Commit b646e66
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
build(deps): Bump the go_modules group across 1 directory with 2 updates (#2734)
Bumps the go_modules group with 2 updates in the /execution/evm/test
directory:
[github.com/cometbft/cometbft](https://github.com/cometbft/cometbft) and
[github.com/cosmos/cosmos-sdk](https://github.com/cosmos/cosmos-sdk).
Updates `github.com/cometbft/cometbft` from 0.38.12 to 0.38.17
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cometbft/cometbft/releases">github.com/cometbft/cometbft's
releases</a>.</em></p>
<blockquote>
<h2>v0.38.17</h2>
<p>See the <a
href="https://github.com/cometbft/cometbft/blob/v0.38.17/CHANGELOG.md#v03817">CHANGELOG</a>
for this release.</p>
<h2>v0.38.16</h2>
<p>See the <a
href="https://github.com/cometbft/cometbft/blob/v0.38.16/CHANGELOG.md#v03816">CHANGELOG</a>
for this release.</p>
<h2>v0.38.15</h2>
<p>See the <a
href="https://github.com/cometbft/cometbft/blob/v0.38.15/CHANGELOG.md#v03815">CHANGELOG</a>
for this release.</p>
<h2>v0.38.13</h2>
<p>See the <a
href="https://github.com/cometbft/cometbft/blob/v0.38.13/CHANGELOG.md#v03813">CHANGELOG</a>
for this release.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cometbft/cometbft/blob/main/CHANGELOG.md">github.com/cometbft/cometbft's
changelog</a>.</em></p>
<blockquote>
<h2>v0.38.17</h2>
<p><em>February 3, 2025</em></p>
<p>This release fixes two security issues (ASA-2025-001, ASA-2025-002).
Users are
encouraged to upgrade as soon as possible.</p>
<h3>BUG FIXES</h3>
<ul>
<li><code>[blocksync]</code> Ban peer if it reports height lower than
what was previously reported
(<a
href="https://github.com/cometbft/cometbft/security/advisories/GHSA-22qq-3xwm-r5x4">ASA-2025-001</a>)</li>
<li><code>[types]</code> Check that <code>Part.Index</code> equals
<code>Part.Proof.Index</code>
(<a
href="https://github.com/cometbft/cometbft/security/advisories/GHSA-r3r4-g7hq-pq4f">ASA-2025-001</a>)</li>
</ul>
<h3>DEPENDENCIES</h3>
<ul>
<li><code>[go/runtime]</code> Bump minimum Go version to 1.22.11
(<a
href="https://redirect.github.com/cometbft/cometbft/pull/4891">#4891</a>)</li>
</ul>
<h2>v0.38.16</h2>
<p><em>December 20 2024</em></p>
<p>This release:</p>
<ul>
<li>fixes a bug that caused a node produce errors caused by the sending
of next PEX requests too soon.
As a consequence of this incorrect behavior a node would be marked as
BAD.</li>
<li>Adds a proper description of <code>ExtendedVoteInfo</code> and
<code>VoteInfo</code> in the spec.</li>
</ul>
<h3>BUG FIXES</h3>
<ul>
<li><code>[mocks]</code> Mockery <code>v2.49.0</code> broke the mocks.
We had to add a <code>.mockery.yaml</code> to
properly handle this change.
(<a
href="https://redirect.github.com/cometbft/cometbft/pull/4521">#4521</a>)</li>
</ul>
<h2>v0.38.15</h2>
<p><em>November 6, 2024</em></p>
<p>This release supersedes <a
href="https://github.com/cometbft/cometbft/blob/main/#v03814"><code>v0.38.14</code></a>,
which mistakenly updated the Go version to
<code>1.23</code>, introducing an unintended breaking change. It sets
the Go version back
to <code>1.22.7</code> by reverting <a
href="https://redirect.github.com/cometbft/cometbft/pull/4297">#4297</a>.</p>
<p>The release includes the bug fixes, performance improvements, and
importantly,
the fix for the security vulnerability in the vote extensions (VE)
validation
logic that were part of <code>v0.38.14</code>. For more details, please
refer to <a
href="https://github.com/cometbft/cometbft/security/advisories/GHSA-p7mv-53f2-4cwj">ASA-2024-011</a>.</p>
<h2>v0.38.14</h2>
<p><em>November 6, 2024</em></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cometbft/cometbft/commit/d03254d3599b973f979314e6383b89fa1802e679"><code>d03254d</code></a>
chore: v0.38.17 release (<a
href="https://redirect.github.com/cometbft/cometbft/issues/4909">#4909</a>)</li>
<li><a
href="https://github.com/cometbft/cometbft/commit/d8b51b44a8029851540b4d652d24b5ce0311a866"><code>d8b51b4</code></a>
build(deps): Bump google.golang.org/grpc from 1.69.4 to 1.70.0 (<a
href="https://redirect.github.com/cometbft/cometbft/issues/4901">#4901</a>)</li>
<li><a
href="https://github.com/cometbft/cometbft/commit/415c0da223bb7694608913f725fa45bd7a7a46bf"><code>415c0da</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/cometbft/cometbft/commit/2cebfde06ae5073c0b296a9d2ca6ab4b95397ea5"><code>2cebfde</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/cometbft/cometbft/commit/68f79b1b093aa38057c2af2cfde136e8588f4d83"><code>68f79b1</code></a>
build(deps): Bump google.golang.org/protobuf from 1.36.3 to 1.36.4 (<a
href="https://redirect.github.com/cometbft/cometbft/issues/4900">#4900</a>)</li>
<li><a
href="https://github.com/cometbft/cometbft/commit/4f70ba688b3160a2df6c851b98fe3eba8187b7a0"><code>4f70ba6</code></a>
build(deps): bump Go version to 1.22.11 (<a
href="https://redirect.github.com/cometbft/cometbft/issues/4891">#4891</a>)</li>
<li><a
href="https://github.com/cometbft/cometbft/commit/930813ecd6eeaf1ab99c020933317546b51aeba1"><code>930813e</code></a>
build(deps): Bump docker/build-push-action from 6.12.0 to 6.13.0 (<a
href="https://redirect.github.com/cometbft/cometbft/issues/4882">#4882</a>)</li>
<li><a
href="https://github.com/cometbft/cometbft/commit/c86f8986c5b4cf08d419192e6f6ae62458fb53a6"><code>c86f898</code></a>
build(deps): Bump github.com/prometheus/common from 0.61.0 to 0.62.0 (<a
href="https://redirect.github.com/cometbft/cometbft/issues/4865">#4865</a>)</li>
<li><a
href="https://github.com/cometbft/cometbft/commit/807bd18a7fd52ce6183eafc3ba5a888c63ec9a34"><code>807bd18</code></a>
build(deps): Bump github.com/go-git/go-git/v5 from 5.13.0 to 5.13.2 (<a
href="https://redirect.github.com/cometbft/cometbft/issues/4861">#4861</a>)</li>
<li><a
href="https://github.com/cometbft/cometbft/commit/7d8440b3c2e92294e011bb8382f94cbc450b978e"><code>7d8440b</code></a>
build(deps): Bump golang.org/x/net from 0.33.0 to 0.34.0 (<a
href="https://redirect.github.com/cometbft/cometbft/issues/4859">#4859</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/cometbft/cometbft/compare/v0.38.12...v0.38.17">compare
view</a></li>
</ul>
</details>
<br />
Updates `github.com/cosmos/cosmos-sdk` from 0.50.9 to 0.50.14
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cosmos/cosmos-sdk/releases">github.com/cosmos/cosmos-sdk's
releases</a>.</em></p>
<blockquote>
<h2>v0.50.14</h2>
<h1>Cosmos SDK v0.50.14 Release Notes</h1>
<h2>🚀 Highlights</h2>
<p>This patch release fixes <a
href="https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-p22h-3m2v-cmgh">GHSA-p22h-3m2v-cmgh</a>.
It resolves a <code>x/distribution</code> module issue that can halt
chains when the historical rewards pool overflows.
Chains using the <code>x/distribution</code> module are affected by this
issue.</p>
<p>We recommended upgrading to this patch release as soon as
possible.</p>
<p>This patch is state-breaking; chains must perform a coordinated
upgrade. This patch cannot be applied in a rolling upgrade.</p>
<h2>📝 Changelog</h2>
<p>Check out the <a
href="https://github.com/cosmos/cosmos-sdk/blob/v0.50.14/CHANGELOG.md">changelog</a>
for an exhaustive list of changes or <a
href="https://github.com/cosmos/cosmos-sdk/compare/v0.50.13...v0.50.14">compare
changes</a> from the last release.</p>
<h2>v0.50.13</h2>
<h1>Cosmos SDK v0.50.13 Release Notes</h1>
<p>💬 <a
href="https://github.com/orgs/cosmos/discussions/6"><strong>Release
Discussion</strong></a></p>
<h2>🚀 Highlights</h2>
<p>This patch release fixes <a
href="https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-47ww-ff84-4jrg">GHSA-47ww-ff84-4jrg</a>.
It resolves a <code>x/group</code> module issue that can halt chains
when there is invalid state in the endblocker.
Only users of the <code>x/group</code> module are affected by this
issue.</p>
<p>We recommended to upgrade to this patch release as soon as
possible.</p>
<p>This patch is not state-breaking, so chains can upgrade in a rolling
manner. This does not have to be a coordinated upgrade. However,
validators should upgrade as soon as possible when the release is made
available. If the vulnerability is exploited before 2/3 is patched, the
chain will halt.</p>
<h2>📝 Changelog</h2>
<p>Check out the <a
href="https://github.com/cosmos/cosmos-sdk/blob/v0.50.13/CHANGELOG.md">changelog</a>
for an exhaustive list of changes or <a
href="https://github.com/cosmos/cosmos-sdk/compare/v0.50.12...v0.50.13">compare
changes</a> from last release.</p>
<h2>v0.50.12</h2>
<h1>Cosmos SDK v0.50.12 Release Notes</h1>
<p>💬 <a
href="https://github.com/orgs/cosmos/discussions/58"><strong>Release
Discussion</strong></a></p>
<h2>🚀 Highlights</h2>
<p>This patch release fixes <a
href="https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-x5vx-95h7-rv4p">GHSA-x5vx-95h7-rv4p</a>.
It resolves a <code>x/group</code> module issue that can halt chain when
handling a malicious proposal.
Only users of the <code>x/group</code> module are affected by this
issue.</p>
<p>We recommended to upgrade to this patch release as soon as possible.
When upgrading from <= v0.50.11, please use a chain upgrade to ensure
that 2/3 of the validator power upgrade to v0.50.12.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cosmos/cosmos-sdk/blob/v0.50.14/CHANGELOG.md">github.com/cosmos/cosmos-sdk's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.14">v0.50.14</a>
- 2025-07-08</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-p22h-3m2v-cmgh">GHSA-p22h-3m2v-cmgh</a>
Fix x/distribution can halt when historical rewards overflow.</li>
</ul>
<h2><a
href="https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.13">v0.50.13</a>
- 2025-03-12</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-47ww-ff84-4jrg">GHSA-47ww-ff84-4jrg</a>
Fix x/group can halt when erroring in EndBlocker</li>
</ul>
<h2><a
href="https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.12">v0.50.12</a>
- 2025-02-20</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-x5vx-95h7-rv4p">GHSA-x5vx-95h7-rv4p</a>
Fix Group module can halt chain when handling a malicious proposal</li>
</ul>
<h2><a
href="https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.11">v0.50.11</a>
- 2024-12-16</h2>
<h3>Features</h3>
<ul>
<li>(crypto/keyring) <a
href="https://redirect.github.com/cosmos/cosmos-sdk/pull/21653">#21653</a>
New Linux-only backend that adds Linux kernel's <code>keyctl</code>
support.</li>
</ul>
<h3>Improvements</h3>
<ul>
<li>(server) <a
href="https://redirect.github.com/cosmos/cosmos-sdk/pull/21941">#21941</a>
Regenerate addrbook.json for in place testnet.</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>Fix <a
href="https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-8wcc-m6j2-qxvm">ABS-0043/ABS-0044</a>
Limit recursion depth for unknown field detection and unpack any</li>
<li>(server) <a
href="https://redirect.github.com/cosmos/cosmos-sdk/pull/22564">#22564</a>
Fix fallback genesis path in server</li>
<li>(x/group) <a
href="https://redirect.github.com/cosmos/cosmos-sdk/pull/22425">#22425</a>
Proper address rendering in error</li>
<li>(sims) <a
href="https://redirect.github.com/cosmos/cosmos-sdk/pull/21906">#21906</a>
Skip sims test when running dry on validators</li>
<li>(cli) <a
href="https://redirect.github.com/cosmos/cosmos-sdk/pull/21919">#21919</a>
Query address-by-acc-num by account_id instead of id.</li>
<li>(x/group) <a
href="https://redirect.github.com/cosmos/cosmos-sdk/pull/22229">#22229</a>
Accept <code>1</code> and <code>try</code> in CLI for group proposal
exec.</li>
</ul>
<h2><a
href="https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.10">v0.50.10</a>
- 2024-09-20</h2>
<h3>Features</h3>
<ul>
<li>(cli) <a
href="https://redirect.github.com/cosmos/cosmos-sdk/pull/20779">#20779</a>
Added <code>module-hash-by-height</code> command to query and retrieve
module hashes at a specified blockchain height, enhancing debugging
capabilities.</li>
<li>(cli) <a
href="https://redirect.github.com/cosmos/cosmos-sdk/pull/21372">#21372</a>
Added a <code>bulk-add-genesis-account</code> genesis command to add
many genesis accounts at once.</li>
<li>(types/collections) <a
href="https://redirect.github.com/cosmos/cosmos-sdk/pull/21724">#21724</a>
Added <code>LegacyDec</code> collection value.</li>
</ul>
<h3>Improvements</h3>
<ul>
<li>(x/bank) <a
href="https://redirect.github.com/cosmos/cosmos-sdk/pull/21460">#21460</a>
Added <code>Sender</code> attribute in <code>MsgMultiSend</code>
event.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cosmos/cosmos-sdk/commit/f2e6295b662fdb27ea33da1296c29588ccdaab42"><code>f2e6295</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/cosmos/cosmos-sdk/commit/7b9d2ff98d02bd5a7edd3b153dd577819cc1d777"><code>7b9d2ff</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/cosmos/cosmos-sdk/commit/98164408932ee74369b7ce18aa13bb1a1a6ba76b"><code>9816440</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/cosmos/cosmos-sdk/commit/158f14600e3ecc53b6f4ccb5823fa6c276f6a071"><code>158f146</code></a>
chore: remove unused orm module (backport <a
href="https://redirect.github.com/cosmos/cosmos-sdk/issues/23633">#23633</a>)
(<a
href="https://redirect.github.com/cosmos/cosmos-sdk/issues/23637">#23637</a>)</li>
<li><a
href="https://github.com/cosmos/cosmos-sdk/commit/effb71f9068592c845691e2def9b04b80149ce0b"><code>effb71f</code></a>
docs: correct explanation on how to set custom signer via depinject
(backport...</li>
<li><a
href="https://github.com/cosmos/cosmos-sdk/commit/b9db4d29aaeaf95887c5363c8050dc342ed4f1a2"><code>b9db4d2</code></a>
docs(keyring): add keyctl docs (backport <a
href="https://redirect.github.com/cosmos/cosmos-sdk/issues/23563">#23563</a>)
(<a
href="https://redirect.github.com/cosmos/cosmos-sdk/issues/23566">#23566</a>)</li>
<li><a
href="https://github.com/cosmos/cosmos-sdk/commit/5f08d2183b1f40aac9cdcc99708fea8ece2abb98"><code>5f08d21</code></a>
feat(client/v2): add map support (backport <a
href="https://redirect.github.com/cosmos/cosmos-sdk/issues/23544">#23544</a>)
(<a
href="https://redirect.github.com/cosmos/cosmos-sdk/issues/23554">#23554</a>)</li>
<li><a
href="https://github.com/cosmos/cosmos-sdk/commit/f1b139de544aec25b90dfda5db6fb50128b9228c"><code>f1b139d</code></a>
feat(x/tx): add an option to encode maps using amino json (backport <a
href="https://redirect.github.com/cosmos/cosmos-sdk/issues/23539">#23539</a>)
(...</li>
<li><a
href="https://github.com/cosmos/cosmos-sdk/commit/9d3c384c843648d50bceb324bd5dea925b58962d"><code>9d3c384</code></a>
build(deps): Bump github.com/cosmos/ledger-cosmos-go from 0.13.3 to
0.14.0 (#...</li>
<li><a
href="https://github.com/cosmos/cosmos-sdk/commit/f4655874070078f7b92ecf1235d7fd35531809b9"><code>f465587</code></a>
build(deps): Bump github.com/cosmos/cosmos-db from 1.1.0 to 1.1.1 (<a
href="https://redirect.github.com/cosmos/cosmos-sdk/issues/23030">#23030</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/cosmos/cosmos-sdk/compare/v0.50.9...v0.50.14">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/evstack/ev-node/network/alerts).
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Julien Robert <julien@rbrt.fr>1 parent 298f62e commit b646e66
3 files changed
Lines changed: 7 additions & 9 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
21 | 21 | | |
22 | 22 | | |
23 | 23 | | |
| 24 | + | |
24 | 25 | | |
25 | 26 | | |
26 | 27 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
32 | 32 | | |
33 | 33 | | |
34 | 34 | | |
35 | | - | |
36 | 35 | | |
37 | 36 | | |
38 | 37 | | |
| |||
41 | 40 | | |
42 | 41 | | |
43 | 42 | | |
44 | | - | |
| 43 | + | |
45 | 44 | | |
46 | 45 | | |
47 | 46 | | |
48 | 47 | | |
49 | 48 | | |
50 | 49 | | |
51 | | - | |
| 50 | + | |
52 | 51 | | |
53 | 52 | | |
54 | 53 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
62 | 62 | | |
63 | 63 | | |
64 | 64 | | |
65 | | - | |
66 | | - | |
67 | 65 | | |
68 | 66 | | |
69 | 67 | | |
| |||
98 | 96 | | |
99 | 97 | | |
100 | 98 | | |
101 | | - | |
102 | | - | |
| 99 | + | |
| 100 | + | |
103 | 101 | | |
104 | 102 | | |
105 | 103 | | |
| |||
115 | 113 | | |
116 | 114 | | |
117 | 115 | | |
118 | | - | |
119 | | - | |
| 116 | + | |
| 117 | + | |
120 | 118 | | |
121 | 119 | | |
122 | 120 | | |
| |||
0 commit comments