chore: upgrade cometbft to v1.0.1 #20
Open
+706
−202
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
calbera
commented
Feb 3, 2025
•
calbera
commented
- Includes cometbft patch in comet v1.0.1 from commits on branch v1.x
- Also includes fix in params.go: Cap (MaxMessageDelay) on the MessageDelay to prevent overflow -- check
…#4672) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…bft#4671) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.68.1 to 1.69.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's releases</a>.</em></p> <blockquote> <h2>Release 1.69.0</h2> <h1>Known Issues</h1> <ul> <li>The recently added <code>grpc.NewClient</code> function is incompatible with forward proxies, because it resolves the target hostname on the client instead of passing the hostname to the proxy. A fix is expected to be a part of grpc-go v1.70. (<a href="https://redirect.github.com/grpc/grpc-go/issues/7556">#7556</a>)</li> </ul> <h1>New Features</h1> <ul> <li>stats/opentelemetry: Introduce new APIs to enable OpenTelemetry instrumentation for metrics on servers and clients (<a href="https://redirect.github.com/grpc/grpc-go/issues/7874">#7874</a>)</li> <li>xdsclient: add support to fallback to lower priority servers when higher priority ones are down (<a href="https://redirect.github.com/grpc/grpc-go/issues/7701">#7701</a>)</li> <li>dns: Add support for link local IPv6 addresses (<a href="https://redirect.github.com/grpc/grpc-go/issues/7889">#7889</a>)</li> <li>The new experimental <code>pickfirst</code> LB policy (disabled by default) supports Happy Eyeballs, interleaving IPv4 and IPv6 address as described in <a href="https://www.rfc-editor.org/rfc/rfc8305#section-4">RFC-8305 section 4</a>, to attempt connections to multiple backends concurrently. The experimental <code>pickfirst</code> policy can be enabled by setting the environment variable <code>GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST</code> to <code>true</code>. (<a href="https://redirect.github.com/grpc/grpc-go/issues/7725">#7725</a>, <a href="https://redirect.github.com/grpc/grpc-go/issues/7742">#7742</a>)</li> <li>balancer/pickfirst: Emit metrics from the <code>pick_first</code> load balancing policy (<a href="https://redirect.github.com/grpc/grpc-go/issues/7839">#7839</a>)</li> <li>grpc: export <code>MethodHandler</code>, which is the type of an already-exported field in <code>MethodDesc</code> (<a href="https://redirect.github.com/grpc/grpc-go/issues/7796">#7796</a>) <ul> <li>Special Thanks: <a href="https://github.com/mohdjishin"><code>@mohdjishin</code></a></li> </ul> </li> </ul> <h1>Bug Fixes</h1> <ul> <li>credentials/google: set scope for application default credentials (<a href="https://redirect.github.com/grpc/grpc-go/issues/7887">#7887</a>) <ul> <li>Special Thanks: <a href="https://github.com/halvards"><code>@halvards</code></a></li> </ul> </li> <li>xds: fix edge-case issues where some clients or servers would not initialize correctly or would not receive errors when resources are invalid or unavailable if another channel or server with the same target was already in use . (<a href="https://redirect.github.com/grpc/grpc-go/issues/7851">#7851</a>, <a href="https://redirect.github.com/grpc/grpc-go/issues/7853">#7853</a>)</li> <li>examples: fix the debugging example, which was broken by a recent change (<a href="https://redirect.github.com/grpc/grpc-go/issues/7833">#7833</a>)</li> </ul> <h1>Behavior Changes</h1> <ul> <li>client: update retry attempt backoff to apply jitter per updates to <a href="https://github.com/grpc/proposal/blob/master/A6-client-retries.md">gRFC A6</a>. (<a href="https://redirect.github.com/grpc/grpc-go/issues/7869">#7869</a>) <ul> <li>Special Thanks: <a href="https://github.com/isgj"><code>@isgj</code></a></li> </ul> </li> <li>balancer/weightedroundrobin: use the <code>pick_first</code> LB policy to manage connections (<a href="https://redirect.github.com/grpc/grpc-go/issues/7826">#7826</a>)</li> </ul> <h1>API Changes</h1> <ul> <li>balancer: An internal method is added to the <code>balancer.SubConn</code> interface to force implementors to embed a delegate implementation. This requirement is present in the interface documentation, but wasn't enforced earlier. (<a href="https://redirect.github.com/grpc/grpc-go/issues/7840">#7840</a>)</li> </ul> <h1>Performance Improvements</h1> <ul> <li>mem: implement a <code>ReadAll()</code> method for more efficient <code>io.Reader</code> consumption (<a href="https://redirect.github.com/grpc/grpc-go/issues/7653">#7653</a>) <ul> <li>Special Thanks: <a href="https://github.com/ash2k"><code>@ash2k</code></a></li> </ul> </li> <li>mem: use slice capacity instead of length to determine whether to pool buffers or directly allocate them (<a href="https://redirect.github.com/grpc/grpc-go/issues/7702">#7702</a>) <ul> <li>Special Thanks: <a href="https://github.com/PapaCharlie"><code>@PapaCharlie</code></a></li> </ul> </li> </ul> <h1>Documentation</h1> <ul> <li>examples/csm_observability: Add xDS Credentials and switch server to be xDS enabled (<a href="https://redirect.github.com/grpc/grpc-go/issues/7875">#7875</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc-go/commit/317271b232677b7869576a49855b01b9f4775d67"><code>317271b</code></a> pickfirst: Register a health listener when used as a leaf policy (<a href="https://redirect.github.com/grpc/grpc-go/issues/7832">#7832</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/5565631455d326987ad3f9dba6d45478cc426c9f"><code>5565631</code></a> balancer/pickfirst: replace grpc.Dial with grpc.NewClient in tests (<a href="https://redirect.github.com/grpc/grpc-go/issues/7879">#7879</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/634497b75899887567d48ff134059443069b8196"><code>634497b</code></a> test: Split import paths for generated message and service code (<a href="https://redirect.github.com/grpc/grpc-go/issues/7891">#7891</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/78aa51be7ea153a6773d421c0ac9852e3c5cd22c"><code>78aa51b</code></a> pickfirst: Stop test servers without closing listeners (<a href="https://redirect.github.com/grpc/grpc-go/issues/7872">#7872</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/00272e8024ccd4adce8500a2f7daf974ab7fe7d9"><code>00272e8</code></a> dns: Support link