-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(x/upgrade): Stop treating inline JSON as a URL (backport #19706) #19767
fix(x/upgrade): Stop treating inline JSON as a URL (backport #19706) #19767
Conversation
Co-authored-by: Julien Robert <julien@rbrt.fr> (cherry picked from commit 5a733e8) # Conflicts: # x/upgrade/CHANGELOG.md
Cherry-pick of 5a733e8 has failed:
To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally |
@@ -25,6 +25,10 @@ Ref: https://keepachangelog.com/en/1.0.0/ | |||
|
|||
## [Unreleased] | |||
|
|||
### Bug Fixes |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
note to myself, next release run, test and tag v0.1.2
* fix(crypto): error if incorrect ledger public key (backport cosmos#19691) (cosmos#19745) Co-authored-by: Rootul P <rootulp@gmail.com> Co-authored-by: sontrinh16 <trinhleson2000@gmail.com> * build(deps): Bump github.com/cometbft/cometbft from 0.38.5 to 0.38.6 (cosmos#19751) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> * fix: align signer extraction adapter for mempool remove (backport cosmos#19759) (cosmos#19773) Co-authored-by: mmsqe <mavis@crypto.com> Co-authored-by: marbar3778 <marbar3778@yahoo.com> * fix(x/upgrade): Stop treating inline JSON as a URL (backport cosmos#19706) (cosmos#19767) Co-authored-by: Richard Gibson <richard.gibson@gmail.com> Co-authored-by: marbar3778 <marbar3778@yahoo.com> * fix(client/v2): fix comment parsing (backport cosmos#19377) (cosmos#19777) Co-authored-by: Julien Robert <julien@rbrt.fr> * build(deps): Bump github.com/cosmos/iavl from 1.0.1 to 1.1.1 in store (cosmos#19770) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Cool Developer <cool199966@outlook.com> Co-authored-by: marbar3778 <marbar3778@yahoo.com> Co-authored-by: Julien Robert <julien@rbrt.fr> * chore(store): add release date (cosmos#19797) * build(deps): Bump github.com/cosmos/gogoproto from 1.4.11 to 1.4.12 (cosmos#19811) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> * feat(x/gov): emit proposer address in submit proposal event (backport cosmos#19842) (cosmos#19844) Co-authored-by: Aryan Tikarya <akaladarshi@gmail.com> Co-authored-by: marbar3778 <marbar3778@yahoo.com> Co-authored-by: Julien Robert <julien@rbrt.fr> * feat(x/gov): emit depositor in `proposal_deposit` event (backport cosmos#19853) (cosmos#19859) Co-authored-by: Kien <kien@notional.ventures> Co-authored-by: Julien Robert <julien@rbrt.fr> * reuse fromAddrString (minor cleanup) (cosmos#19881) * feat(client): replace `event-query-tx-for` with `wait-tx` (backport cosmos#19870) (cosmos#19887) * feat(server): add custom start handler (backport cosmos#19854) (cosmos#19884) Co-authored-by: Julien Robert <julien@rbrt.fr> * build(deps): Bump cosmossdk.io/store from 1.0.2 to 1.1.0 (cosmos#19810) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: marbar3778 <marbar3778@yahoo.com> Co-authored-by: Julien Robert <julien@rbrt.fr> * docs(x/mint): Fix inconsistency in mint docs (backport cosmos#19915) (cosmos#19925) * build(deps): Bump github.com/cosmos/iavl from 1.1.1 to 1.1.2 (cosmos#19985) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Julien Robert <julien@rbrt.fr> * fix(client/v2): add encoder for `cosmos.base.v1beta1.DecCoin` (backport cosmos#19976) (cosmos#20001) Co-authored-by: Julien Robert <julien@rbrt.fr> * fix(mempool): use no-op mempool as default (backport cosmos#19970) (cosmos#20008) Co-authored-by: Tom <54514587+GAtom22@users.noreply.github.com> Co-authored-by: marbar3778 <marbar3778@yahoo.com> Co-authored-by: Julien Robert <julien@rbrt.fr> * feat: Conditionally emit metrics based on enablement (backport cosmos#19903) (cosmos#20017) Co-authored-by: Lucas Francisco López <lucaslopezf@gmail.com> Co-authored-by: Julien Robert <julien@rbrt.fr> * fix(x/bank): align query with multi denoms for send-enabled (backport cosmos#20028) (cosmos#20029) Co-authored-by: mmsqe <mavis@crypto.com> * fix: Implement gogoproto customtype to secp256r1 keys (backport cosmos#20027) (cosmos#20031) Co-authored-by: Facundo Medica <14063057+facundomedica@users.noreply.github.com> * fix(client/v2): respect output format from client ctx (backport cosmos#20033) (cosmos#20046) Co-authored-by: mmsqe <mavis@crypto.com> * build(deps): Bump cosmossdk.io/x/tx from 0.13.1 to 0.13.2 (cosmos#20042) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Julien Robert <julien@rbrt.fr> * feat(x/bank): support depinject for send restrictions (backport cosmos#20014) (cosmos#20024) * fix(baseapp): don't share global gas meter in tx execution (backport cosmos#19616) (cosmos#20050) * fix: secp256r1 json missing quotes (backport cosmos#20060) (cosmos#20069) Co-authored-by: Facundo Medica <14063057+facundomedica@users.noreply.github.com> * build(deps): Bump github.com/cosmos/cosmos-proto from 1.0.0-beta.4 to 1.0.0-beta.5 (cosmos#20095) * feat(client/v2): implement version filtering using annotation (backport cosmos#20083) (cosmos#20099) Co-authored-by: Julien Robert <julien@rbrt.fr> * chore: prepare v0.50.6 (cosmos#19998) * fix: use timestamp for sim log file name (backport cosmos#20108) (cosmos#20111) Co-authored-by: mmsqe <mavis@crypto.com> * fix(x/authz,x/feegrant): check blocked address (cosmos#20102) * chore: update v0.50.6 release notes (cosmos#20124) * build(deps): bump sdk in modules (cosmos#20126) * docs(gas/fees): Update block gas documentation (backport cosmos#20128) (cosmos#20131) Co-authored-by: samricotta <37125168+samricotta@users.noreply.github.com> * fix(baseapp): avoid header height overwrite block height (backport cosmos#20107) (cosmos#20129) Co-authored-by: mmsqe <mavis@crypto.com> Co-authored-by: Julien Robert <julien@rbrt.fr> * docs: fix broken link (backport cosmos#20133) (cosmos#20138) * build(deps): bump modules in simapp (cosmos#20137) * build(deps): Bump cosmossdk.io/x/tx from 0.13.2 to 0.13.3 (cosmos#20152) * docs: add authz reference info in the circuit antehandler (backport cosmos#20146) (cosmos#20155) Co-authored-by: Reece Williams <31943163+Reecepbcups@users.noreply.github.com> * fix(testsuite/sims): set all signatures (backport cosmos#20151) (cosmos#20185) Co-authored-by: Leon <156270887+leonz789@users.noreply.github.com> * build(deps): Bump github.com/cometbft/cometbft from 0.38.6 to 0.38.7 (cosmos#20206) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> * fix(server): bootstrap-state command can't parse latest genesis format (backport cosmos#20020) (cosmos#20045) Co-authored-by: yihuang <huang@crypto.com> Co-authored-by: Julien Robert <julien@rbrt.fr> Co-authored-by: sontrinh16 <trinhleson2000@gmail.com> Co-authored-by: marbar3778 <marbar3778@yahoo.com> * fix: remove txs from mempool when antehandler fails in recheck (backport cosmos#20144) (cosmos#20251) Co-authored-by: Marko <marko@baricevic.me> * feat(baseapp): expose grpc query router via depinject. (cosmos#20264) * feat(client/v2): override short description in generated command (backport cosmos#20266) (cosmos#20269) Co-authored-by: John Letey <j@letey.de> Co-authored-by: Julien Robert <julien@rbrt.fr> * feat(runtime): Add missing NewTransientStoreService (backport cosmos#20261) (cosmos#20327) Co-authored-by: beer-1 <147697694+beer-1@users.noreply.github.com> * fix: allow tx decoding to fail in GetBlockWithTxs (backport cosmos#20323) (cosmos#20329) Co-authored-by: Facundo Medica <14063057+facundomedica@users.noreply.github.com> Co-authored-by: marbar3778 <marbar3778@yahoo.com> * fix(client/v2): correctly check subcommand short descriptions (backport cosmos#20330) (cosmos#20340) * build(deps): Bump cosmossdk.io/api from 0.7.4 to 0.7.5 (cosmos#20338) * style: Fix gov query proposals examples syntax (backport cosmos#20353) (cosmos#20357) * feat(client): add consensus address for debug cmd (backport cosmos#20328) (cosmos#20366) Co-authored-by: mmsqe <mavis@crypto.com> Co-authored-by: Julien Robert <julien@rbrt.fr> * feat(client): overwrite client context instead of setting new one (backport cosmos#20356) (cosmos#20383) Co-authored-by: Shude Li <islishude@gmail.com> Co-authored-by: Julien Robert <julien@rbrt.fr> * fix: correctly assign `execModeSimulate` to context for `simulateTx` (backport cosmos#20342) (cosmos#20346) Co-authored-by: Damian Nolan <damiannolan@gmail.com> Co-authored-by: Julien Robert <julien@rbrt.fr> Co-authored-by: marbar3778 <marbar3778@yahoo.com> * docs: update diagram to be shown properly (backport cosmos#20454) (cosmos#20460) Co-authored-by: tianyeyouyou <150894831+tianyeyouyou@users.noreply.github.com> Co-authored-by: marbar3778 <marbar3778@yahoo.com> * docs: fix note blocks display failure (backport cosmos#20457) (cosmos#20459) Co-authored-by: cocoyeal <150209682+cocoyeal@users.noreply.github.com> * docs: update link contents (backport cosmos#20437) (cosmos#20462) Co-authored-by: PolyMa <151764357+polymaer@users.noreply.github.com> * fix(x/consensus): harden consensus params proposal (cosmos#20381) Co-authored-by: Sergio Mena <sergio@informal.systems> Co-authored-by: sontrinh16 <trinhleson2000@gmail.com> * docs: add docs on permissions (backport cosmos#20526) (cosmos#20527) Co-authored-by: Marko <marko@baricevic.me> * chore(x/upgrade): bump vulnerable `go-getter` library (cosmos#20530) * chore: prepare v0.50.7 (cosmos#20475) * Add changelog entry and mark v0.50.7-pio-1 in the changelog. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> Co-authored-by: Rootul P <rootulp@gmail.com> Co-authored-by: sontrinh16 <trinhleson2000@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: mmsqe <mavis@crypto.com> Co-authored-by: marbar3778 <marbar3778@yahoo.com> Co-authored-by: Richard Gibson <richard.gibson@gmail.com> Co-authored-by: Julien Robert <julien@rbrt.fr> Co-authored-by: Cool Developer <cool199966@outlook.com> Co-authored-by: Aryan Tikarya <akaladarshi@gmail.com> Co-authored-by: Kien <kien@notional.ventures> Co-authored-by: yihuang <huang@crypto.com> Co-authored-by: Tom <54514587+GAtom22@users.noreply.github.com> Co-authored-by: Lucas Francisco López <lucaslopezf@gmail.com> Co-authored-by: Facundo Medica <14063057+facundomedica@users.noreply.github.com> Co-authored-by: samricotta <37125168+samricotta@users.noreply.github.com> Co-authored-by: Reece Williams <31943163+Reecepbcups@users.noreply.github.com> Co-authored-by: Leon <156270887+leonz789@users.noreply.github.com> Co-authored-by: Marko <marko@baricevic.me> Co-authored-by: John Letey <j@letey.de> Co-authored-by: beer-1 <147697694+beer-1@users.noreply.github.com> Co-authored-by: Shude Li <islishude@gmail.com> Co-authored-by: Damian Nolan <damiannolan@gmail.com> Co-authored-by: tianyeyouyou <150894831+tianyeyouyou@users.noreply.github.com> Co-authored-by: cocoyeal <150209682+cocoyeal@users.noreply.github.com> Co-authored-by: PolyMa <151764357+polymaer@users.noreply.github.com> Co-authored-by: Sergio Mena <sergio@informal.systems>
Description
Closes: #19686
Detect URLs with
ParseRequestURI
rather thanParse
, since the former is limited to absolute URLs while the latter recognizes undesirable input such as{}
.Author Checklist
All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.
I have...
!
in the type prefix if API or client breaking changeCHANGELOG.md
Reviewers Checklist
All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.
I have...
Summary by CodeRabbit
This is an automatic backport of pull request #19706 done by [Mergify](https://mergify.com).