forbole
build(deps): Bump github.com/cometbft/cometbft from 0.37.2 to 0.38.5
Bumps github.com/cometbft/cometbft from 0.37.2 to 0.38.5.
Release notes
Sourced from github.com/cometbft/cometbft's releases.
v0.38.5
See the CHANGELOG for this release.
v0.38.4
See the CHANGELOG for this release.
v0.38.3
See the CHANGELOG for this release.
v0.38.2
See the CHANGELOG for this release.
v0.38.1
See the CHANGELOG for this release.
v0.38.0
See the CHANGELOG for this release.
v0.38.0-rc3
See the CHANGELOG for changes available in this pre-release, but not yet officially released.
v0.38.0-rc2
See the CHANGELOG for changes available in this pre-release, but not yet officially released.
v0.38.0-rc1
See the CHANGELOG for changes available in this pre-release, but not yet officially released.
v0.38.0-alpha.2
See the CHANGELOG for changes available in this pre-release, but not yet officially released.
v0.38.0-alpha.1
See the CHANGELOG for changes available in this pre-release, but not yet officially released.
v0.37.4
See the CHANGELOG for this release.
v0.37.3
See the CHANGELOG for this release.
Changelog
Sourced from github.com/cometbft/cometbft's changelog.
v0.38.5
January 24, 2024
This release fixes a problem introduced in
v0.38.3: if an application updates the value of ConsensusParamVoteExtensionsEnableHeightto the same value (actually a "noop" update) this is accepted inv0.38.2but rejected under some conditions inv0.38.3andv0.38.4. Even if rejecting a useless update would make sense in general, in a point release we should not reject a set of inputs to a function that was previuosly accepted (unless there is a good reason for it). The goal of this release is to accept again all "noop" updates, likev0.38.2did.IMPROVEMENTS
[consensus]Addchain_size_bytesmetric for measuring the size of the blockchain in bytes (#2093)v0.38.4
January 22, 2024
This release is aimed at those projects that have a dependency on CometBFT, release line
v0.38.x, and make use of functionSaveBlockStoreStatein packagegithub.com/cometbft/cometbft/store. This function changed its signature inv0.38.3. This new release reverts the signature change so that upgrading to the latest release of CometBFT onv0.38.xdoes not require any change in the code depending on CometBFT.IMPROVEMENTS
[e2e]Add manifest optionVoteExtensionsUpdateHeightto test vote extension activation viaInitChainandFinalizeBlock. Also, extend the manifest generator to produce different values of this new option (#2065)v0.38.3
January 17, 2024
This release addresses a high impact security issue reported in advisory (ASA-2024-001). There are other non-security bugs fixes that have been addressed since
v0.38.2was released, as well as some improvements. Please check the list below for further details.BUG FIXES
[consensus]Fix for "Validation ofVoteExtensionsEnableHeightcan cause chain halt" (ASA-2024-001)[mempool]Fix data races inCListMempoolby making atomic the types ofheight,txsBytes, and
... (truncated)
Commits
2cd0d1aReleasev0.38.5(#2118)b7c1e18fix: [manual backport]ValidateUpdate: allow no-change updates regardless o...a17290fconsensus: Addchain_size_bytesmetric (backport #2093) (#2096)93261b1Releasev0.38.4(#2088)25422efFixSaveBlockStoreStatesignature onv0.38.x(#2086)68ada7cManual backport of #2066 tov0.38.x(#2067)3c2034fmisc(Makefile): addhelptarget to display the help msg (backport #2074) (#...4f2c111deps(localnode): bump alpine version (backport #2077) (#2080)81a4e11docs(guides): add missing import (backport #2070) (#2076)5fbc973Merge pull request from GHSA-qr8r-m495-7hc4- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
A newer version of github.com/cometbft/cometbft exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.