build(deps): bump github.com/cometbft/cometbft from 0.37.0 to 0.37.1 #1122

dependabot · 2023-04-26T16:59:06Z

Bumps github.com/cometbft/cometbft from 0.37.0 to 0.37.1.

Release notes

Sourced from github.com/cometbft/cometbft's releases.

v0.37.1

See the CHANGELOG for this release.

Changelog

Sourced from github.com/cometbft/cometbft's changelog.

v0.37.1

April 26, 2023

This release fixes several bugs, and has had to introduce one small Go API-breaking change in the crypto/merkle package in order to address what could be a security issue for some users who directly and explicitly make use of that code.

BREAKING CHANGES

[crypto/merkle] Do not allow verification of Merkle Proofs against empty trees (nil root). Proof.ComputeRootHash now panics when it encounters an error, but Proof.Verify does not panic (#558)

BUG FIXES

[consensus] Unexpected error conditions in ApplyBlock are non-recoverable, so ignoring the error and carrying on is a bug. We replaced a return that disregarded the error by a panic. (#496)

[consensus] Rename (*PeerState).ToJSON to MarshalJSON to fix a logging data race (#524)

[light] Fixed an edge case where a light client would panic when attempting to query a node that (1) has started from a non-zero height and (2) does not yet have any data. The light client will now, correctly, not panic and keep the node in its list of providers in the same way it would if it queried a node starting from height zero that does not yet have data (#575)

IMPROVEMENTS

[jsonrpc/client] Improve the error message for client errors stemming from bad HTTP responses. (cometbft/cometbft#638)

Commits

2af25ae Release v0.37.1 (#757)
43c5ad8 Update config file - 0.37.x (#717)
2bb39a3 crypto/merkle: Add error handling (backport #558) (#709)
244d999 Add more debugging data for bad http responses (#638) (#704)
302d18e light client: Address panic in response to empty signed header (backport #577...
3a91d15 build(deps): Bump bufbuild/buf-setup-action from 1.16.0 to 1.17.0 (#677)
692b663 Update govulncheck.yml (#685) (#695)
e0b2aae Fix race condition in consensus.State code (#673) (#690)
2eb6994 cmd: Remove snake case deprecation warning (backport #626) (#671)
52e3b5b docs: fix wscat invocation and add TLS note (#663) (#668)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/cometbft/cometbft](https://github.com/cometbft/cometbft) from 0.37.0 to 0.37.1. - [Release notes](https://github.com/cometbft/cometbft/releases) - [Changelog](https://github.com/cometbft/cometbft/blob/v0.37.1/CHANGELOG.md) - [Commits](cometbft/cometbft@v0.37.0...v0.37.1) --- updated-dependencies: - dependency-name: github.com/cometbft/cometbft dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

## Description This PR - bumps `github.com/cosmos/cosmos-sdk` to `v0.47.2` - bumps `github.com/cometbft/cometbft` to `v0.37.1` - bumps `github.com/cometbft/cometbft-db` to `v0.8.0` Closes #1122 Closes #1123 --- ### Author Checklist *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] added `!` to the type prefix if API or client breaking change - [x] targeted the correct branch (see [PR Targeting](https://github.com/desmos-labs/desmos/blob/master/CONTRIBUTING.md#pr-targeting)) - [ ] provided a link to the relevant issue or specification - [ ] followed the guidelines for [building modules](https://docs.cosmos.network/v0.44/building-modules/intro.html) - [ ] included the necessary unit and integration [tests](https://github.com/desmos-labs/desmos/blob/master/CONTRIBUTING.md#testing) - [ ] added a changelog entry to `CHANGELOG.md` - [ ] included comments for [documenting Go code](https://blog.golang.org/godoc) - [ ] updated the relevant documentation or specification - [x] reviewed "Files changed" and left comments if necessary - [ ] confirmed all CI checks have passed ### Reviewers Checklist *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title - [ ] confirmed `!` in the type prefix if API or client breaking change - [ ] confirmed all author checklist items have been addressed - [ ] reviewed state machine logic - [ ] reviewed API design and naming - [ ] reviewed documentation is accurate - [ ] reviewed tests and test coverage - [ ] manually tested (if applicable)

dependabot · 2023-05-02T16:44:12Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot bot requested a review from a team as a code owner April 26, 2023 16:59

dependabot bot added automerge Automatically merge PR once all prerequisites pass dependencies Pull requests that update a dependency file labels Apr 26, 2023

dependabot bot requested review from dadamu, manu0466 and RiccardoM April 26, 2023 16:59

RiccardoM mentioned this pull request Apr 27, 2023

build(deps): bump cosmos-sdk, cometbft cometbft-db #1124

Merged

19 tasks

mergify bot closed this in #1124 May 2, 2023

dependabot bot deleted the dependabot/go_modules/github.com/cometbft/cometbft-0.37.1 branch May 2, 2023 16:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump github.com/cometbft/cometbft from 0.37.0 to 0.37.1 #1122

build(deps): bump github.com/cometbft/cometbft from 0.37.0 to 0.37.1 #1122

dependabot bot commented on behalf of github Apr 26, 2023

dependabot bot commented on behalf of github May 2, 2023

build(deps): bump github.com/cometbft/cometbft from 0.37.0 to 0.37.1 #1122

build(deps): bump github.com/cometbft/cometbft from 0.37.0 to 0.37.1 #1122

Conversation

dependabot bot commented on behalf of github Apr 26, 2023

v0.37.1

v0.37.1

BREAKING CHANGES

BUG FIXES

IMPROVEMENTS

dependabot bot commented on behalf of github May 2, 2023