Skip to content

Bump tendermint from 0.30.0 to 0.32.0 #589

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump tendermint from 0.30.0 to 0.32.0 #589

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github May 8, 2023

Bumps tendermint from 0.30.0 to 0.32.0.

Release notes

Sourced from tendermint's releases.

v0.32.0

📖 Release notes

What's Changed

New Contributors

Full Changelog: cometbft/tendermint-rs@v0.31.1...v0.32.0

v0.31.1

📖 Release notes

What's Changed

Full Changelog: cometbft/tendermint-rs@v0.31.0...v0.31.1

v0.31.0

📖 Release notes

What's Changed

Full Changelog: cometbft/tendermint-rs@v0.30.0...v0.31.0

Changelog

Sourced from tendermint's changelog.

v0.32.0

May 3rd, 2023

This release notably comes with a fully featured light client attack detector, and introduces a CLI for the light client for verifying headers, detecting attacks against the light client, and reporting the evidence to primary and witness nodes.

It also adds a Verifier::verify_misbehaviour_header method for verifying headers coming from a misbehaviour evidence.

Moreover, the Client trait is now exposed by the tendermint-rpc without requiring the http-client or the websocket-client feature flags to be enabled.

BREAKING CHANGES

  • [tendermint-light-client-verifier] Rename Verifier::verify to Verifier::verify_update_header to better describe its purpose versus Verifier::verify_misbehaviour_header (#1294)

FEATURES

  • [tendermint-light-client-detector] Implement a light client attack detector, based on its Go version found in Comet (#1291)
  • [tendermint-light-client-verifier] Add Verifier::verify_misbehaviour_header for verifying headers coming from a misbehaviour evidence. The verification for these headers is a bit more relaxed in order to catch FLA attacks. In particular the "header in the future" check for the header should be skipped. (#1294)

IMPROVEMENTS

  • [tendermint-rpc]: Export Client trait unconditionally, without having to specify either the http-client or websocket-client (#1235)
  • [tendermint]: Loosen bounds of merkle hashing functions to accept borrowed data. (#1310)

v0.31.1

April 17th, 2023

Expose the TypedEvent marker trait.

... (truncated)

Commits
  • 91ff1e4 Prepare release for v0.32.0 (#1314)
  • 6a4cd24 Loosen bounds on merkle hash arguments (#1311)
  • 2238d4b light-client: Add CLI for verifying headers, detecting and reporting light cl...
  • de10198 light-client: Attack detector and evidence reporting (#1292)
  • c137a3d rpc: Export Client trait unconditionally (#1305)
  • e298247 Remove nightly-only options in rustfmt config (#1303)
  • 9f0ee2b Disable Substrate no-std check as it won't build on latest nightlies (#1302)
  • 9e48f17 Add Verifier::verify_misbehaviour_header for verifying headers coming from ...
  • adf235f Prepare release v0.31.1 (#1298)
  • ffbf990 Expose the TypedEvent conversion trait (#1296)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump tendermint from 0.30.0 to 0.32.0
579d4ad 
Bumps [tendermint](https://github.com/informalsystems/tendermint-rs) from 0.30.0 to 0.32.0.
- [Release notes](https://github.com/informalsystems/tendermint-rs/releases)
- [Changelog](https://github.com/informalsystems/tendermint-rs/blob/main/CHANGELOG.md)
- [Commits](cometbft/tendermint-rs@v0.30.0...v0.32.0)

---
updated-dependencies:
- dependency-name: tendermint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner May 8, 2023 21:59
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label May 8, 2023
@dependabot dependabot bot mentioned this pull request May 8, 2023
Closed
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jul 17, 2023

Superseded by #598.

@dependabot dependabot bot closed this Jul 17, 2023
@dependabot dependabot bot deleted the dependabot/cargo/tendermint-0.32.0 branch July 17, 2023 21:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants