10000 build(deps): Bump github.com/bufbuild/buf from 1.10.0 to 1.11.0 by dependabot[bot] · Pull Request #4 · cometbft/cometbft · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

build(deps): Bump github.com/bufbuild/buf from 1.10.0 to 1.11.0 #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Dec 23, 2022
Merged

build(deps): Bump github.com/bufbuild/buf from 1.10.0 to 1.11.0 #4

merged 2 commits into from
Dec 23, 2022

Conversation

dependabot[bot]
Copy link
Contributor
@dependabot dependabot bot commented on behalf of github Dec 22, 2022

Bumps github.com/bufbuild/buf from 1.10.0 to 1.11.0.

Release notes

Sourced from github.com/bufbuild/buf's releases.

v1.11.0

What's Changed

  • buf generate now batches remote plugin generation calls for improved performance.
  • Update optimize_for option in managed mode, allowing a default value for optimize_for for all files, except and override, which both behave similarly to other except and override options. Specifying an optimize_for value in the earlier versions is equivalent to having a optimize_for with that value as default.

Full Changelog: bufbuild/buf@v1.10.0...v1.11.0

Changelog

Sourced from github.com/bufbuild/buf's changelog.

[v1.11.0] - 2022-12-19

  • buf generate now batches remote plugin generation calls for improved performance.
  • Update optimize_for option in managed mode, allowing a default value for optimize_for for all files, except and override, which both behave similarly to other except and override options. Specifying an optimize_for value in the earlier versions is equivalent to having a optimize_for with that value as default.
Commits
  • b6d1820 Release v1.11.0 (#1686)
  • c28dda4 Bump bufbuild/buf-push-action from 1.0.1 to 1.1.1 (#1682)
  • 108da9b Bump peter-evans/create-pull-request from 4.2.2 to 4.2.3 (#1643)
  • 04e5243 Bump go.uber.org/multierr from 1.8.0 to 1.9.0 (#1684)
  • bc1fb94 image filtering: don't include entire enclosing message/service (#1659)
  • 2991585 Add UpstreamClient UserAgent to dockerclient (#1678)
  • e85a0a6 add user type filter for ListUsers and include user type in User (#1660)
  • 8985c1b optimize checking for current digest (#1665)
  • fae35f6 fix regression in plugin generation (#1675)
  • 5d29981 update connect-go and latest go deps (#1674)
  • Additional commits viewable 8000 in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): Bump github.com/bufbuild/buf from 1.10.0 to 1.11.0
399911a 
Bumps [github.com/bufbuild/buf](https://github.com/bufbuild/buf) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/bufbuild/buf/releases)
- [Changelog](https://github.com/bufbuild/buf/blob/main/CHANGELOG.md)
- [Commits](bufbuild/buf@v1.10.0...v1.11.0)

---
updated-dependencies:
- dependency-name: github.com/bufbuild/buf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from ebuchman as a code owner December 22, 2022 21:25
@dependabot @github
Copy link
Contributor Author
dependabot bot commented on behalf of github Dec 22, 2022

The following labels could not be found: T:dependencies, S:automerge.

@mergify mergify bot requested a review from a team as a code owner December 23, 2022 16:24
@thanethomson thanethomson added the dependencies Dependency updates label Dec 23, 2022
@thanethomson thanethomson merged commit 66252f8 into main Dec 23, 2022
@dependabot dependabot bot deleted the dependabot/go_modules/main/github.com/bufbuild/buf-1.11.0 branch December 23, 2022 19:05
@sergio-mena sergio-mena mentioned this pull request Apr 7, 2023
Merged
3 tasks
faddat pushed a commit to faddat/cometbft that referenced this pull request Feb 25, 2024
@czarcas7ic
Merge pull request cometbft#4 from osmosis-labs/adam/avoid-val-block-…
6e2a1c3 
…twice

perf(internal/blocksync): do not `ValidateBlock` twice (cometbft#2026)
faddat pushed a commit to faddat/cometbft that referenced this pull request Feb 25, 2024
@czarcas7ic
Merge pull request cometbft#4 from osmosis-labs/adam/avoid-val-block-…
490dd75 
…twice

perf(internal/blocksync): do not `ValidateBlock` twice (cometbft#2026)
@sergio-mena sergio-mena mentioned this pull request Jun 10, 2024
Merged
2 tasks
yihuang added a commit to yihuang/cometbft that referenced this pull request Nov 1, 2024
@yihuang
Problem: fireEvents can runs asyncously (cometbft#4)
f2b043f 
changelog
melekes added a commit that referenced this pull request Jan 28, 2025
@melekes
chore(deps): bump Go version to 1.23.5
c7a02cf 
due to sec vuln

Vulnerability #1: GO-2025-3420
    Sensitive headers incorrectly sent after cross-domain redirect in net/http
  More info: https://pkg.go.dev/vuln/GO-2025-3420
  Standard library
    Found in: net/http@go1.23.1
    Fixed in: net/http@go1.23.5
    Example traces found:
Error:       #1: rpc/jsonrpc/client/http_json_client.go:231:34: client.Client.Call calls http.Client.Do
Error:       #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls cobra.Command.Execute, which eventually calls http.Client.Get
Error:       #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile calls http.Get

Vulnerability #2: GO-2025-3373
    Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2025-3373
  Standard library
    Found in: crypto/x509@go1.23.1
    Fixed in: crypto/x509@go1.23.5
    Example traces found:
Error:       #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20: model.DB.Close calls badger.DB.Close, which eventually calls x509.CertPool.AppendCertsFromPEM
Error:       #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify
Error:       #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial calls websocket.Dialer.Dial, which eventually calls x509.Certificate.VerifyHostname
Error:       #4: light/errors.go:483:84: light.errBadWitness.Error calls x509.HostnameError.Error
Error:       #5: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseCertificate
Error:       #6: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseECPrivateKey
Error:       #7: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS1PrivateKey
Error:       #8: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS8PrivateKey
@melekes melekes mentioned this pull request Jan 28, 2025
Merged
github-merge-queue bot pushed a commit that referenced this pull request Jan 30, 2025
@melekes
chore(deps): bump Go version to 1.23.5 (#4888)
e4cbca8 
due to sec vuln

Vulnerability #1: GO-2025-3420
Sensitive headers incorrectly sent after cross-domain redirect in
net/http
  More info: https://pkg.go.dev/vuln/GO-2025-3420
  Standard library
    Found in: net/http@go1.23.1
    Fixed in: net/http@go1.23.5
    Example traces found:
Error: #1: rpc/jsonrpc/client/http_json_client.go:231:34:
client.Client.Call calls http.Client.Do
Error: #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls
cobra.Command.Execute, which eventually calls http.Client.Get
Error: #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile
calls http.Get

Vulnerability #2: GO-2025-3373
Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2025-3373
  Standard library
    Found in: crypto/x509@go1.23.1
    Fixed in: crypto/x509@go1.23.5
    Example traces found:
Error: #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20:
model.DB.Close calls badger.DB.Close, which eventually calls
x509.CertPool.AppendCertsFromPEM
Error: #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read
calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify
Error: #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial
calls websocket.Dialer.Dial, which eventually calls
x509.Certificate.VerifyHostname
Error: #4: light/errors.go:483:84: light.errBadWitness.Error calls
x509.HostnameError.Error
Error: #5: rpc/jsonrpc/server/http_server.go:166:19:
server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually
calls x509.ParseCertificate
Error: #6: rpc/jsonrpc/server/http_server.go:166:19:
server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually
calls x509.ParseECPrivateKey
Error: #7: rpc/jsonrpc/server/http_server.go:166:19:
server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually
calls x509.ParsePKCS1PrivateKey
Error: #8: rpc/jsonrpc/server/http_server.go:166:19:
server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually
calls x509.ParsePKCS8PrivateKey
mergify bot pushed a commit that referenced this pull request Jan 30, 2025
@melekes @mergify
chore(deps): bump Go version to 1.23.5 (#4888)
1b89c5b 
due to sec vuln

Vulnerability #1: GO-2025-3420
Sensitive headers incorrectly sent after cross-domain redirect in
net/http
  More info: https://pkg.go.dev/vuln/GO-2025-3420
  Standard library
    Found in: net/http@go1.23.1
    Fixed in: net/http@go1.23.5
    Example traces found:
Error: #1: rpc/jsonrpc/client/http_json_client.go:231:34:
client.Client.Call calls http.Client.Do
Error: #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls
cobra.Command.Execute, which eventually calls http.Client.Get
Error: #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile
calls http.Get

Vulnerability #2: GO-2025-3373
Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2025-3373
  Standard library
    Found in: crypto/x509@go1.23.1
    Fixed in: crypto/x509@go1.23.5
    Example traces found:
Error: #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20:
model.DB.Close calls badger.DB.Close, which eventually calls
x509.CertPool.AppendCertsFromPEM
Error: #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read
calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify
Error: #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial
calls websocket.Dialer.Dial, which eventually calls
x509.Certificate.VerifyHostname
Error: #4: light/errors.go:483:84: light.errBadWitness.Error calls
x509.HostnameError.Error
Error: #5: rpc/jsonrpc/server/http_server.go:166:19:
server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually
calls x509.ParseCertificate
Error: #6: rpc/jsonrpc/server/http_server.go:166:19:
server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually
calls x509.ParseECPrivateKey
Error: #7: rpc/jsonrpc/server/http_server.go:166:19:
server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually
calls x509.ParsePKCS1PrivateKey
Error: #8: rpc/jsonrpc/server/http_server.go:166:19:
server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually
calls x509.ParsePKCS8PrivateKey

(cherry picked from commit e4cbca8)

# Conflicts:
#	.golangci.yml
@mergify mergify bot mentioned this pull request Jan 30, 2025
Merged
mergify bot added a commit that referenced this pull request Jan 30, 2025
@mergify @melekes
chore(deps): bump Go version to 1.23.5 (backport #4888) (#4890)
d4a24c1 
due to sec vuln

Vulnerability #1: GO-2025-3420
Sensitive headers incorrectly sent after cross-domain redirect in
net/http
  More info: https://pkg.go.dev/vuln/GO-2025-3420
  Standard library
    Found in: net/http@go1.23.1
    Fixed in: net/http@go1.23.5
    Example traces found:
Error: #1: rpc/jsonrpc/client/http_json_client.go:231:34:
client.Client.Call calls http.Client.Do
Error: #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls
cobra.Command.Execute, which eventually calls http.Client.Get
Error: #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile
calls http.Get

Vulnerability #2: GO-2025-3373
Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2025-3373
  Standard library
    Found in: crypto/x509@go1.23.1
    Fixed in: crypto/x509@go1.23.5
    Example traces found:
Error: #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20:
model.DB.Close calls badger.DB.Close, which eventually calls
x509.CertPool.AppendCertsFromPEM
Error: #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read
calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify
Error: #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial
calls websocket.Dialer.Dial, which eventually calls
x509.Certificate.VerifyHostname
Error: #4: light/errors.go:483:84: light.errBadWitness.Error calls
x509.HostnameError.Error
Error: #5: rpc/jsonrpc/server/http_server.go:166:19:
server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually
calls x509.ParseCertificate
Error: #6: rpc/jsonrpc/server/http_server.go:166:19:
server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually
calls x509.ParseECPrivateKey
Error: #7: rpc/jsonrpc/server/http_server.go:166:19:
server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually
calls x509.ParsePKCS1PrivateKey
Error: #8: rpc/jsonrpc/server/http_server.go:166:19:
server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually
calls x509.ParsePKCS8PrivateKey
<hr>This is an automatic backport of pull request #4888 done by
[Mergify](https://mergify.com).

---------

Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
jmalicevic pushed a commit to informalsystems/cometbft that referenced this pull request May 14, 2025
@marcello33
Merge pull request cometbft#4 from 0xPolygon/mardizzone/app-fixes
a65a54e 
fixes for heimdall v2 init
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thanethomson thanethomson thanethomson approved these changes

@ebuchman ebuchman Awaiting requested review from ebuchman

Assignees
No one assigned
Labels
automerge dependencies Dependency updates
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@thanethomson
0