Skip to content
This repository has been archived by the owner on Apr 4, 2024. It is now read-only.

build(deps): bump github.com/ethereum/go-ethereum from 1.10.3 to 1.10.8 #486

Closed
wants to merge 1 commit into from
Closed

build(deps): bump github.com/ethereum/go-ethereum from 1.10.3 to 1.10.8 #486

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 24, 2021
edited
Loading

Bumps github.com/ethereum/go-ethereum from 1.10.3 to 1.10.8.

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Hades Gamma (v1.10.8)

Geth v1.10.8 is a pre-announced hotfix release to patch a vulnerability in the EVM (CVE-2021-39137).

The exact attack vector will be provided at a later date to give node operators and dependent downstream projects time to update their nodes and software. All Geth versions supporting the London hard fork are vulnerable (the bug is older than London), so all users should update.

Credits for the discovery go to @​guidovranken (working for Sentnl during an audit of the Telos EVM) and reported via bounty@ethereum.org.

Beside the fix, we're merged in a few tiny polishes and fixes. For a rundown, please consult the Geth 1.10.8 release milestone.

As with all our previous releases, you can find the:

Styx Theta (v1.10.7)

Geth v1.10.7 is a maintenance release, mostly focusing on a few post-London polishes.

A few important notes to keep in mind:

  • The return type for oldestBlock in eth_feeHistory was changed from decimal to hex. This is to conform to the updated spec that was released after Geth's London hard-fork release was already made. The input blockCount parameter was also updated, but there Geth will accept both hex and decimal to keep backward compatibility.
  • The -miner.gastarget CLI flag was deprecated and is a noop. This flag is already a noop for networks running the London hard-fork, since it London miners only take into account the -miner.gaslimit flag. For non-London private networks and Geth forks, this might result in a gas bump depending on how the miners are configured.
  • Docker builds were changed from DockerHub Automated Builds to offsite builds and manual pushes to DockerHub. At the same time, we've added support for multi-arch images, the original tags being the metadata image, linking a -amd64 and a -arm64 tags together. No changes are needed for docker users, but keep us posted if something strange happens. On the upside, Geth now has official arm64 docker images too.

Changes made:

  • Change the oldestBlock return type in eth_feeHistory to hex, accept both decimal and hex as the block count (#23239, #23363).
  • Cap max usable gas in eth_estimateGas better for 1559 transactions (#23309).
  • When deploying multiple contracts via abigen, only parse the ABI once (#22583).
  • Return maxFeePerGas for the gasPrice of pending transactions (#23345).
  • Check cached blocks too when attempting to retrieve a header (#23299).
  • Reject transactions imitated from non EOA accounts (#23303).
  • Reduce allocations a bit while CPU mining ethash (#23199).
  • Deprecate the -miner.gastarget CLI flag (#23213).
  • Switch over to manual docker pushes (#23373).

Bugs fixed:

  • Fix a nil pointer panic for certain abigen generated code due to missing context initialization (#23188).
  • Fix nil pointer panic in certain automatic access list generation RPC API calls (#23225).
  • Fix a regression that prevented clef from signing a legacy transaction (#23274).
  • Fix a permission error during snapshot based pruning on Windows (#23370).
  • Fix the marshaling of errors from the tracers (#23292).

For a full rundown of the changes please consult the Geth 1.10.7 release milestone.

... (truncated)

Commits
  • 2667545 params: release Geth v1.10.8
  • 1d99573 core/vm: faster code analysis (#23381)
  • f38abc5 eth/gasprice: feeHistory improvements (#23422)
  • dfeb2f7 go.mod: upgrade golang.org/x/sys for go1.17 support (#23406)
  • bb1f7eb signer/core/apitypes: remove dependency on internal/ethapi (#23362)
  • d02c605 core: only check sendernoeoa in non fake mode (#23424)
  • c368f72 Revert "eth: drop eth/65, the last non-reqid protocol version" (#23426)
  • 5566e5d eth/downloader: fix typo in comment (#23413)
  • 57feabe eth, internal/ethapi: make RPC block miner field show block sealer correctly ...
  • 16ecdd5 cmd/utils: add --nousb to the list of deprecated flags (#23388)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 24, 2021
@dependabot dependabot bot mentioned this pull request Aug 24, 2021
Closed
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/ethereum/go-ethereum-1.10.8 branch 8 times, most recently from b976ec0 to 5e3895a Compare August 30, 2021 13:51
@orijbot
Copy link

orijbot commented Aug 30, 2021

Visit https://dashboard.github.orijtech.com?back=0&pr=486&remote=false&repo=tharsis%2Fethermint to see benchmark details.

@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/ethereum/go-ethereum-1.10.8 branch 8 times, most recently from 7519918 to 1c69c12 Compare September 7, 2021 17:40
This was referenced Sep 8, 2021
Closed
Closed
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/ethereum/go-ethereum-1.10.8 branch from 1c69c12 to d456635 Compare September 9, 2021 10:57
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 9, 2021

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/ethereum/go-ethereum-1.10.8 branch from d456635 to e53411d Compare September 9, 2021 16:52
@yihuang
Copy link
Contributor

yihuang commented Sep 10, 2021

Fixed the build issues here: #546

@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/ethereum/go-ethereum-1.10.8 branch 2 times, most recently from a9d4036 to cb9f4ca Compare September 13, 2021 12:54
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/ethereum/go-ethereum-1.10.8 branch 3 times, most recently from b50f545 to b2b0996 Compare September 15, 2021 08:57
@dependabot
build(deps): bump github.com/ethereum/go-ethereum from 1.10.3 to 1.10.8
0fa6305 
Bumps [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum) from 1.10.3 to 1.10.8.
- [Release notes](https://github.com/ethereum/go-ethereum/releases)
- [Commits](ethereum/go-ethereum@v1.10.3...v1.10.8)

---
updated-dependencies:
- dependency-name: github.com/ethereum/go-ethereum
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/ethereum/go-ethereum-1.10.8 branch from b2b0996 to 0fa6305 Compare September 15, 2021 09:56
@fedekunze
Copy link
Contributor

fedekunze commented Sep 15, 2021
edited
Loading

closing this in favor of #231

@fedekunze fedekunze closed this Sep 15, 2021
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 15, 2021

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/go_modules/github.com/ethereum/go-ethereum-1.10.8 branch September 15, 2021 12:17
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@fedekunze fedekunze Awaiting requested review from fedekunze

@khoslaventures khoslaventures Awaiting requested review from khoslaventures

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@orijbot @yihuang @fedekunze