fix(privval): Ephemeral Port Exhaustion#5433
Merged
mattac21 merged 19 commits intocometbft:mainfrom Nov 17, 2025
Merged
Conversation
pompon0
added a commit
to sei-protocol/sei-chain
that referenced
this pull request
Oct 6, 2025
Ported fix from cometbft repo: cometbft/cometbft#5433
mattac21
changed the title
mattac21
reviewed
Oct 20, 2025
Collaborator
mattac21
left a comment
mattac21
left a comment
There was a problem hiding this comment.
thanks! could you add a changelog entry since this is a fix? also we require signed commits, could you sign them and then recommit? then we can merge
…cometbft#5425) Removed unused count variables and count++ increments in abci/server/socket_server.go within handleRequests and handleResponses. Rationale: These counters were never read, not wired to metrics or logging, and have no protocol impact. Keeping them is misleading and may trigger static-analysis concerns. The gRPC server has no analogous counters. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Remove unused `count` variables and increments from `handleRequests` and `handleResponses` in `abci/server/socket_server.go`. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit c4cff1c. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Alex | Cosmos Labs <[email protected]>
…ometbft#5441) Bumps google.golang.org/protobuf from 1.36.9 to 1.36.10. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ometbft#5443) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.16.2 to 5.16.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's releases</a>.</em></p> <blockquote> <h2>v5.16.3</h2> <h2>What's Changed</h2> <ul> <li>internal: Expand regex to fix build [5.x] by <a href="https://github.com/baloo"><code>@baloo</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1644">go-git/go-git#1644</a></li> <li>build: raise timeouts for windows CI tests and disable CIFuzz [5.x] by <a href="https://github.com/baloo"><code>@baloo</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1646">go-git/go-git#1646</a></li> <li>plumbing: support commits extra headers, support jujutsu signed commit [5.x] by <a href="https://github.com/baloo"><code>@baloo</code></a> in <a href="https://redirect.github.com/go-git/go-git/pull/1633">go-git/go-git#1633</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/go-git/go-git/compare/v5.16.2...v5.16.3">https://github.com/go-git/go-git/compare/v5.16.2...v5.16.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-git/go-git/commit/ad9a3a542e845d368853848ef5a2de9ec1f79b1a"><code>ad9a3a5</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1633">#1633</a> from baloo/baloo/release-5.x/jj-signed-commits</li> <li><a href="https://github.com/go-git/go-git/commit/f2c3467492033820145d5230dc681b5f976eb1c0"><code>f2c3467</code></a> plumbing: support extra headers, support jujutsu signed commit [5.x]</li> <li><a href="https://github.com/go-git/go-git/commit/c12263d36861c02d0dd9dce5249781b7e673c7bb"><code>c12263d</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1646">#1646</a> from baloo/baloo/release-5.x/fixup-windows-ci</li> <li><a href="https://github.com/go-git/go-git/commit/111f37418f4e164e114b094728ca87733dae1779"><code>111f374</code></a> build: disable fuzzing on maintenance branch</li> <li><a href="https://github.com/go-git/go-git/commit/15d46ceb597e4092783314c48c782097f436aa66"><code>15d46ce</code></a> build: raise timeouts for windows CI tests</li> <li><a href="https://github.com/go-git/go-git/commit/ce83ba1dcadebc49b3ea8670449aa495e88e1281"><code>ce83ba1</code></a> Merge pull request <a href="https://redirect.github.com/go-git/go-git/issues/1644">#1644</a> from baloo/baloo/release-5.x/fixup-build</li> <li><a href="https://github.com/go-git/go-git/commit/b4862019696d8dc00b9aeb86394951e5c1b9076a"><code>b486201</code></a> internal: Expand regex to fix build</li> <li>See full diff in <a href="https://github.com/go-git/go-git/compare/v5.16.2...v5.16.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…metbft#5440) Bumps [github.com/go-logfmt/logfmt](https://github.com/go-logfmt/logfmt) from 0.6.0 to 0.6.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-logfmt/logfmt/releases">github.com/go-logfmt/logfmt's releases</a>.</em></p> <blockquote> <h2>v0.6.1</h2> <h2>0.6.1</h2> <h3>Fixed</h3> <ul> <li>Encode DEL (0x7f) control character by <a href="https://github.com/spaceone"><code>@spaceone</code></a></li> <li>Modernize code through Go 1.21 by <a href="https://github.com/ChrisHines"><code>@ChrisHines</code></a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/go-logfmt/logfmt/blob/main/CHANGELOG.md">github.com/go-logfmt/logfmt's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/go-logfmt/logfmt/compare/v0.6.0...v0.6.1">0.6.1</a> - 2025-10-05</h2> <h3>Fixed</h3> <ul> <li>Encode DEL (0x7f) control character by [<a href="https://github.com/spaceone"><code>@spaceone</code></a>]</li> <li>Modernize code through Go 1.21 by [<a href="https://github.com/ChrisHines"><code>@ChrisHines</code></a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-logfmt/logfmt/commit/804e98fff868b206344991c57a8182172e5ba41e"><code>804e98f</code></a> Update CHANGELOG</li> <li><a href="https://github.com/go-logfmt/logfmt/commit/e5396c6ee35145aead27da56e7921a7656f69624"><code>e5396c6</code></a> Modernize code through Go 1.21 (<a href="https://redirect.github.com/go-logfmt/logfmt/issues/19">#19</a>)</li> <li><a href="https://github.com/go-logfmt/logfmt/commit/d0d028a5175b635a0e4caffb411ca38682e13d2b"><code>d0d028a</code></a> fix: encode DEL (0x7f) control character (<a href="https://redirect.github.com/go-logfmt/logfmt/issues/17">#17</a>) (<a href="https://redirect.github.com/go-logfmt/logfmt/issues/18">#18</a>)</li> <li><a href="https://github.com/go-logfmt/logfmt/commit/3948912a76544b3dd949fccc314702bb5e0a50e1"><code>3948912</code></a> Update go versions in CI</li> <li><a href="https://github.com/go-logfmt/logfmt/commit/3f5ba8944849f8b7b960807b091074f41b662680"><code>3f5ba89</code></a> fix: encode DEL (0x7f) control character (<a href="https://redirect.github.com/go-logfmt/logfmt/issues/17">#17</a>)</li> <li>See full diff in <a href="https://github.com/go-logfmt/logfmt/compare/v0.6.0...v0.6.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…ometbft#5438) #### PR checklist - [x] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments --- These changes use b.Loop() to simplify the code and improve performance Supported by Go Team, more info: https://go.dev/blog/testing-b-loop More info can see https://go.dev/issue/73137. Before: ```shell go test -run=^$ -bench=. ./types -timeout=1h goos: darwin goarch: arm64 pkg: github.com/cometbft/cometbft/types cpu: Apple M4 BenchmarkEventBus/10Clients1Query1Event-10 3788924 310.3 ns/op 416 B/op 3 allocs/op BenchmarkEventBus/100Clients-10 3767460 316.6 ns/op 416 B/op 3 allocs/op BenchmarkEventBus/1000Clients-10 16606 66811 ns/op 544 B/op 6 allocs/op BenchmarkEventBus/10ClientsRandQueries1Event-10 754050 1527 ns/op 1312 B/op 24 allocs/op BenchmarkEventBus/100Clients#01-10 511202 2306 ns/op 1952 B/op 39 allocs/op BenchmarkEventBus/1000Clients#01-10 457266 2531 ns/op 1952 B/op 39 allocs/op BenchmarkEventBus/10ClientsRandQueriesRandEvents-10 3649645 327.0 ns/op 417 B/op 3 allocs/op BenchmarkEventBus/100Clients#02-10 2947570 346.2 ns/op 426 B/op 3 allocs/op BenchmarkEventBus/1000Clients#02-10 737244 1460 ns/op 718 B/op 10 allocs/op BenchmarkEventBus/10Clients1QueryRandEvents-10 3672014 322.4 ns/op 416 B/op 3 allocs/op BenchmarkEventBus/100Clients#03-10 3715051 322.8 ns/op 416 B/op 3 allocs/op BenchmarkEventBus/1000Clients#03-10 207978 5357 ns/op 544 B/op 6 allocs/op BenchmarkMakePartSet/nParts=1-10 55294 20497 ns/op BenchmarkMakePartSet/nParts=2-10 29437 40110 ns/op BenchmarkMakePartSet/nParts=3-10 20059 59683 ns/op BenchmarkMakePartSet/nParts=4-10 15042 79628 ns/op BenchmarkMakePartSet/nParts=5-10 12037 99587 ns/op BenchmarkProposalWriteSignBytes-10 4153146 290.1 ns/op BenchmarkProposalSign-10 99568 11996 ns/op BenchmarkProposalVerifySignature-10 4080648 293.9 ns/op BenchmarkValidatorSetCopy-10 59730 19908 ns/op BenchmarkUpdates-10 1306 909655 ns/op Benchmark_2_3_Maj-10 241 5133499 ns/op PASS ok github.com/cometbft/cometbft/types 35.253s ``` after: ```shell go test -run=^$ -bench=. ./types -timeout=1h goos: darwin goarch: arm64 pkg: github.com/cometbft/cometbft/types cpu: Apple M4 BenchmarkEventBus/10Clients1Query1Event-10 3789516 313.8 ns/op 416 B/op 3 allocs/op BenchmarkEventBus/100Clients-10 3773624 318.5 ns/op 416 B/op 3 allocs/op BenchmarkEventBus/1000Clients-10 16605 72004 ns/op 544 B/op 6 allocs/op BenchmarkEventBus/10ClientsRandQueries1Event-10 673412 1728 ns/op 1440 B/op 27 allocs/op BenchmarkEventBus/100Clients#01-10 501636 2356 ns/op 1952 B/op 39 allocs/op BenchmarkEventBus/1000Clients#01-10 450982 2539 ns/op 1952 B/op 39 allocs/op BenchmarkEventBus/10ClientsRandQueriesRandEvents-10 3622975 328.3 ns/op 416 B/op 3 allocs/op BenchmarkEventBus/100Clients#02-10 3437947 338.0 ns/op 425 B/op 3 allocs/op BenchmarkEventBus/1000Clients#02-10 157407 6593 ns/op 2052 B/op 41 allocs/op BenchmarkEventBus/10Clients1QueryRandEvents-10 3715688 321.9 ns/op 416 B/op 3 allocs/op BenchmarkEventBus/100Clients#03-10 3714166 322.3 ns/op 416 B/op 3 allocs/op BenchmarkEventBus/1000Clients#03-10 194089 5703 ns/op 543 B/op 5 allocs/op BenchmarkMakePartSet/nParts=1-10 55609 20132 ns/op BenchmarkMakePartSet/nParts=2-10 30139 39803 ns/op BenchmarkMakePartSet/nParts=3-10 20073 59629 ns/op BenchmarkMakePartSet/nParts=4-10 15074 79577 ns/op BenchmarkMakePartSet/nParts=5-10 12037 99553 ns/op BenchmarkProposalWriteSignBytes-10 4253791 282.7 ns/op BenchmarkProposalSign-10 99486 12026 ns/op BenchmarkProposalVerifySignature-10 4208140 288.5 ns/op BenchmarkValidatorSetCopy-10 59937 19850 ns/op BenchmarkUpdates-10 1312 904521 ns/op Benchmark_2_3_Maj-10 240 4960945 ns/op PASS ok github.com/cometbft/cometbft/types 34.504s ``` Signed-off-by: russcoss <[email protected]> Co-authored-by: Alex | Cosmos Labs <[email protected]>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.30.8</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.30.8 - 10 Oct 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.30.8/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.30.7</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.30.7 - 06 Oct 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.30.7/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.30.6</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.30.6 - 02 Oct 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.2. <a href="https://redirect.github.com/github/codeql-action/pull/3168">#3168</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.30.6/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.30.5</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.30.5 - 26 Sep 2025</h2> <ul> <li>We fixed a bug that was introduced in <code>3.30.4</code> with <code>upload-sarif</code> which resulted in files without a <code>.sarif</code> extension not getting uploaded. <a href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.30.5/CHANGELOG.md">CHANGELOG.md</a> for more information.</p> <h2>v3.30.4</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.30.4 - 25 Sep 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h2>3.29.4 - 23 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.3 - 21 Jul 2025</h2> <p>No user facing changes.</p> <h2>3.29.2 - 30 Jun 2025</h2> <ul> <li>Experimental: When the <code>quality-queries</code> input for the <code>init</code> action is provided with an argument, separate <code>.quality.sarif</code> files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/2935">#2935</a></li> </ul> <h2>3.29.1 - 27 Jun 2025</h2> <ul> <li>Fix bug in PR analysis where user-provided <code>include</code> query filter fails to exclude non-included queries. <a href="https://redirect.github.com/github/codeql-action/pull/2938">#2938</a></li> <li>Update default CodeQL bundle version to 2.22.1. <a href="https://redirect.github.com/github/codeql-action/pull/2950">#2950</a></li> </ul> <h2>3.29.0 - 11 Jun 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.22.0. <a href="https://redirect.github.com/github/codeql-action/pull/2925">#2925</a></li> <li>Bump minimum CodeQL bundle version to 2.16.6. <a href="https://redirect.github.com/github/codeql-action/pull/2912">#2912</a></li> </ul> <h2>3.28.21 - 28 July 2025</h2> <p>No user facing changes.</p> <h2>3.28.20 - 21 July 2025</h2> <ul> <li>Remove support for combining SARIF files from a single upload for GHES 3.18, see <a href="https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload/">the changelog post</a>. <a href="https://redirect.github.com/github/codeql-action/pull/2959">#2959</a></li> </ul> <h2>3.28.19 - 03 Jun 2025</h2> <ul> <li>The CodeQL Action no longer includes its own copy of the extractor for the <code>actions</code> language, which is currently in public preview. The <code>actions</code> extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the <code>actions</code> language <em>and</em> you have pinned your <code>tools:</code> property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable <code>actions</code> analysis.</li> <li>Update default CodeQL bundle version to 2.21.4. <a href="https://redirect.github.com/github/codeql-action/pull/2910">#2910</a></li> </ul> <h2>3.28.18 - 16 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.3. <a href="https://redirect.github.com/github/codeql-action/pull/2893">#2893</a></li> <li>Skip validating SARIF produced by CodeQL for improved performance. <a href="https://redirect.github.com/github/codeql-action/pull/2894">#2894</a></li> <li>The number of threads and amount of RAM used by CodeQL can now be set via the <code>CODEQL_THREADS</code> and <code>CODEQL_RAM</code> runner environment variables. If set, these environment variables override the <code>threads</code> and <code>ram</code> inputs respectively. <a href="https://redirect.github.com/github/codeql-action/pull/2891">#2891</a></li> </ul> <h2>3.28.17 - 02 May 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.21.2. <a href="https://redirect.github.com/github/codeql-action/pull/2872">#2872</a></li> </ul> <h2>3.28.16 - 23 Apr 2025</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/a841c540b73bac7685691a2f930006ba52db3645"><code>a841c54</code></a> Scratch <code>uploadSpecifiedFiles</code> tests, make <code>uploadPayload</code> tests instead</li> <li><a href="https://github.com/github/codeql-action/commit/aeb12f6eaaa7419b7170f27dc3e2b5710203ff2d"><code>aeb12f6</code></a> Merge branch 'main' into redsun82/skip-sarif-upload-tests</li> <li><a href="https://github.com/github/codeql-action/commit/6fd4ceb7bbb8ec2746fd4d3a64b77787dffd9afc"><code>6fd4ceb</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3189">#3189</a> from github/henrymercer/download-codeql-rate-limit</li> <li><a href="https://github.com/github/codeql-action/commit/196a3e577b477ffb129cb35c7ed3ba72e6e2dbe7"><code>196a3e5</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3188">#3188</a> from github/mbg/telemetry/partial-config</li> <li><a href="https://github.com/github/codeql-action/commit/98abb870dcd6421594724ae220643e13baf90298"><code>98abb87</code></a> Add configuration error for rate limited CodeQL download</li> <li><a href="https://github.com/github/codeql-action/commit/bdd2cdf891a0a89c6680bd54c9ba63c80e440f75"><code>bdd2cdf</code></a> Also include <code>language</code> in error status report for <code>start-proxy</code>, if available</li> <li><a href="https://github.com/github/codeql-action/commit/fb148789ab863424b005147b4b018fe5691e5ccc"><code>fb14878</code></a> Include <code>languages</code> in <code>start-proxy</code> telemetry</li> <li><a href="https://github.com/github/codeql-action/commit/2ff418f28a66dd71cd80701e95ec26db12875f15"><code>2ff418f</code></a> Parse <code>language</code> before calling <code>getCredentials</code></li> <li>See full diff in <a href="https://github.com/github/codeql-action/compare/v3...v4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#5453) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.42.0 to 0.43.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/627cb894b6b2021e34c4ad4af4c0a963127491e4"><code>627cb89</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/dca4914afe94ebd485672b06b9a120e18b452533"><code>dca4914</code></a> acme: fix autocert TestHTTPHandlerDefaultFallback</li> <li><a href="https://github.com/golang/crypto/commit/1336e21bd6f39d1ab82ca6412693849c2d120e1d"><code>1336e21</code></a> x509roots/fallback: update bundle</li> <li><a href="https://github.com/golang/crypto/commit/2beaa59a3c994e5d01b6d58dc348dcd6d814ef26"><code>2beaa59</code></a> ssh: add VerifiedPublicKeyCallback</li> <li><a href="https://github.com/golang/crypto/commit/66c3d8ce714c31eb5a8adb6c931b4e29f5bebcf5"><code>66c3d8c</code></a> ssh: add support for FIPS mode</li> <li><a href="https://github.com/golang/crypto/commit/ddb4e80c6ad38c8a94001924a6ff8424f5cae369"><code>ddb4e80</code></a> ssh: remove custom contains, use slices.Contains</li> <li><a href="https://github.com/golang/crypto/commit/f4d47b0db5875e61dd52acdb63be800177ab48bb"><code>f4d47b0</code></a> ssh: return clearer error when signature algorithm is used as key format</li> <li><a href="https://github.com/golang/crypto/commit/96dc232fbd7928e9c23da42e770c8b79a2348d86"><code>96dc232</code></a> x509roots/fallback/bundle: add bundle package to export root certs</li> <li><a href="https://github.com/golang/crypto/commit/8c9ba318361080ea198c7461b6db621022d0a88e"><code>8c9ba31</code></a> all: freeze and deprecate more packages</li> <li><a href="https://github.com/golang/crypto/commit/559e062ce8bfd6a39925294620b50906ca2a6f95"><code>559e062</code></a> ssh/agent: return an error for unexpected message types</li> <li>See full diff in <a href="https://github.com/golang/crypto/compare/v0.42.0...v0.43.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…ometbft#5452) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.66.1 to 0.67.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/prometheus/common/releases">github.com/prometheus/common's releases</a>.</em></p> <blockquote> <h2>v0.67.1</h2> <h2>What's Changed</h2> <ul> <li>Fix Go case-insensitive file name collision by <a href="https://github.com/SuperQ"><code>@SuperQ</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/853">prometheus/common#853</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/prometheus/common/compare/v0.67.0...v0.67.1">https://github.com/prometheus/common/compare/v0.67.0...v0.67.1</a></p> <h2>v0.67.0 / 2025-10-07</h2> <h2>What's Changed</h2> <ul> <li>Create CHANGELOG.md for easier communication of library changes, especially possible breaking changes. by <a href="https://github.com/ywwg"><code>@ywwg</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/833">prometheus/common#833</a></li> <li>model: New test for validation with dots by <a href="https://github.com/m1k1o"><code>@m1k1o</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/759">prometheus/common#759</a></li> <li>expfmt: document NewTextParser as required by <a href="https://github.com/burgerdev"><code>@burgerdev</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/842">prometheus/common#842</a></li> <li>expfmt: Add support for float histograms and gauge histograms by <a href="https://github.com/beorn7"><code>@beorn7</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/843">prometheus/common#843</a></li> <li>Updated minimum Go version to 1.24.0, updated Go dependecies by <a href="https://github.com/SuperQ"><code>@SuperQ</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/849">prometheus/common#849</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/m1k1o"><code>@m1k1o</code></a> made their first contribution in <a href="https://redirect.github.com/prometheus/common/pull/759">prometheus/common#759</a></li> <li><a href="https://github.com/burgerdev"><code>@burgerdev</code></a> made their first contribution in <a href="https://redirect.github.com/prometheus/common/pull/842">prometheus/common#842</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/prometheus/common/compare/v0.66.1...v0.67.0">https://github.com/prometheus/common/compare/v0.66.1...v0.67.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/prometheus/common/blob/main/CHANGELOG.md">github.com/prometheus/common's changelog</a>.</em></p> <blockquote> <h2>v0.67.1 / 2025-10-07</h2> <h2>What's Changed</h2> <ul> <li>Remove VERSION file to avoid Go conflict error in <a href="https://redirect.github.com/prometheus/common/pull/853">prometheus/common#853</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/prometheus/common/compare/v0.67.0...v0.67.1">https://github.com/prometheus/common/compare/v0.67.0...v0.67.1</a></p> <h2>v0.67.0 / 2025-10-07</h2> <h2>What's Changed</h2> <ul> <li>Create CHANGELOG.md for easier communication of library changes, especially possible breaking changes. by <a href="https://github.com/ywwg"><code>@ywwg</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/833">prometheus/common#833</a></li> <li>model: New test for validation with dots by <a href="https://github.com/m1k1o"><code>@m1k1o</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/759">prometheus/common#759</a></li> <li>expfmt: document NewTextParser as required by <a href="https://github.com/burgerdev"><code>@burgerdev</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/842">prometheus/common#842</a></li> <li>expfmt: Add support for float histograms and gauge histograms by <a href="https://github.com/beorn7"><code>@beorn7</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/843">prometheus/common#843</a></li> <li>Updated minimum Go version to 1.24.0, updated Go dependecies by <a href="https://github.com/SuperQ"><code>@SuperQ</code></a> in <a href="https://redirect.github.com/prometheus/common/pull/849">prometheus/common#849</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/m1k1o"><code>@m1k1o</code></a> made their first contribution in <a href="https://redirect.github.com/prometheus/common/pull/759">prometheus/common#759</a></li> <li><a href="https://github.com/burgerdev"><code>@burgerdev</code></a> made their first contribution in <a href="https://redirect.github.com/prometheus/common/pull/842">prometheus/common#842</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/prometheus/common/compare/v0.66.1...v0.67.0">https://github.com/prometheus/common/compare/v0.66.1...v0.67.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/prometheus/common/commit/c41fe1488a2f6a4bd2b7abcdc8afe03429835630"><code>c41fe14</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/common/issues/853">#853</a> from prometheus/superq/version</li> <li><a href="https://github.com/prometheus/common/commit/f5de376c9c4962000e06bfd66e7bbea836e06ed4"><code>f5de376</code></a> Fix Go case-insensitive file name collision</li> <li><a href="https://github.com/prometheus/common/commit/b63ce8367504690a70b12faf0c601a24e4b1c461"><code>b63ce83</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/common/issues/848">#848</a> from prometheus/beorn7/version</li> <li><a href="https://github.com/prometheus/common/commit/6035595774f21b170a1a4de53076a447c4fc54db"><code>6035595</code></a> Cut v0.67.0</li> <li><a href="https://github.com/prometheus/common/commit/1a6ab58cccd2397a1ceabfed727e8670314ce4c9"><code>1a6ab58</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/common/issues/849">#849</a> from prometheus/superq/go_1.25</li> <li><a href="https://github.com/prometheus/common/commit/a2774686af97196fdadc4d80325f936809c11303"><code>a277468</code></a> Update Go</li> <li><a href="https://github.com/prometheus/common/commit/321962143e3c75b8a9df57564753bd568d5bba2b"><code>3219621</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/common/issues/846">#846</a> from prometheus/dependabot/go_modules/google.golang.o...</li> <li><a href="https://github.com/prometheus/common/commit/797fd9708ae8e6786d8b7153480b89542ae7e52e"><code>797fd97</code></a> build(deps): bump google.golang.org/protobuf from 1.36.8 to 1.36.9</li> <li><a href="https://github.com/prometheus/common/commit/dd2fa0e5e85b0b002f481180cce9a7b8b410c570"><code>dd2fa0e</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/common/issues/841">#841</a> from prometheus/repo_sync</li> <li><a href="https://github.com/prometheus/common/commit/c36260a8b41663a169402f115baf40facc7742ca"><code>c36260a</code></a> Merge pull request <a href="https://redirect.github.com/prometheus/common/issues/844">#844</a> from prometheus/dependabot/go_modules/go.yaml.in/yaml...</li> <li>Additional commits viewable in <a href="https://github.com/prometheus/common/compare/v0.66.1...v0.67.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
…bft#5451) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.75.1 to 1.76.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's releases</a>.</em></p> <blockquote> <h2>Release 1.76.0</h2> <h1>Dependencies</h1> <ul> <li>Minimum supported Go version is now 1.24 (<a href="https://redirect.github.com/grpc/grpc-go/issues/8509">#8509</a>) <ul> <li>Special Thanks: <a href="https://github.com/kevinGC"><code>@kevinGC</code></a></li> </ul> </li> </ul> <h1>Bug Fixes</h1> <ul> <li>client: Return status <code>INTERNAL</code> when a server sends zero response messages for a unary or client-streaming RPC. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8523">#8523</a>)</li> <li>client: Fail RPCs with status <code>INTERNAL</code> instead of <code>UNKNOWN</code> upon receiving http headers with status 1xx and <code>END_STREAM</code> flag set. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8518">#8518</a>) <ul> <li>Special Thanks: <a href="https://github.com/vinothkumarr227"><code>@vinothkumarr227</code></a></li> </ul> </li> <li>pick_first: Fix race condition that could cause pick_first to get stuck in <code>IDLE</code> state on backend address change. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8615">#8615</a>)</li> </ul> <h1>New Features</h1> <ul> <li>credentials: Add <code>credentials/jwt</code> package providing file-based JWT PerRPCCredentials (A97). (<a href="https://redirect.github.com/grpc/grpc-go/issues/8431">#8431</a>) <ul> <li>Special Thanks: <a href="https://github.com/dimpavloff"><code>@dimpavloff</code></a></li> </ul> </li> </ul> <h1>Performance Improvements</h1> <ul> <li>client: Improve HTTP/2 header size estimate to reduce re-allocations. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8547">#8547</a>)</li> <li>encoding/proto: Avoid redundant message size calculation when marshaling. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8569">#8569</a>) <ul> <li>Special Thanks: <a href="https://github.com/rs-unity"><code>@rs-unity</code></a></li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc-go/commit/d96c2ef4f3339142d20a47797d8a5a4fae948607"><code>d96c2ef</code></a> Change version to 1.76.0 (<a href="https://redirect.github.com/grpc/grpc-go/issues/8584">#8584</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/79c553c64de01994d8b9dc0dcac6ed765ac7de50"><code>79c553c</code></a> Cherry pick <a href="https://redirect.github.com/grpc/grpc-go/issues/8610">#8610</a>, <a href="https://redirect.github.com/grpc/grpc-go/issues/8615">#8615</a> to v1.76.x (<a href="https://redirect.github.com/grpc/grpc-go/issues/8621">#8621</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/0513350812453ffc1fe7fd329817a16fb40a8cfe"><code>0513350</code></a> client: minor improvements to log messages (<a href="https://redirect.github.com/grpc/grpc-go/issues/8564">#8564</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/ebaf486eab0fdf28996baf269064f83224538150"><code>ebaf486</code></a> credentials: implement file-based JWT Call Credentials (part 1 for A97) (<a href="https://redirect.github.com/grpc/grpc-go/issues/8431">#8431</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/ca78c904b12dd41257291d6b9ba3309a18f0b277"><code>ca78c90</code></a> xds/resolver_test: fix flaky test ResolverBadServiceUpdate_NACKedWithoutCache...</li> <li><a href="https://github.com/grpc/grpc-go/commit/83bead40c01c8c5b8407e4573203ab34dec76c78"><code>83bead4</code></a> internal/buffer: set closed flag when closing channel in the Load method (<a href="https://redirect.github.com/grpc/grpc-go/issues/8575">#8575</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/0f45079e3826e866ff0d2034a8732c0a482e3170"><code>0f45079</code></a> encoding/proto: enable use cached size option (<a href="https://redirect.github.com/grpc/grpc-go/issues/8569">#8569</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/8420f3ff9ce4617369e054cedb51fda6d45c3340"><code>8420f3f</code></a> transport: avoid slice reallocation during header creation (<a href="https://redirect.github.com/grpc/grpc-go/issues/8547">#8547</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/b36320ef9aa22c1b3eedd607fec388fc61cc6583"><code>b36320e</code></a> Revert "stats/opentelemetry: record retry attempts from clientStream (<a href="https://redirect.github.com/grpc/grpc-go/issues/8342">#8342</a>)"...</li> <li><a href="https://github.com/grpc/grpc-go/commit/c1222501e9eeb118d6f0df19fa9387fcb6e5a6a1"><code>c122250</code></a> stats/opentelemetry: record retry attempts from clientStream (<a href="https://redirect.github.com/grpc/grpc-go/issues/8342">#8342</a>)</li> <li>Additional commits viewable in <a href="https://github.com/grpc/grpc-go/compare/v1.75.1...v1.76.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> Co-authored-by: aljo242 <[email protected]>
…ometbft#5448) - Remove outdated API mentions (AssertIsPrivKeyInner, Wrap, Signature type) - Correct PrivKey.Sign signature to ([]byte, error) - Fix ed25519.GenPrivKey example (no error returned) - Add concise overview of PrivKey, PubKey, Address, and Sha256 helper - Note subpackages (ed25519, secp256k1, bls12381) and address specifics Co-authored-by: Alex | Cosmos Labs <[email protected]>
--- #### PR checklist - [ ] Tests written/updated - [ ] Changelog entry added in `.changelog` (we use [unclog](https://github.com/informalsystems/unclog) to manage our changelog) - [ ] Updated relevant documentation (`docs/` or `spec/`) and code comments
crypto-services
force-pushed
the
socket-bug
branch
from
019ea9e to
853bb05
Compare
Contributor
Author
|
@mattac21 Sure thing. Added signature to previous commits and added change log entry. |
This PR is being reviewed by Cursor BugbotDetailsYour team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team. To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial. |
Bug: Incorrect TCP Connection ClosureThe code closes |
Contributor
Author
|
@mattac21 This is a legitimate issue that could take a significant amount of the stake offline, not only for Cosmos but all chains that use CosmoSdk. The change is a single line. I do not care about being labelled as a contributor. Can we get this issue resolved one way or another before someone exploits it and starts halting chains. |
mattac21
approved these changes
Nov 17, 2025
beer-1
added a commit
to initia-labs/cometbft
that referenced
this pull request
Nov 19, 2025
beer-1
added a commit
to initia-labs/cometbft
that referenced
this pull request
Nov 19, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Ephemeral Port Exhaustion of
priv_validator_laddrWhile conducting automated security scanning on our Cosmos based infrastructure we noticed after some time the
priv_validator_laddrwould stop accepting new connections. On investigation it appears that the connection is not properly closed after a failed connection attempt eventually exhausting all ephemeral ports. It appears the methodMakeSecretConnectiondoesn't close the connection and leaves it in aCLOSE_WAITstate.Steps to Reproduce
The following script connects to the
priv_validator_laddrand disconnects. After ~2000 requests the port will stop accepting new connections and the service will require restarting to free the ports.The ports are left in a
CLOSE_WAITstate which can be viewed withnetstat -anp | grep CLOSE_WAITand do not clear until the service is restarted.Proposed Solution
In the event of an error during the call to
MakeSecretConnectioncalltc.Close().Note
Close
timeoutConnwhenMakeSecretConnectionfails inprivval/socket_listeners.goto avoidCLOSE_WAIT/ephemeral port exhaustion; update CHANGELOG.timeoutConnifp2pconn.MakeSecretConnectionreturns an error inprivval/socket_listeners.go#TCPListener.Accept, preventing leaked sockets (CLOSE_WAIT).CHANGELOG.mdunder BUG FIXES to note the privval ephemeral port exhaustion fix.Written by Cursor Bugbot for commit 32708b7. This will update automatically on new commits. Configure here.