build(deps): Bump github.com/bufbuild/buf from 1.10.0 to 1.11.0 by dependabot[bot] · Pull Request #4 · cometbft/cometbft

dependabot · 2022-12-22T21:25:45Z

Bumps github.com/bufbuild/buf from 1.10.0 to 1.11.0.

Release notes

Sourced from github.com/bufbuild/buf's releases.

v1.11.0

What's Changed

buf generate now batches remote plugin generation calls for improved performance.

Update optimize_for option in managed mode, allowing a default value for optimize_for for all files, except and override, which both behave similarly to other except and override options. Specifying an optimize_for value in the earlier versions is equivalent to having a optimize_for with that value as default.

Full Changelog: bufbuild/buf@v1.10.0...v1.11.0

Changelog

Sourced from github.com/bufbuild/buf's changelog.

[v1.11.0] - 2022-12-19

buf generate now batches remote plugin generation calls for improved performance.

Update optimize_for option in managed mode, allowing a default value for optimize_for for all files, except and override, which both behave similarly to other except and override options. Specifying an optimize_for value in the earlier versions is equivalent to having a optimize_for with that value as default.

Commits

b6d1820 Release v1.11.0 (#1686)
c28dda4 Bump bufbuild/buf-push-action from 1.0.1 to 1.1.1 (#1682)
108da9b Bump peter-evans/create-pull-request from 4.2.2 to 4.2.3 (#1643)
04e5243 Bump go.uber.org/multierr from 1.8.0 to 1.9.0 (#1684)
bc1fb94 image filtering: don't include entire enclosing message/service (#1659)
2991585 Add UpstreamClient UserAgent to dockerclient (#1678)
e85a0a6 add user type filter for ListUsers and include user type in User (#1660)
8985c1b optimize checking for current digest (#1665)
fae35f6 fix regression in plugin generation (#1675)
5d29981 update connect-go and latest go deps (#1674)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/bufbuild/buf](https://github.com/bufbuild/buf) from 1.10.0 to 1.11.0. - [Release notes](https://github.com/bufbuild/buf/releases) - [Changelog](https://github.com/bufbuild/buf/blob/main/CHANGELOG.md) - [Commits](bufbuild/buf@v1.10.0...v1.11.0) --- updated-dependencies: - dependency-name: github.com/bufbuild/buf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2022-12-22T21:25:46Z

The following labels could not be found: T:dependencies, S:automerge.

…ld/buf-1.11.0

…twice perf(internal/blocksync): do not `ValidateBlock` twice (cometbft#2026)

changelog

due to sec vuln Vulnerability #1: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: net/http@go1.23.1 Fixed in: net/http@go1.23.5 Example traces found: Error: #1: rpc/jsonrpc/client/http_json_client.go:231:34: client.Client.Call calls http.Client.Do Error: #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls cobra.Command.Execute, which eventually calls http.Client.Get Error: #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile calls http.Get Vulnerability #2: GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: crypto/x509@go1.23.1 Fixed in: crypto/x509@go1.23.5 Example traces found: Error: #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20: model.DB.Close calls badger.DB.Close, which eventually calls x509.CertPool.AppendCertsFromPEM Error: #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify Error: #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial calls websocket.Dialer.Dial, which eventually calls x509.Certificate.VerifyHostname Error: #4: light/errors.go:483:84: light.errBadWitness.Error calls x509.HostnameError.Error Error: #5: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseCertificate Error: #6: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseECPrivateKey Error: #7: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS1PrivateKey Error: #8: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS8PrivateKey

due to sec vuln Vulnerability #1: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: net/http@go1.23.1 Fixed in: net/http@go1.23.5 Example traces found: Error: #1: rpc/jsonrpc/client/http_json_client.go:231:34: client.Client.Call calls http.Client.Do Error: #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls cobra.Command.Execute, which eventually calls http.Client.Get Error: #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile calls http.Get Vulnerability #2: GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: crypto/x509@go1.23.1 Fixed in: crypto/x509@go1.23.5 Example traces found: Error: #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20: model.DB.Close calls badger.DB.Close, which eventually calls x509.CertPool.AppendCertsFromPEM Error: #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify Error: #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial calls websocket.Dialer.Dial, which eventually calls x509.Certificate.VerifyHostname Error: #4: light/errors.go:483:84: light.errBadWitness.Error calls x509.HostnameError.Error Error: #5: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseCertificate Error: #6: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseECPrivateKey Error: #7: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS1PrivateKey Error: #8: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS8PrivateKey (cherry picked from commit e4cbca8) # Conflicts: # .golangci.yml

due to sec vuln Vulnerability #1: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: net/http@go1.23.1 Fixed in: net/http@go1.23.5 Example traces found: Error: #1: rpc/jsonrpc/client/http_json_client.go:231:34: client.Client.Call calls http.Client.Do Error: #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls cobra.Command.Execute, which eventually calls http.Client.Get Error: #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile calls http.Get Vulnerability #2: GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: crypto/x509@go1.23.1 Fixed in: crypto/x509@go1.23.5 Example traces found: Error: #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20: model.DB.Close calls badger.DB.Close, which eventually calls x509.CertPool.AppendCertsFromPEM Error: #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify Error: #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial calls websocket.Dialer.Dial, which eventually calls x509.Certificate.VerifyHostname Error: #4: light/errors.go:483:84: light.errBadWitness.Error calls x509.HostnameError.Error Error: #5: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseCertificate Error: #6: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseECPrivateKey Error: #7: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS1PrivateKey Error: #8: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS8PrivateKey <hr>This is an automatic backport of pull request #4888 done by [Mergify](https://mergify.com). --------- Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

fixes for heimdall v2 init

changelog

dependabot bot requested a review from ebuchman as a code owner December 22, 2022 21:25

thanethomson added the automerge label Dec 23, 2022

thanethomson approved these changes Dec 23, 2022

View reviewed changes

Merge branch 'main' into dependabot/go_modules/main/github.com/bufbui…

833d568

…ld/buf-1.11.0

mergify bot requested a review from a team as a code owner December 23, 2022 16:24

thanethomson added the dependencies Dependency updates label Dec 23, 2022

thanethomson approved these changes Dec 23, 2022

View reviewed changes

thanethomson merged commit 66252f8 into main Dec 23, 2022

dependabot bot deleted the dependabot/go_modules/main/github.com/bufbuild/buf-1.11.0 branch December 23, 2022 19:05

sergio-mena mentioned this pull request Apr 7, 2023

Fix race condition in consensus.State code #673

Merged

3 tasks

faddat pushed a commit to faddat/cometbft that referenced this pull request Feb 25, 2024

Merge pull request cometbft#4 from osmosis-labs/adam/avoid-val-block-…

6e2a1c3

…twice perf(internal/blocksync): do not `ValidateBlock` twice (cometbft#2026)

faddat pushed a commit to faddat/cometbft that referenced this pull request Feb 25, 2024

Merge pull request cometbft#4 from osmosis-labs/adam/avoid-val-block-…

490dd75

…twice perf(internal/blocksync): do not `ValidateBlock` twice (cometbft#2026)

sergio-mena mentioned this pull request Jun 10, 2024

fix(e2e): reproduction an fixing of missing evidence in e2e nightlies #3234

Merged

2 tasks

yihuang pushed a commit to yihuang/cometbft that referenced this pull request Nov 1, 2024

Problem: fireEvents can runs asyncously (cometbft#4)

f2b043f

changelog

melekes mentioned this pull request Jan 28, 2025

chore(deps): bump Go version to 1.23.5 #4888

Merged

mergify bot mentioned this pull request Jan 30, 2025

chore(deps): bump Go version to 1.23.5 (backport #4888) #4890

Merged

jmalicevic pushed a commit to informalsystems/cometbft that referenced this pull request May 14, 2025

Merge pull request cometbft#4 from 0xPolygon/mardizzone/app-fixes

a65a54e

fixes for heimdall v2 init

JayT106 pushed a commit to JayT106/cometbft that referenced this pull request Jan 19, 2026

Problem: fireEvents can runs asyncously (cometbft#4)

973a83f

changelog

JayT106 pushed a commit to JayT106/cometbft that referenced this pull request Jan 19, 2026

Problem: fireEvents can runs asyncously (cometbft#4)

828ba8d

changelog

JayT106 pushed a commit to JayT106/cometbft that referenced this pull request Jan 21, 2026

Problem: fireEvents can runs asyncously (cometbft#4)

38e76be

changelog

JayT106 pushed a commit to JayT106/cometbft that referenced this pull request Jan 23, 2026

Problem: fireEvents can runs asyncously (cometbft#4)

f8b198f

changelog

JayT106 pushed a commit to JayT106/cometbft that referenced this pull request Jan 28, 2026

Problem: fireEvents can runs asyncously (cometbft#4)

e1ca135

changelog

JayT106 pushed a commit to JayT106/cometbft that referenced this pull request Feb 12, 2026

Problem: fireEvents can runs asyncously (cometbft#4)

7fff7f9

changelog

mmsqe pushed a commit to mmsqe/cometbft that referenced this pull request Mar 19, 2026

Problem: fireEvents can runs asyncously (cometbft#4)

29d8b0e

changelog

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): Bump github.com/bufbuild/buf from 1.10.0 to 1.11.0#4

build(deps): Bump github.com/bufbuild/buf from 1.10.0 to 1.11.0#4
thanethomson merged 2 commits intomainfrom
dependabot/go_modules/main/github.com/bufbuild/buf-1.11.0

dependabot bot commented on behalf of github Dec 22, 2022

Uh oh!

dependabot bot commented on behalf of github Dec 22, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Dec 22, 2022

v1.11.0

What's Changed

[v1.11.0] - 2022-12-19

Uh oh!

dependabot bot commented on behalf of github Dec 22, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant