search

Fantom-foundation / go-lachesis

aBFT consensus for permission-less networks
https://fantom.foundation
MIT License
224 stars 78 forks source link

Bump github.com/ethereum/go-ethereum from 1.9.8 to 1.9.25 #557

Closed dependabot-preview[bot] closed 3 years ago

dependabot-preview[bot] commented 3 years ago

Bumps github.com/ethereum/go-ethereum from 1.9.8 to 1.9.25.

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Marljeh (v1.9.25)

Geth v1.9.25 is a maintenance release.

Notable changes in this release:

  • Geth has a new subcommand, geth version-check, which displays known security issues (#21859)
  • The geth --ws.origins flag now supports more expressive origin rules (#21481)
  • Recording of trie key preimages can now be disabled using the --cache.preimages flag (#21402)
  • The accounts/abi/bind package now offers replay-protected transaction signing (#21356)
  • The GraphQL API now always returns status code 400 if there is an error processing the query (#21882)
  • The devp2p nodeset filter command can now find snap-enabled nodes (#21950)
  • The eth protocol test suite has been extended with tests for transaction announcements and malicious announce behavior (#21857, #21792)
  • Support for 'retesteth' has been removed from geth since it is no longer used for tests. Its replacement, the evm t8n tool, was released in Geth v1.9.16 (#21861)
  • We now offer signify/minisign signatures for Geth binary downloads as an alternative to PGP. This is experimental, and not yet advertised on the downloads page (#21798)

Bug fixes:

  • A crash in LES server handling of the GetProofsV2 message is resolved. See CVE-2020-26264 advisory for more information (#21896)
  • The LES server no longer locks up during geth shutdown (#21927)
  • Clef now correctly derives accounts for Ledger Live devices (#21757)
  • The faucet now ignores URL query parameters in Facebook post URLs (#21838)
  • Light client peer discovery now uses DNS (#21906)
  • go mod vendor of go-ethereum should now work (#21735)
  • The peer connection acceptor doesn't hot-spin anymore when geth runs out of file descriptors (#21878)
  • Using the reexec option for tracing RPC methods no longer crashes the RPC handler (#21830)
  • common.Hash and common.Address now print as hex when using fmt.Println (#21834)
  • A rare deadlock in Discovery v5 message dispatch is fixed (#21858)
  • Failures in internal CPU metrics collection no longer crash geth (#21864)
  • In Go contract bindings generated by abigen, the Raw field of parsed events is now set correctly (#21807)

For a full rundown of the changes please consult the Geth 1.9.25 release milestone

As with all our previous releases, you can find the:

Akantha (v1.9.24)

Geth v1.9.24 is a security release. It is built with Go v1.15.5, fixing CVE-2020-28362, which has a critical impact for Ethereum. This release also contains a fix for a consensus issue related to mining, which would have triggered a chain split on January 1st 2021.

We recommend everyone to upgrade to this release or rebuild with Go 1.15.5.

Although we publish pre-built binaries for many platforms, certain systems may not have Go 1.15.5 available yet. Notably, our official Docker images will most probably not use Go 1.15.5 due to the base image not being updated yet. Please check the end of the release notes on how you can build your custom Docker image with Go 1.15.5.

If you are building geth from source, please ensure you are building with Go v1.15.5 or above. We do recommend using the latest Geth version, but if you are not mining and cannot upgrade to geth v1.9.24, please rebuild your current version with Go v1.15.5.

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
codecov-io commented 3 years ago

Codecov Report

Merging #557 (561af94) into master (b3daf09) will increase coverage by 0.50%. The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #557      +/-   ##
==========================================
+ Coverage   41.37%   41.87%   +0.50%     
==========================================
  Files         152      152              
  Lines       11107     9476    -1631     
==========================================
- Hits         4595     3968     -627     
+ Misses       6114     5139     -975     
+ Partials      398      369      -29
Impacted Files Coverage Δ
gossip/poset_hook.go 32.14% <0.00%> (-15.23%) :arrow_down:
poset/store_epoch_state.go 55.55% <0.00%> (-8.45%) :arrow_down:
vector/store_branches_info.go 47.61% <0.00%> (-8.39%) :arrow_down:
integration/db.go 66.66% <0.00%> (-8.34%) :arrow_down:
poset/input.go 16.66% <0.00%> (-8.34%) :arrow_down:
inter/pos/sort.go 80.00% <0.00%> (-7.50%) :arrow_down:
gossip/store_heads.go 33.33% <0.00%> (-6.67%) :arrow_down:
poset/store_event_confirmed.go 60.00% <0.00%> (-6.67%) :arrow_down:
poset/store_frame.go 71.42% <0.00%> (-6.35%) :arrow_down:
poset/traversal.go 77.77% <0.00%> (-5.56%) :arrow_down:
... and 142 more

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update b3daf09...561af94. Read the comment docs.

dependabot-preview[bot] commented 3 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.