Skip to content

build(deps): bump the go_modules group across 1 directory with 10 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

build(deps): bump the go_modules group across 1 directory with 10 updates #1

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 13, 2024

Bumps the go_modules group with 6 updates in the / directory:

Package From To
github.com/ethereum/go-ethereum 1.10.19 1.13.5
github.com/evmos/ethermint 0.6.1-0.20220919141022-34226aa7b1fa 0.18.0
google.golang.org/grpc 1.50.1 1.56.3
github.com/btcsuite/btcd 0.22.1 0.23.2
github.com/dvsekhvalnov/jose2go 1.5.0 1.6.0
github.com/hashicorp/go-getter 1.6.1 1.7.0

Updates github.com/ethereum/go-ethereum from 1.10.19 to 1.13.5

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Carbonaceous (v1.13.5)

Geth v1.13.5 is a scheduled maintenance release fixing a potential data corruption in path scheme which could occur due to a power failure (i.e. entire OS / machine crash).

  • Extend ethclient and the simulated backend to allow eth_call against specific block hashes (#28084).
  • Downgrade annoying stale transaction propagation logs from warning to debug (#28364).
  • Switch to the new KZG trusted setup parameters (#28383).
  • Return an error on GraphQL if querying invalid block ranges (#28393, #28412).
  • Start publishing Apple Silicon pre-built binaries (#28474, #28475).

And bugfixes:

  • Fix a number of corner-cases in path scheme state management (#28198, #28426, #28483).
  • Fix an issue when allocating excessively large Pebble caches (#28444).
  • Fix a potential snap sync issue with the path based storage (#28327).
  • Fix ethclient to properly forwarding explicit 1559 gas caps (#28462).
  • Fix gas estimation for 0 priced txs accessing the basefee (#28470).
  • Fix an issue where resubscribing to events would hang (#28359).
  • Fix ethstats transaction count report regressiob (#28398).
  • Fix negative number encoding in ethclient/rpc (#28358).
  • Fix GraphQL content type in the response (#28417).

For a full rundown of the changes please consult the Geth 1.13.5 release milestone.

As with all our previous releases, you can find the:

Archanes (v1.13.4)

Geth v1.13.4 is a non-urgent hotfix release. The previous version of Geth (v1.13.3) introduced a warning log for bad transaction announcements, and on mainnet it generated too much logging noise due to a protocol violation in Erigon. To prevent overwhelming logging systems, Geth v1.13.4 lower the log to a more reasonable level until the bug in Erigon is fixed #28356.

Apart from the above reason, the release contains:

  • Fix a snap sync corner-case that could cause a hang by a maliciously constructed contract storage (#28306).
  • Update various dependencies to unstick versions of Go libs (#28329, #28333, #28334, #28332, #28336).
  • Enable Pebble database support on 32bit platforms and on OpenBSD too (#28335).
  • Fix returning the correct code hash for eth_getProof with empty storage (#28357).
  • Simplify trie range prover for some upcoming snap sync optimisations (#28311).
  • Fix a timeout mechanism in the transaction fetcher (#28220).

For a full rundown of the changes please consult the Geth 1.13.4 release milestone.

As with all our previous releases, you can find the:

... (truncated)

Commits
  • 916d6a4 params: release Geth v1.15.5
  • f265cc2 cmd/geth: remove some whitespace in code and comments (#28148)
  • 49b2c5f build: upgrade -dlgo version to Go 1.21.4 (#28505)
  • ce5a480 ethclient: add empty/nonexist account testcase for eth_getProof RPC (#28482)
  • 2f4833b cmd/evm: allow state dump regardless if test passes in statetest (#28484)
  • 326fa00 core/rawdb: fsync the index file after each freezer write (#28483)
  • e38b9f1 eth/filters: exit early if topics-filter has more than 4 topics (#28494)
  • f7dde2a ethdb/pebble: add Errorf function to panicLogger (#28491)
  • b77a9b1 cmd/geth: more testcases for logging (#28501)
  • 7ea860d graphql: type of yParity from Long to BigInt (#28456)
  • Additional commits viewable in compare view

Updates github.com/evmos/ethermint from 0.6.1-0.20220919141022-34226aa7b1fa to 0.18.0

Release notes

Sourced from github.com/evmos/ethermint's releases.

v0.18.0

v0.18.0

Changelog

State Machine Breaking

  • (evm) #1174 Don't allow eth txs with 0 in mempool.

Improvements

  • (ante) #1208 Change default MaxGasWanted value.

Full Diff: evmos/ethermint@v0.17.2...v0.18.0

v0.17.2

v0.17.2 - 2022-07-26

Changelog

  • (rpc) #1190 Fix UnmarshalJSON panic of breaking EVM and fee market Params.
  • (evm) #1187 Fix TxIndex value (expected 0, actual 1) when trace the first tx of a block via debug_traceTransaction API.

Full Diff: evmos/ethermint@v0.17.1...v0.17.2

v0.17.1

v0.17.1 - 2022-07-13

Improvements

  • (rpc) #1169 Remove unnecessary queries from getBlockNumber function

Full Diff: evmos/ethermint@v0.17.0...v0.17.1

v0.17.0

v0.17.0 - 2022-06-27

Release Notes

This release includes fixes to the fee market module as well as adding configuration to reject non-replay protected transactions. Additionally, the go module has been renamed to evmos/ethermint.

This release is state-breaking, meaning that it will require setting an upgrade handler to bump the EVM module consensus version.

Changelog

State Machine Breaking

  • (evm) #1128 Clear tx logs if tx failed in post processing hooks
  • (evm) #1124 Reject non-replay-protected tx in AnteHandler to prevent replay attack

... (truncated)

Changelog

Sourced from github.com/evmos/ethermint's changelog.

[v0.18.0] - 2022-08-04

State Machine Breaking

Improvements

  • (ante) #1208 Change default MaxGasWanted value.

[v0.17.2] - 2022-07-26

Bug Fixes

  • (rpc) #1190 Fix UnmarshalJSON panic of breaking EVM and fee market Params.
  • (evm) #1187 Fix TxIndex value (expected 0, actual 1) when trace the first tx of a block via debug_traceTransaction API.

[v0.17.1] - 2022-07-13

Improvements

  • (rpc) #1169 Remove unnecessary queries from getBlockNumber function

[v0.17.0] - 2022-06-27

State Machine Breaking

  • (evm) #1128 Clear tx logs if tx failed in post processing hooks
  • (evm) #1124 Reject non-replay-protected tx in AnteHandler to prevent replay attack

API Breaking

  • (rpc) #1126 Make some JSON-RPC APIS work for pruned nodes.
  • (rpc) #1143 Restrict unprotected txs on the node JSON-RPC configuration.
  • (all) #1137 Rename go module to evmos/ethermint

API Breaking

Improvements

  • (deps) #1147 Bump Go version to 1.18.
  • (feemarket) #1135 Set lower bound of base fee to min gas price param
  • (evm) #1142 Rename RejectUnprotectedTx to AllowUnprotectedTxs for consistency with go-ethereum.

Bug Fixes

  • (rpc) #1138 Fix GasPrice calculation with relation to MinGasPrice

... (truncated)

Commits

Updates google.golang.org/grpc from 1.50.1 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

  • server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

    In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

  • client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

  • client: support channel idleness using WithIdleTimeout dial option (#6263)
    • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
  • client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
  • xds: Add support for Custom LB Policies (gRFC A52) (#6224)
  • xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
  • client: add support for pickfirst address shuffling (gRFC A62) (#6311)
  • xds: Add support for String Matcher Header Matcher in RDS (#6313)
  • xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • xds: enable RLS in xDS by default (#6343)
  • orca: add support for application_utilization field and missing range checks on several metrics setters
  • balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
  • authz: add conversion of json to RBAC Audit Logging config (#6192)
  • authz: add support for stdout logger (#6230 and #6298)
  • authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

  • orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
  • xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
  • xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

  • orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

  • xds: enable federation support by default (#6151)
  • status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits
  • 1055b48 Update version.go to 1.56.3 (#6713)
  • 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
  • bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
  • faab873 Update version.go to v1.56.2 (#6432)
  • 6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
  • ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
  • cd6a794 Update version.go to v1.56.2-dev (#6387)
  • 5b67e5e Update version.go to v1.56.1 (#6386)
  • d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
  • 997c1ea Change version to 1.56.1-dev (#6345)
  • Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.28.1 to 1.30.0

Updates github.com/btcsuite/btcd from 0.22.1 to 0.23.2

Release notes

Sourced from github.com/btcsuite/btcd's releases.

btcd v0.23.2

What's Changed

New Contributors

Full Changelog: btcsuite/btcd@v0.23.1...v0.23.2

btcd v0.23.1-beta

What's Changed

... (truncated)

Commits
  • 6b5418d Merge pull request #1898 from Roasbeef/v0-23-2-branch
  • 1a4af39 build: bump version to v0.23.2
  • d0aa747 Merge pull request #1896 from Roasbeef/witness-wire-hot-fix
  • f523d4c wire: remove erroneous witness size check in wire parsing
  • 38ee9a4 build: bump golang base image version to 1.17
  • ef4a8d3 doc: fix Tor hidden service setup link
  • 0f49e10 Merge pull request #1866 from darioush/bump-btcutils-versions
  • da4b534 Merge pull request #1865 from sputn1ck/musig2_0.3.0
  • 06ce960 btcec/schnorr/musig2: add infinity testvectors
  • 44eb8c6 btcec/schnorr/musig2: Allow infinity nonces
  • Additional commits viewable in compare view

Updates github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0

Commits

Updates github.com/hashicorp/go-getter from 1.6.1 to 1.7.0

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.0

What's Changed

New Contributors

Full Changelog: hashicorp/go-getter@v1.6.2...v1.7.0

v1.6.2

What's Changed

  • Fix no getter available for X-Terraform-Get source protocol when using bare github or bitbucket hostnames: #370
Commits
  • 0edab85 Merge pull request #413 from hashicorp/limited-decompressors-helper
  • b38771f decompressors: add LimitedDecompressors helper
  • 78e6721 Merge pull request #412 from hashicorp/mitigate-decompression-bomb
  • cf15d84 Add decompression bomb mitigation options
  • d229395 Merge pull request #408 from hashicorp/remove-codesign
  • b55f8f7 remove codesign entirely from go-getter
  • 611343a Merge pull request #386 from hashicorp/compliance/add-license
  • 7220a3d Merge pull request #379 from hashicorp/migrate-to-gha
  • 2daac52 Update get_gcs_test.go
  • 95c5f2d Update get_s3_test.go
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.0.0-20220926161630-eccd6366d1be to 0.14.0

Commits

Updates golang.org/x/net from 0.0.0-20220909164309-bea034e7d591 to 0.17.0

Commits

Updates golang.org/x/text from 0.3.7 to 0.13.0

Commits
  • f488e19 unicode/norm: fix function name on comment
  • fb697c0 cmd/gotext: actually use -dir flag
  • f3e69ed cmd/gotext: fix misbehaviors
  • ab07ad1 all: remove repetitive words
  • e503480 encoding/japanese, language: shorten very long sub-test names
  • 2df65d7 all: regenerate for Unicode 15.0.0
  • e3c038a all: prepare for Unicode 15.0.0
  • 3a7a255 internal/export/idna: make more space for mapping index
  • d61dd50 go.mod: delete repeated "indirect"
  • efb744f internal/export/idna: fix infinite loop in Go pre-1.10
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the go_modules group across 1 directory with 10 upd…
b82075c 
…ates

Bumps the go_modules group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum) | `1.10.19` | `1.13.5` |
| [github.com/evmos/ethermint](https://github.com/evmos/ethermint) | `0.6.1-0.20220919141022-34226aa7b1fa` | `0.18.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.50.1` | `1.56.3` |
| [github.com/btcsuite/btcd](https://github.com/btcsuite/btcd) | `0.22.1` | `0.23.2` |
| [github.com/dvsekhvalnov/jose2go](https://github.com/dvsekhvalnov/jose2go) | `1.5.0` | `1.6.0` |
| [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) | `1.6.1` | `1.7.0` |


Updates `github.com/ethereum/go-ethereum` from 1.10.19 to 1.13.5
- [Release notes](https://github.com/ethereum/go-ethereum/releases)
- [Commits](ethereum/go-ethereum@v1.10.19...v1.13.5)

Updates `github.com/evmos/ethermint` from 0.6.1-0.20220919141022-34226aa7b1fa to 0.18.0
- [Release notes](https://github.com/evmos/ethermint/releases)
- [Changelog](https://github.com/evmos/ethermint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evmos/ethermint/commits/v0.18.0)

Updates `google.golang.org/grpc` from 1.50.1 to 1.56.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.50.1...v1.56.3)

Updates `google.golang.org/protobuf` from 1.28.1 to 1.30.0

Updates `github.com/btcsuite/btcd` from 0.22.1 to 0.23.2
- [Release notes](https://github.com/btcsuite/btcd/releases)
- [Changelog](https://github.com/btcsuite/btcd/blob/master/CHANGES)
- [Commits](btcsuite/btcd@v0.22.1...v0.23.2)

Updates `github.com/dvsekhvalnov/jose2go` from 1.5.0 to 1.6.0
- [Commits](dvsekhvalnov/jose2go@v1.5...v1.6.0)

Updates `github.com/hashicorp/go-getter` from 1.6.1 to 1.7.0
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](hashicorp/go-getter@v1.6.1...v1.7.0)

Updates `golang.org/x/crypto` from 0.0.0-20220926161630-eccd6366d1be to 0.14.0
- [Commits](https://github.com/golang/crypto/commits/v0.14.0)

Updates `golang.org/x/net` from 0.0.0-20220909164309-bea034e7d591 to 0.17.0
- [Commits](https://github.com/golang/net/commits/v0.17.0)

Updates `golang.org/x/text` from 0.3.7 to 0.13.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.3.7...v0.13.0)

---
updated-dependencies:
- dependency-name: github.com/ethereum/go-ethereum
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: github.com/evmos/ethermint
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  dependency-group: go_modules-security-group
- dependency-name: github.com/btcsuite/btcd
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: github.com/dvsekhvalnov/jose2go
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: github.com/hashicorp/go-getter
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules-security-group
- dependency-name: golang.org/x/text
  dependency-type: indirect
  dependency-group: go_modules-security-group
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 13, 2024
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Apr 28, 2024

Superseded by #2.

@dependabot dependabot bot closed this Apr 28, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/go_modules-security-group-5272b93625 branch April 28, 2024 05:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants