Geth v1.13.5 is a scheduled maintenance release fixing a potential data corruption in path scheme which could occur due to a power failure (i.e. entire OS / machine crash).
Extend ethclient and the simulated backend to allow eth_call against specific block hashes (#28084).
Downgrade annoying stale transaction propagation logs from warning to debug (#28364).
Switch to the new KZG trusted setup parameters (#28383).
Return an error on GraphQL if querying invalid block ranges (#28393, #28412).
Start publishing Apple Silicon pre-built binaries (#28474, #28475).
And bugfixes:
Fix a number of corner-cases in path scheme state management (#28198, #28426, #28483).
Fix an issue when allocating excessively large Pebble caches (#28444).
Fix a potential snap sync issue with the path based storage (#28327).
Fix ethclient to properly forwarding explicit 1559 gas caps (#28462).
Fix gas estimation for 0 priced txs accessing the basefee (#28470).
Fix an issue where resubscribing to events would hang (#28359).
Geth v1.13.4 is a non-urgent hotfix release. The previous version of Geth (v1.13.3) introduced a warning log for bad transaction announcements, and on mainnet it generated too much logging noise due to a protocol violation in Erigon. To prevent overwhelming logging systems, Geth v1.13.4 lower the log to a more reasonable level until the bug in Erigon is fixed #28356.
Apart from the above reason, the release contains:
Fix a snap sync corner-case that could cause a hang by a maliciously constructed contract storage (#28306).
server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)
In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.
Updates google.golang.org/protobuf from 1.30.0 to 1.33.0
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/zxramozx/proof-of-reserves/network/alerts).
Bumps the go_modules group with 3 updates in the / directory: github.com/ethereum/go-ethereum, google.golang.org/grpc and google.golang.org/protobuf.
Updates
github.com/ethereum/go-ethereum
from 1.12.0 to 1.13.5Release notes
Sourced from github.com/ethereum/go-ethereum's releases.
... (truncated)
Commits
916d6a4
params: release Geth v1.15.5f265cc2
cmd/geth: remove some whitespace in code and comments (#28148)49b2c5f
build: upgrade -dlgo version to Go 1.21.4 (#28505)ce5a480
ethclient: add empty/nonexist account testcase for eth_getProof RPC (#28482)2f4833b
cmd/evm: allow state dump regardless if test passes in statetest (#28484)326fa00
core/rawdb: fsync the index file after each freezer write (#28483)e38b9f1
eth/filters: exit early if topics-filter has more than 4 topics (#28494)f7dde2a
ethdb/pebble: addErrorf
function to panicLogger (#28491)b77a9b1
cmd/geth: more testcases for logging (#28501)7ea860d
graphql: type of yParity from Long to BigInt (#28456)Updates
golang.org/x/crypto
from 0.4.0 to 0.14.0Commits
e3cc52e
go.mod: update golang.org/x dependencies833695f
ssh: add server side support for ping@openssh.com protocol extensionec07f4e
chacha20: drop Go 1.10 compatibility for arm64b665ba6
all: use crypto/ed25519 instead of golang.org/x/crypto/ed25519a1aeb9b
ssh: add test cases for compatibility with old (buggy) clients28c53ff
ssh: add MultiAlgorithmSigner3f0842a
sha3: have ShakeHash extend hash.Hashe90f1e1
cryptobyte: add uint48 methodsd359caa
ssh: support for marshaling keys using the OpenSSH formatc5370d2
ssh: check the declared public key algo against decoded oneUpdates
golang.org/x/net
from 0.9.0 to 0.17.0Commits
b225e7c
http2: limit maximum handler goroutines to MaxConcurrentStreams88194ad
go.mod: update golang.org/x dependencies2b60a61
quic: fix several bugs in flow control accounting73d82ef
quic: handle DATA_BLOCKED frames5d5a036
quic: handle streams moving from the data queue to the meta queue350aad2
quic: correctly extend peer's flow control window after MAX_DATA21814e7
quic: validate connection id transport parametersa600b35
quic: avoid redundant MAX_DATA updatesea63359
http2: check stream body is present on read timeoutddd8598
quic: version negotiationUpdates
google.golang.org/grpc
from 1.56.2 to 1.56.3Release notes
Sourced from google.golang.org/grpc's releases.
Commits
1055b48
Update version.go to 1.56.3 (#6713)5efd7bd
server: prohibit more than MaxConcurrentStreams handlers from running at once...bd1f038
Upgrade version.go to 1.56.3-dev (#6434)Updates
google.golang.org/protobuf
from 1.30.0 to 1.33.0Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show