* Ostracon augmented the crypto.PubKey and crypto.PrivKey interfaces
with Verificable Random Function (VRF) proofs, which however, are
not yet implemented (so their code was commented).
* Refactor so building and linting works
This is the first step towards implementing vote extensions: generating
the relevant proto stubs and getting the build and linter to pass.
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Fix typo
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Better describe method given vote extensions
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Fix types tests
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Move CanonicalVoteExtension to canonical types proto defs
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Regenerate protos including latest PBTS synchrony params update
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Inject vote extensions into proposal
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Thread vote extensions through code and fix tests
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Remove extraneous empty value initialization
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Fix lint
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Fix missing VerifyVoteExtension request data
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Explicitly ensure length > 0 to sign vote extension
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Explicitly ensure length > 0 to sign vote extension
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Remove extraneous comment
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Update privval/file.go
Co-authored-by: M. J. Fromberger <fromberger@interchain.io>
* Update types/vote_test.go
Co-authored-by: M. J. Fromberger <fromberger@interchain.io>
* Format
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Fix ABCI proto generation scripts for Linux
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Sync intermediate and goal protos
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Update internal/consensus/common_test.go
Co-authored-by: Sergio Mena <sergio@informal.systems>
* Use dummy value with clearer meaning
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Rewrite loop for clarity
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Panic on ABCI++ method call failure
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Add strong correctness guarantees when constructing extended commit info for ABCI++
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Add strong guarantee in extendedCommitInfo that the number of votes corresponds
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Make extendedCommitInfo function more robust
At first extendedCommitInfo expected votes to be in the same order as
their corresponding validators in the supplied CommitInfo struct, but
this proved to be rather difficult since when a validator set's loaded
from state it's first sorted by voting power and then by address.
Instead of sorting the votes in the same way, this approach simply maps
votes to their corresponding validator's address prior to constructing
the extended commit info. This way it's easy to look up the
corresponding vote and we don't need to care about vote order.
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Remove extraneous validator address assignment
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Sign over canonical vote extension
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Validate vote extension signature against canonical vote extension
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Update privval tests for more meaningful dummy value
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Add vote extension capability to E2E test app
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Disable lint for weak RNG usage for test app
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Use parseVoteExtension instead of custom parsing in PrepareProposal
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Only include extension if we have received txs
It's unclear at this point why this is necessary to ensure that the
application's local app_hash matches that committed in the previous
block.
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Require app_hash from app to match that from last block
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Add contrived (possibly flaky) test to check that vote extensions code works
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Remove workaround for problem now solved by #8229
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* add tests for vote extension cases
* Fix spelling mistake to appease linter
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Collapse redundant if statement
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Formatting
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Always expect an extension signature, regardless of whether an extension is present
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Votes constructed from commits cannot include extensions or signatures
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Pass through vote extension in test helpers
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Temporarily disable vote extension signature requirement
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Expand on vote equality test errors for clarity
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Expand on vote matching error messages in testing
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Allow for selective subscription by vote type
This is an attempt to fix the intermittently failing
`TestPrepareProposalReceivesVoteExtensions` test in the internal
consensus package.
Occasionally we get prevote messages via the subscription channel, and
we're not interested in those. This change allows us to specify what
types of votes we're interested in (i.e. precommits) and discard the
rest.
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Read lock consensus state mutex in test helper to avoid data race
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Revert BlockIDFlag parameter in node test
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Perform additional check in ProcessProposal for special txs generated by vote extensions
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* e2e: check that our added tx does not cause all txs to exceed req.MaxTxBytes
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Only set vote extension signatures when signing is successful
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Remove channel capacity constraint in test helper to avoid missing messages
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Add TODO to always require extension signatures in vote validation
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* e2e: reject vote extensions if the request height does not match what we expect
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* types: remove extraneous call to voteWithoutExtension in test
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Remove unnecessary address parameter from CanonicalVoteExtension
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* privval: change test vote type to precommit since we use an extension
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* privval: update signing logic to cater for vote extensions
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* proto: update field descriptions for vote message
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* proto: update field description for vote extension sig in vote message
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* proto/types: use fixed-length 64-bit integers for rounds in CanonicalVoteExtension
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* consensus: fix flaky TestPrepareProposalReceivesVoteExtensions
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* consensus: remove previously added test helper functionality
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* e2e: add error logs when we get an unexpected height in ExtendVote or VerifyVoteExtension requests
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* node_test: get validator addresses from privvals
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* privval/file_test: optimize filepv creation in tests
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* privval: add test to check that vote extensions are always signed
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Add a script to check documentation for ToC entries. (#8356)
This script verifies that each document in the docs and architecture directory
has a corresponding table-of-contents entry in its README file. It can be run
manually from the command line.
- Hook up this script to run in CI (optional workflow).
- Update ADR ToC to include missing entries this script found.
* build(deps): Bump async from 2.6.3 to 2.6.4 in /docs (#8357)
Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4.
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md)
- [Commits](https://github.com/caolan/async/compare/v2.6.3...v2.6.4)
---
updated-dependencies:
- dependency-name: async
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* privval/file_test: reset vote ext sig before signing
Signed-off-by: Thane Thomson <connect@thanethomson.com>
Co-authored-by: M. J. Fromberger <fromberger@interchain.io>
Co-authored-by: Sergio Mena <sergio@informal.systems>
Co-authored-by: William Banfield <wbanfield@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/creachadair/atomicfile](https://github.com/creachadair/atomicfile) from 0.2.4 to 0.2.5.
<details>
<summary>Commits</summary>
<ul>
<li><a href="b8ff50ef68"><code>b8ff50e</code></a> Release v0.2.5.</li>
<li><a href="95084abf9a"><code>95084ab</code></a> Update actions/setup-go to v3.</li>
<li><a href="10d28f61c3"><code>10d28f6</code></a> Update actions/checkout to v3.</li>
<li><a href="5f1989ddcc"><code>5f1989d</code></a> Use a more explanatory temp file prefix.</li>
<li><a href="7819ee53ec"><code>7819ee5</code></a> Add Go 1.18 to the CI workflow.</li>
<li><a href="c30fad6a27"><code>c30fad6</code></a> Drop old Go versions from CI.</li>
<li><a href="ebcfa6b22a"><code>ebcfa6b</code></a> acat: use WriteData to simplify the code</li>
<li>See full diff in <a href="https://github.com/creachadair/atomicfile/compare/v0.2.4...v0.2.5">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
This script verifies that each document in the docs and architecture directory
has a corresponding table-of-contents entry in its README file. It can be run
manually from the command line.
- Hook up this script to run in CI (optional workflow).
- Update ADR ToC to include missing entries this script found.
* keymigrate: fix conversion of transaction hash keys
In the legacy database format, keys were generally stored with a string prefix
to partition the key space. Transaction hashes, however, were not prefixed: The
hash of a transaction was the entire key for its record.
When the key migration script scans its input, it checks the format of each
key to determine whether it has already been converted, so that it is safe to run
the script over an already-converted database.
After checking for known prefixes, the migration script used two heuristics to
distinguish ABCI events and transaction hashes: For ABCI events, whose keys
used the form "name/value/height/index", it checked for the right number of
separators. For hashes, it checked that the length is exactly 32 bytes (the
length of a SHA-256 digest) AND that the value does not contain a "/".
This last check is problematic: Any hash containing the byte 0x2f (the code
point for "/") would be incorrectly filtered out from conversion. This leads to
some transaction hashes not being converted.
To fix this problem, this changes how the script recognizes keys:
1. Use a more rigorous syntactic check to filter out ABCI metadata.
2. Use only the length to identify hashes among what remains.
This change is still not a complete fix: It is possible, though unlikely, that
a valid hash could happen to look exactly like an ABCI metadata key. However,
the chance of that happening is vastly smaller than the chance of generating a
hash that contains at least one "/" byte.
Similarly, it is possible that an already-converted key of some other type
could be mistaken for a hash (not a converted hash, ironically, but another
type of the right length). Again, we can't do anything about that.
Bumps [github.com/vektra/mockery/v2](https://github.com/vektra/mockery) from 2.10.4 to 2.10.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/vektra/mockery/releases">github.com/vektra/mockery/v2's releases</a>.</em></p>
<blockquote>
<h2>v2.10.6</h2>
<h2>Changelog</h2>
<ul>
<li>df6e689 Add PR/issue templates</li>
<li>e8bf201 Add golang-1.18 note</li>
<li>54589be Merge pull request <a href="https://github-redirect.dependabot.com/vektra/mockery/issues/445">#445</a> from bigbluedisco/fix/bump-golang-org-x-tools</li>
<li>aa25af0 fix: bump golang.org/x/tools to v0.1.10 to fix some go 1.18 issues</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="54589be6dd"><code>54589be</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/vektra/mockery/issues/445">#445</a> from bigbluedisco/fix/bump-golang-org-x-tools</li>
<li><a href="aa25af0c7d"><code>aa25af0</code></a> fix: bump golang.org/x/tools to v0.1.10 to fix some go 1.18 issues</li>
<li><a href="e8bf201675"><code>e8bf201</code></a> Add golang-1.18 note</li>
<li><a href="df6e689d94"><code>df6e689</code></a> Add PR/issue templates</li>
<li>See full diff in <a href="https://github.com/vektra/mockery/compare/v2.10.4...v2.10.6">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
The format of this config value was changed in v0.35.
- Move plan to its own file (for ease of reading).
- Convert indexer string to an array if not already done.
Work around two issues causing the markdown link check to fail in CI.
1. https://github.com/actions/checkout/pull/760. A git permissions issue,
apparently triggered by a combination of a git change and the behaviour of
actions/checkout.
2. https://github.com/gaurav-nelson/github-action-markdown-link-check/pull/129.
Merging an updated version of the underlying package that fixes a bug in the
handling of local #anchors.
The workaround is a temporary patched fork of the link-checker action. This
should be removed once the upstream issues are addressed.
Bumps [github.com/creachadair/tomledit](https://github.com/creachadair/tomledit) from 0.0.11 to 0.0.13.
<details>
<summary>Commits</summary>
<ul>
<li><a href="baee445826"><code>baee445</code></a> Release v0.0.13.</li>
<li><a href="8dfcc1b378"><code>8dfcc1b</code></a> Exercise insertion before comments.</li>
<li><a href="97f4e85ccf"><code>97f4e85</code></a> When inserting a key, push it before block comments.</li>
<li><a href="029089e311"><code>029089e</code></a> Release v0.0.12.</li>
<li><a href="d226405c2a"><code>d226405</code></a> Test finding the global table.</li>
<li><a href="34b7aad990"><code>34b7aad</code></a> Let FindTable return the global table with an empty name.</li>
<li>See full diff in <a href="https://github.com/creachadair/tomledit/compare/v0.0.11...v0.0.13">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p>
<blockquote>
<h2>v3.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update default runtime to node16 (<a href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/293">#293</a>)</li>
<li>Update package-lock.json file version to 2 (<a href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/302">#302</a>)</li>
</ul>
<h3>Breaking Changes</h3>
<p>With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.</p>
<h2>v2.3.1</h2>
<p>Fix for empty fails on Windows failing on upload <a href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/281">#281</a></p>
<h2>v2.3.0 Upload Artifact</h2>
<ul>
<li>Optimizations for faster uploads of larger files that are already compressed</li>
<li>Significantly improved logging when there are chunked uploads</li>
<li>Clarifications in logs around the upload size and prohibited characters that aren't allowed in the artifact name or any uploaded files</li>
<li>Various other small bugfixes & optimizations</li>
</ul>
<h2>v2.2.4</h2>
<ul>
<li>Retry on HTTP 500 responses from the service</li>
</ul>
<h2>v2.2.3</h2>
<ul>
<li>Fixes for proxy related issues</li>
</ul>
<h2>v2.2.2</h2>
<ul>
<li>Improved retryability and error handling</li>
</ul>
<h2>v2.2.1</h2>
<ul>
<li>Update used actions/core package to the latest version</li>
</ul>
<h2>v2.2.0</h2>
<ul>
<li>Support for artifact retention</li>
</ul>
<h2>v2.1.4</h2>
<ul>
<li>Add Third Party License Information</li>
</ul>
<h2>v2.1.3</h2>
<ul>
<li>Use updated version of the <code>@action/artifact</code> NPM package</li>
</ul>
<h2>v2.1.2</h2>
<ul>
<li>Increase upload chunk size from 4MB to 8MB</li>
<li>Detect case insensitive file uploads</li>
</ul>
<h2>v2.1.1</h2>
<ul>
<li>Fix for certain symlinks not correctly being identified as directories before starting uploads</li>
</ul>
<h2>v2.1.0</h2>
<ul>
<li>Support for uploading artifacts with multiple paths</li>
<li>Support for using exclude paths</li>
<li>Updates to dependencies</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="6673cd052c"><code>6673cd0</code></a> Update <code>lockfileVersion</code> in <code>package-lock.json</code> (<a href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/302">#302</a>)</li>
<li><a href="2244c82003"><code>2244c82</code></a> Update to node16 (<a href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/293">#293</a>)</li>
<li><a href="87348cee5f"><code>87348ce</code></a> Add 503 warning when uploading to the same artifact</li>
<li>See full diff in <a href="https://github.com/actions/upload-artifact/compare/v2...v3">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/download-artifact/releases">actions/download-artifact's releases</a>.</em></p>
<blockquote>
<h2>v3.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update default runtime to node16 (<a href="https://github-redirect.dependabot.com/actions/download-artifact/pull/134">actions/download-artifact#134</a>)</li>
<li>Update package-lock.json file version to 2 (<a href="https://github-redirect.dependabot.com/actions/download-artifact/pull/136">actions/download-artifact#136</a>)</li>
</ul>
<h3>Breaking Changes</h3>
<p>With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.</p>
<h2>v2.1.0 Download Artifact</h2>
<ul>
<li>Improved output & logging</li>
<li>Fixed issue where downloading all artifacts could cause display percentages to be over 100%</li>
<li>Various small bug fixes & improvements</li>
</ul>
<h2>v2.0.10</h2>
<ul>
<li>Retry on HTTP 500 responses from the service</li>
</ul>
<h2>v2.0.9</h2>
<ul>
<li>Fixes to proxy related issues</li>
</ul>
<h2>v2.0.8</h2>
<ul>
<li>Improvements to retryability if an error is encountered during artifact download</li>
</ul>
<h2>v2.0.7 download-artifact</h2>
<ul>
<li>Improved download retry-ability if a partial download is encountered</li>
</ul>
<h2>v2.0.6</h2>
<p>Update actions/core NPM package that is used internally</p>
<h2>v2.0.5</h2>
<ul>
<li>Add Third Party License Information</li>
</ul>
<h2>v2.0.4</h2>
<ul>
<li>Use the latest version of the <code>@actions/artifact</code> NPM package</li>
</ul>
<h2>v2.0.3</h2>
<ul>
<li>Misc improvements</li>
</ul>
<h2>v2.0.2</h2>
<ul>
<li>Support for tilde expansion</li>
</ul>
<h2>v2.0.1</h2>
<ul>
<li>Download path output</li>
<li>Improved logging</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="fb598a63ae"><code>fb598a6</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/download-artifact/issues/136">#136</a> from actions/jtamsut/update-lockfile-version</li>
<li><a href="a4a09c5d7e"><code>a4a09c5</code></a> regenerate index.js</li>
<li><a href="9acf51df79"><code>9acf51d</code></a> regenerate package lock</li>
<li><a href="8821072325"><code>8821072</code></a> upgrade artifact version</li>
<li><a href="b8bbd3b64f"><code>b8bbd3b</code></a> regenerate lockfile</li>
<li><a href="6ee3d963e5"><code>6ee3d96</code></a> revert artifact version</li>
<li><a href="d4793f4e27"><code>d4793f4</code></a> update docs for v3</li>
<li><a href="2d338d2145"><code>2d338d2</code></a> upgrade package to v3</li>
<li><a href="360d0830b5"><code>360d083</code></a> update dependency on artifact lib</li>
<li><a href="d9b73cccac"><code>d9b73cc</code></a> update lock file</li>
<li>Additional commits viewable in <a href="https://github.com/actions/download-artifact/compare/v2...v3">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [actions/stale](https://github.com/actions/stale) from 4 to 5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/stale/releases">actions/stale's releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>Features</h2>
<ul>
<li><a href="https://github-redirect.dependabot.com/actions/stale/pull/670">Update Runtime to node16</a></li>
</ul>
<h2>v4.1.0</h2>
<h1>Features</h1>
<ul>
<li><a href="9912fa74d1">Ability to exempt draft PRs</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/actions/stale/blob/main/CHANGELOG.md">actions/stale's changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="3cc1237663"><code>3cc1237</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/stale/issues/670">#670</a> from actions/thboop/node16upgrade</li>
<li><a href="76e9fbc6ae"><code>76e9fbc</code></a> update node version</li>
<li><a href="6467b96231"><code>6467b96</code></a> Update default runtime to node16</li>
<li><a href="8af60513da"><code>8af6051</code></a> build(deps-dev): bump jest-circus from 27.2.0 to 27.4.6 (<a href="https://github-redirect.dependabot.com/actions/stale/issues/665">#665</a>)</li>
<li><a href="7a7efcae1f"><code>7a7efca</code></a> Fix per issue operation count (<a href="https://github-redirect.dependabot.com/actions/stale/issues/662">#662</a>)</li>
<li><a href="04a1828bc1"><code>04a1828</code></a> build(deps-dev): bump ts-jest from 27.0.5 to 27.1.2 (<a href="https://github-redirect.dependabot.com/actions/stale/issues/641">#641</a>)</li>
<li><a href="65ca3956bd"><code>65ca395</code></a> build(deps-dev): bump eslint-plugin-jest from 24.4.2 to 25.3.2 (<a href="https://github-redirect.dependabot.com/actions/stale/issues/639">#639</a>)</li>
<li><a href="eee276c280"><code>eee276c</code></a> build(deps-dev): bump prettier from 2.4.1 to 2.5.1 (<a href="https://github-redirect.dependabot.com/actions/stale/issues/628">#628</a>)</li>
<li><a href="6c2f9f3f54"><code>6c2f9f3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/stale/issues/640">#640</a> from dmitry-shibanov/v-dmshib/fix-check-dist</li>
<li><a href="37323f14dd"><code>37323f1</code></a> fix check-dist.yml</li>
<li>Additional commits viewable in <a href="https://github.com/actions/stale/compare/v4...v5">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p>
<blockquote>
<h2>v3.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update default runtime to node16 (<a href="https://github-redirect.dependabot.com/actions/setup-go/pull/192">actions/setup-go#192</a>)</li>
<li>Update <code>package-lock.json</code> file version to 2 (<a href="https://github-redirect.dependabot.com/actions/setup-go/pull/193">actions/setup-go#193</a>) and <code>@types/node</code> to 16.11.25 (<a href="https://github-redirect.dependabot.com/actions/setup-go/pull/194">actions/setup-go#194</a>)</li>
<li>Remove the <code>stable</code> input and fix SemVer notation (<a href="https://github-redirect.dependabot.com/actions/setup-go/pull/195">actions/setup-go#195</a>)</li>
</ul>
<h3>Breaking Changes</h3>
<p>With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.</p>
<p>This new major release removes the <code>stable</code> input, so there is no need to specify additional input to use pre-release versions. This release also corrects the pre-release versions syntax to satisfy the SemVer notation (1.18.0-beta1 -> 1.18.0-beta.1, 1.18.0-rc1 -> 1.18.0-rc.1).</p>
<pre lang="yaml"><code>steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v3
with:
go-version: '1.18.0-rc.1'
- run: go version
</code></pre>
<h2>Add check-latest input</h2>
<p>In scope of this release we add the <a href="https://github-redirect.dependabot.com/actions/setup-go/pull/186">check-latest</a> input. If <code>check-latest</code> is set to <code>true</code>, the action first checks if the cached version is the latest one. If the locally cached version is not the most up-to-date, a Go version will then be downloaded from <a href="https://github.com/actions/go-versions">go-versions</a> repository. By default <code>check-latest</code> is set to <code>false</code>.
Example of usage:</p>
<pre lang="yaml"><code>steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: '1.16'
check-latest: true
- run: go version
</code></pre>
<p>Moreover, we updated <code>@actions/core</code> from <code>1.2.6</code> to <code>1.6.0</code></p>
<h2>v2.1.5</h2>
<p>In scope of this release we updated <code>matchers.json</code> to improve the problem matcher pattern. For more information please refer to this <a href="https://github-redirect.dependabot.com/actions/setup-go/pull/98">pull request</a></p>
<h2>v2.1.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix extractor selection on windows by <a href="https://github.com/paulcacheux"><code>@paulcacheux</code></a> in <a href="https://github-redirect.dependabot.com/actions/setup-go/pull/141">actions/setup-go#141</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/paulcacheux"><code>@paulcacheux</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/setup-go/pull/141">actions/setup-go#141</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v2.1.3...v2.1.4">https://github.com/actions/setup-go/compare/v2.1.3...v2.1.4</a></p>
<h2>v2.1.3</h2>
<ul>
<li>Updated communication with runner to use environment files rather then workflow commands</li>
</ul>
<h2>v2.1.2</h2>
<p>This release includes vendored licenses for this action's npm dependencies.</p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="f6164bd8c8"><code>f6164bd</code></a> Remove stable input and fix SemVer notation (<a href="https://github-redirect.dependabot.com/actions/setup-go/issues/195">#195</a>)</li>
<li><a href="2bb2aab2fd"><code>2bb2aab</code></a> update types node (<a href="https://github-redirect.dependabot.com/actions/setup-go/issues/194">#194</a>)</li>
<li><a href="edcbc0c2cd"><code>edcbc0c</code></a> update lockfileVersion (<a href="https://github-redirect.dependabot.com/actions/setup-go/issues/193">#193</a>)</li>
<li><a href="fb9a043dd8"><code>fb9a043</code></a> Update default runtime to node16 (<a href="https://github-redirect.dependabot.com/actions/setup-go/issues/192">#192</a>)</li>
<li><a href="5b0ae0e97d"><code>5b0ae0e</code></a> Bump pathval from 1.1.0 to 1.1.1 (<a href="https://github-redirect.dependabot.com/actions/setup-go/issues/188">#188</a>)</li>
<li>See full diff in <a href="https://github.com/actions/setup-go/compare/v2...v3">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Right now the confix tool works up to v0.35. This change is preparation for
extending the tool to handle additional changes in v0.36.
Mostly this is adding documentation. The one functional change is to fix the
name of the moved "fast-sync" parameter, which was renamed "enable".
- Document the origin of each transformation step.
- Update fast-sync target name.
