Missed the v0.47.0 announcement? Read it here.
For this third patch release of the v0.47.x line, some of the notable changes include:
The barberry security vulnerability is resolved. All chains using Cosmos SDK v0.47.0-v0.47.2 are advised to upgrade to v0.47.3immediately. A chain is not affected by the vulnerability as soon as 33%+1 of the voting power has upgraded. A chain is safe from halting as soon as 66%+1 of the voting power has upgraded. Coordinate with your validators to upgrade as soon as possible. The upgrade can be applied as a rolling upgrade across the validators or as a coordinated upgrade. Networks should decide which option gets them upgraded quicker.
Refer to the upgrading guide when migrating from v0.46.x to v0.47.0.
π Highlights
For this second patch release of the v0.47.x line, we focused on fixing bugs and improving the developer experience.
Missed the v0.47.0 announcement? Read it here.
Notably, a fix for loading archival states (thank you @βcatShaark).
Additionally, the release fixes an issue where querying previous block heights would return an incorrect timestamp.
(baseapp) #16290 Add circuit breaker setter in baseapp.
(x/group) #16191 Add EventProposalPruned event to group module whenever a proposal is pruned.
(tx) #15992 Add WithExtensionOptions in tx Factory to allow SetExtensionOptions with given extension options.
Improvements
(baseapp) #16407 Make DefaultProposalHandler.ProcessProposalHandler return a ProcessProposal NoOp when using none or a NoOp mempool.
(deps) #16083 Bumps proto-builder image to 0.13.0.
(client) #16075 Partly revert #15953 and factory.Prepare now does nothing in offline mode.
(server) #15984 Use cosmossdk.io/log package for logging instead of CometBFT logger. NOTE: v0.45 and v0.46 were not using CometBFT logger either. This keeps the same underlying logger (zerolog) as in v0.45.x+ and v0.46.x+ but now properly supporting filtered logging.
(gov) #15979 Improve gov error message when failing to convert v1 proposal to v1beta1.
(store) #16067 Add local snapshots management commands.
(server) #16395 Do not override some Comet config is purposely set differently in InterceptConfigsPreRunHandler.
(store) #16449 Fix StateSync Restore by excluding memory store.
(cli) #16312 Allow any addresses in client.ValidatePromptAddress.
(x/group) #16017 Correctly apply account number in group v2 migration.
API Breaking Changes
(testutil) #14991 The testutil/testdata_pulsar package has moved to testutil/testdata/testpb. Chains will not notice this breaking change as this package contains testing utilities only used by the SDK internally.
(store) #15683rootmulti.Store.CacheMultiStoreWithVersion now can handle loading archival states that don't persist any of the module stores the current state has.
#15448 Automatically populate the block timestamp for historical queries. In contexts where the block timestamp is needed for previous states, the timestamp will now be set. Note, when querying against a node it must be re-synced in order to be able to automatically populate the block timestamp. Otherwise, the block timestamp will be populated for heights going forward once upgraded.
#14019 Remove the interface casting to allow other implementations of a CommitMultiStore.
(simtestutil) #15903 Add AppStateFnWithExtendedCbs with moduleStateCb callback function to allow access moduleState.
Bug Fixes
(baseapp) #15789 Ensure PrepareProposal and ProcessProposal respect InitialHeight set by CometBFT when set to a value greater than 1.
You can trigger a rebase of this PR by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/PeggyJV/gravity-bridge/network/alerts).
Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
Bumps github.com/cosmos/cosmos-sdk from 0.45.10 to 0.47.3.
Release notes
Sourced from github.com/cosmos/cosmos-sdk's releases.
... (truncated)
Changelog
Sourced from github.com/cosmos/cosmos-sdk's changelog.
... (truncated)
Commits
666c345
fix: patch barberry (#16465)cfc757d
chore: prepare v0.47.3 (2/2) (#16444)3bbc0aa
fix: StateSync Restore by excluding memory store (backport #16449) (#16452)48becdf
docs: improve upgrading.md and changelog (backport #16429) (#16431)dda81a2
refactor: avoid breaking change due to #16415 included in v0.50 (#16430)ba2f1be
chore: change prepare and process proposal to be NoOps by default (backport #...616841b
chore: small snapshot commands & docs improvement (backport #16404) (#16408)2cd72b7
chore: prepare v0.47.3 (#16248)2e70efc
fix: do not overwrite comet config when set in `InterceptConfigsPreRunHandler...6d95900
feat: support extension options for build tx (backport: #15992) (#16317)You can trigger a rebase of this PR by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/PeggyJV/gravity-bridge/network/alerts).