Skip to content
This repository has been archived by the owner on Nov 30, 2021. It is now read-only.

build(deps): bump github.com/cosmos/cosmos-sdk from 0.39.3 to 0.44.2 #950

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 13, 2021

Bumps github.com/cosmos/cosmos-sdk from 0.39.3 to 0.44.2.

Release notes

Sourced from github.com/cosmos/cosmos-sdk's releases.

Cosmos SDK v0.44.2 Release Notes

Recently, the Cosmos-SDK team became aware of a high-severity security vulnerability that impacts Cosmos-SDK v0.43.x and v0.44.x and can result in a consensus halt. User funds are NOT at risk; however, the vulnerability can result in a chain halt. This vulnerability does not impact the current Cosmos Hub, though other Cosmos-SDK based blockchains using v0.43.x or v0.44.x may be affected and are advised to update to v0.44.2 immediately.

Nodes can update their software independently of each other (no coordinated chain restart necessary), but should do so as soon as they are able.

A full disclosure will be published a week after the release.

Cosmos SDK v0.44.1 Release Notes

This release introduces bug fixes and improvements on the Cosmos SDK v0.44 series.

The main bug fix concerns all users performing in-place store migrations from v0.42 to v0.44. A source of non-determinism in the upgrade process has been detected and fixed in this release, causing consensus errors. As such, v0.44.0 is not safe to use when performing v0.42->v0.44 in-place store upgrades, please use this release v0.44.1 instead. This does not impact genesis JSON dump upgrades nor fresh chains starting with v0.44.

Another bug fix concerns calling the ABCI Query method using client.Context. We modified ABCI queries to use abci.QueryRequest's Height field if it is non-zero, otherwise continue using client.Context's height. This is a minor client-breaking change for users of the client.Context.

Some CLI fixes are also included, such as:

  • using pre-configured data for the CLI add-genesis-account command (#9969),
  • ensuring the init command reads the --home flag value correctly (#10104),
  • fixing the error message when period or period-limit flag is not set on a feegrant grant transaction #10049.

v0.44.1 also includes performance improvements, namely:

  • IAVL update to v0.17.1 which includes performance improvements on a batch load #10040,
  • Speedup coins.AmountOf(), by removing many intermittent regex calls #10021,
  • Improve CacheKVStore datastructures / algorithms, to no longer take O(N^2) time when interleaving iterators and insertions #10026.

See the Cosmos SDK v0.44.1 milestone on our issue tracker for the exhaustive list of all changes.

Cosmos SDK v0.44.0 Release Notes

v0.44 is a security release which contains a consensus breaking change. It doesn't bring any new feature and it's a logical continuation of v0.43.

Consequences:

  • v0.43 is discontinued;
  • all chains should upgrade to v0.44. Update from v0.43 doesn't require any migration. Chains can upgrade directly from v0.42, in that case v0.43 migrations must be executed when upgrading to v0.44;
  • all previously planned features for v0.44 are going to land in v0.45, with the same release schedule.

Please see Cosmos SDK v0.43.0 Release Notes.

Updates

For a comprehensive list of all breaking changes and improvements since the v0.42 "Stargate" release series, please see the CHANGELOG.

Client Breaking Changes

  • Removed broadcast & encode legacy REST endpoints. Both requests should use the new gRPC-Gateway REST endpoints. Please see the REST Endpoints Migration guide to migrate to the new REST endpoints.

Cosmos SDK v0.43.0 Release Notes

... (truncated)

Changelog

Sourced from github.com/cosmos/cosmos-sdk's changelog.

v0.44.2 - 2021-10-12

Security Release. No breaking changes related to 0.44.x.

v0.44.1 - 2021-09-29

Improvements

  • (store) #10040 Bump IAVL to v0.17.1 which includes performance improvements on a batch load.
  • (types) #10021 Speedup coins.AmountOf(), by removing many intermittent regex calls.
  • #10077 Remove telemetry on GasKV and CacheKV store Get/Set operations, significantly improving their performance.
  • (store) #10026 Improve CacheKVStore datastructures / algorithms, to no longer take O(N^2) time when interleaving iterators and insertions.

Bug Fixes

  • #9969 fix: use keyring in config for add-genesis-account cmd.
  • (x/genutil) #10104 Ensure the init command reads the --home flag value correctly.
  • (x/feegrant) #10049 Fixed the error message when period or period-limit flag is not set on a feegrant grant transaction.

Client Breaking Changes

  • #9879 Modify ABCI Queries to use abci.QueryRequest Height field if it is non-zero, otherwise continue using context height.

v0.44.0 - 2021-09-01

Features

  • #9860 Emit transaction fee in ante handler fee decorator. The event type is tx and the attribute is fee.

Improvements

Deprecated

  • (x/upgrade) #9906 Deprecate UpgradeConsensusState gRPC query since this functionality is only used for IBC, which now has its own IBC replacement

Bug Fixes

  • #9965 Fixed simd version command output to report the right release tag.
  • (x/upgrade) #10189 Removed potential sources of non-determinism in upgrades.

Client Breaking Changes

v0.43.0 - 2021-08-10

Features

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/cosmos/cosmos-sdk](https://github.com/cosmos/cosmos-sdk) from 0.39.3 to 0.44.2.
- [Release notes](https://github.com/cosmos/cosmos-sdk/releases)
- [Changelog](https://github.com/cosmos/cosmos-sdk/blob/v0.44.2/CHANGELOG.md)
- [Commits](cosmos/cosmos-sdk@v0.39.3...v0.44.2)

---
updated-dependencies:
- dependency-name: github.com/cosmos/cosmos-sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Oct 13, 2021
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 22, 2021

Superseded by #953.

@dependabot dependabot bot closed this Oct 22, 2021
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/cosmos/cosmos-sdk-0.44.2 branch October 22, 2021 10:23
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants