fix(deps): update module github.com/ethereum/go-ethereum to v1.13.15 [security] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/ethereum/go-ethereum	v1.13.8 -> v1.13.15

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-32972

Impact

A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node.

More in-depth details will be released at a later time.

Patches

The fix has been included in geth version 1.13.15 and onwards.

Workarounds

No workarounds have been made public.

References

No more information is released at this time.

Credit

This issue was disclosed responsibly by DongHan Kim via the Ethereum bug bounty program. Thank you for your cooperation.

---

Release Notes

ethereum/go-ethereum (github.com/ethereum/go-ethereum)

v1.13.15: Ontamalca (v1.13.15)

Compare Source

Geth v1.13.15 is a maintenance-release that contains some fixes mainly to avoid snapsync-related data-corruption.

We recommend all users to upgrade to v1.13.15 as soon as possible.

---

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go.
• Ubuntu packages in our Launchpad PPA repository.
• OSX packages in our Homebrew Tap repository.

v1.13.14: Altaaya (v1.13.14)

Compare Source

Geth v1.13.14 is a small maintenance release with a handful of polishes to the blob pool:

• Disallow blob transactions below the protocol minimum of 1 wei to enter the pool (#​29081).
• Reduce the blob pool's max capacity to 2.5GB for the rollout. (#​29090).
• Fix gas estimation for blob transactions (#​29085).

This release is NOT critical for the Cancun fork, but recommended to make Geth lighter in anticipation to unknown blob load.

Other fixes:

• Support overriding the basefee during tracing (#​29051).
• Fix call tracers missing top level logs in top-only mode (#​29068).
• Support unlimited gas for eth_createAccessList if --gascap=0 (#​28846).

For a full rundown of the changes please consult the Geth 1.13.14 release milestone.

---

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go.
• Ubuntu packages in our Launchpad PPA repository.
• OSX packages in our Homebrew Tap repository.

v1.13.13: Alsages (v1.13.13)

Compare Source

This is a minor release with fixes for several issues related to the upcoming Cancun mainnet fork. As such, it is recommended for all mainnet users.

Changes in this release:

• Block-building performance with blob transactions has been improved a lot. (#​29026, #​29008, #​29005)
• A corner case in the EVM related to out-of-order fork scheduling has been fixed. (#​29023)
• eth_fillTransaction has seen some bug fixes related to blob transactions as well. (#​28929, #​29037)
• A rare panic in the ethstats client related to chain reorgs is resolved. (#​29020)
• The blobpool database will now recover from disk corruption faults instead of crashing geth on startup. (#​29001)
• Geth now implements getClientVersionV1 on the Engine API endpoint. (#​28915, #​28994)

Go API changes:

• ethereum.CallMsg now contains EIP-4844 related fields (#​28989)
• core.GenesisAlloc is now available from package core/types. We hope this change will reduce external dependencies on package core. (#​29003)

For a full rundown of the changes please consult the Geth 1.13.13 release milestone.

---

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go.
• Ubuntu packages in our Launchpad PPA repository.
• OSX packages in our Homebrew Tap repository.

v1.13.12: Edolus (v1.13.12)

Compare Source

This release embeds the mainnet fork number for Cancun, scheduled to go live on 13th March, 2024 (unix 1710338135). The specification can be read here, and it contains the following changes:

• EIP-1153: Transient storage opcodes
• EIP-4788: Beacon block root in the EVM
• EIP-4844: Shard Blob Transactions
• EIP-5656: MCOPY - Memory copying instruction
• EIP-6780: SELFDESTRUCT only in same transaction
• EIP-7516: BLOBBASEFEE opcode

To go along Cancun, we're providing refreshed Grafana dashboards:

• Geth Cancun InfluxDB Dashboard
• Geth Cancun Prometheus Dashboard

Other than that, the following assorted fixes and features are included in this release:

• Initial implementation of the era format. The era format is meant to provide a cross-client archive format
  for block data (#​26621, #​28959)
• Make rpc request limits configurable (#​28948)
• Fix memory-leak with blob transactions (#​28917)
• Stricter adherence to engine api spec (#​28882)
• Fix enforcement of minimum miner tip (#​28933)

For a full rundown of the changes please consult the Geth 1.13.12 release milestone.

---

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go.
• Ubuntu packages in our Launchpad PPA repository.
• OSX packages in our Homebrew Tap repository.

v1.13.11: Tremanre (v1.13.11)

Compare Source

This release fixes a few bugs and enables the Cancun upgrade for the Sepolia and Holesky networks; Sepolia will upgrade on Jan 31, and Holesky on Feb 7, and naturally this is a required upgrade if you intend to follow either chain.

• Enable Cancun on Sepolia and Holesky, plus Cancun-related changes (#​28834, #​28246, #​28230, #​28827)
• Support EIP-4844 transactions in API-methods (#​28786)
• Change how transaction indexing operates. As of 1.13.11, the behaviour of eth_syncing is slightly changed, so that it now
  does reports true until transaction indexing is finished. (#​28703)
• rlpdump: add -pos flag for displaying byte positions (#​28785)
• Fixes logging configuration (#​28801)

For a full rundown of the changes please consult the Geth 1.13.11 release milestone.

---

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go.
• Ubuntu packages in our Launchpad PPA repository.
• OSX packages in our Homebrew Tap repository.

v1.13.10: Sharjila B (v1.13.10)

Compare Source

This release is equivalent to v1.13.9, just contains a version bump. The reason is that a bad commit was tagged on 1.13.9 originally and whilst it was untagged and fixed, some caches (Go's package manager (go mod)) managed to store the temporary bad version. As there is no way for us to flush the bad version out, it's cleaner to tag a next version instead. Apologies about the mess.

---

This release fixes a few issues and enables the Cancun upgrade for the Goerli network at block timestamp 1705473 (#​28719) which is 6:32:am 17. Jan. 2024 UTC.

⚠️ If you are running Goerli, this is a required update!

Apart from the Goerli configuration update, we have a few other changes.

• The 'simulated backend' in package accounts/abi/backends was rewritten. The improved version is available from the new package ethclient/simulated. A backwards-compatibility wrapper remains in the old location. (#​28202)
• Fix ABI-encoding of negative big.Int in topics (#​28764)
• In JSON logging output, the "error" level is now correctly emitted as "error". (#​28774, #​28780)
• Fixed an issue with configuration of stdlib package log for consumers of the geth library (#​28747)
• geth removedb can now be run non-interactively (#​28725)
• We're building a package for ubuntu 23.10: mantic minotaur now (#​28728)

Testing

• Add currentExcessBlobGas to the state tests for better coverage of state tests (#​28735)
• Fixed an issue in t8n regarding blob gas usage (#​28735)

For a full rundown of the changes please consult the Geth 1.13.9 release milestone.

---

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go.
• Ubuntu packages in our Launchpad PPA repository.
• OSX packages in our Homebrew Tap repository.

v1.13.9: Sharjila (v1.13.9)

Compare Source

This release fixes a few issues and enables the Cancun upgrade for the Goerli network at block timestamp 1705473 (#​28719) which is 6:32:am 17. Jan. 2024 UTC.

⚠️ If you are running Goerli, this is a required update!

Apart from the Goerli configuration update, we have a few other changes.

• The 'simulated backend' in package accounts/abi/backends was rewritten. The improved version is available from the new package ethclient/simulated. A backwards-compatibility wrapper remains in the old location. (#​28202)
• Fix ABI-encoding of negative big.Int in topics (#​28764)
• In JSON logging output, the "error" level is now correctly emitted as "error". (#​28774, #​28780)
• Fixed an issue with configuration of stdlib package log for consumers of the geth library (#​28747)
• geth removedb can now be run non-interactively (#​28725)
• We're building a package for ubuntu 23.10: mantic minotaur now (#​28728)

Testing

• Add currentExcessBlobGas to the state tests for better coverage of state tests (#​28735)
• Fixed an issue in t8n regarding blob gas usage (#​28735)

For a full rundown of the changes please consult the Geth 1.13.9 release milestone.

---

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go.
• Ubuntu packages in our Launchpad PPA repository.
• OSX packages in our Homebrew Tap repository.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: contrib/opbot/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
github.com/holiman/billy	v0.0.0-20230718173358-1c7e68d277a7 -> v0.0.0-20240216141850-2abb0c79d3c4

[coderabbitai]

Warning

Rate limit exceeded

@github-actions[bot] has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 29 minutes and 54 seconds before requesting another review.

How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

Commits

Files that changed from the base of the PR and between c2ccca4 and 763f625.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 25.69169%. Comparing base (c2ccca4) to head (763f625).
Report is 50 commits behind head on master.

Additional details and impacted files

@@              Coverage Diff              @@
##              master       #2773   +/-   ##
=============================================
  Coverage   25.69169%   25.69169%           
=============================================
  Files            770         770           
  Lines          55516       55516           
  Branches          80          80           
=============================================
  Hits           14263       14263           
  Misses         39775       39775           
  Partials        1478        1478           

Flag	Coverage Δ
opbot	0.18293% <ø> (ø)
packages	90.47619% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[cloudflare-workers-and-pages]

Deploying sanguine-fe with    Cloudflare Pages

Latest commit:	763f625
Status:	✅  Deploy successful!
Preview URL:	https://200aa5cc.sanguine-fe.pages.dev
Branch Preview URL:	https://renovate-opbot-go-github.aaakk.us.kg.sanguine-fe.pages.dev

View logs

[github-actions]

This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 5 days.