Skip to content
This repository has been archived by the owner on Nov 30, 2021. It is now read-only.

build(deps): bump github.com/tendermint/tendermint from 0.33.7 to 0.33.9 #602

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 17, 2020

Bumps github.com/tendermint/tendermint from 0.33.7 to 0.33.9.

Release notes

Sourced from github.com/tendermint/tendermint's releases.

v0.33.9 (WARNING: ALPHA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.33/CHANGELOG.md#v0339

v0.33.8 (WARNING: ALPHA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.33/CHANGELOG.md#v0338

Changelog

Sourced from github.com/tendermint/tendermint's changelog.

v0.33.9

November 10, 2020

This release reduces the pings frequency for remote private validators and the number of GetPubKey requests. Fixes #5550.

Special thanks to external contributors on this release: @JoeKash, @joe-bowman

Friendly reminder, we have a bug bounty program.

IMPROVEMENTS:

  • [consensus] #5143 Only call privValidator.GetPubKey once per block (@melekes)

BUG FIXES:

  • [consensus] #4895 Cache the address of the validator to reduce querying a remote KMS (@joe-bowman)
  • [privval] #5638 Increase read/write timeout to 5s and calculate ping interval based on it (@JoeKash)

v0.33.8

August 11, 2020

Go security update

Go reported a security vulnerability that affected the encoding/binary package. The most recent binary for tendermint is using 1.14.6, for this reason the Tendermint engineering team has opted to conduct a release to aid users in using the correct version of Go. Read more about the security issue here.

Commits
  • 1baf670 use fmt.Sprint for string to int conversion
  • b59ecd6 bump version and update changelog
  • 24193dd privval: increase read/write timeout to 5s and calculate ping interval based ...
  • b1de0c2 consensus: only call privValidator.GetPubKey once per block (#5143)
  • 6e375c2 only retrieve pubkey once for all validators (partially fixes #4865) (#4895)
  • 1a8e42d changelog: rc0/33.8 (#5222)
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested review from fedekunze and noot as code owners November 17, 2020 10:06
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Nov 17, 2020
@fedekunze fedekunze merged commit ab951e2 into development Nov 17, 2020
@fedekunze fedekunze deleted the dependabot/go_modules/github.com/tendermint/tendermint-0.33.9 branch November 17, 2020 10:23
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant