build(deps): Bump github.com/tendermint/tm-db from 0.6.6 to 0.6.7 #3

dependabot · 2022-12-22T21:25:23Z

Bumps github.com/tendermint/tm-db from 0.6.6 to 0.6.7.

Release notes

Sourced from github.com/tendermint/tm-db's releases.

Release v0.6.7

https://github.com/tendermint/tm-db/blob/v0.6.7/CHANGELOG.md

Changelog

Sourced from github.com/tendermint/tm-db's changelog.

0.6.7

2022-2-21

Use cosmos/rocksdb instead of techbot/rocksdb

Add ForceCopmact to goleveldb database

Commits

e09e4d6 add changelog entry (#220)
1cf56ef Update rocksdb.go (#218)
9ea19a1 goleveldb: ForceCompact (#216)
ce3673b cosmos/gorocksdb in the imports (#214)
a45e570 build(deps): bump google.golang.org/grpc from 1.43.0 to 1.44.0 (#215)
614e8b1 build(deps): bump google.golang.org/grpc from 1.42.0 to 1.43.0 (#209)
06fdc12 Update to go 1.17 (#208)
4fa83b5 Update gorocksdb replace directive to use cosmos fork (#207)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI pa 8000 sses on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/tendermint/tm-db](https://github.com/tendermint/tm-db) from 0.6.6 to 0.6.7. - [Release notes](https://github.com/tendermint/tm-db/releases) - [Changelog](https://github.com/tendermint/tm-db/blob/master/CHANGELOG.md) - [Commits](tendermint/tm-db@v0.6.6...v0.6.7) --- updated-dependencies: - dependency-name: github.com/tendermint/tm-db dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2022-12-22T21:25:24Z

The following labels could not be found: T:dependencies, S:automerge.

dependabot · 2022-12-22T22:08:42Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

…l-block-proto perf(internal/blocksync): avoid double-calling `types.BlockFromProto`…

This is effectively a copy of the fully unsynchronized local client found in tendermint/tendermint#9660. Note that this was reverted and replaced by a version that has a mutex per instance of the client in tendermint/tendermint#9830. This change can be removed once a fully unsynchronized client is added back.

perf: Make mempool update async from block.Commit (backport cometbft#3008)

due to sec vuln Vulnerability #1: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: net/http@go1.23.1 Fixed in: net/http@go1.23.5 Example traces found: Error: #1: rpc/jsonrpc/client/http_json_client.go:231:34: client.Client.Call calls http.Client.Do Error: #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls cobra.Command.Execute, which eventually calls http.Client.Get Error: #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile calls http.Get Vulnerability #2: GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: crypto/x509@go1.23.1 Fixed in: crypto/x509@go1.23.5 Example traces found: Error: #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20: model.DB.Close calls badger.DB.Close, which eventually calls x509.CertPool.AppendCertsFromPEM Error: #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify Error: #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial calls websocket.Dialer.Dial, which eventually calls x509.Certificate.VerifyHostname Error: #4: light/errors.go:483:84: light.errBadWitness.Error calls x509.HostnameError.Error Error: #5: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseCertificate Error: #6: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseECPrivateKey Error: #7: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS1PrivateKey Error: #8: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS8PrivateKey

due to sec vuln Vulnerability #1: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: net/http@go1.23.1 Fixed in: net/http@go1.23.5 Example traces found: Error: #1: rpc/jsonrpc/client/http_json_client.go:231:34: client.Client.Call calls http.Client.Do Error: #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls cobra.Command.Execute, which eventually calls http.Client.Get Error: #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile calls http.Get Vulnerability #2: GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: crypto/x509@go1.23.1 Fixed in: crypto/x509@go1.23.5 Example traces found: Error: #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20: model.DB.Close calls badger.DB.Close, which eventually calls x509.CertPool.AppendCertsFromPEM Error: #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify Error: #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial calls websocket.Dialer.Dial, which eventually calls x509.Certificate.VerifyHostname Error: #4: light/errors.go:483:84: light.errBadWitness.Error calls x509.HostnameError.Error Error: #5: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseCertificate Error: #6: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseECPrivateKey Error: #7: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS1PrivateKey Error: #8: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS8PrivateKey (cherry picked from commit e4cbca8) # Conflicts: # .golangci.yml

due to sec vuln Vulnerability #1: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: net/http@go1.23.1 Fixed in: net/http@go1.23.5 Example traces found: Error: #1: rpc/jsonrpc/client/http_json_client.go:231:34: client.Client.Call calls http.Client.Do Error: #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls cobra.Command.Execute, which eventually calls http.Client.Get Error: #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile calls http.Get Vulnerability #2: GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: crypto/x509@go1.23.1 Fixed in: crypto/x509@go1.23.5 Example traces found: Error: #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20: model.DB.Close calls badger.DB.Close, which eventually calls x509.CertPool.AppendCertsFromPEM Error: #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify Error: #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial calls websocket.Dialer.Dial, which eventually calls x509.Certificate.VerifyHostname Error: #4: light/errors.go:483:84: light.errBadWitness.Error calls x509.HostnameError.Error Error: #5: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseCertificate Error: #6: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseECPrivateKey Error: #7: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS1PrivateKey Error: #8: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS8PrivateKey <hr>This is an automatic backport of pull request #4888 done by [Mergify](https://mergify.com). --------- Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

dependabot bot requested a review from ebuchman as a code owner December 22, 2022 21:25

thanethomson closed this Dec 22, 2022

dependabot bot deleted the dependabot/go_modules/main/github.com/tendermint/tm-db-0.6.7 branch December 22, 2022 22:08

melekes mentioned this pull request Nov 12, 2023

About some block time in config.toml will affect the selection of block producer? #1586

Closed

faddat pushed a commit to faddat/cometbft that referenced this pull request Feb 25, 2024

Merge pull request cometbft#3 from osmosis-labs/adam/avoid-double-cal…

2629de9

…l-block-proto perf(internal/blocksync): avoid double-calling `types.BlockFromProto`…

faddat pushed a commit to faddat/cometbft that referenced this pull request Feb 25, 2024

Merge pull request cometbft#3 from osmosis-labs/adam/avoid-double-cal…

57e011d

…l-block-proto perf(internal/blocksync): avoid double-calling `types.BlockFromProto`…

ValarDragon mentioned this pull request May 28, 2024

Don't re-use the internal message queue in block proposal #3130

Open

ValarDragon mentioned this pull request Jun 6, 2024

Make reactor.onReceive not block unmarshalling more packets from peer #3199

Open

sergio-mena mentioned this pull request Jun 10, 2024

fix(e2e): reproduction an fixing of missing evidence in e2e nightlies #3234

Merged

2 tasks

hvanz added a commit that referenced this pull request Jun 24, 2024

address reviewer comments #3

170d3d7

yihuang added a commit to yihuang/cometbft that referenced this pull request Nov 1, 2024

Merge pull request cometbft#3 from yihuang/backport-async-mempool-update

05dc302

perf: Make mempool update async from block.Commit (backport cometbft#3008)

melekes mentioned this pull request Jan 28, 2025

chore(deps): bump Go version to 1.23.5 #4888

Merged

mergify bot mentioned this pull request Jan 30, 2025

chore(deps): bump Go version to 1.23.5 (backport #4888) #4890

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): Bump github.com/tendermint/tm-db from 0.6.6 to 0.6.7 #3

build(deps): Bump github.com/tendermint/tm-db from 0.6.6 to 0.6.7 #3

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

build(deps): Bump github.com/tendermint/tm-db from 0.6.6 to 0.6.7 #3

build(deps): Bump github.com/tendermint/tm-db from 0.6.6 to 0.6.7 #3

Uh oh!

Conversation

Release v0.6.7

0.6.7

Uh oh!

Uh oh!

Uh oh!

Uh oh!