search

perun-network / perun-eth-payment

Simplified payment channel API of go-perun.
Apache License 2.0
5 stars 1 forks source link

⬆️ Bump github.com/ethereum/go-ethereum from 1.10.1 to 1.10.8 #17

Closed dependabot[bot] closed 3 years ago

dependabot[bot] commented 3 years ago

Bumps github.com/ethereum/go-ethereum from 1.10.1 to 1.10.8.

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Hades Gamma (v1.10.8)

Geth v1.10.8 is a pre-announced hotfix release to patch a vulnerability in the EVM (CVE-2021-39137).

The exact attack vector will be provided at a later date to give node operators and dependent downstream projects time to update their nodes and software. All Geth versions supporting the London hard fork are vulnerable (the bug is older than London), so all users should update.

Credits for the discovery go to @​guidovranken (working for Sentnl during an audit of the Telos EVM) and reported via bounty@ethereum.org.

Beside the fix, we're merged in a few tiny polishes and fixes. For a rundown, please consult the Geth 1.10.8 release milestone.

As with all our previous releases, you can find the:

Styx Theta (v1.10.7)

Geth v1.10.7 is a maintenance release, mostly focusing on a few post-London polishes.

A few important notes to keep in mind:

  • The return type for oldestBlock in eth_feeHistory was changed from decimal to hex. This is to conform to the updated spec that was released after Geth's London hard-fork release was already made. The input blockCount parameter was also updated, but there Geth will accept both hex and decimal to keep backward compatibility.
  • The -miner.gastarget CLI flag was deprecated and is a noop. This flag is already a noop for networks running the London hard-fork, since it London miners only take into account the -miner.gaslimit flag. For non-London private networks and Geth forks, this might result in a gas bump depending on how the miners are configured.
  • Docker builds were changed from DockerHub Automated Builds to offsite builds and manual pushes to DockerHub. At the same time, we've added support for multi-arch images, the original tags being the metadata image, linking a -amd64 and a -arm64 tags together. No changes are needed for docker users, but keep us posted if something strange happens. On the upside, Geth now has official arm64 docker images too.

Changes made:

  • Change the oldestBlock return type in eth_feeHistory to hex, accept both decimal and hex as the block count (#23239, #23363).
  • Cap max usable gas in eth_estimateGas better for 1559 transactions (#23309).
  • When deploying multiple contracts via abigen, only parse the ABI once (#22583).
  • Return maxFeePerGas for the gasPrice of pending transactions (#23345).
  • Check cached blocks too when attempting to retrieve a header (#23299).
  • Reject transactions imitated from non EOA accounts (#23303).
  • Reduce allocations a bit while CPU mining ethash (#23199).
  • Deprecate the -miner.gastarget CLI flag (#23213).
  • Switch over to manual docker pushes (#23373).

Bugs fixed:

  • Fix a nil pointer panic for certain abigen generated code due to missing context initialization (#23188).
  • Fix nil pointer panic in certain automatic access list generation RPC API calls (#23225).
  • Fix a regression that prevented clef from signing a legacy transaction (#23274).
  • Fix a permission error during snapshot based pruning on Windows (#23370).
  • Fix the marshaling of errors from the tracers (#23292).

For a full rundown of the changes please consult the Geth 1.10.7 release milestone.

... (truncated)

Commits
  • 2667545 params: release Geth v1.10.8
  • 1d99573 core/vm: faster code analysis (#23381)
  • f38abc5 eth/gasprice: feeHistory improvements (#23422)
  • dfeb2f7 go.mod: upgrade golang.org/x/sys for go1.17 support (#23406)
  • bb1f7eb signer/core/apitypes: remove dependency on internal/ethapi (#23362)
  • d02c605 core: only check sendernoeoa in non fake mode (#23424)
  • c368f72 Revert "eth: drop eth/65, the last non-reqid protocol version" (#23426)
  • 5566e5d eth/downloader: fix typo in comment (#23413)
  • 57feabe eth, internal/ethapi: make RPC block miner field show block sealer correctly ...
  • 16ecdd5 cmd/utils: add --nousb to the list of deprecated flags (#23388)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/perun-network/perun-eth-payment/network/alerts).
ggwpez commented 3 years ago

It updated to incompatible versions, closing.

dependabot[bot] commented 3 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.