noislabs / noisd

13 stars 3 forks source link

Bump github.com/cosmos/cosmos-sdk from 0.45.14 to 0.45.15 #45

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps github.com/cosmos/cosmos-sdk from 0.45.14 to 0.45.15.

Release notes

Sourced from github.com/cosmos/cosmos-sdk's releases.

v0.45.15

Cosmos SDK v0.45.15 Release Notes

This release includes the migration to CometBFT v0.34.27. This migration should be minimally breaking for chains. From v0.45.15+, the following replace is mandatory in the go.mod of your application:

// use cometbft
replace github.com/tendermint/tendermint => github.com/cometbft/cometbft v0.34.27

Additionally, the SDK sets its minimum version to Go 1.19. This is not because the SDK uses new Go 1.19 functionalities, but to signal that we recommend chains to upgrade to Go 1.19 — Go 1.18 is not supported by the Go Team anymore. Note, that SDK recommends chains to use the same Go version across all of their network. We recommend, as well, chains to perform a coordinated upgrade when migrating from Go 1.18 to Go 1.19.

Please see the CHANGELOG for an exhaustive list of changes.

Full Commit History: https://github.com/cosmos/cosmos-sdk/compare/v0.45.14...v0.45.15

End-of-Life Notice

v0.45.15 is the last release of the v0.45.x line. Per this version, the v0.45.x line reached its end-of-life. The SDK team maintains the two latest major versions of the SDK. This means no features, improvements or bug fixes will be backported to the v0.45.x line. Per our policy, the v0.45.x line will receive security patches only.

We encourage all chains to upgrade to the latest release of the SDK, or the v0.46.x line.

Refer to the upgrading guide for how to upgrade a chain to the latest release.

FAQ Migration to CometBFT v0.34.27

I use tm-db but I get an import error with cometbft-db

For preventing API breaking changes, the SDK team has kept using tm-db for v0.45.x and v0.46.x. However, the CometBFT team kept using cometbft-db for their v0.34.x line. This means if your app directly interact with CometBFT (e.g. for a force pruning command), you will need to use cometbft-db there. When not interacting with CometBFT directly, you can use tm-db as usual.

I get import errors with btcd

If you are using an old version of btcd, you will need to upgrade to the latest version. The previous versions had vulnerabilities so the SDK and CometBFT have upgraded to the latest version. In the latest version btcsuite/btcd and btcsuite/btcd/btcec are two separate go modules.

I encounter state sync issues

Please ensure you have built the binary with the same Go version as the network. You can easily verify that by querying /cosmos/base/tendermint/v1beta1/node_info of a node in the network, and checking the go_version field.

Changelog

Sourced from github.com/cosmos/cosmos-sdk's changelog.

v0.45.15 - 2023-03-22

Improvements

  • (deps) Migrate to CometBFT. Follow the instructions in the release notes.
  • (deps) #15127 Bump btcd.
  • (store) #14410 rootmulti.Store.loadVersion has validation to check if all the module stores' height is correct, it will error if any module store has incorrect height.
Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.