Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update module github.com/ethereum/go-ethereum to v1.13.15 [security] #112

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

fix(deps): update module github.com/ethereum/go-ethereum to v1.13.15 [security] #112

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 6, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/ethereum/go-ethereum v1.11.5 -> v1.13.15 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-40591

Impact

A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node.

Details

The p2p handler spawned a new goroutine to respond to ping requests. By flooding a node with ping requests, an unbounded number of goroutines can be created, leading to resource exhaustion and potentially crash due to OOM.

Patches

The fix is included in geth version 1.12.1-stable, i.e, 1.12.2-unstable and onwards.

Fixed by https://github.com/ethereum/go-ethereum/pull/27887

Workarounds

No known workarounds.

Credits

This bug was reported by Patrick McHardy and reported via [email protected].

References

CVE-2024-32972

Impact

A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node.

In order to carry out the attack, the attacker establishes a peer connections to the victim, and sends a malicious GetBlockHeadersRequest message with a count of 0, using the ETH protocol.

In descendants := chain.GetHeadersFrom(num+count-1, count-1), the value of count-1 is passed to the function GetHeadersFrom(number, count uint64) as parameter count. Due to integer overflow, UINT64_MAX value is then passed as the count argument to function GetHeadersFrom(number, count uint64). This allows an attacker to bypass maxHeadersServe and request all headers from the latest block back to the genesis block.

Patches

The fix has been included in geth version 1.13.15 and onwards.

The vulnerability was patched in: https://github.com/ethereum/go-ethereum/pull/29534

Workarounds

No workarounds have been made public.

References

No more information is released at this time.

Credit

This issue was disclosed responsibly by DongHan Kim via the Ethereum bug bounty program. Thank you for your cooperation.

Release Notes

ethereum/go-ethereum (github.com/ethereum/go-ethereum)

v1.13.15: Ontamalca (v1.13.15)

Compare Source

Geth v1.13.15 is a maintenance-release that contains some fixes mainly to avoid snapsync-related data-corruption.

We recommend all users to upgrade to v1.13.15 as soon as possible.

As with all our previous releases, you can find the:

v1.13.14: Altaaya (v1.13.14)

Compare Source

Geth v1.13.14 is a small maintenance release with a handful of polishes to the blob pool:

  • Disallow blob transactions below the protocol minimum of 1 wei to enter the pool (#​29081).
  • Reduce the blob pool's max capacity to 2.5GB for the rollout. (#​29090).
  • Fix gas estimation for blob transactions (#​29085).

This release is NOT critical for the Cancun fork, but recommended to make Geth lighter in anticipation to unknown blob load.

Other fixes:

  • Support overriding the basefee during tracing (#​29051).
  • Fix call tracers missing top level logs in top-only mode (#​29068).
  • Support unlimited gas for eth_createAccessList if --gascap=0 (#​28846).

For a full rundown of the changes please consult the Geth 1.13.14 release milestone.

As with all our previous releases, you can find the:

v1.13.13: Alsages (v1.13.13)

Compare Source

This is a minor release with fixes for several issues related to the upcoming Cancun mainnet fork. As such, it is recommended for all mainnet users.

Changes in this release:

  • Block-building performance with blob transactions has been improved a lot. (#​29026, #​29008, #​29005)
  • A corner case in the EVM related to out-of-order fork scheduling has been fixed. (#​29023)
  • eth_fillTransaction has seen some bug fixes related to blob transactions as well. (#​28929, #​29037)
  • A rare panic in the ethstats client related to chain reorgs is resolved. (#​29020)
  • The blobpool database will now recover from disk corruption faults instead of crashing geth on startup. (#​29001)
  • Geth now implements getClientVersionV1 on the Engine API endpoint. (#​28915, #​28994)

Go API changes:

  • ethereum.CallMsg now contains EIP-4844 related fields (#​28989)
  • core.GenesisAlloc is now available from package core/types. We hope this change will reduce external dependencies on package core. (#​29003)

For a full rundown of the changes please consult the Geth 1.13.13 release milestone.

As with all our previous releases, you can find the:

v1.13.12: Edolus (v1.13.12)

Compare Source

This release embeds the mainnet fork number for Cancun, scheduled to go live on 13th March, 2024 (unix 1710338135). The specification can be read here, and it contains the following changes:

To go along Cancun, we're providing refreshed Grafana dashboards:

Other than that, the following assorted fixes and features are included in this release:

  • Initial implementation of the era format. The era format is meant to provide a cross-client archive format
    for block data (#​26621, #​28959)
  • Make rpc request limits configurable (#​28948)
  • Fix memory-leak with blob transactions (#​28917)
  • Stricter adherence to engine api spec (#​28882)
  • Fix enforcement of minimum miner tip (#​28933)

For a full rundown of the changes please consult the Geth 1.13.12 release milestone.

As with all our previous releases, you can find the:

v1.13.11: Tremanre (v1.13.11)

Compare Source

This release fixes a few bugs and enables the Cancun upgrade for the Sepolia and Holesky networks; Sepolia will upgrade on Jan 31, and Holesky on Feb 7, and naturally this is a required upgrade if you intend to follow either chain.

  • Enable Cancun on Sepolia and Holesky, plus Cancun-related changes (#​28834, #​28246, #​28230, #​28827)
  • Support EIP-4844 transactions in API-methods (#​28786)
  • Change how transaction indexing operates. As of 1.13.11, the behaviour of eth_syncing is slightly changed, so that it now
    does reports true until transaction indexing is finished. (#​28703)
  • rlpdump: add -pos flag for displaying byte positions (#​28785)
  • Fixes logging configuration (#​28801)

For a full rundown of the changes please consult the Geth 1.13.11 release milestone.

As with all our previous releases, you can find the:

v1.13.10: Sharjila B (v1.13.10)

Compare Source

This release is equivalent to v1.13.9, just contains a version bump. The reason is that a bad commit was tagged on 1.13.9 originally and whilst it was untagged and fixed, some caches (Go's package manager (go mod)) managed to store the temporary bad version. As there is no way for us to flush the bad version out, it's cleaner to tag a next version instead. Apologies about the mess.

This release fixes a few issues and enables the Cancun upgrade for the Goerli network at block timestamp 1705473 (#​28719) which is 6:32:am 17. Jan. 2024 UTC.

⚠️ If you are running Goerli, this is a required update!

Apart from the Goerli configuration update, we have a few other changes.

  • The 'simulated backend' in package accounts/abi/backends was rewritten. The improved version is available from the new package ethclient/simulated. A backwards-compatibility wrapper remains in the old location. (#​28202)
  • Fix ABI-encoding of negative big.Int in topics (#​28764)
  • In JSON logging output, the "error" level is now correctly emitted as "error". (#​28774, #​28780)
  • Fixed an issue with configuration of stdlib package log for consumers of the geth library (#​28747)
  • geth removedb can now be run non-interactively (#​28725)
  • We're building a package for ubuntu 23.10: mantic minotaur now (#​28728)
Testing
  • Add currentExcessBlobGas to the state tests for better coverage of state tests (#​28735)
  • Fixed an issue in t8n regarding blob gas usage (#​28735)

For a full rundown of the changes please consult the Geth 1.13.9 release milestone.

As with all our previous releases, you can find the:

v1.13.9: Sharjila (v1.13.9)

Compare Source

This release fixes a few issues and enables the Cancun upgrade for the Goerli network at block timestamp 1705473 (#​28719) which is 6:32:am 17. Jan. 2024 UTC.

⚠️ If you are running Goerli, this is a required update!

Apart from the Goerli configuration update, we have a few other changes.

  • The 'simulated backend' in package accounts/abi/backends was rewritten. The improved version is available from the new package ethclient/simulated. A backwards-compatibility wrapper remains in the old location. (#​28202)
  • Fix ABI-encoding of negative big.Int in topics (#​28764)
  • In JSON logging output, the "error" level is now correctly emitted as "error". (#​28774, #​28780)
  • Fixed an issue with configuration of stdlib package log for consumers of the geth library (#​28747)
  • geth removedb can now be run non-interactively (#​28725)
  • We're building a package for ubuntu 23.10: mantic minotaur now (#​28728)
Testing
  • Add currentExcessBlobGas to the state tests for better coverage of state tests (#​28735)
  • Fixed an issue in t8n regarding blob gas usage (#​28735)

For a full rundown of the changes please consult the Geth 1.13.9 release milestone.

As with all our previous releases, you can find the:

v1.13.8: Patavig (v1.13.8)

Compare Source

This is a hotfix release for a regression which affects v1.13.6 and v1.13.7: if the node is shut down during sync, the node will refuse to start, with the error message Fatal: Failed to register the Ethereum service: waiting for sync (#​28718, #​28724).

Please also see the release notes for v1.13.6 and v1.13.7

For a full rundown of the changes please consult the Geth 1.13.8 release milestone.

As with all our previous releases, you can find the:

v1.13.7: Fargeluse (v1.13.7)

Compare Source

We're issuing this release to fix an issue with our build pipeline. There are also some other changes:

  • The eth_sendTransaction RPC method now behaves more correctly for low-fee transactions. (#​27834)
  • We have upgraded the golang.org/x/crypto module dependency. The Go team has issued a new version to fix a vulnerability in the ssh package. While we do not use this package, we have upgraded the dependency in order to stop dependabot warnings. (#​28702)

For a full rundown of the changes please consult the Geth 1.13.7 release milestone.

As with all our previous releases, you can find the:

v1.13.6: Porolan (v1.13.6)

Compare Source

Geth v1.13.6 is a scheduled maintenance release, but it also contains some changes which might affect node operators, concerning logging.

Gas estimation changes

The gas estimator was heavily reworked (#​28600, #​28618). The new version runs quite a bit faster (normally completing in 7-8 attempts rather than 18-20). However, the results have an error ratio of 1.5%, and the estimation outcome won't always be deterministic.

Logging changes

In the absence of an 'official' Go logging framework, go-ethereum has, for a very long time, used a custom in-house logger. However, just such an 'official' Go logging framework has now arrived, with the slog package.

As of v1.13.6 , geth now uses slog, which will affect Geth users in different ways.

Main changes are as follows:

  • Verbosity level constants are changed to match slog constant values. Internal translation is done to make this opaque to the user and backwards compatible with existing --verbosity and --vmodule options.
  • --log.backtraceat and --log.debug are removed.
  • Removes interface log.Format and the method log.FormatFunc,
  • Unexports TerminalHandler.TerminalFormat formatting methods (renamed to TerminalHandler.format)
  • Removes the notion of log.Lazy values

The external-facing API is largely the same as the existing Geth logger. Method signatures remain unchanged. A small semantic difference is that a Handler can only be set once per Logger and not changed dynamically. This just means that a new logger must be instantiated every time the handler of the root logger is changed.

For users of the github.com/ethereum/go-ethereum/log package: If you were using this package for your own project, you will need to change the initialization. If you previously did

    log.Root().SetHandler(log.LvlFilterHandler(log.LvlInfo, log.StreamHandler(os.Stderr, log.TerminalFormat(true))))

You now instead need to do

    log.SetDefault(log.NewLogger(log.NewTerminalHandlerWithLevel(os.Stderr, log.LevelInfo, true)))

The lazy handler was useful in the old log package, since it could defer the evaluation of costly attributes until later in the log pipeline. Thus, if the logging was done at 'Trace', we could skip evaluation if logging only was set to 'Info'. With the move to slog, this way of deferring evaluation is no longer needed, since slog introduced 'Enabled'. Thus the caller can do the evaluate-or-not decision at the callsite, which is much more straight-forward than dealing with lazy reflect-based evaluation.

See more about reasoning here: https://github.com/ethereum/go-ethereum/issues/28558#issuecomment-1820606613

More detailed information can be found in the PRs #​28187, #​28621, #​28622 )

Other changes
  • Fixes a database corruption issue that could occur during state healing (#​28595)
  • Fixes an issue where node liveness was not always verified correctly in discv5 (#​28686)
  • Fix so state-dump can be performed after test execution (#​28650, #​28504)
  • Fix a ns/µs mismatch in metrics for rpc-methods (#​28649)
  • Fix a bug with wrong priority for HTTPHost, WSHost flags (#​28669)
  • Fix type inconsistencies in tracer framework (#​28488)
  • Add contextual information to errors returned by abi unpack (#​28529)
  • Make evm t8n support custom tracers (#​28557)

For a full rundown of the changes please consult the Geth 1.13.6 release milestone.

As with all our previous releases, you can find the:

v1.13.5: Carbonaceous (v1.13.5)

Compare Source

Geth v1.13.5 is a scheduled maintenance release fixing a potential data corruption in path scheme which could occur due to a power failure (i.e. entire OS / machine crash).

  • Extend ethclient and the simulated backend to allow eth_call against specific block hashes (#​28084).
  • Downgrade annoying stale transaction propagation logs from warning to debug (#​28364).
  • Switch to the new KZG trusted setup parameters (#​28383).
  • Return an error on GraphQL if querying invalid block ranges (#​28393, #​28412).
  • Start publishing Apple Silicon pre-built binaries (#​28474, #​28475).

And bugfixes:

  • Fix a number of corner-cases in path scheme state management (#​28198, #​28426, #​28483).
  • Fix an issue when allocating excessively large Pebble caches (#​28444).
  • Fix a potential snap sync issue with the path based storage (#​28327).
  • Fix ethclient to properly forwarding explicit 1559 gas caps (#​28462).
  • Fix gas estimation for 0 priced txs accessing the basefee (#​28470).
  • Fix an issue where resubscribing to events would hang (#​28359).
  • Fix ethstats transaction count report regressiob (#​28398).
  • Fix negative number encoding in ethclient/rpc (#​28358).
  • Fix GraphQL content type in the response (#​28417).

For a full rundown of the changes please consult the Geth 1.13.5 release milestone.

As with all our previous releases, you can find the:

v1.13.4: Archanes (v1.13.4)

Compare Source

Geth v1.13.4 is a non-urgent hotfix release. The previous version of Geth (v1.13.3) introduced a warning log for bad transaction announcements, and on mainnet it generated too much logging noise due to a protocol violation in Erigon. To prevent overwhelming logging systems, Geth v1.13.4 lower the log to a more reasonable level until the bug in Erigon is fixed #​28356.

Apart from the above reason, the release contains:

  • Fix a snap sync corner-case that could cause a hang by a maliciously constructed contract storage (#​28306).
  • Update various dependencies to unstick versions of Go libs (#​28329, #​28333, #​28334, #​28332, #​28336).
  • Enable Pebble database support on 32bit platforms and on OpenBSD too (#​28335).
  • Fix returning the correct code hash for eth_getProof with empty storage (#​28357).
  • Simplify trie range prover for some upcoming snap sync optimisations (#​28311).
  • Fix a timeout mechanism in the transaction fetcher (#​28220).

For a full rundown of the changes please consult the Geth 1.13.4 release milestone.

As with all our previous releases, you can find the:

v1.13.3: Armeni (v1.13.3)

Compare Source

Geth v1.13.3 is a scheduled maintenance release with various small additions and an important Pebble database fix.

  • Update Pebble to fix an occasional IO and CPU runaway, adding some debugging capabilities too (#​28224, #​28070).
  • Support full syncing to a specific hash without a beacon client via a --synctarget (#​28209).
  • Allow configuring websocket message limits via the Go RPC client (#​27801).
  • Drop support for eth/66 (Cancun will require eth/68 anyway) (#​28239).
  • Lower snap missing eth protocol warning to debug level (#​28249).
  • Enforce transaction metadata announcements in eth/68 (#​28261).

Features related to the Cancun hardfork:

  • Implement the BLOBFEE opcode for the upcoming Cancun hard fork (#​28098).
  • Enable blob transaction propagation and mining in Cancun networks (#​28243).
  • Start throttling transaction retrievals to prepare for blobs in Cancun (#​28304).

For a full rundown of the changes please consult the Geth 1.13.3 release milestone.

As with all our previous releases, you can find the:

v1.13.2: Phaistos (v1.13.2)

Compare Source

Geth v1.13.2 is a bugfix release for the 1.13 family as well as contains the Holesky testnet relaunch.

Note, if you have previously ran Geth with the old Holesky testnet configs, the new version will probably fail to start with a genesis hash mismatch error. You will need to manually delete your holesky/chaindata folder and restart. Geth did not implement special code for cleaning up the failed launch of the testnet.

  • Fix various pathdb corruption corner-cases during snap sync node restart (#​28171, #​28163).
  • Reconfigure the Holesky testnet with an updated genesis (#​28191, #​28192, #​28193).
  • Remove the rollback mechanism from snap sync, unneeded post-merge (#​28147).
  • Make the block parameter in eth_call optional, defaulting to latest (#​28165).
  • Forget transactions previously marked underpriced after 5 minutes (#​28097).
  • Fix JSON marshalling issue from ethclient retrieving block receipts (#​28087).
  • Fix --bootnodes flag if the list is also configured in the toml file (#​28095).

For a full rundown of the changes please consult the Geth 1.13.2 release milestone.

As with all our previous releases, you can find the:

v1.13.1: Zakros (v1.13.1)

Compare Source

Geth v1.13.1 is a hotfix release for v1.13.0.

