Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update module github.com/ethereum/go-ethereum to v1.13.15 [security] #2573

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 6, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/ethereum/go-ethereum v1.11.6 -> v1.13.15 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-32972

Impact

A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node.

More in-depth details will be released at a later time.

Patches

The fix has been included in geth version 1.13.15 and onwards.

Workarounds

No workarounds have been made public.

References

No more information is released at this time.

Credit

This issue was disclosed responsibly by DongHan Kim via the Ethereum bug bounty program. Thank you for your cooperation.


Release Notes

ethereum/go-ethereum (github.com/ethereum/go-ethereum)

v1.13.15: Ontamalca (v1.13.15)

Compare Source

Geth v1.13.15 is a maintenance-release that contains some fixes mainly to avoid snapsync-related data-corruption.

We recommend all users to upgrade to v1.13.15 as soon as possible.


As with all our previous releases, you can find the:

v1.13.14: Altaaya (v1.13.14)

Compare Source

Geth v1.13.14 is a small maintenance release with a handful of polishes to the blob pool:

  • Disallow blob transactions below the protocol minimum of 1 wei to enter the pool (#​29081).
  • Reduce the blob pool's max capacity to 2.5GB for the rollout. (#​29090).
  • Fix gas estimation for blob transactions (#​29085).

This release is NOT critical for the Cancun fork, but recommended to make Geth lighter in anticipation to unknown blob load.

Other fixes:

  • Support overriding the basefee during tracing (#​29051).
  • Fix call tracers missing top level logs in top-only mode (#​29068).
  • Support unlimited gas for eth_createAccessList if --gascap=0 (#​28846).

For a full rundown of the changes please consult the Geth 1.13.14 release milestone.


As with all our previous releases, you can find the:

v1.13.13: Alsages (v1.13.13)

Compare Source

This is a minor release with fixes for several issues related to the upcoming Cancun mainnet fork. As such, it is recommended for all mainnet users.

Changes in this release:

  • Block-building performance with blob transactions has been improved a lot. (#​29026, #​29008, #​29005)
  • A corner case in the EVM related to out-of-order fork scheduling has been fixed. (#​29023)
  • eth_fillTransaction has seen some bug fixes related to blob transactions as well. (#​28929, #​29037)
  • A rare panic in the ethstats client related to chain reorgs is resolved. (#​29020)
  • The blobpool database will now recover from disk corruption faults instead of crashing geth on startup. (#​29001)
  • Geth now implements getClientVersionV1 on the Engine API endpoint. (#​28915, #​28994)

Go API changes:

  • ethereum.CallMsg now contains EIP-4844 related fields (#​28989)
  • core.GenesisAlloc is now available from package core/types. We hope this change will reduce external dependencies on package core. (#​29003)

For a full rundown of the changes please consult the Geth 1.13.13 release milestone.


As with all our previous releases, you can find the:

v1.13.12: Edolus (v1.13.12)

Compare Source

This release embeds the mainnet fork number for Cancun, scheduled to go live on 13th March, 2024 (unix 1710338135). The specification can be read here, and it contains the following changes:

To go along Cancun, we're providing refreshed Grafana dashboards:

Other than that, the following assorted fixes and features are included in this release:

  • Initial implementation of the era format. The era format is meant to provide a cross-client archive format
    for block data (#​26621, #​28959)
  • Make rpc request limits configurable (#​28948)
  • Fix memory-leak with blob transactions (#​28917)
  • Stricter adherence to engine api spec (#​28882)
  • Fix enforcement of minimum miner tip (#​28933)

For a full rundown of the changes please consult the Geth 1.13.12 release milestone.


As with all our previous releases, you can find the:

v1.13.11: Tremanre (v1.13.11)

Compare Source

This release fixes a few bugs and enables the Cancun upgrade for the Sepolia and Holesky networks; Sepolia will upgrade on Jan 31, and Holesky on Feb 7, and naturally this is a required upgrade if you intend to follow either chain.

  • Enable Cancun on Sepolia and Holesky, plus Cancun-related changes (#​28834, #​28246, #​28230, #​28827)
  • Support EIP-4844 transactions in API-methods (#​28786)
  • Change how transaction indexing operates. As of 1.13.11, the behaviour of eth_syncing is slightly changed, so that it now
    does reports true until transaction indexing is finished. (#​28703)
  • rlpdump: add -pos flag for displaying byte positions (#​28785)
  • Fixes logging configuration (#​28801)

For a full rundown of the changes please consult the Geth 1.13.11 release milestone.


As with all our previous releases, you can find the:

v1.13.10: Sharjila B (v1.13.10)

Compare Source

This release is equivalent to v1.13.9, just contains a version bump. The reason is that a bad commit was tagged on 1.13.9 originally and whilst it was untagged and fixed, some caches (Go's package manager (go mod)) managed to store the temporary bad version. As there is no way for us to flush the bad version out, it's cleaner to tag a next version instead. Apologies about the mess.


This release fixes a few issues and enables the Cancun upgrade for the Goerli network at block timestamp 1705473 (#​28719) which is 6:32:am 17. Jan. 2024 UTC.

⚠️ If you are running Goerli, this is a required update!

Apart from the Goerli configuration update, we have a few other changes.

  • The 'simulated backend' in package accounts/abi/backends was rewritten. The improved version is available from the new package ethclient/simulated. A backwards-compatibility wrapper remains in the old location. (#​28202)
  • Fix ABI-encoding of negative big.Int in topics (#​28764)
  • In JSON logging output, the "error" level is now correctly emitted as "error". (#​28774, #​28780)
  • Fixed an issue with configuration of stdlib package log for consumers of the geth library (#​28747)
  • geth removedb can now be run non-interactively (#​28725)
  • We're building a package for ubuntu 23.10: mantic minotaur now (#​28728)
Testing
  • Add currentExcessBlobGas to the state tests for better coverage of state tests (#​28735)
  • Fixed an issue in t8n regarding blob gas usage (#​28735)

For a full rundown of the changes please consult the Geth 1.13.9 release milestone.


As with all our previous releases, you can find the:

v1.13.9: Sharjila (v1.13.9)

Compare Source

This release fixes a few issues and enables the Cancun upgrade for the Goerli network at block timestamp 1705473 (#​28719) which is 6:32:am 17. Jan. 2024 UTC.

⚠️ If you are running Goerli, this is a required update!

Apart from the Goerli configuration update, we have a few other changes.

  • The 'simulated backend' in package accounts/abi/backends was rewritten. The improved version is available from the new package ethclient/simulated. A backwards-compatibility wrapper remains in the old location. (#​28202)
  • Fix ABI-encoding of negative big.Int in topics (#​28764)
  • In JSON logging output, the "error" level is now correctly emitted as "error". (#​28774, #​28780)
  • Fixed an issue with configuration of stdlib package log for consumers of the geth library (#​28747)
  • geth removedb can now be run non-interactively (#​28725)
  • We're building a package for ubuntu 23.10: mantic minotaur now (#​28728)
Testing
  • Add currentExcessBlobGas to the state tests for better coverage of state tests (#​28735)
  • Fixed an issue in t8n regarding blob gas usage (#​28735)

For a full rundown of the changes please consult the Geth 1.13.9 release milestone.


As with all our previous releases, you can find the:

v1.13.8: Patavig (v1.13.8)

Compare Source

This is a hotfix release for a regression which affects v1.13.6 and v1.13.7: if the node is shut down during sync, the node will refuse to start, with the error message Fatal: Failed to register the Ethereum service: waiting for sync (#​28718, #​28724).

Please also see the release notes for v1.13.6 and v1.13.7

For a full rundown of the changes please consult the Geth 1.13.8 release milestone.


As with all our previous releases, you can find the:

v1.13.7: Fargeluse (v1.13.7)

Compare Source

We're issuing this release to fix an issue with our build pipeline. There are also some other changes:

  • The eth_sendTransaction RPC method now behaves more correctly for low-fee transactions. (#​27834)
  • We have upgraded the golang.org/x/crypto module dependency. The Go team has issued a new version to fix a vulnerability in the ssh package. While we do not use this package, we have upgraded the dependency in order to stop dependabot warnings. (#​28702)

For a full rundown of the changes please consult the Geth 1.13.7 release milestone.


As with all our previous releases, you can find the:

v1.13.6: Porolan (v1.13.6)

Compare Source

Geth v1.13.6 is a scheduled maintenance release, but it also contains some changes which might affect node operators, concerning logging.

Gas estimation changes

The gas estimator was heavily reworked (#​28600, #​28618). The new version runs quite a bit faster (normally completing in 7-8 attempts rather than 18-20). However, the results have an error ratio of 1.5%, and the estimation outcome won't always be deterministic.

Logging changes

In the absence of an 'official' Go logging framework, go-ethereum has, for a very long time, used a custom in-house logger. However, just such an 'official' Go logging framework has now arrived, with the slog package.

As of v1.13.6 , geth now uses slog, which will affect Geth users in different ways.

Main changes are as follows:

  • Verbosity level constants are changed to match slog constant values. Internal translation is done to make this opaque to the user and backwards compatible with existing --verbosity and --vmodule options.
  • --log.backtraceat and --log.debug are removed.
  • Removes interface log.Format and the method log.FormatFunc,
  • Unexports TerminalHandler.TerminalFormat formatting methods (renamed to TerminalHandler.format)
  • Removes the notion of log.Lazy values

The external-facing API is largely the same as the existing Geth logger. Method signatures remain unchanged. A small semantic difference is that a Handler can only be set once per Logger and not changed dynamically. This just means that a new logger must be instantiated every time the handler of the root logger is changed.

For users of the github.com/ethereum/go-ethereum/log package: If you were using this package for your own project, you will need to change the initialization. If you previously did

    log.Root().SetHandler(log.LvlFilterHandler(log.LvlInfo, log.StreamHandler(os.Stderr, log.TerminalFormat(true))))

You now instead need to do

    log.SetDefault(log.NewLogger(log.NewTerminalHandlerWithLevel(os.Stderr, log.LevelInfo, true)))

The lazy handler was useful in the old log package, since it could defer the evaluation of costly attributes until later in the log pipeline. Thus, if the logging was done at 'Trace', we could skip evaluation if logging only was set to 'Info'. With the move to slog, this way of deferring evaluation is no longer needed, since slog introduced 'Enabled'. Thus the caller can do the evaluate-or-not decision at the callsite, which is much more straight-forward than dealing with lazy reflect-based evaluation.

See more about reasoning here: https://github.com/ethereum/go-ethereum/issues/28558#issuecomment-1820606613

More detailed information can be found in the PRs #​28187, #​28621, #​28622 )

Other changes
  • Fixes a database corruption issue that could occur during state healing (#​28595)
  • Fixes an issue where node liveness was not always verified correctly in discv5 (#​28686)
  • Fix so state-dump can be performed after test execution (#​28650, #​28504)
  • Fix a ns/µs mismatch in metrics for rpc-methods (#​28649)
  • Fix a bug with wrong priority for HTTPHost, WSHost flags (#​28669)
  • Fix type inconsistencies in tracer framework (#​28488)
  • Add contextual information to errors returned by abi unpack (#​28529)
  • Make evm t8n support custom tracers (#​28557)

For a full rundown of the changes please consult the Geth 1.13.6 release milestone.


As with all our previous releases, you can find the:

v1.13.5: Carbonaceous (v1.13.5)

Compare Source

Geth v1.13.5 is a scheduled maintenance release fixing a potential data corruption in path scheme which could occur due to a power failure (i.e. entire OS / machine crash).

  • Extend ethclient and the simulated backend to allow eth_call against specific block hashes (#​28084).
  • Downgrade annoying stale transaction propagation logs from warning to debug (#​28364).
  • Switch to the new KZG trusted setup parameters (#​28383).
  • Return an error on GraphQL if querying invalid block ranges (#​28393, #​28412).
  • Start publishing Apple Silicon pre-built binaries (#​28474, #​28475).

And bugfixes:

  • Fix a number of corner-cases in path scheme state management (#​28198, #​28426, #​28483).
  • Fix an issue when allocating excessively large Pebble caches (#​28444).
  • Fix a potential snap sync issue with the path based storage (#​28327).
  • Fix ethclient to properly forwarding explicit 1559 gas caps (#​28462).
  • Fix gas estimation for 0 priced txs accessing the basefee (#​28470).
  • Fix an issue where resubscribing to events would hang (#​28359).
  • Fix ethstats transaction count report regressiob (#​28398).
  • Fix negative number encoding in ethclient/rpc (#​28358).
  • Fix GraphQL content type in the response (#​28417).

For a full rundown of the changes please consult the Geth 1.13.5 release milestone.


As with all our previous releases, you can find the:

v1.13.4: Archanes (v1.13.4)

Compare Source

Geth v1.13.4 is a non-urgent hotfix release. The previous version of Geth (v1.13.3) introduced a warning log for bad transaction announcements, and on mainnet it generated too much logging noise due to a protocol violation in Erigon. To prevent overwhelming logging systems, Geth v1.13.4 lower the log to a more reasonable level until the bug in Erigon is fixed #​28356.

Apart from the above reason, the release contains:

  • Fix a snap sync corner-case that could cause a hang by a maliciously constructed contract storage (#​28306).
  • Update various dependencies to unstick versions of Go libs (#​28329, #​28333, #​28334, #​28332, #​28336).
  • Enable Pebble database support on 32bit platforms and on OpenBSD too (#​28335).
  • Fix returning the correct code hash for eth_getProof with empty storage (#​28357).
  • Simplify trie range prover for some upcoming snap sync optimisations (#​28311).
  • Fix a timeout mechanism in the transaction fetcher (#​28220).

For a full rundown of the changes please consult the Geth 1.13.4 release milestone.


As with all our previous releases, you can find the:

v1.13.3: Armeni (v1.13.3)

Compare Source

Geth v1.13.3 is a scheduled maintenance release with various small additions and an important Pebble database fix.

  • Update Pebble to fix an occasional IO and CPU runaway, adding some debugging capabilities too (#​28224, #​28070).
  • Support full syncing to a specific hash without a beacon client via a --synctarget (#​28209).
  • Allow configuring websocket message limits via the Go RPC client (#​27801).
  • Drop support for eth/66 (Cancun will require eth/68 anyway) (#​28239).
  • Lower snap missing eth protocol warning to debug level (#​28249).
  • Enforce transaction metadata announcements in eth/68 (#​28261).

Features related to the Cancun hardfork:

  • Implement the BLOBFEE opcode for the upcoming Cancun hard fork (#​28098).
  • Enable blob transaction propagation and mining in Cancun networks (#​28243).
  • Start throttling transaction retrievals to prepare for blobs in Cancun (#​28304).

For a full rundown of the changes please consult the Geth 1.13.3 release milestone.


As with all our previous releases, you can find the:

v1.13.2: Phaistos (v1.13.2)

Compare Source

Geth v1.13.2 is a bugfix release for the 1.13 family as well as contains the Holesky testnet relaunch.

Note, if you have previously ran Geth with the old Holesky testnet configs, the new version will probably fail to start with a genesis hash mismatch error. You will need to manually delete your holesky/chaindata folder and restart. Geth did not implement special code for cleaning up the failed launch of the testnet.

  • Fix various pathdb corruption corner-cases during snap sync node restart (#​28171, #​28163).
  • Reconfigure the Holesky testnet with an updated genesis (#​28191, #​28192, #​28193).
  • Remove the rollback mechanism from snap sync, unneeded post-merge (#​28147).
  • Make the block parameter in eth_call optional, defaulting to latest (#​28165).
  • Forget transactions previously marked underpriced after 5 minutes (#​28097).
  • Fix JSON marshalling issue from ethclient retrieving block receipts (#​28087).
  • Fix --bootnodes flag if the list is also configured in the toml file (#​28095).

For a full rundown of the changes please consult the Geth 1.13.2 release milestone.


As with all our previous releases, you can find the:

v1.13.1: Zakros (v1.13.1)

Compare Source

Geth v1.13.1 is a hotfix release for v1.13.0.

It fixes the following issues:

  • Fix the active fork detection on the engine API, causing the signer to create invalid blocks (#​28135).
  • Fix a db corruption in path scheme caused by a weirdly restarted snap sync (#​28124, #​28126).
  • Fix geth db inspect command running against old hash scheme databases (#​28108).
  • Fix an effective gas price calculation regression on the RPC APIs (#​28130).

Apart from the fixes, v1.13.1 introduces support for configuring Geth via environmental variables (#​28103, #​28119)!

For a full rundown of the changes please consult the Geth 1.13.1 release milestone.


As with all our previous releases, you can find the:

v1.13.0: Therum (v1.13.0)

Compare Source

Geth v1.13.0 is a major milestone in the lifetime of Geth, bits and bobs being in development for around 6 years now. Since a release note cannot do it justice, please see our Geth v1.13.0 release blog post.

Still, just to quickly recap, Geth v1.13.0 finally ships a new database model which supports proper, full pruning of historical states; meaning you will never need to take your node offline again to resync or to manually prune. The new database model is optional for now (you need to enable it via --state.scheme=path) and does require resyncing the state, since we need to store it completely different (you can keep your ancients, no need to resync the chain too).

The path database will become the default eventually, but for safety reasons, we're keeping it opt-in for the moment. The old database model is not going away soon, though long term - unless there's something fundamentally wrong with the path db - it will. As for archive node users, we're working on a new model there too, but it does need a bit more work on top, so that's for another release.

The all important disclaimer: Geth's new path-based storage is considered stable and production ready, but was obviously not battle tested yet outside of the team. Everyone is welcome to use it, but if you have significant risks if your node crashes or goes out of consensus, you might want to wait a bit to see if anyone with a lower risk profile hits any issues.


Apart from the pruning work, the release contains:

  • Built in support for the Holešky (Holešovice) testnet (#​28007).
  • Index transactions even if no blocks are received (#​27847).
  • Expose Geth version metadata into the metrics (#​24877).
  • Optimise eth_estimateGas to do fewer runs (#​27710).
  • Add eth_getBlockReceipts RPC API call (#​27702).
  • Support unpacking Solidity panic events (#​27868).
  • Reject GraphQL block queries where both number and hash is specified (#​27876).
  • Increase batch limits for RPC calls on the authenticated endpoint (#​27924).
  • Optimise logging library to avoid expensive call stack lookups (#​28069).

And bugfixes:

  • Fix forkid computation for genesis-merged non-zero timestamp networks (#​27895, #​28034).
  • Fix a potential data race in the websocket ping/pong mechanism (#​27733).
  • Fix js tracers to return the gas price in base 16, not base 10 (#​27903).
  • Fix finalized block number in dev (--dev) mode (#​27886).

For a full rundown of the changes please consult the Geth 1.13.0 release milestone, though do note that the state scheme changes and pruner have been gradually merged over the past year so are not explicitly tagged in this milestone.


As with all our previous releases, you can find the:

v1.12.2: Mawinor (v1.12.2)

Compare Source

Hot on the heels of v1.12.1 comes our next release, fixing some regressions reported by the community.

Here are the changes:

  • A crash related to leveldb metrics is resolved (#​27904)
  • Metrics names used by the blobpool have been changed to be compatible with Prometheus (#​27901)
  • The c-kzg-4844 and blst libraries have been updated, hopefully fixing some build issues (#​27890, #​27907, #​27910)
  • We have also adapted go-ethereum to the latest changes in the 'slices' package provided by the golang.org/x/exp module. The Go authors decided to push an incompatible update, but didn't create a new release of that module, causing build issues when consumers mix-and-match dependency versions. (#​27909)

For a full rundown of the changes please consult the Geth 1.12.2 release milestone.


As with all our previous releases, you can find the:

v1.12.1: Antibaar (v1.12.1)

Compare Source

Geth v1.12.1 is a maintenance release, albeit a rather large one, since we haven't put out a version since May.
This release is a recommended upgrade for all users and contains security-related fixes.

Here's the list of changes:

Cancun fork

Development for the upcoming Cancun hard fork has been a focus in this release cycle. Do note however, that Geth v1.12.1 is not yet ready for Cancun.

Geth command changes
  • The Rinkeby testnet is no longer supported in Geth (#​27406)
  • geth --dev now simulates a PoS-based chain (#​27327)
  • evm blocktest can now output structured logs (#​27396)
  • Geth will now configure GOMAXPROCS based on CPU quota settings. This should improve efficiency when running in Docker containers with a CPU core limit applied. (#​27506, #​27814)
  • An IPv6 listening address for can now be configured for HTTP/WS (#​27628) (#​27635)
RPC/GraphQL API changes
  • JSON transactions now have a yParity fields, as mandated by the RPC API spec (#​27744, #​27882)
  • Legacy transactions now have a chainID field in RPC responses, like all other transaction types (#​27452)
  • Block headers returned by RPC no longer report a non-standard size field (#​27347)
  • eth_estimateGas now supports state overrides like eth_call (#​27845)
  • eth_estimateGas now handles internal chain reorgs more correctly (#​27505)
  • eth_getProof is slight more efficient, and will now return a response in the canonical encoding even for off-spec input parameters (#​27309, #​27310)
  • eth_getTransactionReceipt now returns null when the transaction is not available. It used return an error in that case. (#​27712)
  • debug_storageRangeAt now takes a block hash or number as parameter (#​27328)
  • The new debug_getTrieFlushInterval method reports the internal state saving interval (#​27303)
  • A crash in the prestate tracer is resolved (#​27691)
  • Structured EVM logs returned by tracing now contain the returnData (#​27704)
  • GraphQL now supports withdrawals (EIP-4895) (#​27072)
Go library changes
  • The RPC server now enforces limits on batch requests and responses. This is a potentially breaking change.
    If you use batch requests with geth, and also use the go-ethereum RPC client library, we strongly recommend updating your go-ethereum library dependency as well. The new client version handles invalid batch responses way better than before. (#​26681)
  • The RPC client has multiple new ways to test whether the transport supports real time subscriptions (#​25942)
  • fsync is now enabled for pebble database writes (#​27615, #​27522)
  • Function calls timed by metrics will now run even if metrics are disabled (#​27724, #​27723)
  • Node.Attach no longer returns an error. This is a breaking Go API change. (#​27450)
  • The keystore has improved verification of keys loaded from disk (#​27432)
  • Per-level metrics are now available for LevelDB (#​27643)
Core
  • All block creation activity is now paused while the node is syncing (#​27218)
  • Two minor bugs in the transaction pool are resolved in this release (#​27404, #​27479)
  • Geth no longer uses a 'clean cache file' to persist internal caches across restarts. While persistent cache added a small performance boost right after startup, it could cause obscure issues in certain restart scenarios. (#​27525)
  • A large portion of the new Path-Based State Storage scheme has been implemented. While it isn't active yet, we are planning to make this new storage method available in the next release. (#​25963, #​27323, #​27349, #​27428, #​27687, #​27753, #​27815)
  • As part of testing the new storage scheme, some inconsistencies in selfdestruct handling were discovered by fuzz tests and had to be fixed (#​27376, #​27339)
  • We have also made significant progress on the integration of Verkle Trees, which required changes to internal state-handling APIs (#​27000, #​27209, #​27464, #​27476, #​27544, #​27853)
Networking
  • A serious memory leak related to database writes in snap sync is fixed in this release (#​27842)
  • Large transactions (> 4kB) are no longer broadcasted to peers. This resolves a potential network congestion issue (#​27618)
  • The p2p networking layer has learned to announce alternate ports returned by UPnP/NAT-PMP (#​26359)
  • The p2p server now properly tracks all peer goroutines (#​27887)
  • Networking initialization now really disables all discovery when --nodiscover is used (#​27518)
  • Obsolete parts of the LES protocol implementation, which is currently non-functional, have been removed (#​27737)
  • Discovery bootstrap nodes will now be filtered by the netrestrict setting, like all other nodes (#​27701)
  • We now provide additional metrics around p2p dialing, making it possible to measure the efficieny of peer discovery (#​27621)
  • The downloader no longer accumulates goroutines/memory while processing reorgs (#​27397)
  • A very rare crash related to peer connection tracking is resolved (#​27665)
  • It is now possible to configure certain discovery internals for experimentation (#​27387)
Build
  • This release is built with Go 1.20.7 (#​27835, #​27708)
  • On UNIX-like OSes, package rpc no longer uses cgo (#​27447)
  • Building go-ethereum no longer fails when .DS_Store files exist in unexpected locations (#​27521)
  • On macOS, a build warning related to libusb is resolved (#​27698)
  • An obscure build issue related to the NDEBUG C macro is resolved (#​27550)

For a full rundown of the changes please consult the Geth 1.12.1 release milestone.


As with all our previous releases, you can find the:

v1.12.0: Krogam DMZ (v1.12.0)

Compare Source

Geth v1.12.0 is a potentially breaking change, hence it was deemed to deserve version bump, to 1.12.

The v1.12 release family drops support for proof-of-work, and thus can not be used any more on PoW-based private chains, or as an upstream library for projects depending on ethash PoW (#​27178, #​27147).

In our GraphQL API, a breaking change is that all numeric values are now encoded as hex strings (#​26894). The internal GraphQL UI was updated to version 2.0. (#​27294).

Regarding our move from leveldb to pebble, Geth now defaults to use Pebble as a backend if no existing database is found (#​27136). If a previous LevelDB database exists Geth will keep using that, and if you must have LevelDB for some compatibility reasons, you can force it in Geth with the --db.engine=leveldb flag.

We have made progress on "EIP-4844: Shard Blob Transactions" ([#​27257](https://togithub.com/ethereum/go-e


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

…[security]

| datasource | package                         | from    | to       |
| ---------- | ------------------------------- | ------- | -------- |
| go         | github.com/ethereum/go-ethereum | v1.11.6 | v1.13.15 |


Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Copy link
Contributor

coderabbitai bot commented May 6, 2024

Important

Auto Review Skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link

codecov bot commented May 6, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 37.43022%. Comparing base (8e37ed7) to head (41d4ebb).
Report is 76 commits behind head on master.

Additional details and impacted files
@@                 Coverage Diff                 @@
##              master       #2573         +/-   ##
===================================================
+ Coverage   36.49294%   37.43022%   +0.93728%     
===================================================
  Files            131         136          +5     
  Lines          10265       10569        +304     
  Branches          83          83                 
===================================================
+ Hits            3746        3956        +210     
- Misses          6016        6095         +79     
- Partials         503         518         +15     
Flag Coverage Δ
git-changes-action 68.75000% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link

Deploying sanguine-fe with  Cloudflare Pages  Cloudflare Pages

Latest commit: 41d4ebb
Status: ✅  Deploy successful!
Preview URL: https://0f3becf6.sanguine-fe.pages.dev
Branch Preview URL: https://renovate-git-changes-action.sanguine-fe.pages.dev

View logs

Copy link

This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the Stale label May 22, 2024
@github-actions github-actions bot closed this May 27, 2024
Copy link
Contributor Author

renovate bot commented May 27, 2024

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (v1.13.15). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

@renovate renovate bot deleted the renovate/git-changes-action-go-github.aaakk.us.kg/ethereum/go-ethereum-vulnerability branch May 27, 2024 02:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant