search

zxramozx / proof-of-reserves

Codes and Audits Proof of Gate.io holding full reserves of Users' assets.
https://zxramozx.github.io/proof-of-reserves/
GNU General Public License v3.0
1 stars 0 forks source link

Bump the go_modules group across 1 directory with 5 updates #1

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 4 months ago

Bumps the go_modules group with 3 updates in the / directory: github.com/ethereum/go-ethereum, google.golang.org/grpc and google.golang.org/protobuf.

Updates github.com/ethereum/go-ethereum from 1.12.0 to 1.13.5

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Carbonaceous (v1.13.5)

Geth v1.13.5 is a scheduled maintenance release fixing a potential data corruption in path scheme which could occur due to a power failure (i.e. entire OS / machine crash).

  • Extend ethclient and the simulated backend to allow eth_call against specific block hashes (#28084).
  • Downgrade annoying stale transaction propagation logs from warning to debug (#28364).
  • Switch to the new KZG trusted setup parameters (#28383).
  • Return an error on GraphQL if querying invalid block ranges (#28393, #28412).
  • Start publishing Apple Silicon pre-built binaries (#28474, #28475).

And bugfixes:

  • Fix a number of corner-cases in path scheme state management (#28198, #28426, #28483).
  • Fix an issue when allocating excessively large Pebble caches (#28444).
  • Fix a potential snap sync issue with the path based storage (#28327).
  • Fix ethclient to properly forwarding explicit 1559 gas caps (#28462).
  • Fix gas estimation for 0 priced txs accessing the basefee (#28470).
  • Fix an issue where resubscribing to events would hang (#28359).
  • Fix ethstats transaction count report regressiob (#28398).
  • Fix negative number encoding in ethclient/rpc (#28358).
  • Fix GraphQL content type in the response (#28417).

For a full rundown of the changes please consult the Geth 1.13.5 release milestone.

As with all our previous releases, you can find the:

Archanes (v1.13.4)

Geth v1.13.4 is a non-urgent hotfix release. The previous version of Geth (v1.13.3) introduced a warning log for bad transaction announcements, and on mainnet it generated too much logging noise due to a protocol violation in Erigon. To prevent overwhelming logging systems, Geth v1.13.4 lower the log to a more reasonable level until the bug in Erigon is fixed #28356.

Apart from the above reason, the release contains:

  • Fix a snap sync corner-case that could cause a hang by a maliciously constructed contract storage (#28306).
  • Update various dependencies to unstick versions of Go libs (#28329, #28333, #28334, #28332, #28336).
  • Enable Pebble database support on 32bit platforms and on OpenBSD too (#28335).
  • Fix returning the correct code hash for eth_getProof with empty storage (#28357).
  • Simplify trie range prover for some upcoming snap sync optimisations (#28311).
  • Fix a timeout mechanism in the transaction fetcher (#28220).

For a full rundown of the changes please consult the Geth 1.13.4 release milestone.

As with all our previous releases, you can find the:

... (truncated)

Commits
  • 916d6a4 params: release Geth v1.15.5
  • f265cc2 cmd/geth: remove some whitespace in code and comments (#28148)
  • 49b2c5f build: upgrade -dlgo version to Go 1.21.4 (#28505)
  • ce5a480 ethclient: add empty/nonexist account testcase for eth_getProof RPC (#28482)
  • 2f4833b cmd/evm: allow state dump regardless if test passes in statetest (#28484)
  • 326fa00 core/rawdb: fsync the index file after each freezer write (#28483)
  • e38b9f1 eth/filters: exit early if topics-filter has more than 4 topics (#28494)
  • f7dde2a ethdb/pebble: add Errorf function to panicLogger (#28491)
  • b77a9b1 cmd/geth: more testcases for logging (#28501)
  • 7ea860d graphql: type of yParity from Long to BigInt (#28456)
  • Additional commits viewable in compare view


Updates golang.org/x/crypto from 0.4.0 to 0.14.0

Commits
  • e3cc52e go.mod: update golang.org/x dependencies
  • 833695f ssh: add server side support for ping@openssh.com protocol extension
  • ec07f4e chacha20: drop Go 1.10 compatibility for arm64
  • b665ba6 all: use crypto/ed25519 instead of golang.org/x/crypto/ed25519
  • a1aeb9b ssh: add test cases for compatibility with old (buggy) clients
  • 28c53ff ssh: add MultiAlgorithmSigner
  • 3f0842a sha3: have ShakeHash extend hash.Hash
  • e90f1e1 cryptobyte: add uint48 methods
  • d359caa ssh: support for marshaling keys using the OpenSSH format
  • c5370d2 ssh: check the declared public key algo against decoded one
  • Additional commits viewable in compare view


Updates golang.org/x/net from 0.9.0 to 0.17.0

Commits
  • b225e7c http2: limit maximum handler goroutines to MaxConcurrentStreams
  • 88194ad go.mod: update golang.org/x dependencies
  • 2b60a61 quic: fix several bugs in flow control accounting
  • 73d82ef quic: handle DATA_BLOCKED frames
  • 5d5a036 quic: handle streams moving from the data queue to the meta queue
  • 350aad2 quic: correctly extend peer's flow control window after MAX_DATA
  • 21814e7 quic: validate connection id transport parameters
  • a600b35 quic: avoid redundant MAX_DATA updates
  • ea63359 http2: check stream body is present on read timeout
  • ddd8598 quic: version negotiation
  • Additional commits viewable in compare view


Updates google.golang.org/grpc from 1.56.2 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

  • server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

    In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Commits


Updates google.golang.org/protobuf from 1.30.0 to 1.33.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/zxramozx/proof-of-reserves/network/alerts).
dependabot[bot] commented 2 months ago

Superseded by #6.