build(deps): Bump github.com/cometbft/cometbft from 0.37.4 to 0.38.10 in /tools/rosetta

[dependabot]

Bumps github.com/cometbft/cometbft from 0.37.4 to 0.38.10.

Release notes

Sourced from github.com/cometbft/cometbft's releases.

v0.38.10

See the CHANGELOG for this release.

v0.38.9

See the CHANGELOG for this release.

v0.38.8

See the CHANGELOG for this release.

v0.38.7

See the CHANGELOG for this release.

v0.38.6

See the CHANGELOG for this release.

v0.38.5

See the CHANGELOG for this release.

v0.38.4

See the CHANGELOG for this release.

v0.38.3

See the CHANGELOG for this release.

v0.38.2

See the CHANGELOG for this release.

v0.38.1

See the CHANGELOG for this release.

v0.38.0

See the CHANGELOG for this release.

v0.38.0-rc3

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-rc2

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-rc1

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-alpha.2

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-alpha.1

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.37.9

See the CHANGELOG for this release.

... (truncated)

Changelog

Sourced from github.com/cometbft/cometbft's changelog.

v0.38.10

July 16, 2024

This release fixes a bug in v0.38.x that prevented ABCI responses from being correctly read when upgrading from v0.37.x or below. It also includes a few other bug fixes and performance improvements.

BUG FIXES

• [p2p] Node respects configured max_num_outbound_peers limit when dialing peers provided by a seed node (#486)
• [rpc] Fix an issue where a legacy ABCI response, created on v0.37 or before, is not returned properly in v0.38 and up on the /block_results RPC endpoint. (#3002)
• [blocksync] Do not stay in blocksync if the node's validator voting power is high enough to block the chain while it is not online (#3406)

IMPROVEMENTS

• [p2p/conn] Update send monitor, used for sending rate limiting, once per batch of packets sent (#3382)
• [libs/pubsub] Allow dash (-) in event tags (#3401)
• [p2p/conn] Remove the usage of a synchronous pool of buffers in secret connection, storing instead the buffer in the connection struct. This reduces the synchronization primitive usage, speeding up the code. (#3403)

v0.38.9

July 1, 2024

This release reverts the API-breaking change to the Mempool interface introduced in the last patch release (v0.38.8) while still keeping the performance improvement added to the mempool. It also includes a minor fix to the RPC endpoints /tx and /tx_search.

BREAKING CHANGES

• [mempool] Revert adding the method PreUpdate() to the Mempool interface, recently introduced in the previous patch release (v0.38.8). Its logic is now moved into the Lock method. With this change, the Mempool interface is the same as in v0.38.7. (#3361)

BUG FIXES

• [rpc] Fix nil pointer error in /tx and /tx_search when block is absent (#3352)

v0.38.8

... (truncated)

Commits

• 5f59b42 chore: release v0.38.10 (#3515)
• c2405cc feat: do not start indexer service (back port: #3331) (#3496)
• 641d528 doc(changelog): move recent HackerOne changelogs to 'bug fixes' (#3479)
• 0792c8b fix: invalid txs_results returned for legacy ABCI responses (backport #3031...
• a1b6c68 feat(libs/pubsub): allow dash symbol in event type/attribute (backport #3456)...
• fcac713 changelog: moving entry (#3396) to right location (#3457)
• f2b42d7 build(deps): Bump docker/build-push-action from 6.2.0 to 6.3.0 (#3440)
• a392c28 build(deps): Bump docker/setup-buildx-action from 3.3.0 to 3.4.0 (#3439)
• 9ca0b49 perf(p2p/conn): Remove unneeded global pool buffers in secret connection (bac...
• 0aeebd5 fix(blocksync): don't block in blocksync if our voting power is blocking the ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

• New Features

  • Updated dependencies to enhance functionality and improve performance across the application.
  • Introduced new indirect dependency for improved cryptographic operations.

• Bug Fixes

  • Upgraded critical libraries, which may include important fixes and enhancements for logging and metrics capabilities.

• Chores

  • Cleaned up unused dependencies for a leaner module, streamlining the overall project structure.

[dependabot]

The following labels could not be found: A:automerge.

[coderabbitai]

Walkthrough

The recent updates to the Rosetta project's go.mod file enhance dependency management by upgrading several libraries, improving functionality, and removing unused packages. Key upgrades include major libraries like cometbft and gogoproto, while new indirect dependencies support advanced cryptographic operations. Overall, these changes ensure that the project benefits from the latest features and security enhancements.

Changes

File Path	Change Summary
tools/rosetta/go.mod	Upgraded github.com/cometbft/cometbft from v0.37.5 to v0.38.10 and github.com/cosmos/gogoproto from v1.4.10 to v1.4.11. Removed dependencies: github.com/ChainSafe/go-schnorrkel, github.com/gtank/merlin, github.com/gtank/ristretto255. Added new indirect dependency: github.com/oasisprotocol/curve25519-voi. Other updates include logfmt, prometheus/common, and multierr versions.

Poem

🐇 In the meadow where the code does play,
Upgraded libraries hop and sway.
Dependencies trimmed, a clean new look,
Bugs vanquished, like pages in a book.
With each new version, progress takes flight,
Hopping towards a future so bright! 🌟

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 40d4293 and 590b96a.

Files ignored due to path filters (1)

• tools/rosetta/go.sum is excluded by !**/*.sum

Files selected for processing (1)

• tools/rosetta/go.mod (7 hunks)

Additional comments not posted (8)

tools/rosetta/go.mod (8)

39-39: Minor update approved for gogoproto.

The update from v1.4.10 to v1.4.11 is a minor version change, likely including small improvements or bug fixes.

---

83-83: New indirect dependency curve25519-voi approved.

The addition of curve25519-voi suggests enhanced cryptographic support. Ensure that its inclusion aligns with project requirements and does not introduce vulnerabilities.

---

9-9: Verify compatibility with cometbft v0.38.10.

The update from v0.37.5 to v0.38.10 includes bug fixes and performance improvements. Ensure that the project remains compatible with these changes, especially regarding ABCI response handling and peer connections.

---

91-91: Verify process metrics functionality with procfs v0.12.0.

The update from v0.8.0 to v0.12.0 may include enhancements or bug fixes. Ensure that process metrics functionality is consistent with the new version.

---

54-54: Verify logging functionality with logfmt v0.6.0.

The update from v0.5.1 to v0.6.0 may include logging enhancements. Ensure that logging in the project functions as expected with the new version.

---

108-108: Verify error handling with multierr v1.10.0.

The update from v1.9.0 to v1.10.0 likely includes improvements in error handling. Ensure that error handling in the project is compatible with the new version.

Verification successful

---

No direct usage of multierr found in the codebase.

The multierr package is listed as an indirect dependency and is not directly used in the codebase. Therefore, the update to v1.10.0 should not impact the project's error handling directly. Ensure that any dependencies using multierr are compatible with the new version.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify error handling with `multierr` v1.10.0.

# Test: Search for usage of `multierr` to ensure error handling is intact.
rg --type go 'multierr'

Length of output: 23

---

Script:

#!/bin/bash
# Description: Check for usage of `multierr` and inspect dependencies in go.mod.

# Search for any usage of `multierr` in the codebase.
rg --type go 'multierr'

# List all dependencies in go.mod to find any that might use `multierr`.
cat tools/rosetta/go.mod

Length of output: 6027

---

90-90: Verify metrics functionality with prometheus/common v0.42.0.

The update from v0.37.0 to v0.42.0 may include metrics enhancements. Ensure that metrics collection and reporting are consistent with the new version.

Verification successful

---

Metrics functionality verified with prometheus/common v0.42.0.

The expfmt package from prometheus/common is used for encoding metrics and verifying content types. The tests confirm that metrics are encoded correctly, ensuring compatibility with the new version. No issues found with the update.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify metrics functionality with `prometheus/common` v0.42.0.

# Test: Search for usage of `prometheus/common` to ensure metrics functionality is intact.
rg --type go 'prometheus/common'

Length of output: 157

---

Script:

#!/bin/bash
# Extract relevant sections from metrics.go and metrics_test.go to analyze usage of prometheus/common.

# Extract code from metrics.go
rg --type go --context 5 'prometheus/common' telemetry/metrics.go

# Extract code from metrics_test.go
rg --type go --context 5 'prometheus/common' telemetry/metrics_test.go

Length of output: 726

---

Script:

#!/bin/bash
# Extract detailed usage of expfmt from metrics.go and metrics_test.go to analyze its impact.

# Extract detailed usage from metrics.go
rg --type go 'expfmt' telemetry/metrics.go -A 10

# Extract detailed usage from metrics_test.go
rg --type go 'expfmt' telemetry/metrics_test.go -A 10

Length of output: 1517

---

80-80: Verify protobuf functionality with golang_protobuf_extensions v1.0.4.

The update from v1.0.2-0.20181231171920-c182affec369 to v1.0.4 likely includes improvements or bug fixes. Ensure that protobuf functionality is consistent with the new version.

[dependabot]

Superseded by #541.