build(deps): Bump github.com/informalsystems/tm-load-test from 1.0.0 to 1.1.0 #6

dependabot · 2022-12-22T21:26:15Z

Bumps github.com/informalsystems/tm-load-test from 1.0.0 to 1.1.0.

Release notes

Sourced from github.com/informalsystems/tm-load-test's releases.

v1.1.0

See the CHANGELOG for details regarding this release.

Changelog

e3e969e Add changelog for v1.1.0

e4d0b69 ci: Add govulncheck (#164)

6e5d5ac Update dependencies (#163)

25ac0df Bump goreleaser/goreleaser-action from 3 to 4 (#162)

98f4369 Bump actions/checkout from 3.1.0 to 3.2.0 (#161)

f69d049 Bump golangci/golangci-lint-action from 3.2.0 to 3.3.1 (#160)

9ccd414 Bump github.com/prometheus/client_golang from 1.13.0 to 1.14.0 (#159)

c9e9af6 Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#157)

a517a0a Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (#154)

8b6f731 Bump actions/checkout from 3.0.2 to 3.1.0 (#153)

91b2a64 Bump codecov/codecov-action from 3.1.0 to 3.1.1 (#152)

e19ec2b Fix links to GitHub to the specific version of Tendermint (#151)

9634538 Bump actions/setup-go from 2 to 3.2.0 (#140)

dfb3fff Bump goreleaser/goreleaser-action from 2 to 3 (#139)

da601fc Bump codecov/codecov-action from 2.1.0 to 3.1.0 (#135)

800d27b ci: Update for main and Go 8000 1.18 (#150)

0b5598b Update linting (#149)

e26e39e Merge pull request #134 from informalsystems/dependabot/github_actions/actions/checkout-3.0.2

841107e Merge pull request #143 from informalsystems/dependabot/go_modules/github.com/spf13/cobra-1.5.0

bebf746 Bump github.com/spf13/cobra from 1.4.0 to 1.5.0

3288a99 Bump actions/checkout from 2.4.0 to 3.0.2

ee9bf6e Merge pull request #136 from informalsystems/dependabot/github_actions/golangci/golangci-lint-action-3.2.0

e743f2f Merge pull request #126 from informalsystems/dependabot/go_modules/github.com/spf13/cobra-1.4.0

fc85d77 Merge pull request #121 from informalsystems/dependabot/go_modules/github.com/gorilla/websocket-1.5.0

d926e4a Bump golangci/golangci-lint-action from 2 to 3.2.0

aa39244 Bump github.com/spf13/cobra from 1.3.0 to 1.4.0

0f351d5 Bump github.com/gorilla/websocket from 1.4.2 to 1.5.0

cf4664a Merge pull request #118 from informalsystems/dependabot/go_modules/github.com/prometheus/client_golang-1.12.0

45bf4e9 Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.0

985c187 Merge pull request #117 from informalsystems/dependabot/go_modules/github.com/spf13/cobra-1.3.0

a8afe84 Merge pull request #115 from informalsystems/dependabot/github_actions/actions/checkout-2.4.0

c926219 Bump github.com/spf13/cobra from 1.2.1 to 1.3.0

7ce29d1 Bump actions/checkout from 2.3.5 to 2.4.0

5dfc291 Prefix "v" on release version in future

Changelog

Sourced from github.com/informalsystems/tm-load-test's changelog.

v1.1.0

This minor release just bumps some dependencies.

#163 - Bump supported version of Tendermint Core to v0.34.24.

Commits

e3e969e Add changelog for v1.1.0
e4d0b69 ci: Add govulncheck (#164)
6e5d5ac Update dependencies (#163)
25ac0df Bump goreleaser/goreleaser-action from 3 to 4 (#162)
98f4369 Bump actions/checkout from 3.1.0 to 3.2.0 (#161)
f69d049 Bump golangci/golangci-lint-action from 3.2.0 to 3.3.1 (#160)
9ccd414 Bump github.com/prometheus/client_golang from 1.13.0 to 1.14.0 (#159)
c9e9af6 Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#157)
a517a0a Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (#154)
8b6f731 Bump actions/checkout from 3.0.2 to 3.1.0 (#153)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot · 2022-12-22T21:26:16Z

The following labels could not be found: T:dependencies, S:automerge.

thanethomson · 2022-12-23T19:09:37Z

@dependabot recreate

Bumps [github.com/informalsystems/tm-load-test](https://github.com/informalsystems/tm-load-test) from 1.0.0 to 1.1.0. - [Release notes](https://github.com/informalsystems/tm-load-test/releases) - [Changelog](https://github.com/informalsystems/tm-load-test/blob/main/CHANGELOG.md) - [Commits](informalsystems/tm-load-test@v1.0.0...v1.1.0) --- updated-dependencies: - dependency-name: github.com/informalsystems/tm-load-test dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

* ci: Enable Docker image builds on GHCR for v0.34.x Signed-off-by: Thane Thomson <connect@thanethomson.com> * Fix step description Signed-off-by: Thane Thomson <connect@thanethomson.com> * Insert registry host into image name to fix broken push Signed-off-by: Thane Thomson <connect@thanethomson.com> * Remove Docker image build on PR Signed-off-by: Thane Thomson <connect@thanethomson.com> --------- Signed-off-by: Thane Thomson <connect@thanethomson.com>

* Problem: async fireEvents could overlap follow up on cometbft#5 Solution: - create a task runner to run async tasks * don't wait for quit * cleanup

due to sec vuln Vulnerability #1: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: net/http@go1.23.1 Fixed in: net/http@go1.23.5 Example traces found: Error: #1: rpc/jsonrpc/client/http_json_client.go:231:34: client.Client.Call calls http.Client.Do Error: #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls cobra.Command.Execute, which eventually calls http.Client.Get Error: #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile calls http.Get Vulnerability #2: GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: crypto/x509@go1.23.1 Fixed in: crypto/x509@go1.23.5 Example traces found: Error: #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20: model.DB.Close calls badger.DB.Close, which eventually calls x509.CertPool.AppendCertsFromPEM Error: #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify Error: #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial calls websocket.Dialer.Dial, which eventually calls x509.Certificate.VerifyHostname Error: #4: light/errors.go:483:84: light.errBadWitness.Error calls x509.HostnameError.Error Error: #5: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseCertificate Error: #6: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseECPrivateKey Error: #7: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS1PrivateKey Error: #8: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS8PrivateKey

due to sec vuln Vulnerability #1: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: net/http@go1.23.1 Fixed in: net/http@go1.23.5 Example traces found: Error: #1: rpc/jsonrpc/client/http_json_client.go:231:34: client.Client.Call calls http.Client.Do Error: #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls cobra.Command.Execute, which eventually calls http.Client.Get Error: #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile calls http.Get Vulnerability #2: GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: crypto/x509@go1.23.1 Fixed in: crypto/x509@go1.23.5 Example traces found: Error: #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20: model.DB.Close calls badger.DB.Close, which eventually calls x509.CertPool.AppendCertsFromPEM Error: #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify Error: #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial calls websocket.Dialer.Dial, which eventually calls x509.Certificate.VerifyHostname Error: #4: light/errors.go:483:84: light.errBadWitness.Error calls x509.HostnameError.Error Error: #5: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseCertificate Error: #6: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseECPrivateKey Error: #7: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS1PrivateKey Error: #8: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS8PrivateKey (cherry picked from commit e4cbca8) # Conflicts: # .golangci.yml

due to sec vuln Vulnerability #1: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: net/http@go1.23.1 Fixed in: net/http@go1.23.5 Example traces found: Error: #1: rpc/jsonrpc/client/http_json_client.go:231:34: client.Client.Call calls http.Client.Do Error: #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls cobra.Command.Execute, which eventually calls http.Client.Get Error: #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile calls http.Get Vulnerability #2: GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: crypto/x509@go1.23.1 Fixed in: crypto/x509@go1.23.5 Example traces found: Error: #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20: model.DB.Close calls badger.DB.Close, which eventually calls x509.CertPool.AppendCertsFromPEM Error: #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify Error: #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial calls websocket.Dialer.Dial, which eventually calls x509.Certificate.VerifyHostname Error: #4: light/errors.go:483:84: light.errBadWitness.Error calls x509.HostnameError.Error Error: #5: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseCertificate Error: #6: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseECPrivateKey Error: #7: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS1PrivateKey Error: #8: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS8PrivateKey <hr>This is an automatic backport of pull request #4888 done by [Mergify](https://mergify.com). --------- Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

dependabot bot requested a review from ebuchman as a code owner December 22, 2022 21:26

thanethomson added dependencies Dependency updates automerge labels Dec 23, 2022

thanethomson approved these changes Dec 23, 2022

View reviewed changes

mergify bot requested a review from a team as a code owner December 23, 2022 16:27

dependabot bot force-pushed the dependabot/go_modules/main/github.com/informalsystems/tm-load-test-1.1.0 branch from 448109b to 2d9e1fd Compare December 23, 2022 19:11

dependabot bot force-pushed the dependabot/go_modules/main/github.com/informalsystems/tm-load-test-1.1.0 branch from 2d9e1fd to e5bf81b Compare December 23, 2022 19:18

mergify bot merged commit ff4ad2e into main Dec 23, 2022

dependabot bot deleted the dependabot/go_modules/main/github.com/informalsystems/tm-load-test-1.1.0 branch December 23, 2022 19:27

melekes mentioned this pull request Jan 28, 2025

chore(deps): bump Go version to 1.23.5 #4888

Merged

mergify bot mentioned this pull request Jan 30, 2025

chore(deps): bump Go version to 1.23.5 (backport #4888) #4890

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): Bump github.com/informalsystems/tm-load-test from 1.0.0 to 1.1.0 #6

build(deps): Bump github.com/informalsystems/tm-load-test from 1.0.0 to 1.1.0 #6

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

build(deps): Bump github.com/informalsystems/tm-load-test from 1.0.0 to 1.1.0 #6

build(deps): Bump github.com/informalsystems/tm-load-test from 1.0.0 to 1.1.0 #6

Uh oh!

Conversation

Uh oh!

v1.1.0

Changelog

v1.1.0

Uh oh!

Uh oh!

Uh oh!

Uh oh!