up and reorder Signed-off-by: Thane Thomson <connect@thanethomson.com> * changelog: Add missing entries Signed-off-by: Thane Thomson <connect@thanethomson.com> * changelog: Release v0.34.29 Signed-off-by: Thane Thomson <connect@thanethomson.com> * Rebuild changelog Signed-off-by: Thane Thomson <connect@thanethomson.com> * version: Bump to v0.34.29 Signed-off-by: Thane Thomson <connect@thanethomson.com> * test/e2e: Use Debian Bullseye as base image Golang recently started offering Debian Bookworm as the default distro for `golang:1.19`, which provides a newer version of RocksDB than what we support in cometbft-db. For now this pins the image to Bullseye, which is the base image we have been using for some time now. Signed-off-by: Thane Thomson <connect@thanethomson.com> --------- Signed-off-by: Thane Thomson <connect@thanethomson.com>

…lestiaorg#940) Bumps [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) from 1.20.0 to 1.21.0. - [Release notes](https://github.com/bufbuild/buf-setup-action/releases) - [Commits](bufbuild/buf-setup-action@v1.20.0...v1.21.0) --- updated-dependencies: - dependency-name: bufbuild/buf-setup-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…tiaorg#977)

…estiaorg#976)

…g#942) Bumps [docker/login-action](https://github.com/docker/login-action) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v2.1.0...v2.2.0) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…g#1000) * Add `CMT_HOME` (or remove it?) (celestiaorg#983) Closes celestiaorg#982 Added `CMT_HOME` everywhere `CMTHOME` is used. ### Notes to reviewers This could be fixed the opposite way, by removing the only reference to `CMT_HOME` in the code, and also the reference in `UPGRADING.md` (two lines of code). However, the reference in `UPGRADING.md`, which is part of our documentation, is already present in `v0.34.x` (not in `v0.37.x` though!). That's why this PR introduces `CMT_HOME` to work in equal conditions as `CMTHOME`. If reviewers lean toward removing `CMT_HOME` from the doc in `v0.34.x` (and unreleased `v0.38.x` and `main`), I can do it easily. --- #### PR checklist - [x] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments (cherry picked from commit b7be568f4a59edf41942ec7e0e25edd72df604d8) # Conflicts: # cmd/cometbft/commands/root_test.go * Revert "Add `CMT_HOME` (or remove it?) (celestiaorg#983)" * Add `CMT_HOME` (or remove it?) (celestiaorg#983) Closes celestiaorg#982 Added `CMT_HOME` everywhere `CMTHOME` is used. This could be fixed the opposite way, by removing the only reference to `CMT_HOME` in the code, and also the reference in `UPGRADING.md` (two lines of code). However, the reference in `UPGRADING.md`, which is part of our documentation, is already present in `v0.34.x` (not in `v0.37.x` though!). That's why this PR introduces `CMT_HOME` to work in equal conditions as `CMTHOME`. If reviewers lean toward removing `CMT_HOME` from the doc in `v0.34.x` (and unreleased `v0.38.x` and `main`), I can do it easily. --- - [x] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments --------- Co-authored-by: Sergio Mena <sergio@informal.systems>

…rg#1012) it'll make the handshake work with graceful shutdown(see: cosmos/cosmos-sdk#16202) handshake could be a long running process if there are many local blocks to replay, for example we use it to do profiling. Hope we can backport this to 0.34.x. --- - [ ] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments

…lestiaorg#1025) Bumps [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) from 1.21.0 to 1.22.0. - [Release notes](https://github.com/bufbuild/buf-setup-action/releases) - [Commits](bufbuild/buf-setup-action@v1.21.0...v1.22.0) --- updated-dependencies: - dependency-name: bufbuild/buf-setup-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

celestiaorg#1047) Closes celestiaorg#666 This PR adds double quotes to `path` param of `/abci_query` endpoint. --- #### PR checklist - [ ] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments (cherry picked from commit f6f13b1f67a54549d9f212a859ca4924d6ad9127) Co-authored-by: Steven Ferrer <steven.r.ferrer@gmail.com>

…lestiaorg#1070) Bumps [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) from 1.22.0 to 1.23.1. - [Release notes](https://github.com/bufbuild/buf-setup-action/releases) - [Commits](bufbuild/buf-setup-action@v1.22.0...v1.23.1) --- updated-dependencies: - dependency-name: bufbuild/buf-setup-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…estiaorg#1069) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.7.0 to 2.8.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v2.7.0...v2.8.0) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…estiaorg#1099) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.8.0 to 2.9.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v2.8.0...v2.9.0) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…estiaorg#1127) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.9.0 to 2.9.1. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v2.9.0...v2.9.1) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…lestiaorg#1128) Bumps [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) from 1.23.1 to 1.24.0. - [Release notes](https://github.com/bufbuild/buf-setup-action/releases) - [Commits](bufbuild/buf-setup-action@v1.23.1...v1.24.0) --- updated-dependencies: - dependency-name: bufbuild/buf-setup-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…lestiaorg#1162) Bumps [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) from 1.24.0 to 1.25.0. - [Release notes](https://github.com/bufbuild/buf-setup-action/releases) - [Commits](bufbuild/buf-setup-action@v1.24.0...v1.25.0) --- updated-dependencies: - dependency-name: bufbuild/buf-setup-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* CV OnStop close evidenceStore * CV OnStop print db close * CV add changelog * CV update changelog with attribution (cherry picked from commit 48335a06f01524b036fde4dc1bab569bfc4ab9c7) Co-authored-by: Chill Validation <92176880+chillyvee@users.noreply.github.com>

…lestiaorg#1214) Bumps [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) from 1.25.0 to 1.25.1. - [Release notes](https://github.com/bufbuild/buf-setup-action/releases) - [Commits](bufbuild/buf-setup-action@v1.25.0...v1.25.1) --- updated-dependencies: - dependency-name: bufbuild/buf-setup-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…elestiaorg#1079) (celestiaorg#1222) * Log proposer's address when correctly accepting a proposal (celestiaorg#1079) * Log proposer when logging received proposal * Addressed review comments * Promote updates to validator to Info level (cherry picked from commit cf230821c899f1f0cd3ef9cbbcc678ca01008d46) # Conflicts: # consensus/state.go # state/execution.go * Revert "Log proposer's address when correctly accepting a proposal (celestiaorg#1079)" This reverts commit 8ccdb00e9023da91ae324c86956ffe5a5851d1a3. * Log proposer's address when correctly accepting a proposal (celestiaorg#1079) * Log proposer when logging received proposal * Addressed review comments * Promote updates to validator to Info level --------- Co-authored-by: Sergio Mena <sergio@informal.systems>

…lestiaorg#1238) Bumps [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) from 1.25.1 to 1.26.0. - [Release notes](https://github.com/bufbuild/buf-setup-action/releases) - [Commits](bufbuild/buf-setup-action@v1.25.1...v1.26.0) --- updated-dependencies: - dependency-name: bufbuild/buf-setup-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…946) Bumps [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) from 1.38.0 to 1.39.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/bufbuild/buf-setup-action/releases">bufbuild/buf-setup-action's releases</a>.</em></p> <blockquote> <h2>v1.39.0</h2> <p>Release v1.39.0</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/bufbuild/buf-setup-action/commit/54abbed4fe8d8d45173eca4798b0c39a53a7b658"><code>54abbed</code></a> Release v1.39.0 (<a href="https://github.com/bufbuild/buf-setup-action/issues/221">#221</a>)</li> <li>See full diff in <a href="https://github.com/bufbuild/buf-setup-action/compare/v1.38.0...v1.39.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=bufbuild/buf-setup-action&package-manager=github_actions&previous-version=1.38.0&new-version=1.39.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

…030) Bumps [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) from 1.39.0 to 1.40.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/bufbuild/buf-setup-action/releases">bufbuild/buf-setup-action's releases</a>.</em></p> <blockquote> <h2>v1.40.1</h2> <p>Release v1.40.1</p> <h2>v1.40.0</h2> <p>Release v1.40.0</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/bufbuild/buf-setup-action/commit/2dbfb63c8b0cc4f1707ba5dd23017e998a25b2f0"><code>2dbfb63</code></a> Release v1.40.1 (<a href="https://github.com/bufbuild/buf-setup-action/issues/223">#223</a>)</li> <li><a href="https://github.com/bufbuild/buf-setup-action/commit/51c53201f0da34af376e0b998c889ebb2813d479"><code>51c5320</code></a> Release v1.40.0 (<a href="https://github.com/bufbuild/buf-setup-action/issues/222">#222</a>)</li> <li>See full diff in <a href="https://github.com/bufbuild/buf-setup-action/compare/v1.39.0...v1.40.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=bufbuild/buf-setup-action&package-manager=github_actions&previous-version=1.39.0&new-version=1.40.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

### Context The project has a dependency on an old version of the python module [requests](https://pypi.org/project/requests/2.32.3/), which is vulnerable to [CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681) and [CVE-2024-35195](https://nvd.nist.gov/vuln/detail/CVE-2024-35195). ### This Change This PR updates the version of the python module `requests` to the latest unaffected by vulnerabilities. --- #### PR checklist ~- [ ] Tests written/updated~ - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) ~- [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments~

### Context The project has a transitive dependency on an old version of [golang.org/x/image](https://pkg.go.dev/golang.org/x/image), which is vulnerable to [CVE-2024-24792](https://nvd.nist.gov/vuln/detail/CVE-2024-24792), [CVE-2023-29407](https://nvd.nist.gov/vuln/detail/CVE-2023-29407), [CVE-2023-29408](https://nvd.nist.gov/vuln/detail/CVE-2023-29408), and [CVE-2022-41727](https://nvd.nist.gov/vuln/detail/CVE-2022-41727). ### This Change This PR updates the version of a direct CometBFT dependency (`gonum.org/v1/gonum`) that depends on `golang.org/x/image`, thus causing the transitive dependency. This forces an update of `golang.org/x/image` to a newer version unaffected by vulnerabilities. --- #### PR checklist ~- [ ] Tests written/updated~ - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) ~- [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments~

Bumps [github.com/rs/cors](https://github.com/rs/cors) from 1.11.0 to 1.11.1. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rs/cors/commit/a814d7990a5449fcc211a536119d271469cc4157"><code>a814d79</code></a> Re-add support for multiple Access-Control-Request-Headers field (fixes <a href="https://github.com/rs/cors/issues/184">#184</a>)...</li> <li><a href="https://github.com/rs/cors/commit/1562b1715b353146f279ff7d445b7412e0f1a842"><code>1562b17</code></a> Removed redundant log nil checks (<a href="https://github.com/rs/cors/issues/178">#178</a>)</li> <li><a href="https://github.com/rs/cors/commit/3d336ea9b505046d343dfb14f09f19fad17673b4"><code>3d336ea</code></a> Update all dependencies to latest in examples (<a href="https://github.com/rs/cors/issues/175">#175</a>)</li> <li><a href="https://github.com/rs/cors/commit/85fc0cac7b03634b6bcf9686f0283858b427d484"><code>85fc0ca</code></a> Make Gin wrapper's status configurable and use 204 as default (fixes <a href="https://github.com/rs/cors/issues/145">#145</a>) (#...</li> <li>See full diff in <a href="https://github.com/rs/cors/compare/v1.11.0...v1.11.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/rs/cors&package-manager=go_modules&previous-version=1.11.0&new-version=1.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

updating `adlio/schema` removes dependency on `docker/docker` CVE-2024-41110 --- #### PR checklist - [ ] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

--- #### PR checklist - [ ] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments

….4 (#3919) Bumps [github.com/btcsuite/btcd/btcec/v2](https://github.com/btcsuite/btcd) from 2.2.2 to 2.3.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/btcsuite/btcd/commit/ff2e03e11233fa25c01cf4acbf76501fc008b31f"><code>ff2e03e</code></a> chore: fix some comments for struct field (<a href="https://github.com/btcsuite/btcd/issues/2214">#2214</a>)</li> <li><a href="https://github.com/btcsuite/btcd/commit/2134387ba8ff6d33d90afba285c5f0d52f3a0f6b"><code>2134387</code></a> Merge pull request <a href="https://github.com/btcsuite/btcd/issues/2208">#2208</a> from kcalvinalvin/2024-07-01-close-blockfiles</li> <li><a href="https://github.com/btcsuite/btcd/commit/e5d15fddb9c486dfe382bc95dc38d2fd247813bf"><code>e5d15fd</code></a> btcec/ecdsa: remove error return value for SignCompact (<a href="https://github.com/btcsuite/btcd/issues/2211">#2211</a>)</li> <li><a href="https://github.com/btcsuite/btcd/commit/c9fae1ac7cca6e6d55baec913286e483e28923a9"><code>c9fae1a</code></a> ffldb: close block files before deleting them</li> <li><a href="https://github.com/btcsuite/btcd/commit/8ed8ef134067e8af529996c4d027913b5945bf13"><code>8ed8ef1</code></a> ffldb: refactor out file close code into its own method</li> <li><a href="https://github.com/btcsuite/btcd/commit/8b5f2aa6f2cbd6c73d51d3f6c7251c7f48288175"><code>8b5f2aa</code></a> ffldb: add check for deleting files that are open</li> <li><a href="https://github.com/btcsuite/btcd/commit/4712e20049ebc24c4902049c47aadac27ffdc549"><code>4712e20</code></a> ffldb: throw error when attempting to delete an open file</li> <li><a href="https://github.com/btcsuite/btcd/commit/d881c686e61db35e332fb0309178152dac589b03"><code>d881c68</code></a> Fix the btcctl uptime command</li> <li><a href="https://github.com/btcsuite/btcd/commit/139669066ca7631559d45efe25ab5518bb692554"><code>1396690</code></a> Sending RPC requests through unix sockets (<a href="https://github.com/btcsuite/btcd/issues/2168">#2168</a>)</li> <li><a href="https://github.com/btcsuite/btcd/commit/b2eec96beac53b2d4ffbb4e42de7eba381d28c23"><code>b2eec96</code></a> Merge pull request <a href="https://github.com/btcsuite/btcd/issues/2206">#2206</a> from guggero/psbt-serialization-fix</li> <li>Additional commits viewable in <a href="https://github.com/btcsuite/btcd/compare/btcec/v2.2.2...btcec/v2.3.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/btcsuite/btcd/btcec/v2&package-manager=go_modules&previous-version=2.2.2&new-version=2.3.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

…095) Bumps [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) from 1.40.1 to 1.41.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/bufbuild/buf-setup-action/releases">bufbuild/buf-setup-action's releases</a>.</em></p> <blockquote> <h2>v1.41.0</h2> <p>Release v1.41.0</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/bufbuild/buf-setup-action/commit/2881ede27923557cb71f4ddc8954905c2639d1fb"><code>2881ede</code></a> Release v1.41.0 (<a href="https://github.com/bufbuild/buf-setup-action/issues/224">#224</a>)</li> <li>See full diff in <a href="https://github.com/bufbuild/buf-setup-action/compare/v1.40.1...v1.41.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=bufbuild/buf-setup-action&package-manager=github_actions&previous-version=1.40.1&new-version=1.41.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

mergify bot and others added 30 commits May 1, 2023 21:08

Struct Client exposes sensitive data (celestiaorg#784) (celestiaorg…

49cf700

…#788) (cherry picked from commit ecd5ee112533cda28900cbd75afb349f67da3fa5) Co-authored-by: Sergio Mena <sergio@informal.systems>

Backport of PR celestiaorg#771 to 0.34 : big int parsing (celestiaorg…

30af8c2

…#798) Replaced int64 with big.int Co-authored-by: Lasaro <lasaro@informal.systems> Co-authored-by: Sergio Mena <sergio@informal.systems> Co-authored-by: Thane Thomson <connect@thanethomson.com>

rpc: Remove response data from response failure logs (backport celest…

557ddea

…iaorg#829) (celestiaorg#838)

build(deps): Bump docker/build-push-action from 4.0.0 to 4.1.1 (celes…

c6615d3

…tiaorg#977)

build(deps): Bump docker/setup-buildx-action from 2.5.0 to 2.7.0 (cel…

90107ec

…estiaorg#976)

dependabot bot and others added 17 commits September 4, 2024 07:03

build(deps): Update cometbft-db to v0.9.5 (#4059)

0f713de

ci: update Go to 1.22 (#4060)

09e4b25

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

build(deps): Update gonum dependency to latest commit (#4090)

907925d

v0.34.35 (#4105)

46db8f4

Merge branch 'rp/cometbft-v0.34.35' into rp/v0.34.35

0587ad1

rootulp self-assigned this Sep 20, 2024

rootulp added 10 commits September 20, 2024 14:50

fix: must use btcsuite v2.3.4

010b7bd

fix: incorrect merge conflict resolution

8d302da

chore: clean up GIT_DIFF usage

d80185f

fix: lint

4a7caf1

fix: e2e test make docker

a2ac117

fix: make enough txs for 2 part sets

ece27f3

fix: TestBlockStoreSaveLoadBlock

a2fab52

fix: TestSaveTxInfo

235840d

fix: TestLoadBlockPart

4610dac

ci: increase test timeout

61989fe

rootulp mentioned this pull request Sep 20, 2024

chore(deps): upgrade to btcsuite/btcd v2.3.4 celestiaorg/cosmos-sdk#415

Draft

ci: bump to 15m

77a3b09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: pull cometbft v0.34.35 #1495

chore: pull cometbft v0.34.35 #1495

rootulp commented Sep 20, 2024 •

edited

Loading

chore: pull cometbft v0.34.35 #1495

Are you sure you want to change the base?

chore: pull cometbft v0.34.35 #1495

Conversation

rootulp commented Sep 20, 2024 • edited Loading

Testing

rootulp commented Sep 20, 2024 •

edited

Loading