Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): Bump github.com/cometbft/cometbft from 0.37.4 to 0.37.5 #19752

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 14, 2024

Bumps github.com/cometbft/cometbft from 0.37.4 to 0.37.5.

Release notes

Sourced from github.com/cometbft/cometbft's releases.

v0.37.5

See the CHANGELOG for this release.

Changelog

Sourced from github.com/cometbft/cometbft's changelog.

v0.37.5

March 12, 2024

This release fixes a security bug in the light client. It also introduces many improvements to the block sync in collaboration with the Osmosis team.

BUG FIXES

  • [mempool] The calculation method of tx size returned by calling proxyapp should be consistent with that of mempool (#1687)
  • [evidence] When VerifyCommitLight & VerifyCommitLightTrusting are called as part of evidence verification, all signatures present in the evidence must be verified (#1749)

IMPROVEMENTS

  • [types] Validate Validator#Address in ValidateBasic (#1715)
  • [abci] Increase ABCI socket message size limit to 2GB (#1730: @​troykessler)
  • [blocksync] make the max number of downloaded blocks dynamic. Previously it was a const 600. Now it's peersCount * maxPendingRequestsPerPeer (20) #2467
  • [blocksync] Request a block from peer B if we are approaching pool's height (less than 50 blocks) and the current peer A is slow in sending us the block #2475
  • [blocksync] Request the block N from peer B immediately after getting NoBlockResponse from peer A #2475
  • [blocksync] Sort peers by download rate (the fastest peer is picked first) #2475
Commits
  • 07493f4 Release v0.37.5 (#2591)
  • 17419f9 fix(blocksync): use timer instead of time.After (backport #2584) (#2588)
  • 15d4d91 feat(blocksync): sort peers by download rate & multiple requests for closer b...
  • fd52ab7 feat(blocksync): set the max number of (concurrently) downloaded bloc… (#2574)
  • 1bb0bd5 fix(docker-compose): fix subnet (backport #2383) (#2582)
  • 3caf4a4 build(deps): Bump bufbuild/buf-setup-action from 1.29.0 to 1.30.0 (#2555)
  • a940dc8 build(deps): Bump docker/build-push-action from 5.1.0 to 5.2.0 (#2556)
  • 0641e47 build(deps): Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 (#2510)
  • 1437879 ci: check metrics generation in CI checks (backport #2483) (#2486)
  • d954826 docs: images not rendering properly in docs (backport #2331) (#2339)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/cometbft/cometbft](https://github.com/cometbft/cometbft) from 0.37.4 to 0.37.5.
- [Release notes](https://github.com/cometbft/cometbft/releases)
- [Changelog](https://github.com/cometbft/cometbft/blob/v0.37.5/CHANGELOG.md)
- [Commits](cometbft/cometbft@v0.37.4...v0.37.5)

---
updated-dependencies:
- dependency-name: github.com/cometbft/cometbft
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner March 14, 2024 03:33
@dependabot dependabot bot added A:automerge Automatically merge PR once all prerequisites pass. dependencies Pull requests that update a dependency file testing-required labels Mar 14, 2024
Copy link
Member

@julienrbrt julienrbrt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Downgrade x/exp

@julienrbrt julienrbrt merged commit cdb519f into release/v0.47.x Mar 14, 2024
23 of 25 checks passed
@julienrbrt julienrbrt deleted the dependabot/go_modules/release/v0.47.x/github.com/cometbft/cometbft-0.37.5 branch March 14, 2024 14:10
@faddat faddat mentioned this pull request Mar 20, 2024
12 tasks
yihuang added a commit to crypto-org-chain/cosmos-sdk that referenced this pull request May 16, 2024
* fix(server): consensus failure while restart node with wrong `chainId` in genesis (cosmos#18920)

* test: add NodeURI for clientCtx (backport cosmos#18930) (cosmos#18988)

Co-authored-by: mmsqe <tqd0800210105@gmail.com>
Co-authored-by: Julien Robert <julien@rbrt.fr>

* chore: clean-up buf workspace (backport cosmos#18993) (cosmos#18998)

* build(deps): Bump cosmossdk.io/log from 1.2.1 to 1.3.0 (cosmos#19024)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>

* build(deps): Bump cosmossdk.io/errors from 1.0.0 to 1.0.1 (cosmos#19025)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>

* fix: allow empty public keys when setting signatures (backport cosmos#19106) (cosmos#19108)

Co-authored-by: Callum Waters <cmwaters19@gmail.com>
Co-authored-by: Julien Robert <julien@rbrt.fr>

* chore: prepare v0.47.8 (cosmos#19162)

* docs: fix typo in 06-grpc_rest.md (backport cosmos#19192) (cosmos#19194)

Co-authored-by: Yoksirod <103229163+taramakage@users.noreply.github.com>
Co-authored-by: Julien Robert <julien@rbrt.fr>

* fix: skip same-sender non-sequential sequence and then add others txs new solution (backport cosmos#19177) (cosmos#19250)

Co-authored-by: Brann Bronzebeard <90186866+ZiHengLee@users.noreply.github.com>
Co-authored-by: Facundo <facundomedica@gmail.com>
Co-authored-by: Facundo Medica <14063057+facundomedica@users.noreply.github.com>
Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com>

* test(baseapp): Refactor tx selector tests + better comments  (backport cosmos#19284) (cosmos#19288)

Co-authored-by: Facundo Medica <14063057+facundomedica@users.noreply.github.com>
Co-authored-by: Facundo <facundomedica@gmail.com>

* build(deps): Bump cosmossdk.io/log from 1.3.0 to 1.3.1 (cosmos#19359)

* chore: prepare v0.47.9 (cosmos#19451)

* build(deps): Bump github.com/cosmos/cosmos-proto from 1.0.0-beta.2 to 1.0.0-beta.4 (cosmos#19472)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Julien Robert <julien@rbrt.fr>

* Merge pull request from GHSA-4j93-fm92-rp4m

* fix(x/auth/vesting): Add `BlockedAddr` check in `CreatePeriodicVestingAccount`

* updates

* build(deps): Bump cosmossdk.io/math from 1.2.0 to 1.3.0 (cosmos#19564)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Julien Robert <julien@rbrt.fr>

* fix: use proper `db_backend` type when reading chain-id (cosmos#19573)

* Merge pull request from GHSA-86h5-xcpx-cfqc

* fix slashing logic

* add test

* changelog + release notes

* word

---------

Co-authored-by: Julien Robert <julien@rbrt.fr>

* build(deps): Bump deps (backport cosmos#19655) (cosmos#19712)

Co-authored-by: Julien Robert <julien@rbrt.fr>

* fix(x/gov): grpc query tally for failed proposal (backport cosmos#19725) (cosmos#19728)

Co-authored-by: David Tumcharoen <david@alleslabs.com>
Co-authored-by: Julien Robert <julien@rbrt.fr>

* fix(crypto): error if incorrect ledger public key (backport cosmos#19691) (cosmos#19746)

Co-authored-by: Rootul P <rootulp@gmail.com>
Co-authored-by: sontrinh16 <trinhleson2000@gmail.com>

* build(deps): Bump github.com/cometbft/cometbft from 0.37.4 to 0.37.5 (cosmos#19752)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Julien Robert <julien@rbrt.fr>

* fix: Implement gogoproto customtype to secp256r1 keys (backport cosmos#20027) (cosmos#20032)

Co-authored-by: Facundo Medica <14063057+facundomedica@users.noreply.github.com>
Co-authored-by: marbar3778 <marbar3778@yahoo.com>
Co-authored-by: Marko <marko@baricevic.me>

* fix: secp256r1 json missing quotes (backport cosmos#20060) (cosmos#20070)

Co-authored-by: Facundo Medica <14063057+facundomedica@users.noreply.github.com>

* build(deps): Bump github.com/cosmos/cosmos-proto from 1.0.0-beta.4 to 1.0.0-beta.5 (cosmos#20094)

* chore: prepare v0.47.11 (cosmos#20088)

* fix: use timestamp for sim log file name (backport cosmos#20108) (cosmos#20112)

Co-authored-by: mmsqe <mavis@crypto.com>

* fix(x/authz,x/feegrant): check blocked address (backport cosmos#20102) (cosmos#20114)

Co-authored-by: Julien Robert <julien@rbrt.fr>

* fix(testsuite/sims): set all signatures (backport cosmos#20151) (cosmos#20186)

Co-authored-by: Leon <156270887+leonz789@users.noreply.github.com>

* build(deps): Bump github.com/cometbft/cometbft from 0.37.5 to 0.37.6 (cosmos#20205)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>

* go mod tidy

* chore: downgrade to go 1.19 (cosmos#20211)

* chore: tidy with go 1.19 (cosmos#20220)

* chore: revert comet 0.37.6 upgrade due to go version bump (cosmos#20247)

* fix: remove txs from mempool when antehandler fails in recheck (backport cosmos#20144) (cosmos#20252)

Co-authored-by: Marko <marko@baricevic.me>
Co-authored-by: marbar3778 <marbar3778@yahoo.com>

* Revert "chore: downgrade to go 1.19 (cosmos#20211)"

This reverts commit aba4e40.

* Revert "chore: revert comet 0.37.6 upgrade due to go version bump (cosmos#20247)"

This reverts commit 00e4273.

* bump go in ci

* update docker file

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: atheeshp <59333759+atheeshp@users.noreply.github.com>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Co-authored-by: mmsqe <tqd0800210105@gmail.com>
Co-authored-by: Julien Robert <julien@rbrt.fr>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Callum Waters <cmwaters19@gmail.com>
Co-authored-by: Yoksirod <103229163+taramakage@users.noreply.github.com>
Co-authored-by: Brann Bronzebeard <90186866+ZiHengLee@users.noreply.github.com>
Co-authored-by: Facundo <facundomedica@gmail.com>
Co-authored-by: Facundo Medica <14063057+facundomedica@users.noreply.github.com>
Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com>
Co-authored-by: Kevin Yang <5478483+k-yang@users.noreply.github.com>
Co-authored-by: khanh <50263489+catShaark@users.noreply.github.com>
Co-authored-by: David Tumcharoen <david@alleslabs.com>
Co-authored-by: Rootul P <rootulp@gmail.com>
Co-authored-by: sontrinh16 <trinhleson2000@gmail.com>
Co-authored-by: marbar3778 <marbar3778@yahoo.com>
Co-authored-by: Marko <marko@baricevic.me>
Co-authored-by: mmsqe <mavis@crypto.com>
Co-authored-by: Leon <156270887+leonz789@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A:automerge Automatically merge PR once all prerequisites pass. dependencies Pull requests that update a dependency file testing-required
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant