A feed of development activity from across Sia Foundation GitHub repositories.
Adds the current and latest versions from the versioning alert to the display.
Rearranging the block list, I noticed we were rendering a div with a smidge of height on all our EntityLists--from the infinity scroll change. Removed it when not supplying that infinity scroll function.
Adds a check when creating the consensus to trigger a resync if the commitment does not match.
Added MerkleLeafHash helper similar to Transaction.MerkleLeafHash to reduce duplication. Also changed from using hashAll because it makes it harder for external devs to notice the distinguisher encoding.
This PR was created automatically. Merging it will finalize the changelog for 2.2.0
- Added
[PUT] /api/system/connect/testto trigger a test of the host's connectivity. - Added periodic version checks.
Periodically tests the hosts connection using the SiaScan troubleshooting API. This provides alerts to hosts if for some reason their node is not connectable. This system relies on a central server for the test and may return occasional false positives. The server can be overridden by setting Config.Explorer.URL
Changes sector updates for V1 contracts to match the behavior from V2. The new behavior diffs the old and new sector roots and updates the changed indices in the database rather than relying on replaying the sector changes. This is slightly slower on large contracts due to needing to calculate the diff of each index, but it is significantly simpler and less prone to edge cases.
- Added volume and contract metrics to recalc command
- Fixed a panic in RHP2 sector roots RPC.
- Fixed consensus v2 commitment.
- Fixed a panic when encoding the alerts array during high frequency updates
- Locked wallet UTXOs will now be stored in the database.
- Updated core to v0.13.0 and coreutils to v0.15.0
This PR was created automatically. Merging it will finalize the changelog for 2.8.0
- Implicitly fill v2 transaction proofs when in full index mode
- Update core to v0.13.0 and coreutils to v0.15.0
- Check consensus database for invalid commitment and reset if necessary.
- Fixed a panic when listening to localhost on some Windows 11 systems.
- Fixed SQLite database is locked error.
- Reduced batch size for slower hardware.
Some Windows systems no longer recognize localhost. This adds a fallback for these systems instead of failing to start.
This PR was created automatically. Merging it will create a new release for 0.13.0
- Fixed missing leaf prefix in commitment hash.
This PR was created automatically. Merging it will create a new release for 0.12.5
- Fixed missing leaf index in commitment.
Periodically checks for updates and registers an alert if one is available
Updates the core and coreutils dependencies to their full release versions
Changes the response of [PUT] /system/connect/test to include the full test results
Updates core and coreutils to the latest versions.
This PR was created automatically. Merging it will finalize the changelog for 2.7.0
- Updated coreutils to v0.14.0
- Updated core to v0.12.4
This PR was created automatically. Merging it will create a new release for 0.12.4
- Moved blake2b package out of internal.
Changes sector updates for V1 contracts to match the behavior from V2. The new behavior diffs the old and new sector roots and updates the changed indices in the database rather than relying on replaying the sector changes. This is slightly slower on large contracts due to needing to loop over each indices to calculate the diff, but it is less prone to edge cases.
Screen Recording 2025-05-13 at 12.54.43 PM.mov (uploaded via Graphite)
Adds the ability to optionally expand ID/hashes through ValueCopyable and implements this by default mostly everywhere in the explorer.
This restores compatibility with the Stratum mining protocol. Stratum servers simply need to include an additional leaf hash when computing the Merkle tree:
hashAll(uint8(0), "commitment", s.v2ReplayPrefix(), types.Hash256(hashAll(s)), minerAddr)
Of course, once the RequireHeight is reached and v1 transactions are no longer allowed, they will also need to adjust the Coinbase1 and Coinbase2 values they send, to account for the different encoding of v2 transactions.
- Added the address output APIs to the walletd JS and React SDKs.
- Elements returned by unspent outputs endpoints now include the number of confirmations.
- GitHub workflow for semi-manually publishing beta channel releases.
- Has been in use and working well via the beta branch.
- How it works: if a pre.json (changeset prerelease) is present on the beta branch it will try to publish latest versions as betas.
This PR was created automatically. Merging it will finalize the changelog for 2.6.0
{ { "id": "5fb7f9ef38dfeeeb4d8c0c1f105452511f0e966dec1ce545e490f5eee46d166f", "stateElement": { "leafIndex": 25490, "merkleProof": [ "9175d0ea4dbdecd0517bd275afd98250438193429d0dc7493672217464f3bfa3", "ab87ecba97723b67e42027dd8d2ad5a51ab48c3cd1b38dc461805b266b1fa728", "6cb7dcc6300e8344b17012b36fe64a0d7e1678d54736d1fd910c7c9665b273b9" ] }, "siacoinOutput": { "value": "344000", "address": "000000000000000000000000000000000000000000000000000000000000000089eb0d6a8a69" }, "maturityHeight": 7437, "confirmations": 6 } }
When in full index mode overwriting the proofs makes it slightly more convenient and less error-prone for users to broadcast v2 transactions since the correct proof can be filled implicitly. Unfortunately, that hides bad implementations from the implementor. In practice I feel this trade off is worth it.
Changed all endpoints that to return Siacoin or Siafund elements to also return the number of confirmations
{ { "id": "5fb7f9ef38dfeeeb4d8c0c1f105452511f0e966dec1ce545e490f5eee46d166f", "stateElement": { "leafIndex": 25490, "merkleProof": [ "9175d0ea4dbdecd0517bd275afd98250438193429d0dc7493672217464f3bfa3", "ab87ecba97723b67e42027dd8d2ad5a51ab48c3cd1b38dc461805b266b1fa728", "6cb7dcc6300e8344b17012b36fe64a0d7e1678d54736d1fd910c7c9665b273b9" ] }, "siacoinOutput": { "value": "344000", "address": "000000000000000000000000000000000000000000000000000000000000000089eb0d6a8a69" }, "maturityHeight": 7437, "confirmations": 6 } }
This PR is related to https://github.com/SiaFoundation/renterd/issues/1889. I can't reproduce it by uploading files myself, but I can reproduce the exact issue by writing an empty slice in place of partial slab data. Note that this won't fail the download, but merely add a log entry to indicate it is in fact a slab without shards.
Periodically tests the hosts connection using the SiaScan troubleshooting API. This provides alerts to hosts if for some reason their node is not connectable. This system relies on a central server for the test and may return occasional false positives. The server can be overridden by setting Config.Explorer.URL
This refactor for typescript strict mode was fairly straightforward. Biggest change by number of files touched was simply typing out params: { id: string }. I unified that prop type and made it extensible, just in case it ever needs to be. Beyond that:
-
The rankHosts function needed a decent rewrite, and I suspect that, previous to this, it was at least somewhat broken. I believe we were referencing keys that didn't exist, and I'm guessing that was skewing the final result. Should I throw a changeset on that, since the resultant list is now an entirely different group of hosts?
-
Satisfying strict mode for the Transaction slice was fairly verbose. Lots of novel
'key' in object ? ... : .... It does probably need consolidating earlier. There is some decision-making to do there about what a consolidated type should care about, due to all the custom types used (and the available keys/types therein), so I've resolved to leave that for another day. -
The
identicon.jsimport in/lib/avatar.tshas no official typings. It does have an@types, but that didn't seem to be the correct typing. Could be a versioning issue, but the end result is that Its-expect-error'd this import. We could alternatively declare a module in a*.d.tsfile in libs.
- Upgrade to latest core and coreutils.
- v1 siacoin and siafund inputs now have an
addressfield. - v1 and v2 (same type) siacoin and siafund outputs now have an
idfield. - v1 and v2 transactions now both have an
idfield.
- The transaction pool broadcast API now returns the full transaction set.
Updates README referencing UDP settings where appropriate and listing certPath and keyPath hostd configuration settings to allow QUIC connections to work. NOTE: a valid certificate and keyfile that matches the ClientHello (the hostname hostd reports) is needed to make QUIC connections.
This PR was created automatically. Merging it will finalize the changelog for 2.5.0
- Added [GET] /health to check the health of the walletd node
- Consensus checkpoint and block endpoints now support lookups by height
- Added a v2TransactionId method to the WASM SDK.
- The wallet send features now use hardfork heights from the consensus network data instead of hardcoded heights. Closes https://github.com/SiaFoundation/web/issues/990
Pretty straightforward: on the block and transaction pages, transactions and contract entities had avatars and IDs that were clickable, but the title wasn't. That felt counter-intuitive.
This PR was created automatically. Merging it will finalize the changelog for 2.4.1
- Fix race in txpool broadcast
Found a race condition with JSON encoding the IDs and the spend policy not being deep copied. Should fix the spend policy in a follow up.
This PR was created automatically. Merging it will finalize the changelog for 2.4.0
- Added GET /consensus/checkpoint/:id which returns the block and its consensus state.
This lets integrators get the IDs of the created UTXOs, addresses of inputs, and IDs of the transactions
These releases include additional JSON convenience fields
Changes the broadcast endpoint to return the full transaction set instead of just the ids
This PR was created automatically. Merging it will create a new release for 0.12.3
- Added convenience IDs to V2 transaction JSON marshalling.
This PR was created automatically. Merging it will create a new release for 0.12.2
- Added UTXO IDs to v1 transaction JSON marshalling
Adds the UTXO ID to the Siacoin and Siafund output JSON for convenience.
This PR was created automatically. Merging it will create a new release for 0.12.1
- Adds an
addressfield to the JSON representation of Siacoin and Siafund inputs.
Adds an endpoint to fetch a block and its state. Useful when scanning the blockchain to determine height of v1 blocks.
Similar to the id field on Transactions, adds address to the json representation of Siacoin and Siafund inputs for ease of use in other languages.
This PR adds a GET /bus/renterkey endpoint, which can be used by 3rd-party services like Sia Satellite.
What it can do:
- generate contract keys used to sign contracts
- create account tokens used to migrate sectors
What it cannot do:
- access the wallet of
renterd, but Sia Satellite wouldn't need that anyway
Fixes #1884
The contact email text on this page was listed as "[email protected]", which is an email address we don't have. The acual mailto: in the link was [email protected] which was correct. This corrects the display text.
- Fixed the contact email. Thanks @stevefunk (https://github.com/SiaFoundation/web/pull/1053) for catching this! Since that PR was from a fork I could not update it - here is one with conventional commit formatting, a changeset, and uses the variable.
This PR was created automatically. Merging it will finalize the changelog for 2.3.0
- Added CLI flag to disable log locations
--log.file.enabled=false--log.stdout.enabled=false - Added CLI flag to set log level
--log.level=debug
This endpoint is useful for scanning the chain for look-aheads when in full index mode
Fixes a panic when encoding the alerts array during high frequency updates. Honestly surprised we haven't run into this before.
fatal error: concurrent map iteration and map write
goroutine 13842512 [running]:
internal/runtime/maps.fatal({0x10d45e2?, 0x475113?})
runtime/panic.go:1058 +0x18
internal/runtime/maps.(*Iter).Next(0xc00a9ced50?)
internal/runtime/maps/table.go:683 +0x86
reflect.mapIterNext(0xf6e640?)
reflect/map_swiss.go:203 +0x13
reflect.(*MapIter).Next(0xc001728fd0)
reflect/map_swiss.go:358 +0x3e
encoding/json.mapEncoder.encode({0x15?}, 0xc000132940, {0xf9e080?, 0xc001e8efb0?, 0xc001e8efb0?}, {0x7?, 0x0?})
encoding/json/encode.go:768 +0x329
encoding/json.structEncoder.encode({{{0xc0048ec008, 0x5, 0x8}, 0xc00602a7b0, 0xc00602a7e0}}, 0xc000132940, {0x10313c0?, 0xc001e8ef78?, 0xc001729338?}, {0x0, ...})
encoding/json/encode.go:727 +0x30a
encoding/json.arrayEncoder.encode({0xc001729320?}, 0xc000132940, {0xf78140?, 0xc00a519560?, 0x0?}, {0x30?, 0x93?})
encoding/json/encode.go:870 +0xcf
encoding/json.sliceEncoder.encode({0x4170d4?}, 0xc000132940, {0xf78140?, 0xc00a519560?, 0xf78140?}, {0x3d?, 0x60?})
encoding/json/encode.go:843 +0x335
encoding/json.(*encodeState).reflectValue(0xc000132940, {0xf78140?, 0xc00a519560?, 0xc0017294f8?}, {0xc0?, 0xc3?})
encoding/json/encode.go:333 +0x73
encoding/json.(*encodeState).marshal(0xc001e8ef78?, {0xf78140?, 0xc00a519560?}, {0x28?, 0x4f?})
encoding/json/encode.go:309 +0xb2
encoding/json.(*Encoder).Encode(0xc001729638, {0xf78140, 0xc00a519560})
encoding/json/stream.go:210 +0xd0
go.sia.tech/jape.Context.Encode({{0x1a20e00, 0xc009cc1500}, 0xc00a659040, {0x0, 0x0, 0x0}}, {0xf78140, 0xc00a519560})
go.sia.tech/[email protected]/server.go:57 +0x32b
go.sia.tech/hostd/v2/api.(*api).writeResponse(0xc00621c000, {{0x1a20e00, 0xc009cc1500}, 0xc00a659040, {0x0, 0x0, 0x0}}, {0xf78140, 0xc00a519560})
go.sia.tech/hostd/v2/api/endpoints.go:66 +0x16e
go.sia.tech/hostd/v2/api.(*api).handleGETAlerts(0xc00621c000, {{0x1a20e00, 0xc009cc1500}, 0xc00a659040, {0x0, 0x0, 0x0}})
go.sia.tech/hostd/v2/api/endpoints.go:155 +0x86
go.sia.tech/jape.Mux.adaptor.func1({0x1a20e00?, 0xc009cc1500?}, 0xc00a510dc8?, {0x0?, 0x18?, 0xc007780008?})
go.sia.tech/[email protected]/server.go:171 +0x52
github.com/julienschmidt/httprouter.(*Router).ServeHTTP(0xc005f4e240, {0x1a20e00, 0xc009cc1500}, 0xc00a659040)
github.com/julienschmidt/[email protected]/router.go:387 +0x7cb
main.runRootCmd.runRootCmd.BasicAuth.func41.func42({0x1a20e00, 0xc009cc1500}, 0xc00a659040)
go.sia.tech/[email protected]/server.go:230 +0x99
net/http.HandlerFunc.ServeHTTP(0xc001729b10?, {0x1a20e00?, 0xc009cc1500?}, 0x47cff2?)
net/http/server.go:2294 +0x29
main.webRouter.ServeHTTP({{0x1a19f20?, 0xc0004f2a20?}, {0x1a185e0?, 0xc0004f2360?}}, {0x1a20e00?, 0xc009cc1500?}, 0x1?)
go.sia.tech/hostd/v2/cmd/hostd/web.go:18 +0xd8
net/http.serverHandler.ServeHTTP({0xc002680720?}, {0x1a20e00?, 0xc009cc1500?}, 0x6?)
net/http/server.go:3301 +0x8e
net/http.(*conn).serve(0xc00583e000, {0x1a23638, 0xc0136a7dd0})
net/http/server.go:2102 +0x625
created by net/http.(*Server).Serve in goroutine 228
net/http/server.go:3454 +0x485
goroutine 1 [chan receive, 2594 minutes]:
main.runRootCmd({_, _}, {{0x0, 0x0}, {0xc00049a1f0, 0xe}, {0xc0004f0050, 0x46}, 0x0, {{0xc00049a257, ...}, ...}, ...}, ...)
go.sia.tech/hostd/v2/cmd/hostd/run.go:531 +0x60c5
main.main()
go.sia.tech/hostd/v2/cmd/hostd/main.go:534 +0x2239
goroutine 5 [syscall, 3292 minutes]:
os/signal.signal_recv()
Bumps the all-dependencies group with 2 updates: golang.org/x/crypto and golang.org/x/tools.
Updates golang.org/x/crypto from 0.37.0 to 0.38.0
Commits
aae6e61go.mod: update golang.org/x dependencies9c1aa6assh/test: reset the random source before capturing a recording8819902ssh/test: enable Diffie-Hellman key exchange algorithms3f311e4acme: return error from pre-authorization when unsupported1f7c62cssh/test: skip unsupported tests on js/wasma5f8048acme/autocert: use standard functions to pick the cache directory958cde8Revert "chacha20: add loong64 SIMD implementation"51f005cRevert "salsa20: add loong64 SIMD implementation"7c35866Revert "argon2: add loong64 SIMD implementation"0091fc8Revert "blake2s: add loong64 SIMD implementation"- Additional commits viewable in compare view
Updates golang.org/x/tools from 0.32.0 to 0.33.0
Commits
64b63a6go.mod: update golang.org/x dependencies7701413internal/mcp: move jsonschema out of mcp/internal125cd11jsonschema: pre-compile regexps2f18550jsonschema: better errors unmarshaling ints635622bjsonschema: using hashing for uniqueItems0f6a53fmcp: remove ServerConnectionca54d59jsonschema: represent integer keywords as intsc75f7e8jsonschema: validate object keywordsefd15d8internal/mcp: clean up handling of content80e0fd8internal/mcp: support prompts- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
- Tests had some typing issues.
- The siafund and foundation fields on ConsensusState were renamed.
Bumps the all-dependencies group with 1 update: go.sia.tech/jape.
Updates go.sia.tech/jape from 0.13.1 to 0.14.0
Release notes
Sourced from go.sia.tech/jape's releases.
0.14.0 (2025-04-30)
Breaking Changes
Limit the default size of incoming request bodies to 10MB
Changelog
Sourced from go.sia.tech/jape's changelog.
0.14.0 (2025-04-30)
Breaking Changes
Limit the default size of incoming request bodies to 10MB
Add
Context.DecodeLimitto override the size limit
Commits
e597db5Merge pull request #34 from SiaFoundation/release4000f23chore: prepare release 0.14.0089575dMerge pull request #33 from SiaFoundation/nate/limit-request-bodies6f6f964fix lint81d6902add test, use http.MaxBytesReader3deae90fix lintc0ce14blimit default request bodie size- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
- The v2 element structure was changed in core, this matches the change.
Bumps the all-dependencies group with 1 update: golang.org/x/sys.
Updates golang.org/x/sys from 0.32.0 to 0.33.0
Commits
3d9a6b8windows: add WSADuplicateSocketc0a9559cpu: add crypto extensions detection for riscv648e9e046windows: add virtual key codes and console input consts7138967windows: fix slicing of NTUnicodeString values6a85559windows: fix dangling pointers in (*SECURITY_DESCRIPTOR).ToAbsolute- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
Bumps the dependencies group with 3 updates: go.sia.tech/jape, golang.org/x/sys and golang.org/x/term.
Updates go.sia.tech/jape from 0.13.1 to 0.14.0
Release notes
Sourced from go.sia.tech/jape's releases.
0.14.0 (2025-04-30)
Breaking Changes
Limit the default size of incoming request bodies to 10MB
Changelog
Sourced from go.sia.tech/jape's changelog.
0.14.0 (2025-04-30)
Breaking Changes
Limit the default size of incoming request bodies to 10MB
Add
Context.DecodeLimitto override the size limit
Commits
e597db5Merge pull request #34 from SiaFoundation/release4000f23chore: prepare release 0.14.0089575dMerge pull request #33 from SiaFoundation/nate/limit-request-bodies6f6f964fix lint81d6902add test, use http.MaxBytesReader3deae90fix lintc0ce14blimit default request bodie size- See full diff in compare view
Updates golang.org/x/sys from 0.32.0 to 0.33.0
Commits
3d9a6b8windows: add WSADuplicateSocketc0a9559cpu: add crypto extensions detection for riscv648e9e046windows: add virtual key codes and console input consts7138967windows: fix slicing of NTUnicodeString values6a85559windows: fix dangling pointers in (*SECURITY_DESCRIPTOR).ToAbsolute- See full diff in compare view
Updates golang.org/x/term from 0.31.0 to 0.32.0
Commits
2ec7864go.mod: update golang.org/x dependenciesa809085term: support pluggable history- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
Bumps the all-dependencies group with 1 update: go.sia.tech/jape.
Updates go.sia.tech/jape from 0.13.1 to 0.14.0
Release notes
Sourced from go.sia.tech/jape's releases.
0.14.0 (2025-04-30)
Breaking Changes
Limit the default size of incoming request bodies to 10MB
Changelog
Sourced from go.sia.tech/jape's changelog.
0.14.0 (2025-04-30)
Breaking Changes
Limit the default size of incoming request bodies to 10MB
Add
Context.DecodeLimitto override the size limit
Commits
e597db5Merge pull request #34 from SiaFoundation/release4000f23chore: prepare release 0.14.0089575dMerge pull request #33 from SiaFoundation/nate/limit-request-bodies6f6f964fix lint81d6902add test, use http.MaxBytesReader3deae90fix lintc0ce14blimit default request bodie size- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
PR with a bunch of improvements found while debugging the cluster startup issues:
- Update cluster deps.
- Improve flaky hostd volume test.
- Removed unnecessary
^buildfrom the explorer-e2e e2e target (should make startup much faster, it was doing a production (slow) build of explorer that was not even being used cc @telestrial) - Fixed
waitFor. If the condition hung or errored would prevent natural test timeout on CI. - Fixed -explored=1 startup errors in
cmd.
Adds [POST] /check/addresses to check for addresses that have been seen on chain. This endpoint is useful for scanning the chain for look-aheads when in full index mode
Bumps the all-dependencies group with 3 updates: go.sia.tech/core, go.sia.tech/coreutils and go.sia.tech/jape.
Updates go.sia.tech/core from 0.11.0 to 0.12.0
Release notes
Sourced from go.sia.tech/core's releases.
0.12.0 (2025-04-28)
Breaking Changes
- Changed contract validation helpers to take current contract as parameter instead of individual values to simplify usage
- Removed unused parameters in contract helpers
Changelog
Sourced from go.sia.tech/core's changelog.
0.12.0 (2025-04-28)
Breaking Changes
- Changed contract validation helpers to take current contract as parameter instead of individual values to simplify usage
- Removed unused parameters in contract helpers
Commits
Updates go.sia.tech/coreutils from 0.13.1 to 0.13.2
Release notes
Sourced from go.sia.tech/coreutils's releases.
0.13.2 (2025-04-28)
Features
- Return error when transaction set relay fails
Fixes
- Update coreutils to v0.12.0
Export 'missing block at index' error
The "missing block at index" error is used in multiple places to detect that a chain migration happened so that the app knows to reset whatever state it stored previously. This PR exports it so that looking at the error string is not necessary.
https://github.com/SiaFoundation/hostd/blob/711ac3eb1da09e4d6a9ff17a2efe3555d70b8185/index/update.go#L36 https://github.com/SiaFoundation/walletd/blob/d91147b7ec52b2261779949905c8e0fd3c0ad5c7/wallet/manager.go#L733
And recently in explored: SiaFoundation/explored#212
Changelog
Sourced from go.sia.tech/coreutils's changelog.
0.13.2 (2025-04-28)
Features
- Return error when transaction set relay fails
Fixes
- Update coreutils to v0.12.0
Export 'missing block at index' error
##217 by
@chris124567The "missing block at index" error is used in multiple places to detect that a chain migration happened so that the app knows to reset whatever state it stored previously. This PR exports it so that looking at the error string is not necessary.
https://github.com/SiaFoundation/hostd/blob/711ac3eb1da09e4d6a9ff17a2efe3555d70b8185/index/update.go#L36 https://github.com/SiaFoundation/walletd/blob/d91147b7ec52b2261779949905c8e0fd3c0ad5c7/wallet/manager.go#L733
And recently in explored: SiaFoundation/explored#212
Commits
64c6653Merge pull request #218 from SiaFoundation/released90028cchore: prepare release 0.13.2d031d7eMerge pull request #221 from SiaFoundation/nate/update-depse35f738chore: update deps7ca0c4aMerge pull request #216 from SiaFoundation/nate/syncer-errorsbfcefb3add extra debug logging0766eccactually return errors98125a2syncer: make all relay calls consisten5e7b0a9rhp4: use mock syncere9a9c74syncer: add handshake timeout- Additional commits viewable in compare view
Updates go.sia.tech/jape from 0.12.2-0.20241010144215-1468bf476af6 to 0.13.1
Release notes
Sourced from go.sia.tech/jape's releases.
0.13.1 (2025-04-26)
Fixes
- Automate releases
- Fix off-by-one in japecheck
Commits
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
Bumps the all-dependencies group with 2 updates in the / directory: go.sia.tech/core and go.sia.tech/jape.
Updates go.sia.tech/core from 0.11.0 to 0.12.0
Release notes
Sourced from go.sia.tech/core's releases.
0.12.0 (2025-04-28)
Breaking Changes
- Changed contract validation helpers to take current contract as parameter instead of individual values to simplify usage
- Removed unused parameters in contract helpers
Changelog
Sourced from go.sia.tech/core's changelog.
0.12.0 (2025-04-28)
Breaking Changes
- Changed contract validation helpers to take current contract as parameter instead of individual values to simplify usage
- Removed unused parameters in contract helpers
Commits
Updates go.sia.tech/jape from 0.12.2-0.20241010144215-1468bf476af6 to 0.13.1
Release notes
Sourced from go.sia.tech/jape's releases.
0.13.1 (2025-04-26)
Fixes
- Automate releases
- Fix off-by-one in japecheck
Commits
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
Bumps the all-dependencies group with 2 updates: go.sia.tech/core and go.sia.tech/coreutils.
Updates go.sia.tech/core from 0.11.0 to 0.12.0
Release notes
Sourced from go.sia.tech/core's releases.
0.12.0 (2025-04-28)
Breaking Changes
- Changed contract validation helpers to take current contract as parameter instead of individual values to simplify usage
- Removed unused parameters in contract helpers
Changelog
Sourced from go.sia.tech/core's changelog.
0.12.0 (2025-04-28)
Breaking Changes
- Changed contract validation helpers to take current contract as parameter instead of individual values to simplify usage
- Removed unused parameters in contract helpers
Commits
Updates go.sia.tech/coreutils from 0.13.1 to 0.13.2
Release notes
Sourced from go.sia.tech/coreutils's releases.
0.13.2 (2025-04-28)
Features
- Return error when transaction set relay fails
Fixes
- Update coreutils to v0.12.0
Export 'missing block at index' error
The "missing block at index" error is used in multiple places to detect that a chain migration happened so that the app knows to reset whatever state it stored previously. This PR exports it so that looking at the error string is not necessary.
https://github.com/SiaFoundation/hostd/blob/711ac3eb1da09e4d6a9ff17a2efe3555d70b8185/index/update.go#L36 https://github.com/SiaFoundation/walletd/blob/d91147b7ec52b2261779949905c8e0fd3c0ad5c7/wallet/manager.go#L733
And recently in explored: SiaFoundation/explored#212
Changelog
Sourced from go.sia.tech/coreutils's changelog.
0.13.2 (2025-04-28)
Features
- Return error when transaction set relay fails
Fixes
- Update coreutils to v0.12.0
Export 'missing block at index' error
##217 by
@chris124567The "missing block at index" error is used in multiple places to detect that a chain migration happened so that the app knows to reset whatever state it stored previously. This PR exports it so that looking at the error string is not necessary.
https://github.com/SiaFoundation/hostd/blob/711ac3eb1da09e4d6a9ff17a2efe3555d70b8185/index/update.go#L36 https://github.com/SiaFoundation/walletd/blob/d91147b7ec52b2261779949905c8e0fd3c0ad5c7/wallet/manager.go#L733
And recently in explored: SiaFoundation/explored#212
Commits
64c6653Merge pull request #218 from SiaFoundation/released90028cchore: prepare release 0.13.2d031d7eMerge pull request #221 from SiaFoundation/nate/update-depse35f738chore: update deps7ca0c4aMerge pull request #216 from SiaFoundation/nate/syncer-errorsbfcefb3add extra debug logging0766eccactually return errors98125a2syncer: make all relay calls consisten5e7b0a9rhp4: use mock syncere9a9c74syncer: add handshake timeout- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
Currently, if two objects across buckets share a similar path prefix, only the one in the bucket with the lowest db_bucket_id will show up in the directory view. This happens because we failed to join on the bucket in a sub-select that grouped the rows and hereby did a MIN on the db_bucket_id, causing the wrong object to be selected in the sub-select, which would then in turn be filtered out in the outer select that filters on the bucket.
Uploads were stuck because they hadn't finished, and the number of inflight requests never dropped to zero. The error was in only considering the sector context; the upload loop must still receive a response for the sector—even if the sector upload could be skipped because it was already sent to another host. Without this, we're effectively dropping inflight requests, preventing the counter from ever reaching zero. This is only an issue if we don't have enough hosts to overdrive, which is why we haven't seen it on production.
I tried writing a decent regression test that approaches the problem from the upload manager. That's a little tricky because the uploaders aren't interfaced, so we can't easily mock the behaviour there. I added a unit test that ensures requests that can be skipped, still send a response down the channel, perhaps in combination with the extensive manual tests (on erravimus) that is sufficient (?).
Diving in the upload code it's difficult not to try and refactor everything, so this PR is (more or less) the minimum amount of lines to make it work. If we want more extensive unit testing we'll have to interface a couple of components and do more refactors.
This splits up the renew function into 2 since renew and refresh are just different enough for it to not make sense to keep them together.
Bumps the dependencies group with 3 updates in the / directory: go.sia.tech/core, go.sia.tech/coreutils and go.sia.tech/jape.
Updates go.sia.tech/core from 0.11.0 to 0.12.0
Release notes
Sourced from go.sia.tech/core's releases.
0.12.0 (2025-04-28)
Breaking Changes
- Changed contract validation helpers to take current contract as parameter instead of individual values to simplify usage
- Removed unused parameters in contract helpers
Changelog
Sourced from go.sia.tech/core's changelog.
0.12.0 (2025-04-28)
Breaking Changes
- Changed contract validation helpers to take current contract as parameter instead of individual values to simplify usage
- Removed unused parameters in contract helpers
Commits
Updates go.sia.tech/coreutils from 0.13.1 to 0.13.2
Release notes
Sourced from go.sia.tech/coreutils's releases.
0.13.2 (2025-04-28)
Features
- Return error when transaction set relay fails
Fixes
- Update coreutils to v0.12.0
Export 'missing block at index' error
The "missing block at index" error is used in multiple places to detect that a chain migration happened so that the app knows to reset whatever state it stored previously. This PR exports it so that looking at the error string is not necessary.
https://github.com/SiaFoundation/hostd/blob/711ac3eb1da09e4d6a9ff17a2efe3555d70b8185/index/update.go#L36 https://github.com/SiaFoundation/walletd/blob/d91147b7ec52b2261779949905c8e0fd3c0ad5c7/wallet/manager.go#L733
And recently in explored: SiaFoundation/explored#212
Changelog
Sourced from go.sia.tech/coreutils's changelog.
0.13.2 (2025-04-28)
Features
- Return error when transaction set relay fails
Fixes
- Update coreutils to v0.12.0
Export 'missing block at index' error
##217 by
@chris124567The "missing block at index" error is used in multiple places to detect that a chain migration happened so that the app knows to reset whatever state it stored previously. This PR exports it so that looking at the error string is not necessary.
https://github.com/SiaFoundation/hostd/blob/711ac3eb1da09e4d6a9ff17a2efe3555d70b8185/index/update.go#L36 https://github.com/SiaFoundation/walletd/blob/d91147b7ec52b2261779949905c8e0fd3c0ad5c7/wallet/manager.go#L733
And recently in explored: SiaFoundation/explored#212
Commits
64c6653Merge pull request #218 from SiaFoundation/released90028cchore: prepare release 0.13.2d031d7eMerge pull request #221 from SiaFoundation/nate/update-depse35f738chore: update deps7ca0c4aMerge pull request #216 from SiaFoundation/nate/syncer-errorsbfcefb3add extra debug logging0766eccactually return errors98125a2syncer: make all relay calls consisten5e7b0a9rhp4: use mock syncere9a9c74syncer: add handshake timeout- Additional commits viewable in compare view
Updates go.sia.tech/jape from 0.13.0 to 0.13.1
Release notes
Sourced from go.sia.tech/jape's releases.
0.13.1 (2025-04-26)
Fixes
- Automate releases
- Fix off-by-one in japecheck
Commits
ec010dfMerge pull request #30 from SiaFoundation/release0229cadchore: prepare release 0.13.13ec8b54Merge pull request #32 from SiaFoundation/dependabot/go_modules/all-dependenc...736df34Bump golang.org/x/tools in the all-dependencies group77f38f4Merge pull request #31 from SiaFoundation/n8maninger-patch-13910600Setup dependabot.ymld89eda6Merge pull request #28 from SiaFoundation/christopher/fix-parsing-client-routes6b9cbcdfix response types694c9dafix parsing client routes after context parameter introduction72fe9c8add changeset- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
Updates to the latest coreutils and updates tests and call sites that expect the syncer to work to use the mock syncer since BroadcastTransaction will now error when there are no peers connected.
Now that the database is limited to a single conn there is no need to retry transactions.
Bumps the dependencies group with 1 update: go.sia.tech/jape.
Updates go.sia.tech/jape from 0.13.0 to 0.13.1
Release notes
Sourced from go.sia.tech/jape's releases.
0.13.1 (2025-04-26)
Fixes
- Automate releases
- Fix off-by-one in japecheck
Commits
ec010dfMerge pull request #30 from SiaFoundation/release0229cadchore: prepare release 0.13.13ec8b54Merge pull request #32 from SiaFoundation/dependabot/go_modules/all-dependenc...736df34Bump golang.org/x/tools in the all-dependencies group77f38f4Merge pull request #31 from SiaFoundation/n8maninger-patch-13910600Setup dependabot.ymld89eda6Merge pull request #28 from SiaFoundation/christopher/fix-parsing-client-routes6b9cbcdfix response types694c9dafix parsing client routes after context parameter introduction72fe9c8add changeset- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
Bumps the all-dependencies group with 1 update: go.sia.tech/jape.
Updates go.sia.tech/jape from 0.12.2-0.20241010144215-1468bf476af6 to 0.13.1
Release notes
Sourced from go.sia.tech/jape's releases.
0.13.1 (2025-04-26)
Fixes
- Automate releases
- Fix off-by-one in japecheck
Commits
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
This PR was created automatically. Merging it will create a new release for 0.12.0
- Changed contract validation helpers to take current contract as parameter instead of individual values to simplify usage
- Removed unused parameters in contract helpers
Reverts #298 to the old behavior and removes unused params.
Looking at the original PR, #298, I think the logic change there is actually incorrect. It's not clear to me why a contract refresh would ever have plenty of allowance but not enough collateral since the funds always flow from the renter to the host.
The subtest that got changed in https://github.com/SiaFoundation/coreutils/pull/215 should have been a valid state based on the intended behavior.
The desired behavior is that the host's total collateral locked is a consistent ratio with the renter's total spending. In the case of that subtest, the renter has locked 110 SC total and the host has locked 220 SC total. With the new logic, that is now considered a bad state because the renter spent 25 SC of its allowance funding an account, giving it 85 SC remaining allowance to 220 SC collateral. The renter ends up needing to lock significantly more SC to compensate for the account spending.
- Bump up the max line length for commit body content.
Bumps the all-dependencies group with 1 update: go.sia.tech/jape.
Updates go.sia.tech/jape from 0.13.0 to 0.13.1
Release notes
Sourced from go.sia.tech/jape's releases.
0.13.1 (2025-04-26)
Fixes
- Automate releases
- Fix off-by-one in japecheck
Commits
ec010dfMerge pull request #30 from SiaFoundation/release0229cadchore: prepare release 0.13.13ec8b54Merge pull request #32 from SiaFoundation/dependabot/go_modules/all-dependenc...736df34Bump golang.org/x/tools in the all-dependencies group77f38f4Merge pull request #31 from SiaFoundation/n8maninger-patch-13910600Setup dependabot.ymld89eda6Merge pull request #28 from SiaFoundation/christopher/fix-parsing-client-routes6b9cbcdfix response types694c9dafix parsing client routes after context parameter introduction72fe9c8add changeset- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
Depends on https://github.com/SiaFoundation/core/pull/299
Noticed that none of my Zen contracts renewed. This change fixed it.
Need to update go.mod once the dependencies are merged.
While trying to update cluster I ran into an issue where our software used incompatible version of jape. Basically walletd was using latest master while the other ones weren't. Which caused issues when updating cluster.
This PR was created automatically. Merging it will create a new release for 0.11.0
- Removed
durationparameter from MinRenterAllowance helper
- Add MaxHostCollateral helper
- Consider post-refresh values for the minRenterAllowance check rather than the additional values.
Bumps the all-dependencies group with 2 updates: github.com/gabriel-vasile/mimetype and github.com/mattn/go-sqlite3.
Updates github.com/gabriel-vasile/mimetype from 1.4.8 to 1.4.9
Release notes
Sourced from github.com/gabriel-vasile/mimetype's releases.
v1.4.9 GLTF support and performance improvements
What's Changed
- SRT detection: reduce allocs by
@gabriel-vasilein gabriel-vasile/mimetype#636- json: more benchmarking by
@gabriel-vasilein gabriel-vasile/mimetype#640- Bump golang.org/x/net from 0.33.0 to 0.39.0 in the gomod
- json: add parser with query capacity by
@gabriel-vasilein gabriel-vasile/mimetype#652- feat: add support for GLTF by
@gabriel-vasilein gabriel-vasile/mimetype#655Full Changelog: https://github.com/gabriel-vasile/mimetype/compare/v1.4.8...v1.4.9
Commits
551461badd support for GLTF63e2356go mod tidy12592edjson: add parser with query capacity55e964aBump the github-actions group across 1 directory with 2 updatesa10cc03Bump golang.org/x/net in the gomod group across 1 directory773b07cCI: move fuzz to cron job (#653)68c306dtests: revert effects of Extende8ef900gha: use stable version of golang in CI9ab9e39benchmark: reset mem and timer after allocating and before bench runadb0181json: more benchmarking- Additional commits viewable in compare view
Updates github.com/mattn/go-sqlite3 from 1.14.27 to 1.14.28
Commits
f76bae4upgrade amalgamation code65302b0Add ability to set an int64 file control (#1298)- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
Bumps the dependencies group with 1 update: github.com/mattn/go-sqlite3.
Updates github.com/mattn/go-sqlite3 from 1.14.27 to 1.14.28
Commits
f76bae4upgrade amalgamation code65302b0Add ability to set an int64 file control (#1298)- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
This PR adds MaxHostCollateral as a counterpart to MinRenterAllowance.
It also removes the duration since it doesn't affect the outcome of the functions since the ratio stays the same regardless of the duration.
I ran into a min allowance issue on Zen which made me reread this part of the code and I noticed that the current behavior for refreshing contracts is not necessarily what we want.
Before this PR, we make sure the ratio of newly added allowance and collateral is sane during a refresh. However, if a contract still has plenty of allowance left in it, this shouldn't affect our ability to refresh this contract without pouring more renter funds into it if the ratio is still sane after the refresh.
So this PR changes the check to consider the ratio of unused collateral+allowance after the refresh rather than the one of the added values.
Bumps the go_modules group with 2 updates in the /internal/cluster directory: golang.org/x/crypto and golang.org/x/net. Bumps the go_modules group with 1 update in the /sdk directory: golang.org/x/crypto.
Updates golang.org/x/crypto from 0.36.0 to 0.37.0
Commits
959f8f3go.mod: update golang.org/x dependencies769bcd6ssh: use the configured rand in kex initd0a798fcryptobyte: fix typo 'octects' into 'octets' for asn1.goacbcbefacme: remove unnecessary []byte conversion376eb14x509roots: support constrained rootsb369b72crypto/internal/poly1305: implement function update in assembly on loong646b853fbssh/knownhosts: check more than one key- See full diff in compare view
Updates golang.org/x/net from 0.37.0 to 0.38.0
Commits
e1fcd82html: properly handle trailing solidus in unquoted attribute value in foreign...ebed060internal/http3: fix build of tests with GOEXPERIMENT=nosynctest1f1fa29publicsuffix: regenerate table1215081http2: improve error when server sends HTTP/1312450ehtml: ensure <search> tag closes <p> and update tests09731f9http2: improve handling of lost PING in Server55989e2http2/h2c: use ResponseController for hijacking connections2914f46websocket: re-recommend gorilla/websocket- See full diff in compare view
Updates golang.org/x/crypto from 0.32.0 to 0.35.0
Commits
959f8f3go.mod: update golang.org/x dependencies769bcd6ssh: use the configured rand in kex initd0a798fcryptobyte: fix typo 'octects' into 'octets' for asn1.goacbcbefacme: remove unnecessary []byte conversion376eb14x509roots: support constrained rootsb369b72crypto/internal/poly1305: implement function update in assembly on loong646b853fbssh/knownhosts: check more than one key- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the Security Alerts page.
Bumps the go_modules group with 1 update: golang.org/x/net.
Updates golang.org/x/net from 0.37.0 to 0.38.0
Commits
e1fcd82html: properly handle trailing solidus in unquoted attribute value in foreign...ebed060internal/http3: fix build of tests with GOEXPERIMENT=nosynctest1f1fa29publicsuffix: regenerate table1215081http2: improve error when server sends HTTP/1312450ehtml: ensure <search> tag closes <p> and update tests09731f9http2: improve handling of lost PING in Server55989e2http2/h2c: use ResponseController for hijacking connections2914f46websocket: re-recommend gorilla/websocket- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the Security Alerts page.
We pass a sane timeout to bus constructors to avoid hanging indefinitely, since we now potentially have a reasonably long chain db migration I removed it and added a sane timeout to the two locations that apparently need it. It's mostly because our Store requires a context on all of its methods, like initialising the autopilot config.
Bumps the all-dependencies group with 1 update: golang.org/x/tools.
Updates golang.org/x/tools from 0.31.0 to 0.32.0
Commits
456962ego.mod: update golang.org/x dependencies5916e3cinternal/tokeninternal: AddExistingFiles: tweaks for proposal9a1fbbdinternal/typesinternal: change Used to UsedIdente73cd5agopls/internal/golang: implement dynamicFuncCallType with typeutil.ClassifyCall11a9b3fgopls/internal/server: fix event labels after the big rename3e7f74dgo/types/typeutil: used doesn't need Info.Selectionsb97074binternal/gofix: fix URLse850fe1gopls/internal/golang: CodeAction: place gopls doc as the last actionb948addinternal/gofix: move from gopls/internal/analysis/gofixb437effgo/types/typeutil: implement Callee and StaticCallee with Used- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
This should effectively get rid of the database is locked error by preventing parallel connections. It's like wrapping a mutex around every database interaction and seems to be the recommended way of doing this.
The benchmarks seem to be mostly unaffected which makes sense considering that they are single-threaded. To see how it performs in practice we'll need to run it on a used host.
Going through https://sqlite.org/faq.html#q6 lead me to https://sqlite.org/threadsafe.html and it seems like it's generally recommended to use the SQLITE_CONFIG_SINGLETHREAD threading mode if locking isn't required to speed up performance. However, I haven't been able to figure out how to do that from the Go driver.
Closes https://github.com/SiaFoundation/hostd/issues/643
The before and after results of the existing benchmarks:
Before:
goos: darwin
goarch: arm64
pkg: go.sia.tech/hostd/v2/persist/sqlite
cpu: Apple M2 Pro
BenchmarkTrimSectors
BenchmarkTrimSectors-12 217003 5595 ns/op 217003 sectors 1843 B/op 50 allocs/op
BenchmarkV2AppendSectors
BenchmarkV2AppendSectors-12 170421 12802 ns/op 170421 sectors 2800 B/op 43 allocs/op
BenchmarkV2TrimSectors
BenchmarkV2TrimSectors-12 1356486 949.9 ns/op 1356486 sectors 0 B/op 0 allocs/op
BenchmarkVolumeGrow
BenchmarkVolumeGrow-12 407421 3158 ns/op 407421 sectors 224 B/op 8 allocs/op
BenchmarkVolumeShrink
BenchmarkVolumeShrink-12 716907 1891 ns/op 716907 sectors 0 B/op 0 allocs/op
BenchmarkVolumeMigrate
BenchmarkVolumeMigrate-12 18 64587782 ns/op 18.00 sectors 11207 B/op 298 allocs/op
BenchmarkStoreSector
BenchmarkStoreSector-12 7747 160465 ns/op 7747 sectors 9243 B/op 225 allocs/op
BenchmarkReadSector
BenchmarkReadSector-12 35526 31730 ns/op 35526 sectors 4782 B/op 94 allocs/op
PASS
ok go.sia.tech/hostd/v2/persist/sqlite 953.837s
After:
goos: darwin
goarch: arm64
pkg: go.sia.tech/hostd/v2/persist/sqlite
cpu: Apple M2 Pro
BenchmarkTrimSectors
BenchmarkTrimSectors-12 235959 5596 ns/op 235959 sectors 1843 B/op 50 allocs/op
BenchmarkV2AppendSectors
BenchmarkV2AppendSectors-12 175136 12997 ns/op 175136 sectors 2800 B/op 43 allocs/op
BenchmarkV2TrimSectors
BenchmarkV2TrimSectors-12 1344559 934.5 ns/op 1344559 sectors 0 B/op 0 allocs/op
BenchmarkVolumeGrow
BenchmarkVolumeGrow-12 410400 3112 ns/op 410400 sectors 224 B/op 8 allocs/op
BenchmarkVolumeShrink
BenchmarkVolumeShrink-12 724045 1898 ns/op 724045 sectors 0 B/op 0 allocs/op
BenchmarkVolumeMigrate
BenchmarkVolumeMigrate-12 18 66599769 ns/op 18.00 sectors 11230 B/op 298 allocs/op
BenchmarkStoreSector
BenchmarkStoreSector-12 7740 154748 ns/op 7740 sectors 9240 B/op 225 allocs/op
BenchmarkReadSector
BenchmarkReadSector-12 35342 31820 ns/op 35342 sectors 4783 B/op 94 allocs/op
PASS
ok go.sia.tech/hostd/v2/persist/sqlite 970.016s
Bumps the all-dependencies group with 1 update: github.com/go-sql-driver/mysql.
Updates github.com/go-sql-driver/mysql from 1.9.1 to 1.9.2
Release notes
Sourced from github.com/go-sql-driver/mysql's releases.
v1.9.2
What's Changed
v1.9.2 is a re-release of v1.9.1 due to a release process issue; no changes were made to the content.
Full Changelog: https://github.com/go-sql-driver/mysql/compare/v1.9.1...v1.9.2
Changelog
Sourced from github.com/go-sql-driver/mysql's changelog.
v1.9.2 (2025-04-07)
v1.9.2 is a re-release of v1.9.1 due to a release process issue; no changes were made to the content.
Commits
21ef4c6release v1.9.2 (#1693)- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
Not sure how we missed this for so long
http: panic serving 172.18.0.17:43362: runtime error: slice bounds out of range [450:1] goroutine 7191094 [running]: net/http.(*conn).serve.func1() /usr/local/go/src/net/http/server.go:1947 +0xbe panic({0xe8b8e0?, 0xc000350198?}) /usr/local/go/src/runtime/panic.go:791 +0x132 go.sia.tech/renterd/v2/alerts.(*Manager).Alerts(0xc0002b0680, {0xc00018a620?, 0xc002180140?}, {0x0?, 0x0?, 0x0?}) /renterd/alerts/alerts.go:242 +0x53e go.sia.tech/renterd/v2/bus.(*Bus).handleGETAlerts(0xc0001d2c80, {{0x19142d0, 0xc00018a620}, 0xc002180140, {0x0, 0x0, 0x0}}) /renterd/bus/routes.go:1858 +0x24a
Bumps the all-dependencies group with 2 updates: golang.org/x/crypto and golang.org/x/sys.
Updates golang.org/x/crypto from 0.36.0 to 0.37.0
Commits
959f8f3go.mod: update golang.org/x dependencies769bcd6ssh: use the configured rand in kex initd0a798fcryptobyte: fix typo 'octects' into 'octets' for asn1.goacbcbefacme: remove unnecessary []byte conversion376eb14x509roots: support constrained rootsb369b72crypto/internal/poly1305: implement function update in assembly on loong646b853fbssh/knownhosts: check more than one key- See full diff in compare view
Updates golang.org/x/sys from 0.31.0 to 0.32.0
Commits
01aaa83all: simplify code by using modern Go constructs1b2bd6bwindows: replace all StringToUTF16 calls with UTF16FromString1c3b72funix: update Linux kernel to 6.14c175b6bwindows: add cmsghdr and pktinfo structures3330b5eunix: support Readv, Preadv, Writev and Pwritev for darwin7401ccecpu: replace specific instructions with WORD in the function get_cpucfg on lo...b8f7da6cpu: add support for detecting cpu features on loong64f2ce62cwindows: add constants for PMTUD socket options- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
This PR was created automatically. Merging it will create a new release for 0.10.5
- Add Mul helper to Usage type
- Fixed an issue with memory aliasing of merkle proofs
Bumps the all-dependencies group with 1 update: go.sia.tech/web/renterd.
Updates go.sia.tech/web/renterd from 0.77.1 to 0.79.0
Release notes
Sourced from go.sia.tech/web/renterd's releases.
[email protected]
Minor Changes
- e32e617f: The host explorer now has a version column.
- e32e617f: The host explorer now has columns for v2 settings.
- e32e617f: The host explorer address column now gets populates v2 host addresses.
[email protected]
Minor Changes
- 96a58672: The siascan setting toggle was removed from the cmd+k menu.
- 96a58672: Averages prices in the configuration page are based off v2 settings once the current network passes the allow height.
- 9e603732: File download behaviour is now consistent across all browsers.
- 96a58672: Host geolocation data is now provided by the configured explorer.
- 96a58672: Privacy and security settings quick nav actions were added to the cmd+k menu.
- 96a58672: Averages prices in the configuration page are now provided by the configured explorer.
Commits
e4af330chore: release packagese617f65fix(hostd): contact explorer total and modese32e617feat(renterd): host explorer v2 settings columnsd95a0d4refactor(explorer): hastings to fiat method name0bf07adfix(hostd): use immature field for immature balancea56df5achore(explorer): update explored APIs0d5ca6echore: export renterd/v0.78.0 hostd/v0.60.05aba425chore: release packagesab80eb6feat(hostd): remove announce button6a3bcdbfeat(explorer): v2 median prices after hardfork- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
This should go a long way towards catching memory aliasing bugs like https://github.com/SiaFoundation/core/pull/290. I should have done this ages ago. 😬 Basically, the linter flags anything like:
sce := txn.SiacoinInputs[0].Parent // "shallow copy of SiacoinElement; use Move, Share, or Copy" cau.UpdateElementProof(&sce)
To silence it, you annotate each copy with one of those ownership methods, and then we panic if you try to call UpdateElementProof on an element that you don't exclusively own.
Annotating every copy is kind of annoying, but it wasn't too onerous to churn through them once the linter was working. In case it's not clear, the idea is:
- Default to
Copy. - If you're not going to retain the element (e.g. if you're a function that just inspects elements and returns them), you can use
Share. Putting the element inside of a struct (like a transaction) counts as retaining it! Usually, it's okay to useSharewhen passing an element to a function (and consequently, if you're a function that takes an element, you should treat it as shared). - If you "own" the element and you just need to tweak it for whatever reason, you can use
Move. This is most common when callingUpdateElementProofon each element in a map (since can't get a pointer to map values, you need to make a temporary copy, update that, then store it back in the map).Moveis likeShare, except you "retain ownership" so you're still allowed to update the proof.
One nice thing about this approach is that it's opt-in. If you're importing core, you don't need to be aware of any of this stuff, even if you're directly touching elements. But you are encouraged to run the linter on your code and annotate all your copies. I've done this with coreutils and it was pretty easy.
The biggest shortcoming is that this won't detect shallow copies of structs containing an element. For example, if you copy a transaction without .DeepCopy, it won't complain. Flagging every such copy would be impractical, since you would need to add Copy/Share/Move methods to every type containing an element.
Lastly -- yes, this is (to paraphrase Greenspun) "an ad hoc, informally-specified, bug-ridden, slow implementation of half of Rust."
Bumps the all-dependencies group with 2 updates: github.com/go-sql-driver/mysql and go.sia.tech/web/renterd.
Updates github.com/go-sql-driver/mysql from 1.9.0 to 1.9.1
Release notes
Sourced from github.com/go-sql-driver/mysql's releases.
v1.9.1
What's Changed
- add Charset() option by
@methanein go-sql-driver/mysql#1679- Fix FormatDSN missing ConnectionAttributes by
@bogconin go-sql-driver/mysql#1619- go.mod: fix go version format by
@methanein go-sql-driver/mysql#1682- release v1.9.1 by
@methanein go-sql-driver/mysql#1683New Contributors
@bogconmade their first contribution in go-sql-driver/mysql#1619Full Changelog: https://github.com/go-sql-driver/mysql/compare/v1.9.0...v1.9.1
Changelog
Sourced from github.com/go-sql-driver/mysql's changelog.
v1.9.1 (2025-03-21)
Major Changes
- Add Charset() option. (#1679)
Bugfixes
Commits
Updates go.sia.tech/web/renterd from 0.77.0 to 0.77.1
Release notes
Sourced from go.sia.tech/web/renterd's releases.
[email protected]
Patch Changes
- cad48e35: Fixed an issue where a v2ContractResolution event in the wallet would crash the app. Closes SiaFoundation/hostd#629
Commits
f8d7650chore: release packagesb9cb439feat(hostd): v2 contractsce20d28feat(hostd-libs): add v2 contracts apicad48e3fix(hostd): issue with events v2ContractResolution typee63d981feat(explorer): change average price titles to medianea9cc58fix(explorer): change protocolVersion to an array and join7d137c1feat(explorer): add v2 hardfork countdowns to home pagecf5ac11chore(cluster): install v2 module paths7147e15feat(explorer): use v2Settings for host page display1bc11c2chore(explorer-e2e): e2e target should build dependencies- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
This adds a useful helper to Usage. e.g. when computing how much funds to put into a contract it's nice to be able to do RPCAppendSectorCost.Mul(sectorsPerTiB) or whatever.
This PR was created automatically. Merging it will create a new release for 0.10.4
- Fixed several implementations of MaxLen where it was returning a too low number, resulting in decoding errors during contract related RPCs.
Bumps the all-dependencies group with 2 updates: golang.org/x/crypto and golang.org/x/sys.
Updates golang.org/x/crypto from 0.35.0 to 0.36.0
Commits
49bf5b8go.mod: update golang.org/x dependencies24852b6ssh: add decode support for bannersbbc689cssh: use a more straightforward return value- See full diff in compare view
Updates golang.org/x/sys from 0.30.0 to 0.31.0
Commits
74cfc93all: upgrade go directive to at least 1.23.0 [generated]- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
524,628 block height
418 active hosts
6.15 PB total storage
2.30 PB used storage
21,001 commits
71 contributors
469 forks
43 releases
