Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the go_modules group across 1 directory with 6 updates #979

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Bump the go_modules group across 1 directory with 6 updates #979

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 13, 2024
edited
Loading

Bumps the go_modules group with 4 updates in the /integration-tests directory: github.com/CosmWasm/wasmd, github.com/golang-jwt/jwt/v4, github.com/rs/cors and github.com/vektah/gqlparser/v2.

Updates github.com/CosmWasm/wasmd from 0.40.1 to 0.53.2

Release notes

Sourced from github.com/CosmWasm/wasmd's releases.

v0.53.2

See the CHANGELOG for details on the changes in this version.

v0.53.0

See the CHANGELOG for details on the changes in this version.

v0.52.0

Wasmd v0.52.0 Release

See the CHANGELOG for details on the changes in this version.

v0.51.0

Wasmd v0.51.0 Release

See the CHANGELOG for details on the changes in this version.

v0.50.0

Wasmd v0.50.0 Release

See the CHANGELOG for details on the changes in this version.

Big thanks to all the people who helped us with this release! 😍 Especially Binary Builders, Notional and the IBC-Go team 💪 And not to forget our sponsors. 🤗

v0.46.0

See the CHANGELOG for details on the changes in this version.

v0.45.0

Wasmd v0.45.0 Release

See the CHANGELOG for details on the changes in this version.

v0.44.0

Wasmd v0.44.0 Release

See the CHANGELOG for details on the changes in this version.

v0.43.0

Wasmd v0.43.0 Release

See the CHANGELOG for details on the changes in this version.

v0.42.0

Wasmd v0.42.0 Release

See the CHANGELOG for details on the changes in this version.

🚨 This version includes CosmWasm v1.4 and is retracted. We are investigating a RuntimeError: out of bounds memory access issue when upgrading a chain from CosmWasm v1.3. See https://twitter.com/CosmWasm/status/1709507168448229497

v0.41.0

Wasmd v0.41.0 Release

See the CHANGELOG for details on the changes in this version.

Changelog

Sourced from github.com/CosmWasm/wasmd's changelog.

v0.53.2 (2024-12-10)

Full Changelog

  • Fix failing simulation with previous patch

v0.53.1 (2024-12-10)

Full Changelog

  • Fix CWA-2025-009

v0.53.0 (2024-08-21)

Full Changelog

  • Fix CWA-2024-005
  • Fix CWA-2024-006
  • Fix submit-proposal instantiate-contract-2 command #1934

v0.52.0 (2024-07-11)

Full Changelog

  • Update wasmvm to 2.1 release #1927
  • Validate number of addresses in msg #1926
  • Add cosmwasm_2_1 capability #1925
  • Migrate Version checks #1924
  • Pinned Metrics #1922
  • Mark wasm queries with module_query_safe #1915
  • Add codespace to error acknowledgement #1911
  • Upgrade cosmos-sdk to v0.50.7 #1905
  • Mark QuerySmart contract error as deterministic #1904
  • Async Ack #1876
  • IBC Callbacks #1817

Notable changes:

Migration notes:

  • This release does not include any state migrations but breaking changes that require a coordinated chain upgrade.

v0.51.0 (2024-04-22)

Full Changelog

  • Bump cosmos-sdk to v0.50.6 #1865
  • Bump tx module to v0.13.3 #1864

... (truncated)

Commits

Updates github.com/cometbft/cometbft from 0.37.5 to 0.38.11

Release notes

Sourced from github.com/cometbft/cometbft's releases.

v0.38.11

CHANGELOG

v0.38.10

See the CHANGELOG for this release.

v0.38.9

See the CHANGELOG for this release.

v0.38.8

See the CHANGELOG for this release.

v0.38.7

See the CHANGELOG for this release.

v0.38.6

See the CHANGELOG for this release.

v0.38.5

See the CHANGELOG for this release.

v0.38.4

See the CHANGELOG for this release.

v0.38.3

See the CHANGELOG for this release.

v0.38.2

See the CHANGELOG for this release.

v0.38.1

See the CHANGELOG for this release.

v0.38.0

See the CHANGELOG for this release.

v0.38.0-rc3

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-rc2

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-rc1

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-alpha.2

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-alpha.1

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

... (truncated)

Changelog

Sourced from github.com/cometbft/cometbft's changelog.

v0.38.11

August 12, 2024

This release fixes a panic in consensus where CometBFT would previously panic if there's no extension signature in non-nil Precommit EVEN IF vote extensions themselves are disabled.

It also includes a few other bug fixes and performance improvements.

BUG FIXES

  • [types] Added missing JSON tags to DuplicateVoteEvidence and LightClientAttackEvidence types (#3528)
  • [types] Only check IFF vote is a non-nil Precommit if extensionsEnabled types (#3565)

IMPROVEMENTS

  • [indexer] Fixed ineffective select break statements; they now point to their enclosing for loop label to exit (#3544)

v0.38.10

July 16, 2024

This release fixes a bug in v0.38.x that prevented ABCI responses from being correctly read when upgrading from v0.37.x or below. It also includes a few other bug fixes and performance improvements.

BUG FIXES

  • [p2p] Node respects configured max_num_outbound_peers limit when dialing peers provided by a seed node (#486)
  • [rpc] Fix an issue where a legacy ABCI response, created on v0.37 or before, is not returned properly in v0.38 and up on the /block_results RPC endpoint. (#3002)
  • [blocksync] Do not stay in blocksync if the node's validator voting power is high enough to block the chain while it is not online (#3406)

IMPROVEMENTS

  • [p2p/conn] Update send monitor, used for sending rate limiting, once per batch of packets sent (#3382)
  • [libs/pubsub] Allow dash (-) in event tags (#3401)
  • [p2p/conn] Remove the usage of a synchronous pool of buffers in secret connection, storing instead the buffer in the connection struct. This reduces the synchronization primitive usage, speeding up the code.

... (truncated)

Commits
  • e1b4453 v0.38.11 (#3684)
  • 66a0447 build(deps): Bump docker/build-push-action from 6.5.0 to 6.6.1 (#3676)
  • cd3519d build(deps): Bump bufbuild/buf-setup-action from 1.35.1 to 1.36.0 (#3675)
  • c17d1f6 fix(types): Only require extension signature if extensions are enabled (#3565)
  • f85d897 feat(mempool): add error ErrRecheckFull (backport #3654) (#3656)
  • 9de925c fix(e2e): replace docker-compose w/ docker compose (backport #3614) (#3616)
  • e9bd8a9 build(deps): Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 (#3610)
  • 61ca12e build(deps): Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 (#3584)
  • cba216a build(deps): Bump docker/login-action from 3.2.0 to 3.3.0 (#3585)
  • aaf83e9 build(deps): Bump docker/build-push-action from 6.4.1 to 6.5.0 (#3586)
  • Additional commits viewable in compare view

Updates github.com/cosmos/cosmos-sdk from 0.47.11 to 0.50.9

Release notes

Sourced from github.com/cosmos/cosmos-sdk's releases.

v0.50.9

Cosmos SDK v0.50.9 Release Notes

💬 Release Discussion

🚀 Highlights

For this month patch release of the v0.50.x line, some bugs were fixed.

Notably, we fixed the following:

  • PreBlock events (mainly x/upgrade) are now emitted
  • Improve compatibility of depinject v1.0.0 with app.yaml / app.json

📝 Changelog

Check out the changelog for an exhaustive list of changes, or compare changes from the last release.

Refer to the upgrading guide when migrating from v0.47.x to v0.50.1. Note, that the next SDK release, v0.52, will not include x/params migration, when migrating from < v0.47, v0.50.x or v0.47.x, is a mandatory migration.

v0.50.8

Cosmos SDK v0.50.8 Release Notes

💬 Release Discussion

🚀 Highlights

For this month patch release of the v0.50.x line, a few improvements were added to the SDK and some bugs were fixed.

Notably, we added and fixed the following:

  • Allow to import private key from mnemonic file using <appd> keys add testing --recover --source ./mnemonic.txt
  • Fixed json parsing in simd q wait-tx

📝 Changelog

Check out the changelog for an exhaustive list of changes, or compare changes from the last release.