local IPv6 addresses (<a href="https://redirect.github.com/grpc/grpc-go/issues/7889">#7889</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/17d08f746b51fa70911754d36a799c247a2c4b79"><code>17d08f7</code></a> scripts/gen-deps: filter out grpc modules (<a href="https://redirect.github.com/grpc/grpc-go/issues/7890">#7890</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/ab189b0af7ef5e7aa6e20b5293612bd51ab10fe2"><code>ab189b0</code></a> examples/features/csm_observability: Add xDS Credentials (<a href="https://redirect.github.com/grpc/grpc-go/issues/7875">#7875</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/3ce87dd3800b90da028f08d75023144c03f5706f"><code>3ce87dd</code></a> credentials/google: Add cloud-platform scope for ADC (<a href="https://redirect.github.com/grpc/grpc-go/issues/7887">#7887</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/3c0586a427dd1fb8ba66f8c4dbd038273a406bbe"><code>3c0586a</code></a> stats/opentelemetry: Cleanup OpenTelemetry API's before stabilization (<a href="https://redirect.github.com/grpc/grpc-go/issues/7874">#7874</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/4c07bca27377feb808912b844b3fa95ad10f946b"><code>4c07bca</code></a> stream: add jitter to retry backoff in accordance with gRFC A6 (<a href="https://redirect.github.com/grpc/grpc-go/issues/7869">#7869</a>)</li> <li>Additional commits viewable in <a href="https://github.com/grpc/grpc-go/compare/v1.68.1...v1.69.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
) Co-authored-by: Anton Kaliaev <[email protected]>
This PR fixes the links to ADRs in the .CHANGELOG.
…etbft#4710) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.7.1 to 3.8.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v3.8.0</h2> <ul> <li>Make cloud prefix optional to download buildx if driver is cloud by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/390">docker/setup-buildx-action#390</a></li> <li>Bump <code>@actions/core</code> from 1.10.1 to 1.11.1 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/370">docker/setup-buildx-action#370</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.39.0 to 0.48.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/389">docker/setup-buildx-action#389</a></li> <li>Bump cross-spawn from 7.0.3 to 7.0.6 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/382">docker/setup-buildx-action#382</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.7.1...v3.8.0">https://github.com/docker/setup-buildx-action/compare/v3.7.1...v3.8.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-buildx-action/commit/6524bf65af31da8d45b59e8c27de4bd072b392f5"><code>6524bf6</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/390">#390</a> from crazy-max/buildx-cloud-latest</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/8d5e0747fc81adde3c75a11c4ab1cd6e831c45b5"><code>8d5e074</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/7199e57b3551d377384de4d86bb21b747aea8ae4"><code>7199e57</code></a> make cloud prefix optional to download buildx if driver is cloud</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/db63cee3de03c9e9f201f1b6213e29b58eaa560d"><code>db63cee</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/381">#381</a> from docker/dependabot/github_actions/codecov/codecov...</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/043ebe137fb9440c054da78ea0d12b4770d51bb0"><code>043ebe1</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/389">#389</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/686da9073d5e9e34c27fc99d06023785a093b3b2"><code>686da90</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/a3d74876b8fd9bd06b520ed90e4838a3ab637302"><code>a3d7487</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/382">#382</a> from docker/dependabot/npm_and_yarn/cross-spawn-7.0.6</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/4dcdbcec48953cab044a8e7d13f601ffd1926c08"><code>4dcdbce</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.39.0 to 0.48.0</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/1a8ac74316906cd182c3b1e6361b0648f1800ecc"><code>1a8ac74</code></a> ci: fix deprecated input for codecov-action</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/e827ebe8ba8bcef11893610e158210f4ce7c2ded"><code>e827ebe</code></a> build(deps): bump cross-spawn from 7.0.3 to 7.0.6</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-buildx-action/compare/v3.7.1...v3.8.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…metbft#4709) Bumps [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) from 1.47.2 to 1.48.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/bufbuild/buf-setup-action/releases">bufbuild/buf-setup-action's releases</a>.</em></p> <blockquote> <h2>v1.48.0</h2> <p>Release v1.48.0</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/bufbuild/buf-setup-action/commit/1115d0acd3d2a120b30023fac52abc46807c8fd6"><code>1115d0a</code></a> Release v1.48.0 (<a href="https://redirect.github.com/bufbuild/buf-setup-action/issues/233">#233</a>)</li> <li>See full diff in <a href="https://github.com/bufbuild/buf-setup-action/compare/v1.47.2...v1.48.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…ometbft#4707) Bumps google.golang.org/protobuf from 1.35.2 to 1.36.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.32.0 to 0.33.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/net/commit/dfc720dfe0cfc125116068c20efcdcb5e4eab464"><code>dfc720d</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/net/commit/8e66b04771e35c4e4125e8c60334b34e2423effb"><code>8e66b04</code></a> html: use strings.EqualFold instead of lowering ourselves</li> <li><a href="https://github.com/golang/net/commit/b935f7b5d723c82894e1a1fd936a94dd2d1eae46"><code>b935f7b</code></a> html: avoid endless loop on error token</li> <li><a href="https://github.com/golang/net/commit/9af49ef148d7d8b3e4cbbd9cc0cd37f2a520a4a3"><code>9af49ef</code></a> route: remove unused sizeof* consts</li> <li><a href="https://github.com/golang/net/commit/6705db9a4df8f2cf16aed83e773e7a0213788b7a"><code>6705db9</code></a> quic: clean up crypto streams when dropping packet protection keys</li> <li><a href="https://github.com/golang/net/commit/4ef7588d2b3f83775099797baac43c34e2e23200"><code>4ef7588</code></a> quic: handle ACK frame in packet which drops number space</li> <li><a href="https://github.com/golang/net/commit/552d8ac903a11a9fde71a88732f5b58b6b394178"><code>552d8ac</code></a> Revert "route: change from syscall to x/sys/unix"</li> <li><a href="https://github.com/golang/net/commit/13a7c0108bd38aad013797cdb95e6bfca0bbcec6"><code>13a7c01</code></a> Revert "route: remove unused sizeof* consts on freebsd"</li> <li>See full diff in <a href="https://github.com/golang/net/compare/v0.32.0...v0.33.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…bft#4706) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.69.0 to 1.69.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's releases</a>.</em></p> <blockquote> <h2>Release 1.69.2</h2> <h1>Bug Fixes</h1> <ul> <li>stats/experimental: add type aliases for symbols (<code>Metrics</code>/etc) that were moved to the stats package (<a href="https://redirect.github.com/grpc/grpc-go/issues/7929">#7929</a>).</li> <li>client: set user-agent string to the correct version.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc-go/commit/b615b35c4feb932a0ac658fb86b7127f10ef664e"><code>b615b35</code></a> Change version to 1.69.2 (<a href="https://redirect.github.com/grpc/grpc-go/issues/7947">#7947</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/6b36a3e60ae03bc1aebf3f3e6bce58a2bc496ded"><code>6b36a3e</code></a> experimental/stats: re-add type aliases for migration (<a href="https://redirect.github.com/grpc/grpc-go/issues/7929">#7929</a>) (<a href="https://redirect.github.com/grpc/grpc-go/issues/7941">#7941</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/4535c6d2699749b5cd423e07caa7459fa42a76a7"><code>4535c6d</code></a> Change version to 1.69.2-dev (<a href="https://redirect.github.com/grpc/grpc-go/issues/7928">#7928</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/b6e7c72ece4bc35a2fd79952cee6305a7ce5aaef"><code>b6e7c72</code></a> examples/features/csm_observability: Make CSM Observability example server li...</li> <li><a href="https://github.com/grpc/grpc-go/commit/9355fbcc19aca55a3b6803626cb9f26f2ac7874e"><code>9355fbc</code></a> Change version to 1.69.1 (<a href="https://redirect.github.com/grpc/grpc-go/issues/7927">#7927</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/927a1e1d1ae83fd60664b2d9d7d07539dea38eaa"><code>927a1e1</code></a> Change version to 1.69.1-dev (<a href="https://redirect.github.com/grpc/grpc-go/issues/7902">#7902</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/97d633a62e60acb359d26b3a5fa390ac5e04b732"><code>97d633a</code></a> Change version to 1.69.0 (<a href="https://redirect.github.com/grpc/grpc-go/issues/7901">#7901</a>)</li> <li>See full diff in <a href="https://github.com/grpc/grpc-go/compare/v1.69.0...v1.69.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…tbft#4764) (cometbft#4767) Remove a paragraph on release candidates from CHANGELOG.md.<hr>This is an automatic backport of pull request cometbft#4764 done by [Mergify](https://mergify.com). Co-authored-by: Hernán Vanzetto <[email protected]>
…ometbft#4777) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…ometbft#4737) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…n signing a vote (backport cometbft#3649) (cometbft#4789) Closes cometbft#3642 When vote extensions are disabled, we still need to (sanity-)check that: * Prevotes don't contain an extension signature * `nil` precommits don't contain an extension signature This PR is re-enabling those checks, in alignment with cometbft#3565 in `v0.38.x` --- #### PR checklist - ~[ ] Tests written/updated~ - [x] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - ~[ ] Updated relevant documentation (`docs/` or `spec/`) and code comments~ - [x] Title follows the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) spec <hr>This is an automatic backport of pull request cometbft#3649 done by [Mergify](https://mergify.com). --------- Co-authored-by: Sergio Mena <[email protected]> Co-authored-by: Anton Kaliaev <[email protected]>
…metbft#4809) Bumps [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) from 1.48.0 to 1.49.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/bufbuild/buf-setup-action/releases">bufbuild/buf-setup-action's releases</a>.</em></p> <blockquote> <h2>v1.49.0</h2> <p>Release v1.49.0</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/bufbuild/buf-setup-action/commit/480b44ac64eb7784931d42dcddaf762c626186a6"><code>480b44a</code></a> Release v1.49.0 (<a href="https://redirect.github.com/bufbuild/buf-setup-action/issues/236">#236</a>)</li> <li><a href="https://github.com/bufbuild/buf-setup-action/commit/2ff90c60795eee77ba6134f1fb1aa7ceba7845ff"><code>2ff90c6</code></a> Update license year range (<a href="https://redirect.github.com/bufbuild/buf-setup-action/issues/235">#235</a>)</li> <li>See full diff in <a href="https://github.com/bufbuild/buf-setup-action/compare/v1.48.0...v1.49.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…etbft#4808) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.10.0 to 6.11.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/build-push-action/releases">docker/build-push-action's releases</a>.</em></p> <blockquote> <h2>v6.11.0</h2> <ul> <li>Handlebar <code>defaultContext</code> support for <code>build-contexts</code> input by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1283">docker/build-push-action#1283</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.46.0 to 0.49.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1281">docker/build-push-action#1281</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.10.0...v6.11.0">https://github.com/docker/build-push-action/compare/v6.10.0...v6.11.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/build-push-action/commit/b32b51a8eda65d6793cd0494a773d4f6bcef32dc"><code>b32b51a</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1281">#1281</a> from docker/dependabot/npm_and_yarn/docker/actions-t...</li> <li><a href="https://github.com/docker/build-push-action/commit/594bf46f0f6d32fd8bd98a553127950004165c96"><code>594bf46</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1294">#1294</a> from crazy-max/fix-e2e</li> <li><a href="https://github.com/docker/build-push-action/commit/fd37bd55af0b8c458ea0ff376ce151a332fa7aed"><code>fd37bd5</code></a> ci(e2e): fix setup docker config</li> <li><a href="https://github.com/docker/build-push-action/commit/e6478a2405f3527f33b93efb6857519c3ffd91f2"><code>e6478a2</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/78785bddff35ca36f384e0c6a8a367584317df9f"><code>78785bd</code></a> chore(deps): Bump <code>@docker/actions-toolkit</code> from 0.46.0 to 0.49.0</li> <li><a href="https://github.com/docker/build-push-action/commit/128779fed7edb034b3f8006e9dac81a8593c040e"><code>128779f</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1283">#1283</a> from crazy-max/named-context-handlebars</li> <li><a href="https://github.com/docker/build-push-action/commit/7e094594beda23fc8f21fa31049f4b203e51096b"><code>7e09459</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1282">#1282</a> from crazy-max/remove-buildkit-5561</li> <li><a href="https://github.com/docker/build-push-action/commit/32ee877a58507615d974839965ef8e530d66362e"><code>32ee877</code></a> Revert "init buildkit-5561 workflow"</li> <li><a href="https://github.com/docker/build-push-action/commit/d1a4129c41bb3f92b731b33dc29cfe5f6cd9298f"><code>d1a4129</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/49c623eaf82513814393adabc13bf2535384d735"><code>49c623e</code></a> handlebar defaultContext support for build-contexts input</li> <li>Additional commits viewable in <a href="https://github.com/docker/build-push-action/compare/v6.10.0...v6.11.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.34.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/net/commit/8da7ed17cdaf5e1d42aa868f0b0322a207a17dcd"><code>8da7ed1</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/net/commit/2124140b044c3cbbd6a3ed7c45e2d4420be7039d"><code>2124140</code></a> all: make function and struct comments match the names</li> <li><a href="https://github.com/golang/net/commit/e9d95ba163f72442cc09dca1865147a62351ac72"><code>e9d95ba</code></a> http2: do not surface errors from a conn's idle timer expiring</li> <li><a href="https://github.com/golang/net/commit/c2be9921fe46b336b1991c4e5984666bd75b941f"><code>c2be992</code></a> quic: remember which remote connection IDs have been retired</li> <li>See full diff in <a href="https://github.com/golang/net/compare/v0.33.0...v0.34.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…ometbft#4798) Bumps google.golang.org/protobuf from 1.36.1 to 1.36.2. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…etbft#4826) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…metbft#4827) Bumps [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) from 1.49.0 to 1.50.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/bufbuild/buf-setup-action/releases">bufbuild/buf-setup-action's releases</a>.</em></p> <blockquote> <h2>v1.50.0</h2> <p>Release v1.50.0</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/bufbuild/buf-setup-action/commit/a47c93e0b1648d5651a065437926377d060baa99"><code>a47c93e</code></a> Release v1.50.0 (<a href="https://redirect.github.com/bufbuild/buf-setup-action/issues/238">#238</a>)</li> <li>See full diff in <a href="https://github.com/bufbuild/buf-setup-action/compare/v1.49.0...v1.50.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…ometbft#4828) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…bft#4830) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.69.2 to 1.69.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's releases</a>.</em></p> <blockquote> <h2>Release 1.69.4</h2> <h1>Bug Fixes</h1> <ul> <li>rbac: fix support for :path header matchers, which would previously never successfully match (<a href="https://redirect.github.com/grpc/grpc-go/issues/7965">#7965</a>).</li> </ul> <h1>Documentation</h1> <ul> <li>examples/features/csm_observability: update example client and server to use the helloworld service instead of echo service (<a href="https://redirect.github.com/grpc/grpc-go/issues/7945">#7945</a>).</li> </ul> <p>Release 1.69.3 was accidentally tagged on the master branch and will be deleted. Please update to 1.69.4 instead.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc-go/commit/4103cfc52a951673d441f8b2c02eee96e31f1897"><code>4103cfc</code></a> Change version to 1.69.4 (<a href="https://redirect.github.com/grpc/grpc-go/issues/8005">#8005</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/cf6ddaa06db9da8bcdc23e682b72dcf831abfda8"><code>cf6ddaa</code></a> Change version to 1.69.4-dev (<a href="https://redirect.github.com/grpc/grpc-go/issues/8001">#8001</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/94a0c2cbfc5fa21cdc3f2a3eecad7f5ae5e23e99"><code>94a0c2c</code></a> Change version to 1.69.3 (<a href="https://redirect.github.com/grpc/grpc-go/issues/8000">#8000</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/ec415604a2f817c7c44fbadfa3f7983c9f6ab8d5"><code>ec41560</code></a> Cherry pick <a href="https://redirect.github.com/grpc/grpc-go/issues/7965">#7965</a> <a href="https://redirect.github.com/grpc/grpc-go/issues/7945">#7945</a> to v1.69.x (<a href="https://redirect.github.com/grpc/grpc-go/issues/7996">#7996</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/3b328ba4d21148e7d4526e938b0b2cde611b388f"><code>3b328ba</code></a> Change version to 1.69.3-dev (<a href="https://redirect.github.com/grpc/grpc-go/issues/7948">#7948</a>)</li> <li>See full diff in <a href="https://github.com/grpc/grpc-go/compare/v1.69.2...v1.69.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…ometbft#4829) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.61.0 to 0.62.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/prometheus/common/releases">github.com/prometheus/common's releases</a>.</em></p> <blockquote> <h2>v0.62.0</h2> <h2>What's Changed</h2> <ul> <li>Change default validation scheme to UTF8Validation by <a href="https://github.com/ywwg"><code>@ywwg</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/724">prometheus/common#724</a></li> <li>Remove deprecated promlog package by <a href="https://github.com/SuperQ"><code>@SuperQ</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/738">prometheus/common#738</a></li> <li>Remove deprecated sigv4 module by <a href="https://github.com/SuperQ"><code>@SuperQ</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/737">prometheus/common#737</a></li> <li>update links to openmetrics to reference the v1.0.0 release by <a href="https://github.com/dashpole"><code>@dashpole</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/740">prometheus/common#740</a></li> <li>Synchronize common files from prometheus/prometheus by <a href="https://github.com/prombot"><code>@prombot</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/742">prometheus/common#742</a></li> <li>Bump google.golang.org/protobuf from 1.35.2 to 1.36.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/744">prometheus/common#744</a></li> <li>Bump golang.org/x/net from 0.32.0 to 0.33.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/743">prometheus/common#743</a></li> <li>Synchronize common files from prometheus/prometheus by <a href="https://github.com/prombot"><code>@prombot</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/747">prometheus/common#747</a></li> <li>http_config: Allow customizing TLS config and settings. by <a href="https://github.com/bwplotka"><code>@bwplotka</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/748">prometheus/common#748</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/dashpole"><code>@dashpole</code></a> made their first contribution in <a href="https://redirect.github.com/prometheus/common/pull/740">prometheus/common#740</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/prometheus/common/compare/v0.61.0...v0.62.0">https://github.com/prometheus/common/compare/v0.61.0...v0.62.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/prometheus/common/commit/280b0e7d5bdf09ddfd2d93c226671cb2ebdb7d5f"><code>280b0e7</code></a> http_config: Allow customizing TLS config and settings. (<a href="https://redirect.github.com/prometheus/common/issues/748">#748</a>)</li> <li><a href="https://github.com/prometheus/common/commit/aea8919bdc8b0b593086473f99c50ca6d5796c0c"><code>aea8919</code></a> Update common Prometheus files (<a href="https://redirect.github.com/prometheus/common/issues/747">#747</a>)</li> <li><a href="https://github.com/prometheus/common/commit/8d916fab5bd4b281fe2797100a6cabe2515d3d59"><code>8d916fa</code></a> Bump golang.org/x/net from 0.32.0 to 0.33.0 (<a href="https://redirect.github.com/prometheus/common/issues/743">#743</a>)</li> <li><a href="https://github.com/prometheus/common/commit/fe88605b113417b6baba52ec2850187ac127cc1c"><code>fe88605</code></a> Bump google.golang.org/protobuf from 1.35.2 to 1.36.1 (<a href="https://redirect.github.com/prometheus/common/issues/744">#744</a>)</li> <li><a href="https://github.com/prometheus/common/commit/5d9961df0b3ac7927a16495c3bf40f2de421725c"><code>5d9961d</code></a> Update common Prometheus files (<a href="https://redirect.github.com/prometheus/common/issues/742">#742</a>)</li> <li><a href="https://github.com/prometheus/common/commit/0a89b987581831cf1f9061b3197b8d86f7c7b21c"><code>0a89b98</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/common/issues/740">#740</a> from dashpole/update_om_links</li> <li><a href="https://github.com/prometheus/common/commit/e3926e2a56435b2213296803d4e6c6f66fc3c423"><code>e3926e2</code></a> update links to openmetrics to reference the v1.0.0 release</li> <li><a href="https://github.com/prometheus/common/commit/d88ee1f244f31e9376f4aa8ad865bd5c7dd4a814"><code>d88ee1f</code></a> Remove deprecated sigv4 module (<a href="https://redirect.github.com/prometheus/common/issues/737">#737</a>)</li> <li><a href="https://github.com/prometheus/common/commit/c3fdb171ceca4b3f86385f2f436c7e8cac676548"><code>c3fdb17</code></a> Remove deprecated promlog package (<a href="https://redirect.github.com/prometheus/common/issues/738">#738</a>)</li> <li><a href="https://github.com/prometheus/common/commit/cf5f48f181f5270eeac48e077e974ba0e00f5c58"><code>cf5f48f</code></a> Change default validation scheme to UTF8Validation (<a href="https://redirect.github.com/prometheus/common/issues/724">#724</a>)</li> <li>See full diff in <a href="https://github.com/prometheus/common/compare/v0.61.0...v0.62.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Adding @cometbft/interchain-inc to CODEOWNERS --- #### PR checklist - [ ] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments <hr>This is an automatic backport of pull request cometbft#4848 done by [Mergify](https://mergify.com). Co-authored-by: Zachary Becker <[email protected]>
…ometbft#4857) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.13.1 to 5.13.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's releases</a>.</em></p> <blockquote> <h2>v5.13.2</h2> <h2>What's Changed</h2> <ul> <li>plumbing: use the correct user agent string. Fixes <a href="https://redirect.github.com/go-git/go-git/issues/883">#883</a> by <a href="https://github.com/uragirii"><code>@uragirii</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1364">go-git/go-git#1364</a></li> <li>build: bump golang.org/x/sys from 0.28.0 to 0.29.0 in the golang-org group by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1365">go-git/go-git#1365</a></li> <li>build: bump the golang-org group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1367">go-git/go-git#1367</a></li> <li>build: bump github.com/ProtonMail/go-crypto from 1.1.3 to 1.1.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1368">go-git/go-git#1368</a></li> <li>build: bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1378">go-git/go-git#1378</a></li> <li>build: bump github/codeql-action from 3.28.0 to 3.28.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1376">go-git/go-git#1376</a></li> <li>build: bump github.com/elazarl/goproxy from 1.2.3 to 1.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1377">go-git/go-git#1377</a></li> <li>git: worktree, fix restoring dot slash files (backported to v5). Fixes <a href="https://redirect.github.com/go-git/go-git/issues/1176">#1176</a> by <a href="https://github.com/BeChris"><code>@BeChris</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1361">go-git/go-git#1361</a></li> <li>build: bump github.com/pjbgf/sha1cd from 0.3.0 to 0.3.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1392">go-git/go-git#1392</a></li> <li>git: worktree_status, fix adding dot slash files to working tree (backported to v5). Fixes <a href="https://redirect.github.com/go-git/go-git/issues/1150">#1150</a> by <a href="https://github.com/BeChris"><code>@BeChris</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1359">go-git/go-git#1359</a></li> <li>build: bump github.com/ProtonMail/go-crypto from 1.1.4 to 1.1.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1383">go-git/go-git#1383</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.13.1...v5.13.2">https://github.com/go-git/go-git/compare/v5.13.1...v5.13.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-git/go-git/commit/2c6824768b483ea030ba312972e508c23e62d75c"><code>2c68247</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1383">#1383</a> from go-git/dependabot/go_modules/github.com/ProtonM...</li> <li><a href="https://github.com/go-git/go-git/commit/d462c2e805717c5f084657eede3b8804b7d0566b"><code>d462c2e</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1359">#1359</a> from BeChris/issue1150-v5</li> <li><a href="https://github.com/go-git/go-git/commit/32ac23a70733b230478a7431f0210d5615e1c5b5"><code>32ac23a</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1392">#1392</a> from go-git/dependabot/go_modules/github.com/pjbgf/s...</li> <li><a href="https://github.com/go-git/go-git/commit/93e635a0f5255658775091b975512c7774b60767"><code>93e635a</code></a> build: bump github.com/pjbgf/sha1cd from 0.3.0 to 0.3.2</li> <li><a href="https://github.com/go-git/go-git/commit/b2bb975dca41917cc2efe5c40f7be0cdf9eeb0e9"><code>b2bb975</code></a> git: worktree_status, took into account code review remarks</li> <li><a href="https://github.com/go-git/go-git/commit/518ac8860920e2b52c039828f821321b53cb7f64"><code>518ac88</code></a> git: worktree_status, fix adding dot slash files to working tree (backported ...</li> <li><a href="https://github.com/go-git/go-git/commit/21b3150921b0ce9786fb38a81cd9a8dbad0207b2"><code>21b3150</code></a> build: bump github.com/ProtonMail/go-crypto from 1.1.4 to 1.1.5</li> <li><a href="https://github.com/go-git/go-git/commit/189e7e463f747abdd8e31ef2abcbd72ad1b90621"><code>189e7e4</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1361">#1361</a> from BeChris/issue1176-v5</li> <li><a href="https://github.com/go-git/go-git/commit/654815aad1bd5bc35d9f5eb3d7a201af0c4457f5"><code>654815a</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1377">#1377</a> from go-git/dependabot/go_modules/github.com/elazarl...</li> <li><a href="https://github.com/go-git/go-git/commit/91dbdb92df7594bc8e42e355e82bf2c63be31a22"><code>91dbdb9</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1376">#1376</a> from go-git/dependabot/github_actions/github/codeql-...</li> <li>Additional commits viewable in <a href="https://github.com/go-git/go-git/compare/v5.13.1...v5.13.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ometbft#4860) Bumps [github.com/dgraph-io/badger/v4](https://github.com/dgraph-io/badger) from 4.5.0 to 4.5.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dgraph-io/badger/releases">github.com/dgraph-io/badger/v4's releases</a>.</em></p> <blockquote> <h2>Badger v4.5.1</h2> <h2>What's Changed</h2> <ul> <li>Fix build for GOARCH=wasm with GOOS=js or GOOS=wasip1</li> <li>docs: Add pagination explanation to docs</li> <li>chore(deps): bump the minor group with 2 updates</li> <li>chore(deps): bump golang.org/x/net from 0.31.0 to 0.32.0 in the minor group</li> <li>chore(deps): bump github.com/dgraph-io/ristretto/v2 from 2.0.0 to 2.0.1 in the patch group</li> <li>chore(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0 in the minor group</li> <li>chore(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1 in the patch group</li> <li>chore(deps): bump the minor group with 2 updates</li> <li>fix(info): print Total BloomFilter Size with totalBloomFilter instead of totalIndex</li> <li>chore(deps): bump the minor group with 2 updates</li> <li>chore(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.2 in the patch group</li> <li>feat(info): print total size of listed keys</li> <li>chore(deps): bump github.com/dgraph-io/ristretto/v2 from 2.0.1 to 2.1.0 in the minor group</li> <li>chore(deps): bump google.golang.org/protobuf from 1.36.2 to 1.36.3 in the patch group</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dgraph-io/badger/compare/v4.5.0...v4.5.1">https://github.com/dgraph-io/badger/compare/v4.5.0...v4.5.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dgraph-io/badger/blob/main/CHANGELOG.md">github.com/dgraph-io/badger/v4's changelog</a>.</em></p> <blockquote> <h2>[4.5.1] - 2025-01-21</h2> <ul> <li>chore(deps): bump google.golang.org/protobuf from 1.36.2 to 1.36.3 in the patch group (<a href="https://redirect.github.com/dgraph-io/badger/issues/2150">#2150</a>)</li> <li>bump github.com/dgraph-io/ristretto/v2 from 2.0.1 to 2.1.0 in the minor group (<a href="https://redirect.github.com/dgraph-io/badger/issues/2151">#2151</a>)</li> <li>feat(info): print total size of listed keys (<a href="https://redirect.github.com/dgraph-io/badger/issues/2149">#2149</a>)</li> <li>chore(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.2 in the patch group (<a href="https://redirect.github.com/dgraph-io/badger/issues/2146">#2146</a>)</li> <li>chore(deps): bump the minor group with 2 updates (<a href="https://redirect.github.com/dgraph-io/badger/issues/2147">#2147</a>)</li> <li>fix(info): print Total BloomFilter Size with totalBloomFilter instead of totalIndex (<a href="https://redirect.github.com/dgraph-io/badger/issues/2145">#2145</a>)</li> <li>chore(deps): bump the minor group with 2 updates (<a href="https://redirect.github.com/dgraph-io/badger/issues/2141">#2141</a>)</li> <li>chore(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1 in the patch group (<a href="https://redirect.github.com/dgraph-io/badger/issues/2140">#2140</a>)</li> <li>chore(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0 in the minor group (<a href="https://redirect.github.com/dgraph-io/badger/issues/2139">#2139</a>)</li> <li>chore(deps): bump github.com/dgraph-io/ristretto/v2 from 2.0.0 to 2.0.1 in the patch group (<a href="https://redirect.github.com/dgraph-io/badger/issues/2136">#2136</a>)</li> <li>chore(deps): bump golang.org/x/net from 0.31.0 to 0.32.0 in the minor group (<a href="https://redirect.github.com/dgraph-io/badger/issues/2137">#2137</a>)</li> <li>chore(deps): bump the minor group with 2 updates (<a href="https://redirect.github.com/dgraph-io/badger/issues/2135">#2135</a>)</li> <li>docs: Add pagination explanation to docs (<a href="https://redirect.github.com/dgraph-io/badger/issues/2134">#2134</a>)</li> <li>Fix build for GOARCH=wasm with GOOS=js or GOOS=wasip1 (<a href="https://redirect.github.com/dgraph-io/badger/issues/2048">#2048</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dgraph-io/badger/compare/v4.5.0...v4.5.1">https://github.com/dgraph-io/badger/compare/v4.5.0...v4.5.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dgraph-io/badger/commit/64b2f3736e24c16219b0e74f826d46c7187d6f46"><code>64b2f37</code></a> add changelog for v4.5.1 (<a href="https://redirect.github.com/dgraph-io/badger/issues/2152">#2152</a>)</li> <li><a href="https://github.com/dgraph-io/badger/commit/f5e00bd788d837e3caa8ae105444ed7f1b28a8e0"><code>f5e00bd</code></a> chore(deps): bump google.golang.org/protobuf from 1.36.2 to 1.36.3 in the pat...</li> <li><a href="https://github.com/dgraph-io/badger/commit/79bd7dae4d2dff7c1defdeeefe5c8e25b1ea1ee2"><code>79bd7da</code></a> chore(deps): bump github.com/dgraph-io/ristretto/v2 from 2.0.1 to 2.1.0 in th...</li> <li><a href="https://github.com/dgraph-io/badger/commit/a3882a0ba21a7304c89c0985c84a4208ba27a074"><code>a3882a0</code></a> feat(info): print total size of listed keys (<a href="https://redirect.github.com/dgraph-io/badger/issues/2149">#2149</a>)</li> <li><a href="https://github.com/dgraph-io/badger/commit/0b6e40fd2aa8ac339066cc040f1e921250bf0faf"><code>0b6e40f</code></a> chore(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.2 in the pat...</li> <li><a href="https://github.com/dgraph-io/badger/commit/40955c4ee476aea951b567a46915a7246825f55f"><code>40955c4</code></a> chore(deps): bump the minor group with 2 updates (<a href="https://redirect.github.com/dgraph-io/badger/issues/2147">#2147</a>)</li> <li><a href="https://github.com/dgraph-io/badger/commit/6f5ff28c693f567ea31f12b42375a280e5bdbb9b"><code>6f5ff28</code></a> fix(info): print Total BloomFilter Size with totalBloomFilter instead of tota...</li> <li><a href="https://github.com/dgraph-io/badger/commit/eba96a1b97c712011e4f7cd811cb5dd9ca0d347e"><code>eba96a1</code></a> chore(deps): bump the minor group with 2 updates (<a href="https://redirect.github.com/dgraph-io/badger/issues/2141">#2141</a>)</li> <li><a href="https://github.com/dgraph-io/badger/commit/461afd8252479b97f9be50551165ec7e6b4d096c"><code>461afd8</code></a> chore(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1 in the pat...</li> <li><a href="https://github.com/dgraph-io/badger/commit/b514761c7513fb97b1f6af5f15a338197da60971"><code>b514761</code></a> chore(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0 in the min...</li> <li>Additional commits viewable in <a href="https://github.com/dgraph-io/badger/compare/v4.5.0...v4.5.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
cometbft#4871) to use `dstMinPk` Closes cometbft#4783<hr>This is an automatic backport of pull request cometbft#4813 done by [Mergify](https://mergify.com). Co-authored-by: Anton Kaliaev <[email protected]>
… (cometbft#4870) BEFORE: running `unsafe-reset-all` results in `priv_key` value in `priv_validator_key.json` being cleared. This is due to changes introduced in cometbft#3603 where we changed the struct definition of PrivKey from type PrivKey `[]byte` to type `PrivKey struct {sk *blst.SecretKey}`. With the new definition, the combat JSON encoder treats this field as hidden since it starts in lowercase. Even though `PrivKey` implements `json.Marshaller` it doesn't pass the check https://github.com/cometbft/cometbft/blob/main/libs/json/encoder.go#L84 because it's the pointer. AFTER: running `unsafe-reset-all` results in `priv_key` value in `priv_validator_key.json` being the same.<hr>This is an automatic backport of pull request cometbft#4772 done by [Mergify](https://mergify.com). Co-authored-by: Anton Kaliaev <[email protected]>
…etbft#4879) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.12.0 to 6.13.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/build-push-action/releases">docker/build-push-action's releases</a>.</em></p> <blockquote> <h2>v6.13.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.51.0 to 0.53.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1308">docker/build-push-action#1308</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.12.0...v6.13.0">https://github.com/docker/build-push-action/compare/v6.12.0...v6.13.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/build-push-action/commit/ca877d9245402d1537745e0e356eab47c3520991"><code>ca877d9</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1308">#1308</a> from docker/dependabot/npm_and_yarn/docker/actions-t...</li> <li><a href="https://github.com/docker/build-push-action/commit/d2fe919bb5012a6186426dc91c361c4980d10c2d"><code>d2fe919</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/f0fc9ece82cf2ace13ec8f35687697ae511bdf74"><code>f0fc9ec</code></a> chore(deps): Bump <code>@docker/actions-toolkit</code> from 0.51.0 to 0.53.0</li> <li>See full diff in <a href="https://github.com/docker/build-push-action/compare/v6.12.0...v6.13.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ometbft#4884) Bumps google.golang.org/protobuf from 1.36.3 to 1.36.4. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…bft#4885) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.69.4 to 1.70.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's releases</a>.</em></p> <blockquote> <h2>Release 1.70.0</h2> <h1>Behavior Changes</h1> <ul> <li>client: reject service configs containing an invalid retryPolicy in accordance with gRFCs <a href="https://github.com/grpc/proposal/blob/master/A21-service-config-error-handling.md">A21</a> and <a href="https://github.com/grpc/proposal/blob/master/A6-client-retries.md">A6</a>. (<a href="https://redirect.github.com/grpc/grpc-go/issues/7905">#7905</a>) <ul> <li>Note that this is a potential breaking change for some users using an invalid configuration, but continuing to allow this behavior would violate our cross-language compatibility requirements.</li> </ul> </li> </ul> <h1>New Features</h1> <ul> <li>xdsclient: fallback to a secondary management server (if specified in the bootstrap configuration) when the primary is down is enabled by default. Can be disabled by setting the environment variable <code>GRPC_EXPERIMENTAL_XDS_FALLBACK</code> to <code>false</code>. (<a href="https://redirect.github.com/grpc/grpc-go/issues/7949">#7949</a>)</li> <li>experimental/credentials: experimental transport credentials are added which don't enforce ALPN. (<a href="https://redirect.github.com/grpc/grpc-go/issues/7980">#7980</a>) <ul> <li>These credentials will be removed in an upcoming grpc-go release. Users must not rely on these credentials directly. Instead, they should either vendor a specific version of gRPC or copy the relevant credentials into their own codebase if absolutely necessary.</li> </ul> </li> </ul> <h1>Bug Fixes</h1> <ul> <li>xds: fix a possible deadlock that happens when both the client application and the xDS management server (responsible for configuring the client) are using the xds:/// scheme in their target URIs. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8011">#8011</a>)</li> </ul> <h1>Performance</h1> <ul> <li>server: for unary requests, free raw request message data as soon as parsing is finished instead of waiting until the method handler returns. (<a href="https://redirect.github.com/grpc/grpc-go/issues/7998">#7998</a>) <ul> <li>Special Thanks: <a href="https://github.com/lqs"><code>@lqs</code></a></li> </ul> </li> </ul> <h1>Documentation</h1> <ul> <li>examples/features/gracefulstop: add example to demonstrate server graceful stop. (<a href="https://redirect.github.com/grpc/grpc-go/issues/7865">#7865</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc-go/commit/98a0092952dd4d8443229c3a335ec592d9c40c9b"><code>98a0092</code></a> Change version to 1.70.0 (<a href="https://redirect.github.com/grpc/grpc-go/issues/7984">#7984</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/bf380dec5e059ea6e7d07cec015dd0c913831a6a"><code>bf380de</code></a> Cherrypick <a href="https://redirect.github.com/grpc/grpc-go/issues/7998">#7998</a>, <a href="https://redirect.github.com/grpc/grpc-go/issues/8011">#8011</a>, <a href="https://redirect.github.com/grpc/grpc-go/issues/8010">#8010</a> into 1.70.x (<a href="https://redirect.github.com/grpc/grpc-go/issues/8028">#8028</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/54b3eb97dbf7400efb5750f26084c2d3b2eff120"><code>54b3eb9</code></a> experimental/credentials: Add credentials that don't enforce ALPN (<a href="https://redirect.github.com/grpc/grpc-go/issues/7980">#7980</a>) (<a href="https://redirect.github.com/grpc/grpc-go/issues/8">#8</a>...</li> <li><a href="https://github.com/grpc/grpc-go/commit/62b9185a6296155e47efd39d60298d8de0a6ed1d"><code>62b9185</code></a> clustetresolver: Copy endpoints.Addresses slice from DNS updates to avoid dat...</li> <li><a href="https://github.com/grpc/grpc-go/commit/724f450f77a09bade8174e5052625977069aaf81"><code>724f450</code></a> examples/features/csm_observability: use helloworld client and server instead...</li> <li><a href="https://github.com/grpc/grpc-go/commit/e8d5feb181766059429259ce3345ddb1f667ded5"><code>e8d5feb</code></a> rbac: add method name to :path in headers (<a href="https://redirect.github.com/grpc/grpc-go/issues/7965">#7965</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/e912015fd3f4aabdff6d6cf835e321c19a204afb"><code>e912015</code></a> cleanup: Fix usages of non-constant format strings (<a href="https://redirect.github.com/grpc/grpc-go/issues/7959">#7959</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/681334a46115da3a5f9086c47e3d501a19362256"><code>681334a</code></a> cleanup: replace dial with newclient (<a href="https://redirect.github.com/grpc/grpc-go/issues/7943">#7943</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/063d352de07403a582ef33f8f5f8149e3b57c47e"><code>063d352</code></a> internal/resolver: introduce a new resolver to handle target URI and proxy ad...</li> <li><a href="https://github.com/grpc/grpc-go/commit/10c7e13311f48bf5237738f4f19b53f62b1146cd"><code>10c7e13</code></a> outlierdetection: Support health listener for ejection updates (<a href="https://redirect.github.com/grpc/grpc-go/issues/7908">#7908</a>)</li> <li>Additional commits viewable in <a href="https://github.com/grpc/grpc-go/compare/v1.69.4...v1.70.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…tbft#4890) due to sec vuln Vulnerability #1: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: net/[email protected] Fixed in: net/[email protected] Example traces found: Error: #1: rpc/jsonrpc/client/http_json_client.go:231:34: client.Client.Call calls http.Client.Do Error: #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls cobra.Command.Execute, which eventually calls http.Client.Get Error: #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile calls http.Get Vulnerability #2: GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: crypto/[email protected] Fixed in: crypto/[email protected] Example traces found: Error: #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20: model.DB.Close calls badger.DB.Close, which eventually calls x509.CertPool.AppendCertsFromPEM Error: #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify Error: #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial calls websocket.Dialer.Dial, which eventually calls x509.Certificate.VerifyHostname Error: #4: light/errors.go:483:84: light.errBadWitness.Error calls x509.HostnameError.Error Error: #5: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseCertificate Error: #6: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseECPrivateKey Error: #7: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS1PrivateKey Error: #8: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS8PrivateKey <hr>This is an automatic backport of pull request cometbft#4888 done by [Mergify](https://mergify.com). --------- Co-authored-by: Anton Kaliaev <[email protected]>
cometbft#4816) (cometbft#4892) Closes cometbft#4815. The added test units allowed us to catch overflow scenarios in some architectures, in particular `linux/amd64`. The same is not observed in the `arm64` architecture. Sanity checks were added to prevent this from happening. Further more, `MessageDelay` is now capped at 24hrs, `Precision` - 30 sec.<hr>This is an automatic backport of pull request cometbft#4816 done by [Mergify](https://mergify.com). --------- Co-authored-by: Daniel <[email protected]> Co-authored-by: Anton Kaliaev <[email protected]>
lower than what was previously reported GHSA-22qq-3xwm-r5x4
ASA-2025-001: GHSA-r3r4-g7hq-pq4f
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.