From 178d421c7767dbe059920fd881096d4490cc9555 Mon Sep 17 00:00:00 2001
From: Tess Rinearson <tess.rinearson@gmail.com>
Date: Wed, 13 Jan 2021 23:34:53 +0100
Subject: [PATCH 1/2] changelog: update changelogs to reflect changes released
 in 0.34.2

---
 CHANGELOG.md         | 21 +++++++++++++++++++++
 CHANGELOG_PENDING.md | 12 +-----------
 2 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2cd4267b7..02c0c2e08 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,26 @@
 # Changelog
 
+## v0.34.2
+
+*January 12, 2021*
+
+This release fixes a substantial bug in evidence handling where evidence could
+sometimes be broadcast before the block containing that evidence was fully committed,
+resulting in some nodes panicking when trying to verify said evidence.
+
+Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
+
+### BREAKING CHANGES
+
+- Go API
+  - [libs/os] [\#5871](https://github.com/tendermint/tendermint/issues/5871) `EnsureDir` now propagates IO errors and checks the file type (@erikgrinaker)
+
+### BUG FIXES
+
+- [evidence] [\#5890](https://github.com/tendermint/tendermint/pull/5890) Add a buffer to evidence from consensus to avoid broadcasting and proposing evidence before the
+  height of such an evidence has finished (@cmwaters)
+- [statesync] [\#5889](https://github.com/tendermint/tendermint/issues/5889) Set `LastHeightConsensusParamsChanged` when bootstrapping Tendermint state (@cmwaters)
+
 ## v0.34.1
 
 *January 6, 2021*
diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md
index 3306fe280..97a584116 100644
--- a/CHANGELOG_PENDING.md
+++ b/CHANGELOG_PENDING.md
@@ -4,12 +4,6 @@
 
 Special thanks to external contributors on this release:
 
-@p4u from vocdoni.io reported that the mempool might behave incorrectly under a
-high load. The consequences can range from pauses between blocks to the peers
-disconnecting from this node. As a temporary remedy (until the mempool package
-is refactored), the `max-batch-bytes` was disabled. Transactions will be sent
-one by one without batching.
-
 Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
 
 ### BREAKING CHANGES
@@ -33,7 +27,6 @@ Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermi
   - [libs/bits] \#5720 Validate `BitArray` in `FromProto`, which now returns an error (@melekes)
   - [proto/p2p] Renamed `DefaultNodeInfo` and `DefaultNodeInfoOther` to `NodeInfo` and `NodeInfoOther` (@erikgrinaker)
   - [proto/p2p] Rename `NodeInfo.default_node_id` to `node_id` (@erikgrinaker)
-  - [libs/os] `EnsureDir` now propagates IO errors and checks the file type (@erikgrinaker)
   - [libs/os] Kill() and {Must,}{Read,Write}File() functions have been removed. (@alessio)
   - [store] \#5848 Remove block store state in favor of using the db iterators directly (@cmwaters)
   - [state] \#5864 Use an iterator when pruning state (@cmwaters)
@@ -65,7 +58,4 @@ Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermi
 - [types] \#5523 Change json naming of `PartSetHeader` within `BlockID` from `parts` to `part_set_header` (@marbar3778)
 - [privval] \#5638 Increase read/write timeout to 5s and calculate ping interval based on it (@JoeKash)
 - [blockchain/v1] [\#5701](https://github.com/tendermint/tendermint/pull/5701) Handle peers without blocks (@melekes)
-- [blockchain/v1] \#5711 Fix deadlock (@melekes)
-- [evidence] \#5890 Add a buffer to evidence from consensus to avoid broadcasting and proposing evidence before the
-height of such an evidence has finished (@cmwaters)
-- [statesync] \#5889 Set `LastHeightConsensusParamsChanged` when bootstrapping Tendermint state (@cmwaters)
\ No newline at end of file
+- [blockchain/v1] \#5711 Fix deadlock (@melekes)
\ No newline at end of file

From 211bc08217a4ae99e05dcdd04cc48146f5ec6e52 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Jan 2021 10:06:23 +0000
Subject: [PATCH 2/2] build(deps): Bump github.com/stretchr/testify from 1.6.1
 to 1.7.0 (#5897)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.6.1 to 1.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/stretchr/testify/releases">github.com/stretchr/testify's releases</a>.</em></p>
<blockquote>
<h2>Minor improvements and bug fixes</h2>
<p>Minor feature improvements and bug fixes</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/stretchr/testify/commit/acba37e5db06f0093b465a7d47822bf13644b66c"><code>acba37e</code></a> Only use repeatability if no repeatability left</li>
<li><a href="https://github.com/stretchr/testify/commit/eb8c41ec07f965071ac51cf2ac45ae1e50b6faed"><code>eb8c41e</code></a> Add more tests to mock package</li>
<li><a href="https://github.com/stretchr/testify/commit/a5830c56d3a29615f93698ad0b1f00206bb03b73"><code>a5830c5</code></a> Extract method to evaluate closest match</li>
<li><a href="https://github.com/stretchr/testify/commit/1962448488982378ba761489a1d48b22a8283121"><code>1962448</code></a> Use Repeatability as tie-breaker for closest match</li>
<li><a href="https://github.com/stretchr/testify/commit/92707c0b2d501c60de82176c4aa1cf880abac720"><code>92707c0</code></a> Fixed the link to not point to assert only</li>
<li><a href="https://github.com/stretchr/testify/commit/05dd0b2b35daf0c6f6ecc1dff3c1c81cdf17a3b2"><code>05dd0b2</code></a> Updated the readme to point to pkg.dev</li>
<li><a href="https://github.com/stretchr/testify/commit/c26b7f39f88ecc339b622fcbe6531ac5fdccd799"><code>c26b7f3</code></a> Update assertions.go</li>
<li><a href="https://github.com/stretchr/testify/commit/8fb4b2442e11c5a798920eb5a9c19dbc2603481b"><code>8fb4b24</code></a> [Fix] The most recent changes to golang/protobuf breaks the spew Circular dat...</li>
<li><a href="https://github.com/stretchr/testify/commit/dc8af7208cb2e78de14b80dd5e5b412713b57508"><code>dc8af72</code></a> add generated code for positive/negative assertion</li>
<li><a href="https://github.com/stretchr/testify/commit/1544508911aa5fdb73c633fab172cd0e161df0d8"><code>1544508</code></a> add assert positive/negative</li>
<li>Additional commits viewable in <a href="https://github.com/stretchr/testify/compare/v1.6.1...v1.7.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/stretchr/testify&package-manager=go_modules&previous-version=1.6.1&new-version=1.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>
---
 go.mod | 2 +-
 go.sum | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 90a93e7ab..6458bd696 100644
--- a/go.mod
+++ b/go.mod
@@ -31,7 +31,7 @@ require (
 	github.com/snikch/goodman v0.0.0-20171125024755-10e37e294daa
 	github.com/spf13/cobra v1.1.1
 	github.com/spf13/viper v1.7.1
-	github.com/stretchr/testify v1.6.1
+	github.com/stretchr/testify v1.7.0
 	github.com/tendermint/tm-db v0.6.3
 	golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9
 	golang.org/x/net v0.0.0-20200822124328-c89045814202
diff --git a/go.sum b/go.sum
index baf3477ef..6b5e8349e 100644
--- a/go.sum
+++ b/go.sum
@@ -535,6 +535,8 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/syndtr/goleveldb v1.0.1-0.20200815110645-5c35d600f0ca h1:Ld/zXl5t4+D69SiV4JoN7kkfvJdOWlPpfxrzxpLMoUk=