Refer to the upgrading guide when migrating from v0.47.x to v0.50.1. Note, that the next SDK release, v0.51, will not include x/params migration, when migrating from < v0.47, v0.50.x or v0.47.x, is a mandatory migration.

v0.50.7

Cosmos SDK v0.50.7 Release Notes

💬 Release Discussion

🚀 Highlights

... (truncated)

Changelog

Sourced from github.com/cosmos/cosmos-sdk's changelog.

v0.50.9 - 2024-08-07

Bug Fixes

  • (baseapp) #21159 Return PreBlocker events in FinalizeBlockResponse.
  • #20939 Fix collection reverse iterator to include pagination.key in the result.
  • (client/grpc) #20969 Fix node.NewQueryServer method not setting cfg.
  • (testutil/integration) #21006 Fix NewIntegrationApp method not writing default genesis to state.
  • (runtime) #21080 Fix app.yaml / app.json incompatibility with depinject v1.0.0.

v0.50.8 - 2024-07-15

Features

  • (client) #20690 Import mnemonic from file

Improvements

  • (x/authz,x/feegrant) #20590 Provide updated keeper in depinject for authz and feegrant modules.
  • #20631 Fix json parsing in the wait-tx command.
  • (x/auth) #20438 Add --skip-signature-verification flag to multisign command to allow nested multisigs.

Bug Fixes

  • (simulation) #17911 Fix all problems with executing command make test-sim-custom-genesis-fast for simulation test.
  • (simulation) #18196 Fix the problem of validator set is empty after InitGenesis in simulation test.

v0.50.7 - 2024-06-04

Improvements

  • (debug) #20328 Add consensus address for debug cmd.
  • (runtime) #20264 Expose grpc query router via depinject.
  • (x/consensus) #20381 Use Comet utility for consensus module consensus param updates.
  • (client) #20356 Overwrite client context when available in SetCmdClientContext.

Bug Fixes

  • (baseapp) #20346 Correctly assign execModeSimulate to context for simulateTx.
  • (baseapp) #20144 Remove txs from mempool when AnteHandler fails in recheck.
  • (baseapp) #20107 Avoid header height overwrite block height.
  • (cli) #20020 Make bootstrap-state command support both new and legacy genesis format.
  • (testutil/sims) #20151 Set all signatures and don't overwrite the previous one in GenSignedMockTx.

v0.50.6 - 2024-04-22

Features

  • (types) #19759 Align SignerExtractionAdapter in PriorityNonceMempool Remove.
  • (client) #19870 Add new query command wait-tx. Alias event-query-tx-for to wait-tx for backward compatibility.

... (truncated)

Commits
  • 8bfcf55 ci: attempt to fix goreleaser (backport #21194) (#21196)
  • 16d3025 chore: prepare v0.50.9 (#21163)
  • 3f6796f fix(baseapp): return events from preblocker in FinalizeBlockResponse (backpor...
  • 3fc8074 build(deps): Bump cosmossdk.io/x/tx from 0.13.3 to 0.13.4 (#21170)
  • a565daa chore: bring in v0.13.x x/tx in release/v0.50.x (#21158)
  • 31ef899 docs: Fix cli usage examples (backport #21150) (#21154)
  • ffd5696 fix(simapp): concurrent map writes when calling GetSigners (backport #21073) ...
  • 91d412c feat: check latest block if no arg in q block and q block-results (backpo...
  • e135030 fix(runtime): remove appv1alpha1.Config from runtime (backport #21042) (#21...
  • 0702719 feat: use depinject v1.0.0 (#21000)
  • Additional commits viewable in compare view

Updates github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.1

Security

Unclear documentation of the error behavior in ParseWithClaims in <= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both error codes. If users only check for the jwt.ErrTokenExpired using error.Is, they will ignore the embedded jwt.ErrTokenSignatureInvalid and thus potentially accept invalid tokens.

This issue was documented in GHSA-29wx-vh33-7x7r and fixed in this release.

Note: v5 was not affected by this issue. So upgrading to this release version is also recommended.

What's Changed

  • Back-ported error-handling logic in ParseWithClaims from v5 branch. This fixes GHSA-29wx-vh33-7x7r.

Full Changelog: golang-jwt/jwt@v4.5.0...v4.5.1

Commits

Updates github.com/rs/cors from 1.10.1 to 1.11.0

Commits
  • 4c32059 Normalize allowed request headers and store them in a sorted set (fixes #170)...
  • 8d33ca4 Complete documentation; deprecate AllowOriginRequestFunc in favour of AllowOr...
  • af821ae Merge branch 'jub0bs-master'
  • 0bcf73f Update benchmark
  • eacc8e8 Fix skewed middleware benchmarks (#165)
  • 9297f15 Respect the documented precedence of options (#163)
  • 73f81b4 Fix readme benchmark rendering (#161)
  • See full diff in compare view

Updates github.com/vektah/gqlparser/v2 from 2.5.11 to 2.5.15

Release notes

Sourced from github.com/vektah/gqlparser/v2's releases.

v2.5.15

What's Changed

Full Changelog: vektah/gqlparser@v2.5.14...v2.5.15

v2.5.14

What's Changed

Full Changelog: vektah/gqlparser@v2.5.13...v2.5.14

v2.5.13

What's Changed

New Contributors

Full Changelog: vektah/gqlparser@v2.5.12...v2.5.13

v2.5.12

What's Changed

New Contributors

Full Changelog: vektah/gqlparser@v2.5.11...v2.5.12

Commits
  • 55a3c47 Revert ParseSchema default token limit of 1500, add ParseSchemaWithLimit, Par...
  • 36a3658 Add ParseQueryWithLimit (#304)
  • d457fc0 Token limit fix CVE-2023-49559 (#291)
  • 6db1bd3 Bump braces from 3.0.2 to 3.0.3 in /validator/imported (#302)
  • 3900414 Bump the actions-deps group in /validator/imported with 7 updates (#301)
  • 7c770f6 Bump prettier in /validator/imported in the actions-deps group (#299)
  • 0ed4973 Bump the actions-deps group in /validator/imported with 6 updates (#298)
  • 00fd36f Bump the actions-deps group in /validator/imported with 8 updates (#297)
  • 9638a21 Bump github.com/stretchr/testify in the actions-deps group (#296)
  • 55ebe37 Add Dependabot.yml
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot requested review from a team as code owners December 13, 2024 18:58
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 13, 2024
@dependabot dependabot bot force-pushed the dependabot/go_modules/integration-tests/go_modules-82e6de8473 branch from 4c3471f to f484cbc Compare December 19, 2024 18:52
@dependabot
Bump the go_modules group across 1 directory with 6 updates
b6cb3bb 
Bumps the go_modules group with 4 updates in the /integration-tests directory: [github.com/CosmWasm/wasmd](https://github.com/CosmWasm/wasmd), [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt), [github.com/rs/cors](https://github.com/rs/cors) and [github.com/vektah/gqlparser/v2](https://github.com/vektah/gqlparser).


Updates `github.com/CosmWasm/wasmd` from 0.40.1 to 0.53.2
- [Release notes](https://github.com/CosmWasm/wasmd/releases)
- [Changelog](https://github.com/CosmWasm/wasmd/blob/v0.53.2/CHANGELOG.md)
- [Commits](CosmWasm/wasmd@v0.40.1...v0.53.2)

Updates `github.com/cometbft/cometbft` from 0.37.5 to 0.38.11
- [Release notes](https://github.com/cometbft/cometbft/releases)
- [Changelog](https://github.com/cometbft/cometbft/blob/v0.38.11/CHANGELOG.md)
- [Commits](cometbft/cometbft@v0.37.5...v0.38.11)

Updates `github.com/cosmos/cosmos-sdk` from 0.47.11 to 0.50.9
- [Release notes](https://github.com/cosmos/cosmos-sdk/releases)
- [Changelog](https://github.com/cosmos/cosmos-sdk/blob/main/CHANGELOG.md)
- [Commits](cosmos/cosmos-sdk@v0.47.11...v0.50.9)

Updates `github.com/golang-jwt/jwt/v4` from 4.5.0 to 4.5.1
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](golang-jwt/jwt@v4.5.0...v4.5.1)

Updates `github.com/rs/cors` from 1.10.1 to 1.11.0
- [Commits](rs/cors@v1.10.1...v1.11.0)

Updates `github.com/vektah/gqlparser/v2` from 2.5.11 to 2.5.15
- [Release notes](https://github.com/vektah/gqlparser/releases)
- [Commits](vektah/gqlparser@v2.5.11...v2.5.15)

---
updated-dependencies:
- dependency-name: github.com/CosmWasm/wasmd
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/cometbft/cometbft
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/cosmos/cosmos-sdk
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/rs/cors
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: github.com/vektah/gqlparser/v2
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/integration-tests/go_modules-82e6de8473 branch from f484cbc to b6cb3bb Compare December 23, 2024 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants