Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump github.com/cosmos/cosmos-sdk from 0.47.2 to 0.47.3 #12

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 12, 2023

Bumps github.com/cosmos/cosmos-sdk from 0.47.2 to 0.47.3.

Release notes

Sourced from github.com/cosmos/cosmos-sdk's releases.

v0.47.3

Cosmos SDK v0.47.3 Release Notes

💬 Release Discussion

🚀 Highlights

Missed the v0.47.0 announcement? Read it here. For this third patch release of the v0.47.x line, some of the notable changes include:

  • The barberry security vulnerability is resolved. All chains using Cosmos SDK v0.47.0-v0.47.2 are advised to upgrade to v0.47.3 immediately. A chain is not affected by the vulnerability as soon as 33%+1 of the voting power has upgraded. A chain is safe from halting as soon as 66%+1 of the voting power has upgraded. Coordinate with your validators to upgrade as soon as possible. The upgrade can be applied as a rolling upgrade across the validators or as a coordinated upgrade. Networks should decide which option gets them upgraded quicker.
  • A command to be able to bootstrap comet from a local snapshot with <app> comet bootstrap-state.
  • Commands to manage snapshots: Add snapshot.Cmd(appCreator) to your chain root command for using them.
  • The default logger is now cosmossdk.io/log, which supports coloring 🟥🟩🟪🟦 and filtering again.
  • A bug fix in x/group migration. Chains migrating from v0.46.x to v0.47.x must use at least v0.47.3.

Check out the changelog for an exhaustive list of changes or compare changes from last release.

Refer to the upgrading guide when migrating from v0.46.x to v0.47.0.

Changelog

Sourced from github.com/cosmos/cosmos-sdk's changelog.

v0.47.3 - 2023-06-08

Features

  • (baseapp) #16290 Add circuit breaker setter in baseapp.
  • (x/group) #16191 Add EventProposalPruned event to group module whenever a proposal is pruned.
  • (tx) #15992 Add WithExtensionOptions in tx Factory to allow SetExtensionOptions with given extension options.

Improvements

  • (baseapp) #16407 Make DefaultProposalHandler.ProcessProposalHandler return a ProcessProposal NoOp when using none or a NoOp mempool.
  • (deps) #16083 Bumps proto-builder image to 0.13.0.
  • (client) #16075 Partly revert #15953 and factory.Prepare now does nothing in offline mode.
  • (server) #15984 Use cosmossdk.io/log package for logging instead of CometBFT logger. NOTE: v0.45 and v0.46 were not using CometBFT logger either. This keeps the same underlying logger (zerolog) as in v0.45.x+ and v0.46.x+ but now properly supporting filtered logging.
  • (gov) #15979 Improve gov error message when failing to convert v1 proposal to v1beta1.
  • (store) #16067 Add local snapshots management commands.
  • (server) #16061 Add Comet bootstrap command.
  • (snapshots) #16060 Support saving and restoring snapshot locally.
  • (x/staking) #16068 Update simulation to allow non-EOA accounts to stake.
  • (server) #16142 Remove JSON Indentation from the GRPC to REST gateway's responses. (Saving bandwidth)
  • (types) #16145 Rename interface ExtensionOptionI back to TxExtensionOptionI to avoid breaking change.
  • (baseapp) #16193 Add Close method to BaseApp for custom app to cleanup resource in graceful shutdown.

Bug Fixes

  • Fix barberry security vulnerability.
  • (server) #16395 Do not override some Comet config is purposely set differently in InterceptConfigsPreRunHandler.
  • (store) #16449 Fix StateSync Restore by excluding memory store.
  • (cli) #16312 Allow any addresses in client.ValidatePromptAddress.
  • (x/group) #16017 Correctly apply account number in group v2 migration.

API Breaking Changes

  • (testutil) #14991 The testutil/testdata_pulsar package has moved to testutil/testdata/testpb. Chains will not notice this breaking change as this package contains testing utilities only used by the SDK internally.
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/cosmos/cosmos-sdk](https://github.com/cosmos/cosmos-sdk) from 0.47.2 to 0.47.3.
- [Release notes](https://github.com/cosmos/cosmos-sdk/releases)
- [Changelog](https://github.com/cosmos/cosmos-sdk/blob/main/CHANGELOG.md)
- [Commits](cosmos/cosmos-sdk@v0.47.2...v0.47.3)

---
updated-dependencies:
- dependency-name: github.com/cosmos/cosmos-sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 12, 2023
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jul 24, 2023

Superseded by #19.

@dependabot dependabot bot closed this Jul 24, 2023
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/cosmos/cosmos-sdk-0.47.3 branch July 24, 2023 02:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants