Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump github.com/ethereum/go-ethereum from 1.10.3 to 1.10.8 #51

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 7, 2021

Bumps github.com/ethereum/go-ethereum from 1.10.3 to 1.10.8.

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Hades Gamma (v1.10.8)

Geth v1.10.8 is a pre-announced hotfix release to patch a vulnerability in the EVM (CVE-2021-39137).

The exact attack vector will be provided at a later date to give node operators and dependent downstream projects time to update their nodes and software. All Geth versions supporting the London hard fork are vulnerable (the bug is older than London), so all users should update.

Credits for the discovery go to @​guidovranken (working for Sentnl during an audit of the Telos EVM) and reported via [email protected].

Beside the fix, we're merged in a few tiny polishes and fixes. For a rundown, please consult the Geth 1.10.8 release milestone.


As with all our previous releases, you can find the:

Styx Theta (v1.10.7)

Geth v1.10.7 is a maintenance release, mostly focusing on a few post-London polishes.

A few important notes to keep in mind:

  • The return type for oldestBlock in eth_feeHistory was changed from decimal to hex. This is to conform to the updated spec that was released after Geth's London hard-fork release was already made. The input blockCount parameter was also updated, but there Geth will accept both hex and decimal to keep backward compatibility.
  • The -miner.gastarget CLI flag was deprecated and is a noop. This flag is already a noop for networks running the London hard-fork, since it London miners only take into account the -miner.gaslimit flag. For non-London private networks and Geth forks, this might result in a gas bump depending on how the miners are configured.
  • Docker builds were changed from DockerHub Automated Builds to offsite builds and manual pushes to DockerHub. At the same time, we've added support for multi-arch images, the original tags being the metadata image, linking a -amd64 and a -arm64 tags together. No changes are needed for docker users, but keep us posted if something strange happens. On the upside, Geth now has official arm64 docker images too.

Changes made:

  • Change the oldestBlock return type in eth_feeHistory to hex, accept both decimal and hex as the block count (#23239, #23363).
  • Cap max usable gas in eth_estimateGas better for 1559 transactions (#23309).
  • When deploying multiple contracts via abigen, only parse the ABI once (#22583).
  • Return maxFeePerGas for the gasPrice of pending transactions (#23345).
  • Check cached blocks too when attempting to retrieve a header (#23299).
  • Reject transactions imitated from non EOA accounts (#23303).
  • Reduce allocations a bit while CPU mining ethash (#23199).
  • Deprecate the -miner.gastarget CLI flag (#23213).
  • Switch over to manual docker pushes (#23373).

Bugs fixed:

  • Fix a nil pointer panic for certain abigen generated code due to missing context initialization (#23188).
  • Fix nil pointer panic in certain automatic access list generation RPC API calls (#23225).
  • Fix a regression that prevented clef from signing a legacy transaction (#23274).
  • Fix a permission error during snapshot based pruning on Windows (#23370).
  • Fix the marshaling of errors from the tracers (#23292).

For a full rundown of the changes please consult the Geth 1.10.7 release milestone.


... (truncated)

Commits
  • 2667545 params: release Geth v1.10.8
  • 1d99573 core/vm: faster code analysis (#23381)
  • f38abc5 eth/gasprice: feeHistory improvements (#23422)
  • dfeb2f7 go.mod: upgrade golang.org/x/sys for go1.17 support (#23406)
  • bb1f7eb signer/core/apitypes: remove dependency on internal/ethapi (#23362)
  • d02c605 core: only check sendernoeoa in non fake mode (#23424)
  • c368f72 Revert "eth: drop eth/65, the last non-reqid protocol version" (#23426)
  • 5566e5d eth/downloader: fix typo in comment (#23413)
  • 57feabe eth, internal/ethapi: make RPC block miner field show block sealer correctly ...
  • 16ecdd5 cmd/utils: add --nousb to the list of deprecated flags (#23388)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 7, 2021
@thomas-nguy
Copy link
Collaborator

go-ethereum version needs to be aligned with tharsis version?

@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/ethereum/go-ethereum-1.10.8 branch from fc77e96 to b3ee6d2 Compare September 8, 2021 01:27
@dependabot dependabot bot requested a review from a team as a code owner September 8, 2021 01:27
@yihuang
Copy link
Collaborator

yihuang commented Sep 8, 2021

there's one in ethermint side: evmos/ethermint#486

@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/ethereum/go-ethereum-1.10.8 branch 3 times, most recently from a8c1cc8 to d2ae04f Compare September 16, 2021 02:02
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/ethereum/go-ethereum-1.10.8 branch from d2ae04f to 661fd78 Compare September 21, 2021 01:00
Bumps [github.com/ethereum/go-ethereum](https://github.com/ethereum/go-ethereum) from 1.10.3 to 1.10.8.
- [Release notes](https://github.com/ethereum/go-ethereum/releases)
- [Commits](ethereum/go-ethereum@v1.10.3...v1.10.8)

---
updated-dependencies:
- dependency-name: github.com/ethereum/go-ethereum
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/ethereum/go-ethereum-1.10.8 branch from 661fd78 to 1c71a93 Compare October 4, 2021 11:30
@tomtau
Copy link
Contributor

tomtau commented Oct 5, 2021

evmos/ethermint#231

@yihuang
Copy link
Collaborator

yihuang commented Oct 6, 2021

replaced by: #143

@yihuang yihuang closed this Oct 6, 2021
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 6, 2021

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/go_modules/github.com/ethereum/go-ethereum-1.10.8 branch October 6, 2021 03:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants