merge: sync fork #12

marcello33 · 2025-02-05T09:59:19Z

Sync fork

Follow-up of cometbft#4475. The e2e application by default produces a colorized output. This should not be the case for the same reasons explained in cometbft#4452. --- #### PR checklist - [ ] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments

…tbft#4550) When calling the RPC endpoints `broadcast_tx_*`, the mempool returns a `reqRes` object with a potential error. Before cometbft#4040, `reqRes` didn't have an error. An error on the ABCI CheckTx call would be returned encoded in the fields Code, Log, etc, of `ResultBroadcastTx`. Any other internal error of the mempool would be discarded. The problem is that now when the transaction is invalid, `broadcast_tx_*` return `ErrTxBroadcast{Source: ErrCheckTxFailed, ErrReason: err}` where `err` is simply `ErrInvalidTx`, without any other information. This PR adds all the fields in `ResultBroadcastTx` (Code, Data, Log, Codespace, and Hash) to `ErrInvalidTx`, so that this information is available gain to the `broadcast_tx_*` caller. --- #### PR checklist - [x] Tests written/updated - [x] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments --------- Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

Solves cometbft#4318 Based on cometbft#4476 [README.md](https://github.com/cometbft/cometbft/tree/hvanz/dog-spec-4318/spec/mempool/gossip) --------- Co-authored-by: Andy Nogueira <[email protected]> Co-authored-by: Daniel <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

…metbft#4556) Closes cometbft#4549 It can be reviewed commit by commit. --------- Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

Signed-off-by: hishope <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

cometbft#4565) Closes cometbft#4481 --- #### PR checklist - [ ] Tests written/updated - [x] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments

Closes cometbft#4430 This PR adds a new flag `--num-nodes-per-tx N ` where N is the number of nodes to which the loader is sending the same transactions in an iteration. If omitted the transactions are sent in round robin. This was added to facilitate testing the efficiency of the DOG protocol. --- #### PR checklist - [ ] Tests written/updated - [x] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments --------- Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> Co-authored-by: Hernán Vanzetto <[email protected]>

--- #### PR checklist - [ ] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments

…tbft#4595) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.9.0 to 6.10.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/build-push-action/releases">docker/build-push-action's releases</a>.</em></p> <blockquote> <h2>v6.10.0</h2> <ul> <li>Add <code>call</code> input to set method for evaluating build by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1265">docker/build-push-action#1265</a></li> <li>Bump <code>@actions/core</code> from 1.10.1 to 1.11.1 in <a href="https://redirect.github.com/docker/build-push-action/pull/1238">docker/build-push-action#1238</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.39.0 to 0.46.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1268">docker/build-push-action#1268</a></li> <li>Bump cross-spawn from 7.0.3 to 7.0.6 in <a href="https://redirect.github.com/docker/build-push-action/pull/1261">docker/build-push-action#1261</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.9.0...v6.10.0">https://github.com/docker/build-push-action/compare/v6.9.0...v6.10.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/build-push-action/commit/48aba3b46d1b1fec4febb7c5d0c644b249a11355"><code>48aba3b</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1268">#1268</a> from docker/dependabot/npm_and_yarn/docker/actions-t...</li> <li><a href="https://github.com/docker/build-push-action/commit/678328cf8e3098e9f2f1d936ae548c9479d6df42"><code>678328c</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/cdf0a37e6f1233dd28f23c10211c33e67a7bec71"><code>cdf0a37</code></a> chore(deps): Bump <code>@docker/actions-toolkit</code> from 0.39.0 to 0.46.0</li> <li><a href="https://github.com/docker/build-push-action/commit/d719b79de1e8e269d4fcc5a80898196da2d0c5b6"><code>d719b79</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1238">#1238</a> from docker/dependabot/npm_and_yarn/actions/core-1.11.1</li> <li><a href="https://github.com/docker/build-push-action/commit/c333dfd43deaf1620b3379589ac39a11be13c72c"><code>c333dfd</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/6b56a4c3f83c50fa6630a247100ee2d2905aaa5f"><code>6b56a4c</code></a> chore(deps): Bump <code>@actions/core</code> from 1.10.1 to 1.11.1</li> <li><a href="https://github.com/docker/build-push-action/commit/92fb0d73b623b7ebf48bd248bd465b6a5cbe7c60"><code>92fb0d7</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1259">#1259</a> from docker/dependabot/github_actions/codecov/codeco...</li> <li><a href="https://github.com/docker/build-push-action/commit/40532c5d6fa1c2aef883289629dcadf2e77165a4"><code>40532c5</code></a> ci: fix deprecated input for codecov-action</li> <li><a href="https://github.com/docker/build-push-action/commit/70dd95342711510431dc0bd25494df47756d27c3"><code>70dd953</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1267">#1267</a> from crazy-max/fix-allow</li> <li><a href="https://github.com/docker/build-push-action/commit/41b4e8020e9e4e2a35082a19644371a54db50097"><code>41b4e80</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1261">#1261</a> from docker/dependabot/npm_and_yarn/cross-spawn-7.0.6</li> <li>Additional commits viewable in <a href="https://github.com/docker/build-push-action/compare/v6.9.0...v6.10.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/build-push-action&package-manager=github_actions&previous-version=6.9.0&new-version=6.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

…ometbft#4594) Bumps [github.com/dgraph-io/badger/v4](https://github.com/dgraph-io/badger) from 4.4.0 to 4.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dgraph-io/badger/releases">github.com/dgraph-io/badger/v4's releases</a>.</em></p> <blockquote> <h2>Badger v4.5.0</h2> <h2>What's Changed</h2> <ul> <li>fix the cd pipeline by <a href="https://github.com/mangalaman93"><code>@mangalaman93</code></a> in <a href="https://redirect.github.com/dgraph-io/badger/pull/2127">dgraph-io/badger#2127</a></li> <li>chore(deps): bump the minor group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dgraph-io/badger/pull/2128">dgraph-io/badger#2128</a></li> <li>chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 in the minor group by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dgraph-io/badger/pull/2130">dgraph-io/badger#2130</a></li> <li>upgrade protobuf library by <a href="https://github.com/shivaji-kharse"><code>@shivaji-kharse</code></a> in <a href="https://redirect.github.com/dgraph-io/badger/pull/2131">dgraph-io/badger#2131</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dgraph-io/badger/compare/v4.4.0...v4.5.0">https://github.com/dgraph-io/badger/compare/v4.4.0...v4.5.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dgraph-io/badger/blob/main/CHANGELOG.md">github.com/dgraph-io/badger/v4's changelog</a>.</em></p> <blockquote> <h2>[4.5.0] - 2024-11-29</h2> <ul> <li>fix the cd pipeline by <a href="https://github.com/mangalaman93"><code>@mangalaman93</code></a> in <a href="https://redirect.github.com/dgraph-io/badger/pull/2127">dgraph-io/badger#2127</a></li> <li>chore(deps): bump the minor group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dgraph-io/badger/pull/2128">dgraph-io/badger#2128</a></li> <li>chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 in the minor group by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dgraph-io/badger/pull/2130">dgraph-io/badger#2130</a></li> <li>upgrade protobuf library by <a href="https://github.com/shivaji-kharse"><code>@shivaji-kharse</code></a> in <a href="https://redirect.github.com/dgraph-io/badger/pull/2131">dgraph-io/badger#2131</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dgraph-io/badger/compare/v4.4.0...v4.5.0">https://github.com/dgraph-io/badger/compare/v4.4.0...v4.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dgraph-io/badger/commit/bb576b6d2dee462f50a1b9b7bb4084683b30e78d"><code>bb576b6</code></a> upgrade protobuf library to google's protobuf (<a href="https://redirect.github.com/dgraph-io/badger/issues/2131">#2131</a>)</li> <li><a href="https://github.com/dgraph-io/badger/commit/aa95f1788d1c18abcced443f223a7c585e5dc302"><code>aa95f17</code></a> chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 in the min...</li> <li><a href="https://github.com/dgraph-io/badger/commit/36c461a435c53a8a81e7377c2b026b24d37eee0c"><code>36c461a</code></a> chore(deps): bump the minor group with 2 updates (<a href="https://redirect.github.com/dgraph-io/badger/issues/2128">#2128</a>)</li> <li><a href="https://github.com/dgraph-io/badger/commit/877e74a825059b60960d8998effb3e1791617e32"><code>877e74a</code></a> fix the cd pipeline (<a href="https://redirect.github.com/dgraph-io/badger/issues/2127">#2127</a>)</li> <li>See full diff in <a href="https://github.com/dgraph-io/badger/compare/v4.4.0...v4.5.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/dgraph-io/badger/v4&package-manager=go_modules&previous-version=4.4.0&new-version=4.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

…ometbft#4503) Bumps google.golang.org/protobuf from 1.35.1 to 1.35.2. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/protobuf&package-manager=go_modules&previous-version=1.35.1&new-version=1.35.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

…ery`. (cometbft#4605) ### Context Using `latest` for `mockery` causes changes in the mocks with almost every new release, which in turn makes our CI fail. By fixing `mockery`'s version, we can prevent this issue. Additionally, `mockery`'s documentation suggests not to use `latest` anyway, so we were doing it incorrectly from the start. ### Changes This PR pins the `mockery` version to `v2.49.2` (the latest release). The `main` branch already uses mocks generated with this version, so using any other version of `mockery` would alter the mocks again. At least we get the benefit from the latest bug fixes. --- #### PR checklist - ~[ ] Tests written/updated~ - [x] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - ~[ ] Updated relevant documentation (`docs/` or `spec/`) and code comments~

Refs cometbft#4549

Closes cometbft#4319 [adr-119-dog-mempool-gossip.md](https://github.com/cometbft/cometbft/blob/jasmina/dog-adr/docs/references/architecture/adr-119-dog-mempool-gossip.md) --- #### PR checklist - [ ] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments --------- Co-authored-by: Hernán Vanzetto <[email protected]> Co-authored-by: Daniel <[email protected]> Co-authored-by: Anton Kaliaev <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.20.0 to 0.21.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/text/commit/d42948e5579eb996bedb7df76c7ad57fae4e83c7"><code>d42948e</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/text/compare/v0.20.0...v0.21.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/text&package-manager=go_modules&previous-version=0.20.0&new-version=0.21.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…bft#4631) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.68.0 to 1.68.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's releases</a>.</em></p> <blockquote> <h2>Release 1.68.1</h2> <h1>Bug Fixes</h1> <ul> <li>credentials/alts: avoid SRV and TXT lookups for handshaker service to work around hangs caused by buggy versions of systemd-resolved. (<a href="https://redirect.github.com/grpc/grpc-go/issues/7861">#7861</a>)</li> </ul> <h1>Dependencies</h1> <ul> <li>Relax minimum Go version requirement from <code>go1.22.7</code> to <code>go1.22</code>. (<a href="https://redirect.github.com/grpc/grpc-go/issues/7831">#7831</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc-go/commit/d6a777f952c77822f0190dff71b1fe8fe250538c"><code>d6a777f</code></a> Change version to 1.68.1 (<a href="https://redirect.github.com/grpc/grpc-go/issues/7894">#7894</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/9c54bbb043c04328b7596a4da44760d6afb52e6f"><code>9c54bbb</code></a> deps: Remove go patch version from go.mod (<a href="https://redirect.github.com/grpc/grpc-go/issues/7831">#7831</a>) (<a href="https://redirect.github.com/grpc/grpc-go/issues/7877">#7877</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/dc26fee14d6036c219cb7d23000d15ddedb54712"><code>dc26fee</code></a> credentials/alts: avoid SRV and TXT lookups for handshaker service (<a href="https://redirect.github.com/grpc/grpc-go/issues/7861">#7861</a>) (#...</li> <li><a href="https://github.com/grpc/grpc-go/commit/eff4b167246af899aacd496e0340645159f14e55"><code>eff4b16</code></a> Change version to 1.68.1-dev (<a href="https://redirect.github.com/grpc/grpc-go/issues/7745">#7745</a>)</li> <li>See full diff in <a href="https://github.com/grpc/grpc-go/compare/v1.68.0...v1.68.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/grpc&package-manager=go_modules&previous-version=1.68.0&new-version=1.68.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…#4629) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.29.0 to 0.30.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/7042ebcbe097f305ba3a93f9a22b4befa4b83d29"><code>7042ebc</code></a> openpgp/clearsign: just use rand.Reader in tests</li> <li><a href="https://github.com/golang/crypto/commit/3e90321ac7bcee3d924ed63ed3ad97be2079cb56"><code>3e90321</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/8c4e668694ccbaa1be4785da7e7a40f2ef93152b"><code>8c4e668</code></a> x509roots/fallback: update bundle</li> <li>See full diff in <a href="https://github.com/golang/crypto/compare/v0.29.0...v0.30.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/crypto&package-manager=go_modules&previous-version=0.29.0&new-version=0.30.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

@greg-szabo

…etbft#4633) This is a drive-by fix of a test that doesn't shut its threads down until the whole `go test` execution finishes. I think we have a bunch of these, but I came across this one during an unrelated troubleshooting. Is it worth fixing this? It's not really causing any issues, it's just sloppy coding. The only way to see any difference is to run the `go test` until it reaches its time limit and panics. In that case, the trace will contain references to the threads. For example: ``` go test github.com/cometbft/cometbft/blocksync -v -run TestBlockPoolMaliciousNode -count 100 -failfast -race -timeout 30s ``` After 30 seconds the test didn't run 100 times yet, hence `go test` panics. Because the test has been run multiple times already, multiple sets of threads will be reported in the panic. With the fix, only one set is reported. Author: @greg-szabo --------- Co-authored-by: Greg Szabo <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

…ometbft#4555) Closes cometbft#4558 The bulk of the work is in one file: `mempool/reactor.go`. Each commit is a self-contained addition to the code: - [add new proto messages HaveTx and ResetRoute](cometbft@e236427) - [add config](cometbft@bca343a) - [add MempoolControlChannel](cometbft@cb65e15) - [add GetSenders method to Mempool interface, and Senders to Entry interface](cometbft@d73f263) - [add router to mempool reactor](cometbft@fb38f14) - [add redundancy controller to mempool reactor](cometbft@f91be43) - [add metrics DisabledRoutes and Redundancy](cometbft@28b14f1) - [add changelog file](cometbft@4677722) --- #### PR checklist - [X] Tests written/updated - [X] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [X] Updated relevant documentation (`docs/` or `spec/`) and code comments --------- Co-authored-by: Jasmina Malicevic <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

--- #### PR checklist - [ ] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments --------- Co-authored-by: hvanz <[email protected]> Co-authored-by: Hernán Vanzetto <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

… 1.0.0-rc2 (cometbft#4536) Bumps [github.com/cometbft/cometbft/api](https://github.com/cometbft/cometbft) from 1.0.0-rc.1 to 1.0.0-rc2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cometbft/cometbft/releases">github.com/cometbft/cometbft/api's releases</a>.</em></p> <blockquote> <h2>v1.0.0-rc2</h2> <p>See the <a href="https://github.com/cometbft/cometbft/blob/v1.0.0-rc2/CHANGELOG.md">CHANGELOG</a> for changes available in this pre-release, but not yet officially released.</p> <h2>v1.0.0-rc1</h2> <p>See the <a href="https://github.com/cometbft/cometbft/blob/v1.0.0-rc1/CHANGELOG.md">CHANGELOG</a> for changes available in this pre-release, but not yet officially released.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/cometbft/cometbft/blob/v1.0.0-rc2/CHANGELOG.md">github.com/cometbft/cometbft/api's changelog</a>.</em></p> <blockquote> <h1>CHANGELOG</h1> <h2>Unreleased</h2> <p><em>November 20, 2024</em></p> <p>This is a major release of CometBFT that includes several substantial changes that aim to reduce bandwidth consumption, enable modularity, improve integrators' experience and increase the velocity of the CometBFT development team, including:</p> <ol> <li>Proposer-Based Timestamps (PBTS) support. PBTS is a Byzantine fault-tolerant algorithm used by CometBFT for computing block times. When activated on a chain, it replaces the pre-existing BFT-time algorithm. See <a href="https://github.com/cometbft/cometbft/blob/v1.0.0-rc2/spec/consensus/proposer-based-timestamp">spec</a> doc for PBTS.</li> <li>Validators now proactively communicate the block parts they already have so others do not resend them, reducing amplification in the network and reducing bandwidth consumption.</li> <li>An experimental feature in the mempool that allows limiting the number of peers to which transactions are forwarded, allowing operators to optimize gossip-related bandwidth consumption further.</li> <li>An opt-in <code>nop</code> mempool, which allows application developers to turn off all mempool-related functionality in Comet such that they can build their own transaction dissemination mechanism, for example a standalone mempool-like process that can be scaled independently of the consensus engine/application. This requires application developers to implement their own gossip/networking mechanisms. See <a href="https://github.com/cometbft/cometbft/blob/v1.0.0-rc2/docs/architecture/adr-111-nop-mempool.md">ADR 111</a> for details.</li> <li>The first officially supported release of the <a href="./docs/architecture/adr-101-data-companion-pull-api.md">data companion API</a>.</li> <li>Versioning of both the Protobuf definitions <em>and</em> RPC. By versioning our APIs, we aim to provide a level of commitment to API stability while simultaneously affording ourselves the ability to roll out substantial changes in non-breaking releases of CometBFT. See <a href="./docs/architecture/adr-103-proto-versioning.md">ADR 103</a> and <a href="./docs/architecture/adr-107-betaize-proto-versions.md">ADR 107</a>.</li> <li>Moving many Go packages that are currently publicly accessible into the <code>internal</code> directory such that the team can roll out substantial changes in future without needing to worry about causing breakages in users' codebases. The massive surface area of previous versions has in the past significantly hampered the team's ability to roll out impactful new changes to users, as previously such changes required a new breaking release (which currently takes 6 to 12 months to reach production use for many users). See <a href="./docs/architecture/adr-109-reduce-go-api-surface.md">ADR 109</a> for more details.</li> </ol> <p>None of these changes are state machine-breaking for CometBFT-based networks, but could be breaking for some users who depend on the Protobuf definitions type URLs.</p> <p>See the <a href="https://github.com/cometbft/cometbft/blob/v1.0.0-rc2/UPGRADING.md">upgrading guidelines</a> and the specific changes below for more details. In this release,</p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cometbft/cometbft/commit/fc4e719dbc462a681fb5ff04ea78f3f93f2876d8"><code>fc4e719</code></a> chore(release): v1.0.0-rc2 (<a href="https://redirect.github.com/cometbft/cometbft/issues/4455">#4455</a>)</li> <li><a href="https://github.com/cometbft/cometbft/commit/924575f061d7de792e9a0bdd6093b9902530a0a4"><code>924575f</code></a> fix(spec): Update maximum signature size info (backport <a href="https://redirect.github.com/cometbft/cometbft/issues/4516">#4516</a>) (<a href="https://redirect.github.com/cometbft/cometbft/issues/4517">#4517</a>)</li> <li><a href="https://github.com/cometbft/cometbft/commit/067aefae4e6247257c9bfc1c437c020fffd9fb71"><code>067aefa</code></a> chore: updates in preparation for v1.0.0-rc2 (backport <a href="https://redirect.github.com/cometbft/cometbft/issues/4454">#4454</a>) (<a href="https://redirect.github.com/cometbft/cometbft/issues/4518">#4518</a>)</li> <li><a href="https://github.com/cometbft/cometbft/commit/4dafdf967f98c82c80423b12e96bed6b5322d1b4"><code>4dafdf9</code></a> build(deps): Bump google.golang.org/protobuf from 1.35.1 to 1.35.2 (<a href="https://redirect.github.com/cometbft/cometbft/issues/4509">#4509</a>)</li> <li><a href="https://github.com/cometbft/cometbft/commit/a1ae610d29d216c30fda86214bcd35fe24167206"><code>a1ae610</code></a> build(deps): Bump slackapi/slack-github-action from 1.27.0 to 2.0.0 (<a href="https://redirect.github.com/cometbft/cometbft/issues/4508">#4508</a>)</li> <li><a href="https://github.com/cometbft/cometbft/commit/9b091658f9b6f2a7af76febc5ae999515b6c0450"><code>9b09165</code></a> build(deps): Bump bufbuild/buf-setup-action from 1.46.0 to 1.47.2 (<a href="https://redirect.github.com/cometbft/cometbft/issues/4507">#4507</a>)</li> <li><a href="https://github.com/cometbft/cometbft/commit/bf8653356ce3ac2352a0bc995468cbf969bc799b"><code>bf86533</code></a> fix(spec/abci): Added proper description of <code>ExtendedVoteInfo</code> and <code>VoteInfo</code>...</li> <li><a href="https://github.com/cometbft/cometbft/commit/e2605f44052cf62d264a69c051be9c2e6298097b"><code>e2605f4</code></a> chore(docs): Expand contributing guidelines (backport <a href="https://redirect.github.com/cometbft/cometbft/issues/4459">#4459</a>) (<a href="https://redirect.github.com/cometbft/cometbft/issues/4482">#4482</a>)</li> <li><a href="https://github.com/cometbft/cometbft/commit/d321e36d4f2dc8f450a15e04cd7d8b15b150e4a1"><code>d321e36</code></a> build(deps): Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (<a href="https://redirect.github.com/cometbft/cometbft/issues/4466">#4466</a>)</li> <li><a href="https://github.com/cometbft/cometbft/commit/43086ab672f42fa9f6d6a7f2fdfec25e66805ca9"><code>43086ab</code></a> build(deps): Bump golang.org/x/net from 0.30.0 to 0.31.0 (<a href="https://redirect.github.com/cometbft/cometbft/issues/4465">#4465</a>)</li> <li>Additional commits viewable in <a href="https://github.com/cometbft/cometbft/compare/api/v1.0.0-rc.1...v1.0.0-rc2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cometbft/cometbft/api&package-manager=go_modules&previous-version=1.0.0-rc.1&new-version=1.0.0-rc2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> Co-authored-by: Andy Nogueira <[email protected]>

…ronment` (cometbft#4639) ### Context Because `rpc.Environment` does not store a `GenesisDoc` in memory anymore, (see cometbft#1290), we don't need to create it as a singleton. The risk of storing multiple copies of the genesis in memory isn't there anymore, because we now load it from disk. ### This Change This PR removes the `sync.Once` construct that we put in place. ### Additional Note The change also ensures that [`TestProvider`](https://github.com/cometbft/cometbft/blob/b16c6fc2c8b2fc5a468fead32a8fe9057d6cce2f/light/provider/http/http_test.go#L36) in the `light/provider/http` package behaves as expected. In `main`, this test passes because it's set up using a [`MemDB`](https://github.com/cometbft/cometbft-db/blob/4cf60c715fe8daccb9dce3b24295575bd461d5d8/memdb.go#L52), which is a dummy in-memory store rather than a real database. Thus, database `Get` operations always succeed. However, in the context of the [work to remove cometbft-db](cometbft#4601), we now use a "real" database, i.e., one that a `Node` closes when it shuts down. Since the `Environment` object was treated as a singleton, each iteration of `TestProvider` created a new `Node` using the same underlying database. This database would be closed at the end of the first iteration when that iteration's `Node` shut down. Subsequent iterations then attempted to call `Get` on a closed database, causing a panic. This change fixes that issue. --- #### PR checklist - [x] Tests written/updated - [x] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - ~[ ] Updated relevant documentation (`docs/` or `spec/`) and code comments~

follow up to cometbft#4633 See https://github.com/cometbft/cometbft/actions/runs/12247740137/job/34188217504 <details> <summary>DATA RACE</summary> ================== WARNING: DATA RACE Write at 0x00c00028f110 by goroutine 507: runtime.mapassign_faststr() /opt/hostedtoolcache/go/1.23.1/x64/src/runtime/map_faststr.go:223 +0x0 github.com/cometbft/cometbft/internal/blocksync.(*BlockPool).banPeer() /home/runner/work/cometbft/cometbft/internal/blocksync/pool.go:433 +0x16f github.com/cometbft/cometbft/internal/blocksync.(*BlockPool).RemovePeerAndRedoAllPeerRequests() /home/runner/work/cometbft/cometbft/internal/blocksync/pool.go:266 +0x192 github.com/cometbft/cometbft/internal/blocksync.TestBlockPoolMaliciousNode.func4() /home/runner/work/cometbft/cometbft/internal/blocksync/pool_test.go:353 +0x1ee Previous read at 0x00c00028f110 by goroutine 501: runtime.mapaccess1_faststr() /opt/hostedtoolcache/go/1.23.1/x64/src/runtime/map_faststr.go:13 +0x0 github.com/cometbft/cometbft/internal/blocksync.(*BlockPool).isPeerBanned() /home/runner/work/cometbft/cometbft/internal/blocksync/pool.go:428 +0x128c github.com/cometbft/cometbft/internal/blocksync.TestBlockPoolMaliciousNode() /home/runner/work/cometbft/cometbft/internal/blocksync/pool_test.go:381 +0x1[20](https://github.com/cometbft/cometbft/actions/runs/12247740137/job/34188217504#step:6:21)5 testing.tRunner() /opt/hostedtoolcache/go/1.23.1/x64/src/testing/testing.go:1690 +0x226 testing.(*T).Run.gowrap1() /opt/hostedtoolcache/go/1.23.1/x64/src/testing/testing.go:1743 +0x44 Goroutine 507 (running) created at: github.com/cometbft/cometbft/internal/blocksync.TestBlockPoolMaliciousNode() /home/runner/work/cometbft/cometbft/internal/blocksync/pool_test.go:341 +0xdc4 testing.tRunner() /opt/hostedtoolcache/go/1.23.1/x64/src/testing/testing.go:1690 +0x226 testing.(*T).Run.gowrap1() /opt/hostedtoolcache/go/1.23.1/x64/src/testing/testing.go:1743 +0x44 Goroutine 501 (running) created at: testing.(*T).Run() /opt/hostedtoolcache/go/1.23.1/x64/src/testing/testing.go:1743 +0x825 testing.runTests.func1() /opt/hostedtoolcache/go/1.23.1/x64/src/testing/testing.go:[21](https://github.com/cometbft/cometbft/actions/runs/12247740137/job/34188217504#step:6:22)68 +0x85 testing.tRunner() /opt/hostedtoolcache/go/1.23.1/x64/src/testing/testing.go:1690 +0x[22](https://github.com/cometbft/cometbft/actions/runs/12247740137/job/34188217504#step:6:23)6 testing.runTests() /opt/hostedtoolcache/go/1.[23](https://github.com/cometbft/cometbft/actions/runs/12247740137/job/34188217504#step:6:24).1/x64/src/testing/testing.go:2166 +0x8be testing.(*M).Run() /opt/hostedtoolcache/go/1.23.1/x64/src/testing/testing.go:2034 +0xf17 main.main() _testmain.go:83 + </details>

…ometbft#4642) ### Context The [`TxIndexer`](https://github.com/cometbft/cometbft/blob/2b1db1c16bf2db16b81b49fef3581e79679fbed6/state/txindex/indexer.go#L17) interface defines how to index and search transactions. Its implementers need to interact with a database, which callers are typically expected to close when done. However, `TxIndexer` does not provide a `Close` method. This prevents closing the database used by the transaction indexer, causing goroutines associated with that database to leak. Two [tests](https://github.com/cometbft/cometbft/blob/2b1db1c16bf2db16b81b49fef3581e79679fbed6/internal/inspect/inspect_test.go#L29), `TestInspectConstructor` and `TestInspectRun`, show this problem indirectly. These tests check whether an [`Inspector`](https://github.com/cometbft/cometbft/blob/2b1db1c16bf2db16b81b49fef3581e79679fbed6/internal/inspect/inspect.go#L32) leaks goroutines. The `Inspector` sets up three databases: a block database, a state database, and a transaction indexer database. It closes only the block and state databases because it cannot close the transaction indexer’s database (because of the missing `Close` method). Therefore, the transaction indexer database's goroutines leak, and the two tests above detect that. In `main`, both tests pass because they use a [`MemDB`](https://github.com/cometbft/cometbft-db/blob/4cf60c715fe8daccb9dce3b24295575bd461d5d8/memdb.go#L52), an in-memory store that does not spawn goroutines. However, in the [work to remove cometbft-db](cometbft#4601), the tests switch to a “real” database that does spawn goroutines. Without a proper `Close` method in `TxIndexer`, these goroutines remain active, causing `TestInspectConstructor` and `TestInspectRun` to fail. ### This Change This PR adds a `Close` method to the `TxIndexer` interface and updates the existing implementation to properly close the underlying database. It also modifies the code to call `TxIndexer.Close` where needed, ensuring that database resources are released and preventing goroutine leaks. --- #### PR checklist - [x] Tests written/updated - [x] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [x] Updated relevant documentation (`docs/` or `spec/`) and code comments

…t#4646) A mistake in the tests got merged with the PR merging the DOG protocol into main. `TestDOGDisabledRoutes` was put asleep for 100s instead of 100ms. --- #### PR checklist - [ ] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments

Co-authored-by: heren-ke <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

Solves cometbft#4620. Fixes an issue introduced by cometbft#3360. In short, when receiving addresses from a configured seed node, the peer immediately dials the received addresses, without waiting for the `defaultEnsurePeersPeriod` (30s). This is a desired behavior, the "fast dial mode" in the title. However, for preventing abuse, a node only accepts PEX requests from a peer every `minReceiveRequestInterval()` time, set to `defaultEnsurePeersPeriod/3` (10s). When running this "fast dial mode", however, a PEX request can be send, in some unlucky setup, to the same peer without waiting for the full defaultEnsurePeersPeriod` (30s). The problem is that at the receive side, a node keeps track of the latest PEX request received from each peer. If two requests are received with an interval lower than `minReceiveRequestInterval()`, the peer is considered abusive: it is disconnected with an `ErrReceivedPEXRequestTooSoon` error and banned from the address book. This PR proposes a workaround to prevent the above mentioned scenario. --- #### PR checklist - [ ] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

…s. (cometbft#4655) Closes cometbft#4654

Signed-off-by: linchizhen <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> Co-authored-by: Anton Kaliaev <[email protected]>

Adding @cometbft/interchain-inc to CODEOWNERS --- #### PR checklist - [ ] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments

Remove EOL version from dependabot updates. Will close existing PRs merging into v0.37.x and v0.34.x branches.

…ometbft#4839) Bumps google.golang.org/protobuf from 1.36.2 to 1.36.3. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/protobuf&package-manager=go_modules&previous-version=1.36.2&new-version=1.36.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> Co-authored-by: Zachary Becker <[email protected]>

…ometbft#4864) Bumps [github.com/dgraph-io/badger/v4](https://github.com/dgraph-io/badger) from 4.5.0 to 4.5.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dgraph-io/badger/releases">github.com/dgraph-io/badger/v4's releases</a>.</em></p> <blockquote> <h2>Badger v4.5.1</h2> <h2>What's Changed</h2> <ul> <li>Fix build for GOARCH=wasm with GOOS=js or GOOS=wasip1</li> <li>docs: Add pagination explanation to docs</li> <li>chore(deps): bump the minor group with 2 updates</li> <li>chore(deps): bump golang.org/x/net from 0.31.0 to 0.32.0 in the minor group</li> <li>chore(deps): bump github.com/dgraph-io/ristretto/v2 from 2.0.0 to 2.0.1 in the patch group</li> <li>chore(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0 in the minor group</li> <li>chore(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1 in the patch group</li> <li>chore(deps): bump the minor group with 2 updates</li> <li>fix(info): print Total BloomFilter Size with totalBloomFilter instead of totalIndex</li> <li>chore(deps): bump the minor group with 2 updates</li> <li>chore(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.2 in the patch group</li> <li>feat(info): print total size of listed keys</li> <li>chore(deps): bump github.com/dgraph-io/ristretto/v2 from 2.0.1 to 2.1.0 in the minor group</li> <li>chore(deps): bump google.golang.org/protobuf from 1.36.2 to 1.36.3 in the patch group</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dgraph-io/badger/compare/v4.5.0...v4.5.1">https://github.com/dgraph-io/badger/compare/v4.5.0...v4.5.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dgraph-io/badger/blob/main/CHANGELOG.md">github.com/dgraph-io/badger/v4's changelog</a>.</em></p> <blockquote> <h2>[4.5.1] - 2025-01-21</h2> <ul> <li>chore(deps): bump google.golang.org/protobuf from 1.36.2 to 1.36.3 in the patch group (<a href="https://redirect.github.com/dgraph-io/badger/issues/2150">#2150</a>)</li> <li>bump github.com/dgraph-io/ristretto/v2 from 2.0.1 to 2.1.0 in the minor group (<a href="https://redirect.github.com/dgraph-io/badger/issues/2151">#2151</a>)</li> <li>feat(info): print total size of listed keys (<a href="https://redirect.github.com/dgraph-io/badger/issues/2149">#2149</a>)</li> <li>chore(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.2 in the patch group (<a href="https://redirect.github.com/dgraph-io/badger/issues/2146">#2146</a>)</li> <li>chore(deps): bump the minor group with 2 updates (<a href="https://redirect.github.com/dgraph-io/badger/issues/2147">#2147</a>)</li> <li>fix(info): print Total BloomFilter Size with totalBloomFilter instead of totalIndex (<a href="https://redirect.github.com/dgraph-io/badger/issues/2145">#2145</a>)</li> <li>chore(deps): bump the minor group with 2 updates (<a href="https://redirect.github.com/dgraph-io/badger/issues/2141">#2141</a>)</li> <li>chore(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1 in the patch group (<a href="https://redirect.github.com/dgraph-io/badger/issues/2140">#2140</a>)</li> <li>chore(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0 in the minor group (<a href="https://redirect.github.com/dgraph-io/badger/issues/2139">#2139</a>)</li> <li>chore(deps): bump github.com/dgraph-io/ristretto/v2 from 2.0.0 to 2.0.1 in the patch group (<a href="https://redirect.github.com/dgraph-io/badger/issues/2136">#2136</a>)</li> <li>chore(deps): bump golang.org/x/net from 0.31.0 to 0.32.0 in the minor group (<a href="https://redirect.github.com/dgraph-io/badger/issues/2137">#2137</a>)</li> <li>chore(deps): bump the minor group with 2 updates (<a href="https://redirect.github.com/dgraph-io/badger/issues/2135">#2135</a>)</li> <li>docs: Add pagination explanation to docs (<a href="https://redirect.github.com/dgraph-io/badger/issues/2134">#2134</a>)</li> <li>Fix build for GOARCH=wasm with GOOS=js or GOOS=wasip1 (<a href="https://redirect.github.com/dgraph-io/badger/issues/2048">#2048</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dgraph-io/badger/compare/v4.5.0...v4.5.1">https://github.com/dgraph-io/badger/compare/v4.5.0...v4.5.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dgraph-io/badger/commit/64b2f3736e24c16219b0e74f826d46c7187d6f46"><code>64b2f37</code></a> add changelog for v4.5.1 (<a href="https://redirect.github.com/dgraph-io/badger/issues/2152">#2152</a>)</li> <li><a href="https://github.com/dgraph-io/badger/commit/f5e00bd788d837e3caa8ae105444ed7f1b28a8e0"><code>f5e00bd</code></a> chore(deps): bump google.golang.org/protobuf from 1.36.2 to 1.36.3 in the pat...</li> <li><a href="https://github.com/dgraph-io/badger/commit/79bd7dae4d2dff7c1defdeeefe5c8e25b1ea1ee2"><code>79bd7da</code></a> chore(deps): bump github.com/dgraph-io/ristretto/v2 from 2.0.1 to 2.1.0 in th...</li> <li><a href="https://github.com/dgraph-io/badger/commit/a3882a0ba21a7304c89c0985c84a4208ba27a074"><code>a3882a0</code></a> feat(info): print total size of listed keys (<a href="https://redirect.github.com/dgraph-io/badger/issues/2149">#2149</a>)</li> <li><a href="https://github.com/dgraph-io/badger/commit/0b6e40fd2aa8ac339066cc040f1e921250bf0faf"><code>0b6e40f</code></a> chore(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.2 in the pat...</li> <li><a href="https://github.com/dgraph-io/badger/commit/40955c4ee476aea951b567a46915a7246825f55f"><code>40955c4</code></a> chore(deps): bump the minor group with 2 updates (<a href="https://redirect.github.com/dgraph-io/badger/issues/2147">#2147</a>)</li> <li><a href="https://github.com/dgraph-io/badger/commit/6f5ff28c693f567ea31f12b42375a280e5bdbb9b"><code>6f5ff28</code></a> fix(info): print Total BloomFilter Size with totalBloomFilter instead of tota...</li> <li><a href="https://github.com/dgraph-io/badger/commit/eba96a1b97c712011e4f7cd811cb5dd9ca0d347e"><code>eba96a1</code></a> chore(deps): bump the minor group with 2 updates (<a href="https://redirect.github.com/dgraph-io/badger/issues/2141">#2141</a>)</li> <li><a href="https://github.com/dgraph-io/badger/commit/461afd8252479b97f9be50551165ec7e6b4d096c"><code>461afd8</code></a> chore(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1 in the pat...</li> <li><a href="https://github.com/dgraph-io/badger/commit/b514761c7513fb97b1f6af5f15a338197da60971"><code>b514761</code></a> chore(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0 in the min...</li> <li>Additional commits viewable in <a href="https://github.com/dgraph-io/badger/compare/v4.5.0...v4.5.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/dgraph-io/badger/v4&package-manager=go_modules&previous-version=4.5.0&new-version=4.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

….7 (cometbft#4775) Bumps [github.com/creachadair/atomicfile](https://github.com/creachadair/atomicfile) from 0.3.6 to 0.3.7. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/creachadair/atomicfile/commit/63744a9a88f3876a998081ce0355f56a80da021c"><code>63744a9</code></a> go.mod: update module dependencies</li> <li><a href="https://github.com/creachadair/atomicfile/commit/649d85e38e952aabcedcef095a96667b18dbba7f"><code>649d85e</code></a> .github: remove unnecessary cache override</li> <li><a href="https://github.com/creachadair/atomicfile/commit/ae0fe6405337b8891b1a7e8f4ab7e4956a33ca27"><code>ae0fe64</code></a> .github: update and pin ubuntu version in CI</li> <li><a href="https://github.com/creachadair/atomicfile/commit/2bffcf5c6d48673c6a33a4c9fc190e9f83b6e8cb"><code>2bffcf5</code></a> go.mod: update module dependencies</li> <li>See full diff in <a href="https://github.com/creachadair/atomicfile/compare/v0.3.6...v0.3.7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/creachadair/atomicfile&package-manager=go_modules&previous-version=0.3.6&new-version=0.3.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

which both reached EOL (end of life) https://github.com/cometbft/cometbft/discussions/590 --------- Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

…ometbft#4862) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.13.1 to 5.13.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's releases</a>.</em></p> <blockquote> <h2>v5.13.2</h2> <h2>What's Changed</h2> <ul> <li>plumbing: use the correct user agent string. Fixes <a href="https://redirect.github.com/go-git/go-git/issues/883">#883</a> by <a href="https://github.com/uragirii"><code>@uragirii</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1364">go-git/go-git#1364</a></li> <li>build: bump golang.org/x/sys from 0.28.0 to 0.29.0 in the golang-org group by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1365">go-git/go-git#1365</a></li> <li>build: bump the golang-org group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1367">go-git/go-git#1367</a></li> <li>build: bump github.com/ProtonMail/go-crypto from 1.1.3 to 1.1.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1368">go-git/go-git#1368</a></li> <li>build: bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1378">go-git/go-git#1378</a></li> <li>build: bump github/codeql-action from 3.28.0 to 3.28.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1376">go-git/go-git#1376</a></li> <li>build: bump github.com/elazarl/goproxy from 1.2.3 to 1.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1377">go-git/go-git#1377</a></li> <li>git: worktree, fix restoring dot slash files (backported to v5). Fixes <a href="https://redirect.github.com/go-git/go-git/issues/1176">#1176</a> by <a href="https://github.com/BeChris"><code>@BeChris</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1361">go-git/go-git#1361</a></li> <li>build: bump github.com/pjbgf/sha1cd from 0.3.0 to 0.3.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1392">go-git/go-git#1392</a></li> <li>git: worktree_status, fix adding dot slash files to working tree (backported to v5). Fixes <a href="https://redirect.github.com/go-git/go-git/issues/1150">#1150</a> by <a href="https://github.com/BeChris"><code>@BeChris</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1359">go-git/go-git#1359</a></li> <li>build: bump github.com/ProtonMail/go-crypto from 1.1.4 to 1.1.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1383">go-git/go-git#1383</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.13.1...v5.13.2">https://github.com/go-git/go-git/compare/v5.13.1...v5.13.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-git/go-git/commit/2c6824768b483ea030ba312972e508c23e62d75c"><code>2c68247</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1383">#1383</a> from go-git/dependabot/go_modules/github.com/ProtonM...</li> <li><a href="https://github.com/go-git/go-git/commit/d462c2e805717c5f084657eede3b8804b7d0566b"><code>d462c2e</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1359">#1359</a> from BeChris/issue1150-v5</li> <li><a href="https://github.com/go-git/go-git/commit/32ac23a70733b230478a7431f0210d5615e1c5b5"><code>32ac23a</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1392">#1392</a> from go-git/dependabot/go_modules/github.com/pjbgf/s...</li> <li><a href="https://github.com/go-git/go-git/commit/93e635a0f5255658775091b975512c7774b60767"><code>93e635a</code></a> build: bump github.com/pjbgf/sha1cd from 0.3.0 to 0.3.2</li> <li><a href="https://github.com/go-git/go-git/commit/b2bb975dca41917cc2efe5c40f7be0cdf9eeb0e9"><code>b2bb975</code></a> git: worktree_status, took into account code review remarks</li> <li><a href="https://github.com/go-git/go-git/commit/518ac8860920e2b52c039828f821321b53cb7f64"><code>518ac88</code></a> git: worktree_status, fix adding dot slash files to working tree (backported ...</li> <li><a href="https://github.com/go-git/go-git/commit/21b3150921b0ce9786fb38a81cd9a8dbad0207b2"><code>21b3150</code></a> build: bump github.com/ProtonMail/go-crypto from 1.1.4 to 1.1.5</li> <li><a href="https://github.com/go-git/go-git/commit/189e7e463f747abdd8e31ef2abcbd72ad1b90621"><code>189e7e4</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1361">#1361</a> from BeChris/issue1176-v5</li> <li><a href="https://github.com/go-git/go-git/commit/654815aad1bd5bc35d9f5eb3d7a201af0c4457f5"><code>654815a</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1377">#1377</a> from go-git/dependabot/go_modules/github.com/elazarl...</li> <li><a href="https://github.com/go-git/go-git/commit/91dbdb92df7594bc8e42e355e82bf2c63be31a22"><code>91dbdb9</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1376">#1376</a> from go-git/dependabot/github_actions/github/codeql-...</li> <li>Additional commits viewable in <a href="https://github.com/go-git/go-git/compare/v5.13.1...v5.13.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-git/go-git/v5&package-manager=go_modules&previous-version=5.13.1&new-version=5.13.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

BEFORE: running `unsafe-reset-all` results in `priv_key` value in `priv_validator_key.json` being cleared. This is due to changes introduced in cometbft#3603 where we changed the struct definition of PrivKey from type PrivKey `[]byte` to type `PrivKey struct {sk *blst.SecretKey}`. With the new definition, the combat JSON encoder treats this field as hidden since it starts in lowercase. Even though `PrivKey` implements `json.Marshaller` it doesn't pass the check https://github.com/cometbft/cometbft/blob/main/libs/json/encoder.go#L84 because it's the pointer. AFTER: running `unsafe-reset-all` results in `priv_key` value in `priv_validator_key.json` being the same. --------- Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

to use `dstMinPk` Closes cometbft#4783 Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

…bft#4822) Co-authored-by: Anton Kaliaev <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

…bft#4881) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.69.4 to 1.70.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's releases</a>.</em></p> <blockquote> <h2>Release 1.70.0</h2> <h1>Behavior Changes</h1> <ul> <li>client: reject service configs containing an invalid retryPolicy in accordance with gRFCs <a href="https://github.com/grpc/proposal/blob/master/A21-service-config-error-handling.md">A21</a> and <a href="https://github.com/grpc/proposal/blob/master/A6-client-retries.md">A6</a>. (<a href="https://redirect.github.com/grpc/grpc-go/issues/7905">#7905</a>) <ul> <li>Note that this is a potential breaking change for some users using an invalid configuration, but continuing to allow this behavior would violate our cross-language compatibility requirements.</li> </ul> </li> </ul> <h1>New Features</h1> <ul> <li>xdsclient: fallback to a secondary management server (if specified in the bootstrap configuration) when the primary is down is enabled by default. Can be disabled by setting the environment variable <code>GRPC_EXPERIMENTAL_XDS_FALLBACK</code> to <code>false</code>. (<a href="https://redirect.github.com/grpc/grpc-go/issues/7949">#7949</a>)</li> <li>experimental/credentials: experimental transport credentials are added which don't enforce ALPN. (<a href="https://redirect.github.com/grpc/grpc-go/issues/7980">#7980</a>) <ul> <li>These credentials will be removed in an upcoming grpc-go release. Users must not rely on these credentials directly. Instead, they should either vendor a specific version of gRPC or copy the relevant credentials into their own codebase if absolutely necessary.</li> </ul> </li> </ul> <h1>Bug Fixes</h1> <ul> <li>xds: fix a possible deadlock that happens when both the client application and the xDS management server (responsible for configuring the client) are using the xds:/// scheme in their target URIs. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8011">#8011</a>)</li> </ul> <h1>Performance</h1> <ul> <li>server: for unary requests, free raw request message data as soon as parsing is finished instead of waiting until the method handler returns. (<a href="https://redirect.github.com/grpc/grpc-go/issues/7998">#7998</a>) <ul> <li>Special Thanks: <a href="https://github.com/lqs"><code>@lqs</code></a></li> </ul> </li> </ul> <h1>Documentation</h1> <ul> <li>examples/features/gracefulstop: add example to demonstrate server graceful stop. (<a href="https://redirect.github.com/grpc/grpc-go/issues/7865">#7865</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc-go/commit/98a0092952dd4d8443229c3a335ec592d9c40c9b"><code>98a0092</code></a> Change version to 1.70.0 (<a href="https://redirect.github.com/grpc/grpc-go/issues/7984">#7984</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/bf380dec5e059ea6e7d07cec015dd0c913831a6a"><code>bf380de</code></a> Cherrypick <a href="https://redirect.github.com/grpc/grpc-go/issues/7998">#7998</a>, <a href="https://redirect.github.com/grpc/grpc-go/issues/8011">#8011</a>, <a href="https://redirect.github.com/grpc/grpc-go/issues/8010">#8010</a> into 1.70.x (<a href="https://redirect.github.com/grpc/grpc-go/issues/8028">#8028</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/54b3eb97dbf7400efb5750f26084c2d3b2eff120"><code>54b3eb9</code></a> experimental/credentials: Add credentials that don't enforce ALPN (<a href="https://redirect.github.com/grpc/grpc-go/issues/7980">#7980</a>) (<a href="https://redirect.github.com/grpc/grpc-go/issues/8">#8</a>...</li> <li><a href="https://github.com/grpc/grpc-go/commit/62b9185a6296155e47efd39d60298d8de0a6ed1d"><code>62b9185</code></a> clustetresolver: Copy endpoints.Addresses slice from DNS updates to avoid dat...</li> <li><a href="https://github.com/grpc/grpc-go/commit/724f450f77a09bade8174e5052625977069aaf81"><code>724f450</code></a> examples/features/csm_observability: use helloworld client and server instead...</li> <li><a href="https://github.com/grpc/grpc-go/commit/e8d5feb181766059429259ce3345ddb1f667ded5"><code>e8d5feb</code></a> rbac: add method name to :path in headers (<a href="https://redirect.github.com/grpc/grpc-go/issues/7965">#7965</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/e912015fd3f4aabdff6d6cf835e321c19a204afb"><code>e912015</code></a> cleanup: Fix usages of non-constant format strings (<a href="https://redirect.github.com/grpc/grpc-go/issues/7959">#7959</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/681334a46115da3a5f9086c47e3d501a19362256"><code>681334a</code></a> cleanup: replace dial with newclient (<a href="https://redirect.github.com/grpc/grpc-go/issues/7943">#7943</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/063d352de07403a582ef33f8f5f8149e3b57c47e"><code>063d352</code></a> internal/resolver: introduce a new resolver to handle target URI and proxy ad...</li> <li><a href="https://github.com/grpc/grpc-go/commit/10c7e13311f48bf5237738f4f19b53f62b1146cd"><code>10c7e13</code></a> outlierdetection: Support health listener for ejection updates (<a href="https://redirect.github.com/grpc/grpc-go/issues/7908">#7908</a>)</li> <li>Additional commits viewable in <a href="https://github.com/grpc/grpc-go/compare/v1.69.4...v1.70.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/grpc&package-manager=go_modules&previous-version=1.69.4&new-version=1.70.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

…ometbft#4880) Bumps google.golang.org/protobuf from 1.36.3 to 1.36.4. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/protobuf&package-manager=go_modules&previous-version=1.36.3&new-version=1.36.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

…etbft#4883) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.12.0 to 6.13.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/build-push-action/releases">docker/build-push-action's releases</a>.</em></p> <blockquote> <h2>v6.13.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.51.0 to 0.53.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1308">docker/build-push-action#1308</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.12.0...v6.13.0">https://github.com/docker/build-push-action/compare/v6.12.0...v6.13.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/build-push-action/commit/ca877d9245402d1537745e0e356eab47c3520991"><code>ca877d9</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1308">#1308</a> from docker/dependabot/npm_and_yarn/docker/actions-t...</li> <li><a href="https://github.com/docker/build-push-action/commit/d2fe919bb5012a6186426dc91c361c4980d10c2d"><code>d2fe919</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/f0fc9ece82cf2ace13ec8f35687697ae511bdf74"><code>f0fc9ec</code></a> chore(deps): Bump <code>@docker/actions-toolkit</code> from 0.51.0 to 0.53.0</li> <li>See full diff in <a href="https://github.com/docker/build-push-action/compare/v6.12.0...v6.13.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/build-push-action&package-manager=github_actions&previous-version=6.12.0&new-version=6.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

due to sec vuln Vulnerability #1: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: net/[email protected] Fixed in: net/[email protected] Example traces found: Error: #1: rpc/jsonrpc/client/http_json_client.go:231:34: client.Client.Call calls http.Client.Do Error: #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls cobra.Command.Execute, which eventually calls http.Client.Get Error: #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile calls http.Get Vulnerability #2: GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: crypto/[email protected] Fixed in: crypto/[email protected] Example traces found: Error: #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20: model.DB.Close calls badger.DB.Close, which eventually calls x509.CertPool.AppendCertsFromPEM Error: #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify Error: #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial calls websocket.Dialer.Dial, which eventually calls x509.Certificate.VerifyHostname Error: #4: light/errors.go:483:84: light.errBadWitness.Error calls x509.HostnameError.Error Error: #5: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseCertificate Error: #6: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseECPrivateKey Error: #7: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS1PrivateKey Error: #8: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS8PrivateKey

…ft#4816) Closes cometbft#4815. The added test units allowed us to catch overflow scenarios in some architectures, in particular `linux/amd64`. The same is not observed in the `arm64` architecture. Sanity checks were added to prevent this from happening. Further more, `MessageDelay` is now capped at 24hrs, `Precision` - 30 sec. --------- Co-authored-by: Anton Kaliaev <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

…tbft#4905) Bumps [github.com/lmittmann/tint](https://github.com/lmittmann/tint) from 1.0.6 to 1.0.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lmittmann/tint/releases">github.com/lmittmann/tint's releases</a>.</em></p> <blockquote> <h2>v1.0.7</h2> <h2>What's Changed</h2> <ul> <li>Don't escape ANSI colors in log values by <a href="https://github.com/lmittmann"><code>@lmittmann</code></a> in <a href="https://redirect.github.com/lmittmann/tint/pull/87">lmittmann/tint#87</a></li> <li>Fix panic on <code><nil></code> values by <a href="https://github.com/lmittmann"><code>@lmittmann</code></a> in <a href="https://redirect.github.com/lmittmann/tint/pull/88">lmittmann/tint#88</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/lmittmann/tint/compare/v1.0.6...v1.0.7">https://github.com/lmittmann/tint/compare/v1.0.6...v1.0.7</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lmittmann/tint/commit/2f954345d0dea2f9f611b07dfce5f5b209d1e6ba"><code>2f95434</code></a> Fix panic on <code>\<nil></code> values (<a href="https://redirect.github.com/lmittmann/tint/issues/88">#88</a>)</li> <li><a href="https://github.com/lmittmann/tint/commit/cdb3c00a2b148c7b69a330a3aa06136faeccb83b"><code>cdb3c00</code></a> Don't escape ANSI colors in log values (<a href="https://redirect.github.com/lmittmann/tint/issues/87">#87</a>)</li> <li>See full diff in <a href="https://github.com/lmittmann/tint/compare/v1.0.6...v1.0.7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/lmittmann/tint&package-manager=go_modules&previous-version=1.0.6&new-version=1.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…cometbft#4904) Bumps [github.com/cometbft/cometbft-db](https://github.com/cometbft/cometbft-db) from 1.0.1 to 1.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cometbft/cometbft-db/releases">github.com/cometbft/cometbft-db's releases</a>.</em></p> <blockquote> <h2>v1.0.2</h2> <p><a href="https://github.com/cometbft/cometbft-db/blob/v1.0.2/CHANGELOG.md#v102">CHANGELOG</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/cometbft/cometbft-db/blob/main/CHANGELOG.md">github.com/cometbft/cometbft-db's changelog</a>.</em></p> <blockquote> <h2>v1.0.2</h2> <p><em>January 29, 2025</em></p> <p>This release bumps the Go version to 1.23.5.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cometbft/cometbft-db/commit/9a507b648a3d39379bd2339a0a04d5d1687c8ed7"><code>9a507b6</code></a> chore: v1.0.2 (<a href="https://redirect.github.com/cometbft/cometbft-db/issues/226">#226</a>)</li> <li><a href="https://github.com/cometbft/cometbft-db/commit/253219ff86f79881da52f42185bcc1a7e6f2b633"><code>253219f</code></a> chore(deps): bump Go to 1.23.5 (<a href="https://redirect.github.com/cometbft/cometbft-db/issues/224">#224</a>)</li> <li><a href="https://github.com/cometbft/cometbft-db/commit/4cf60c715fe8daccb9dce3b24295575bd461d5d8"><code>4cf60c7</code></a> add missing changelog entry for RocksDB bump (<a href="https://redirect.github.com/cometbft/cometbft-db/issues/213">#213</a>)</li> <li><a href="https://github.com/cometbft/cometbft-db/commit/c588fb01e0cfdaba5d14df06d6b623d9cecd096d"><code>c588fb0</code></a> build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (<a href="https://redirect.github.com/cometbft/cometbft-db/issues/214">#214</a>)</li> <li><a href="https://github.com/cometbft/cometbft-db/commit/8bd4531b5122530f39a90d385cb0b0523dbe881e"><code>8bd4531</code></a> build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 (<a href="https://redirect.github.com/cometbft/cometbft-db/issues/206">#206</a>)</li> <li><a href="https://github.com/cometbft/cometbft-db/commit/8beeacef868dde68540ff8ddc9d729682097dc4d"><code>8beeace</code></a> build(deps): bump docker/setup-buildx-action from 3.6.1 to 3.7.1 (<a href="https://redirect.github.com/cometbft/cometbft-db/issues/207">#207</a>)</li> <li><a href="https://github.com/cometbft/cometbft-db/commit/33f18e9ada97d246e6fc38ac0785a7c6e65a2849"><code>33f18e9</code></a> build(deps): bump github.com/dgraph-io/badger/v4 from 4.3.0 to 4.3.1 (<a href="https://redirect.github.com/cometbft/cometbft-db/issues/208">#208</a>)</li> <li>See full diff in <a href="https://github.com/cometbft/cometbft-db/compare/v1.0.1...v1.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cometbft/cometbft-db&package-manager=go_modules&previous-version=1.0.1&new-version=1.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…4.13 (cometbft#4903) Bumps [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum) from 1.14.12 to 1.14.13. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ethereum/go-ethereum/releases">github.com/ethereum/go-ethereum's releases</a>.</em></p> <blockquote> <h2>Schwarzschild (v1.14.13)</h2> <p>This is a security release, fixing a vulnerability (CVE-2025-24883).</p> <p><strong>Please update your nodes ASAP.</strong></p> <hr /> <p>As with all our previous releases, you can find the:</p> <ul> <li>Pre-built binaries for all platforms on our <a href="https://geth.ethereum.org/downloads/">downloads page</a>.</li> <li>Docker images published under <a href="https://cloud.docker.com/u/ethereum/repository/docker/ethereum/client-go"><code>ethereum/client-go</code></a>.</li> <li>Ubuntu packages in our <a href="https://launchpad.net/~ethereum/+archive/ubuntu/ethereum">Launchpad PPA repository</a>.</li> <li>OSX packages in our <a href="https://github.com/ethereum/homebrew-ethereum">Homebrew Tap repository</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ethereum/go-ethereum/commit/eb00f1694c9265f6909c19995a535eef246dcf1e"><code>eb00f16</code></a> version: release go-ethereum v1.14.13 stable</li> <li><a href="https://github.com/ethereum/go-ethereum/commit/159fb1a1db551c544978dc16a5568a4730b4abf3"><code>159fb1a</code></a> crypto: add IsOnCurve check (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/31100">#31100</a>)</li> <li><a href="https://github.com/ethereum/go-ethereum/commit/db93d4988073776ac004a8c372ee6783d41d90f3"><code>db93d49</code></a> build: retry PPA upload up to three times (<a href="https://redirect.github.com/ethereum/go-ethereum/issues/31099">#31099</a>)</li> <li>See full diff in <a href="https://github.com/ethereum/go-ethereum/compare/v1.14.12...v1.14.13">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/ethereum/go-ethereum&package-manager=go_modules&previous-version=1.14.12&new-version=1.14.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

GHSA-r3r4-g7hq-pq4f

GHSA-22qq-3xwm-r5x4 Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

…-sync

sonarqubecloud · 2025-02-05T10:00:41Z

Quality Gate failed

Failed conditions
13 Security Hotspots
79.0% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

Daniel and others added 30 commits November 27, 2024 03:47

chore(p2p)!: reintroduce p2p.ID type and internalize nodeinfo (co…

27f062f

…metbft#4556) Closes cometbft#4549 It can be reviewed commit by commit. --------- Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

chore: fix function names in doc comments (cometbft#4559)

310a275

Signed-off-by: hishope <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

chore(p2p)!: internalize nodekey (cometbft#4557)

c451150

Refs cometbft#4549

docs: fix typos in adr-119-dog-mempool-gossip.md (cometbft#4647)

ebf446d

feat(crypto/merkle): add test for proof_op.go (cometbft#4621)

ab6d17d

Co-authored-by: heren-ke <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

fix(mempool/tests): Fixes flakiness in a test related to mempool lane…

c9eb3e6

…s. (cometbft#4655) Closes cometbft#4654

linchizhen and others added 25 commits January 22, 2025 09:48

docs: fix 404 links (cometbft#4779)

fc0458f

Signed-off-by: linchizhen <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> Co-authored-by: Anton Kaliaev <[email protected]>

chore: Remove EOL versions from dependabot (cometbft#4854)

dff03ef

Remove EOL version from dependabot updates. Will close existing PRs merging into v0.37.x and v0.34.x branches.

chore: decommission v0.34 and v0.37 release lines (cometbft#4812)

22b4379

which both reached EOL (end of life) https://github.com/cometbft/cometbft/discussions/590 --------- Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

fix(crypto/bls12381): modify Sign, Verify (cometbft#4813)

f2d9ae0

to use `dstMinPk` Closes cometbft#4783 Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

docs: fix typos and improve grammar (cometbft#4876)

cdfca9b

chore: fix incorrect syntax in scripts/dist.sh (cometbft#4877)

7a5709e

refactor: unify EnsurePeersPeriod configuration in PEX reactor (comet…

bb1b827

…bft#4822) Co-authored-by: Anton Kaliaev <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

fix(types): ASA-2025-002 (cometbft#4919)

9500a0d

GHSA-r3r4-g7hq-pq4f

fix(blocksync): ASA-2025-001 (cometbft#4918)

227ad25

GHSA-22qq-3xwm-r5x4 Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

Merge remote-tracking branch 'upstream/main' into mardizzone/pos-2824…

44ecaa7

…-sync

marcello33 changed the title ~~Sync fork~~ merge: sync fork Feb 5, 2025

avalkov approved these changes Feb 5, 2025

View reviewed changes

pratikspatil024 approved these changes Feb 6, 2025

View reviewed changes

marcello33 merged commit 389f256 into main Feb 6, 2025
35 of 36 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

merge: sync fork #12

merge: sync fork #12

Uh oh!

marcello33 commented Feb 5, 2025

Uh oh!

sonarqubecloud bot commented Feb 5, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

20 participants

merge: sync fork #12

merge: sync fork #12

Uh oh!

Conversation

marcello33 commented Feb 5, 2025

Uh oh!

sonarqubecloud bot commented Feb 5, 2025

Quality Gate failed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

20 participants