-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build(deps): Bump github.com/cometbft/cometbft from 0.37.5 to 0.38.11 in /tests #541
Conversation
Bumps [github.com/cometbft/cometbft](https://github.com/cometbft/cometbft) from 0.37.5 to 0.38.11. - [Release notes](https://github.com/cometbft/cometbft/releases) - [Changelog](https://github.com/cometbft/cometbft/blob/v0.38.11/CHANGELOG.md) - [Commits](cometbft/cometbft@v0.37.5...v0.38.11) --- updated-dependencies: - dependency-name: github.com/cometbft/cometbft dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
The following labels could not be found: |
WalkthroughThe recent updates to the Changes
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files ignored due to path filters (1)
tests/go.sum
is excluded by!**/*.sum
Files selected for processing (1)
- tests/go.mod (7 hunks)
Additional comments not posted (6)
tests/go.mod (6)
101-101
: Dependency Update:github.com/hashicorp/golang-lru/v2
The update to
v2.0.7
indicates potential breaking changes due to the major version bump. Ensure compatibility with this version across the codebase.
10-10
: Dependency Update:github.com/cometbft/cometbft
The update from
v0.37.5
tov0.38.11
includes critical bug fixes and performance improvements. Ensure that the codebase is compatible with this version and address any deprecated features or breaking changes.
73-73
: Dependency Update:github.com/go-logfmt/logfmt
The update from
v0.5.1
tov0.6.0
may include improvements in logging functionality. Verify that logging behavior remains consistent and that no breaking changes affect the codebase.Verification successful
No Direct Usage of
github.com/go-logfmt/logfmt
FoundThe
logfmt
package is not directly used in the Go codebase, suggesting it is an indirect dependency. No immediate issues are expected from the update tov0.6.0
, but manual verification of any dependent packages is recommended to ensure compatibility.Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify logging functionality with the updated `github.com/go-logfmt/logfmt` dependency. # Test: Search for usage of `logfmt` to ensure compatibility. rg --type go 'logfmt' -A 5Length of output: 26
Script:
#!/bin/bash # Description: Search for import statements and usage of `logfmt` in the Go codebase. # Find files that import `logfmt`. rg 'import.*logfmt' --type go -A 5 # Search for any usage of the `logfmt` package. rg 'logfmt\.' --type go -A 5Length of output: 67
136-136
: Dependency Update:github.com/rs/cors
The update from
v1.8.2
tov1.8.3
is a minor version change likely including bug fixes. Ensure compatibility with this version across the codebase.Verification successful
No Direct Usage of
github.com/rs/cors
FoundThe package
github.com/rs/cors
is not directly imported or used in the codebase. Its presence as an indirect dependency suggests it is required by another package. The update to versionv1.8.3
should not impact the codebase directly. If further verification is needed, consider checking dependencies that might indirectly use this package.Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify compatibility with the updated `github.com/rs/cors` dependency. # Test: Search for usage of `cors` to ensure compatibility. rg --type go 'cors' -A 5Length of output: 1916
Script:
#!/bin/bash # Description: Search for import statements of `github.com/rs/cors` to verify its usage. # Test: Find all Go files that import `github.com/rs/cors`. rg --type go 'import "github.com/rs/cors"' -A 5Length of output: 49
124-124
: New Dependency:github.com/oasisprotocol/curve25519-voi
This new dependency has been added. Verify its necessity and ensure it is correctly integrated into the codebase.
132-132
: Dependency Update:github.com/prometheus/procfs
The update from
v0.9.0
tov0.12.0
may include bug fixes and performance improvements. Ensure compatibility with this version across the codebase.Verification successful
No Direct Usage of
github.com/prometheus/procfs
FoundThe
procfs
package is not directly imported or used in the codebase. It appears to be an indirect dependency. Manual verification is recommended if there are concerns about its indirect usage and compatibility.Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify compatibility with the updated `github.com/prometheus/procfs` dependency. # Test: Search for usage of `procfs` to ensure compatibility. rg --type go 'procfs' -A 5Length of output: 26
Script:
#!/bin/bash # Description: Search for specific imports of `github.com/prometheus/procfs` in the Go codebase to verify compatibility. # Test: Search for import statements of `github.com/prometheus/procfs`. rg --type go 'import "github.com/prometheus/procfs"' -A 5Length of output: 59
Superseded by #564. |
Bumps github.com/cometbft/cometbft from 0.37.5 to 0.38.11.
Release notes
Sourced from github.com/cometbft/cometbft's releases.
... (truncated)
Changelog
Sourced from github.com/cometbft/cometbft's changelog.
... (truncated)
Commits
e1b4453
v0.38.11 (#3684)66a0447
build(deps): Bump docker/build-push-action from 6.5.0 to 6.6.1 (#3676)cd3519d
build(deps): Bump bufbuild/buf-setup-action from 1.35.1 to 1.36.0 (#3675)c17d1f6
fix(types): Only require extension signature if extensions are enabled (#3565)f85d897
feat(mempool): add error ErrRecheckFull (backport #3654) (#3656)9de925c
fix(e2e): replace docker-compose w/ docker compose (backport #3614) (#3616)e9bd8a9
build(deps): Bump docker/setup-buildx-action from 3.5.0 to 3.6.1 (#3610)61ca12e
build(deps): Bump docker/setup-buildx-action from 3.4.0 to 3.5.0 (#3584)cba216a
build(deps): Bump docker/login-action from 3.2.0 to 3.3.0 (#3585)aaf83e9
build(deps): Bump docker/build-push-action from 6.4.1 to 6.5.0 (#3586)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Summary by CodeRabbit