It fixes the following issues:

  • Fix the active fork detection on the engine API, causing the signer to create invalid blocks (#​28135).
  • Fix a db corruption in path scheme caused by a weirdly restarted snap sync (#​28124, #​28126).
  • Fix geth db inspect command running against old hash scheme databases (#​28108).
  • Fix an effective gas price calculation regression on the RPC APIs (#​28130).

Apart from the fixes, v1.13.1 introduces support for configuring Geth via environmental variables (#​28103, #​28119)!

For a full rundown of the changes please consult the Geth 1.13.1 release milestone.

As with all our previous releases, you can find the:

v1.13.0: Therum (v1.13.0)

Compare Source

Geth v1.13.0 is a major milestone in the lifetime of Geth, bits and bobs being in development for around 6 years now. Since a release note cannot do it justice, please see our Geth v1.13.0 release blog post.

Still, just to quickly recap, Geth v1.13.0 finally ships a new database model which supports proper, full pruning of historical states; meaning you will never need to take your node offline again to resync or to manually prune. The new database model is optional for now (you need to enable it via --state.scheme=path) and does require resyncing the state, since we need to store it completely different (you can keep your ancients, no need to resync the chain too).

The path database will become the default eventually, but for safety reasons, we're keeping it opt-in for the moment. The old database model is not going away soon, though long term - unless there's something fundamentally wrong with the path db - it will. As for archive node users, we're working on a new model there too, but it does need a bit more work on top, so that's for another release.

The all important disclaimer: Geth's new path-based storage is considered stable and production ready, but was obviously not battle tested yet outside of the team. Everyone is welcome to use it, but if you have significant risks if your node crashes or goes out of consensus, you might want to wait a bit to see if anyone with a lower risk profile hits any issues.

Apart from the pruning work, the release contains:

  • Built in support for the Holešky (Holešovice) testnet (#​28007).
  • Index transactions even if no blocks are received (#​27847).
  • Expose Geth version metadata into the metrics (#​24877).
  • Optimise eth_estimateGas to do fewer runs (#​27710).
  • Add eth_getBlockReceipts RPC API call (#​27702).
  • Support unpacking Solidity panic events (#​27868).
  • Reject GraphQL block queries where both number and hash is specified (#​27876).
  • Increase batch limits for RPC calls on the authenticated endpoint (#​27924).
  • Optimise logging library to avoid expensive call stack lookups (#​28069).

And bugfixes:

  • Fix forkid computation for genesis-merged non-zero timestamp networks (#​27895, #​28034).
  • Fix a potential data race in the websocket ping/pong mechanism (#​27733).
  • Fix js tracers to return the gas price in base 16, not base 10 (#​27903).
  • Fix finalized block number in dev (--dev) mode (#​27886).

For a full rundown of the changes please consult the Geth 1.13.0 release milestone, though do note that the state scheme changes and pruner have been gradually merged over the past year so are not explicitly tagged in this milestone.

As with all our previous releases, you can find the:

v1.12.2: Mawinor (v1.12.2)

Compare Source

Hot on the heels of v1.12.1 comes our next release, fixing some regressions reported by the community.

Here are the changes:

  • A crash related to leveldb metrics is resolved (#​27904)
  • Metrics names used by the blobpool have been changed to be compatible with Prometheus (#​27901)
  • The c-kzg-4844 and blst libraries have been updated, hopefully fixing some build issues (#​27890, #​27907, #​27910)
  • We have also adapted go-ethereum to the latest changes in the 'slices' package provided by the golang.org/x/exp module. The Go authors decided to push an incompatible update, but didn't create a new release of that module, causing build issues when consumers mix-and-match dependency versions. (#​27909)

For a full rundown of the changes please consult the Geth 1.12.2 release milestone.

As with all our previous releases, you can find the:

v1.12.1: Antibaar (v1.12.1)

Compare Source

Geth v1.12.1 is a maintenance release, albeit a rather large one, since we haven't put out a version since May.
This release is a recommended upgrade for all users and contains security-related fixes.

Here's the list of changes:

Cancun fork

Development for the upcoming Cancun hard fork has been a focus in this release cycle. Do note however, that Geth v1.12.1 is not yet ready for Cancun.

Geth command changes
  • The Rinkeby testnet is no longer supported in Geth (#​27406)
  • geth --dev now simulates a PoS-based chain (#​27327)
  • evm blocktest can now output structured logs (#​27396)
  • Geth will now configure GOMAXPROCS based on CPU quota settings. This should improve efficiency when running in Docker containers with a CPU core limit applied. (#​27506, #​27814)
  • An IPv6 listening address for can now be configured for HTTP/WS (#​27628) (#​27635)
RPC/GraphQL API changes
  • JSON transactions now have a yParity fields, as mandated by the RPC API spec (#​27744, #​27882)
  • Legacy transactions now have a chainID field in RPC responses, like all other transaction types (#​27452)
  • Block headers returned by RPC no longer report a non-standard size field (#​27347)
  • eth_estimateGas now supports state overrides like eth_call (#​27845)
  • eth_estimateGas now handles internal chain reorgs more correctly (#​27505)
  • eth_getProof is slight more efficient, and will now return a response in the canonical encoding even for off-spec input parameters (#​27309, #​27310)
  • eth_getTransactionReceipt now returns null when the transaction is not available. It used return an error in that case. (#​27712)
  • debug_storageRangeAt now takes a block hash or number as parameter (#​27328)
  • The new debug_getTrieFlushInterval method reports the internal state saving interval (#​27303)
  • A crash in the prestate tracer is resolved (#​27691)
  • Structured EVM logs returned by tracing now contain the returnData (#​27704)
  • GraphQL now supports withdrawals (EIP-4895) (#​27072)
Go library changes
  • The RPC server now enforces limits on batch requests and responses. This is a potentially breaking change.
    If you use batch requests with geth, and also use the go-ethereum RPC client library, we strongly recommend updating your go-ethereum library dependency as well. The new client version handles invalid batch responses way better than before. (#​26681)
  • The RPC client has multiple new ways to test whether the transport supports real time subscriptions (#​25942)
  • fsync is now enabled for pebble database writes (#​27615, #​27522)
  • Function calls timed by metrics will now run even if metrics are disabled (#​27724, #​27723)
  • Node.Attach no longer returns an error. This is a breaking Go API change. (#​27450)
  • The keystore has improved verification of keys loaded from disk (#​27432)
  • Per-level metrics are now available for LevelDB (#​27643)
Core
  • All block creation activity is now paused while the node is syncing (#​27218)
  • Two minor bugs in the transaction pool are resolved in this release (#​27404, #​27479)
  • Geth no longer uses a 'clean cache file' to persist internal caches across restarts. While persistent cache added a small performance boost right after startup, it could cause obscure issues in certain restart scenarios. (#​27525)
  • A large portion of the new Path-Based State Storage scheme has been implemented. While it isn't active yet, we are planning to make this new storage method available in the next release. (#​25963, #​27323, #​27349, #​27428, #​27687, #​27753, #​27815)
  • As part of testing the new storage scheme, some inconsistencies in selfdestruct handling were discovered by fuzz tests and had to be fixed (#​27376, #​27339)
  • We have also made significant progress on the integration of Verkle Trees, which required changes to internal state-handling APIs (#​27000, #​27209, #​27464, #​27476, #​27544, #​27853)
Networking
  • A serious memory leak related to database writes in snap sync is fixed in this release (#​27842)
  • Large transactions (> 4kB) are no longer broadcasted to peers. This resolves a potential network congestion issue (#​27618)
  • The p2p networking layer has learned to announce alternate ports returned by UPnP/NAT-PMP (#​26359)
  • The p2p server now properly tracks all peer goroutines (#​27887)
  • Networking initialization now really disables all discovery when --nodiscover is used (#​27518)
  • Obsolete parts of the LES protocol implementation, which is currently non-functional, have been removed (#​27737)
  • Discovery bootstrap nodes will now be filtered by the netrestrict setting, like all other nodes ([#​27701](https://redirect.github

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate Renovate
Copy link
Contributor Author

renovate bot commented Aug 6, 2024

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 6 additional dependencies were updated

Details:

Package Change
github.com/go-ole/go-ole v1.2.6 -> v1.3.0
github.com/holiman/uint256 v1.2.2 -> v1.2.4
github.com/tklauser/go-sysconf v0.3.11 -> v0.3.12
github.com/tklauser/numcpus v0.6.0 -> v0.6.1
golang.org/x/crypto v0.16.0 -> v0.17.0
golang.org/x/sys v0.15.0 -> v0.16.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants