Celestia v3.7.5 #28
Celestia v3.7.5 #28
Conversation
Try NOT running the nitro CodeQL build in parallel
…tylus-tests Increase EVM Call timeout to avoid flaky CI
…rchived-repo Bring in Missing BoLD PRs
Upgrade the GitHub Actions
fix gas accounting for eth_call
…_calldata Blob prices should not be used if parent chain doesn't return blob price
…nfirmed assertion
Close part files after the copy is done
…3509) Co-authored-by: Pepper Lebeck-Jobe <pepper@offchainlabs.com>
There was a bug where if a duplicate message was processed at a segment boundary, then it would cause an empty segment to be inserted, which broke the invariants of the backlog data structure. The invariants being violated wer: 1. Monotonic sequence number order 2. Segment Continuity: segment[n].End() + 1 == segment[n+1].Start() 3. Non-empty Segments: All segments should contain messages 4. Lookup Uniqueness: Each sequence number maps to exactly one segment 5. Cumulative Size Ordering: Later messages have higher cumulative sizes This bug would break most operations on the backlog (eg Get() which uses a binary search) and cause them to have unpredictable behavior.
…rGlobalStateNotInChain
…rGlobalStateNotInChain
…lstate-not-in-chain-should-be-a-fatal-error-for Return a fatal error instead of stopping the StopWaiter in case of Er…
Pull the changes from OffchainLabs/go-ethereum#519 Close NIT-3769
…ize-multigas-3.7.0-backport Improve CPU performance when processing blocks
Also removed deprecated v42-rc.1 since no one should ever use it
…ckport backport adding consensus v41 to Dockerfile
…3596) * Test Genesis assertion on nitro init * revert go.mod changes
(cherry picked from commit 6f3d900)
…firm_backport Make sure to retry fast confirmation on failure
…port stylus target: infer support of previous sse versions from more advanced ones
The tests which use the releases package were failing because we have had more than 50 non-prerelease releases since the last consensus release, and it was only fetching the first 50 pages from the GitHub API.
* remove support for pre-stylus validation pre-stylus validation is no longer needed, and does create problems. * fail if stylus support not found instead of assuming pre-stylus * ckerfile changes --------- Co-authored-by: Tsahi Zidenberg <65945052+tsahee@users.noreply.github.com>
This change adds support for the new beacon chain endpoint
`/eth/v1/beacon/blobs/{block_id}` introduced in Fusaka while maintaining
backward compatibility with the legacy endpoint
`/eth/v1/beacon/blob_sidecars/{slot}`. block_id can be a slot so Nitro
just uses slot.
The new endpoint supports server-side filtering by versioned hash via
query parameters. Since the Arbitrum sequencer inbox message contains
the versioned hashes of the blobs that were posted, we can include those
in the query.
Key changes:
- Added `UseLegacyEndpoint` flag to BlobClientConfig to control which
endpoint to use
- Created new `GetBlobsBySlot()` public method for direct slot-based
blob fetching
- Implemented `getBlobs()` method for the new endpoint with versioned
hash verification
- Updated `beaconRequest()` to support query parameters for filtering
- Added KZG commitment verification when versioned hashes are provided
Created `blobtool` CLI utility for testing both endpoints:
```
# Fetch specific blob using new endpoint (default)
blobtool fetch --beacon-url=<url> --slot=<slot> --versioned-hashes=<hash>
# Fetch using legacy endpoint (requires versioned hashes)
blobtool fetch --beacon-url=<url> --slot=<slot> --versioned-hashes=<hash> --use-legacy-endpoint
# Compare both endpoints side-by-side
blobtool fetch --beacon-url=<url> --slot=<slot> --versioned-hashes=<hash> --compare-endpoints
```
The new endpoint is used by default, with automatic fallback behavior
maintained through the existing secondary beacon URL mechanism.
Spec reference: https://github.com/ethereum/beacon-APIs/blob/master/apis/beacon/blobs/blobs.yaml
…ts-support-beacon-blob-api Add support for new beacon chain /blobs endpoint
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| name: Build and Test Bold | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out code into the Go module directory | ||
| uses: actions/checkout@v5 | ||
| with: | ||
| submodules: true | ||
|
|
||
| - name: Setup node/yarn | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '24' | ||
| cache: 'yarn' | ||
| cache-dependency-path: "**/yarn.lock" | ||
|
|
||
| - name: Install go | ||
| uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: 1.24.x | ||
|
|
||
| - name: Install Foundry | ||
| uses: foundry-rs/foundry-toolchain@v1 | ||
| with: | ||
| cache: false | ||
| version: v1.0.0 | ||
|
|
||
| - name: AbiGen (nitro) | ||
| run: make contracts | ||
|
|
||
| - name: Get dependencies | ||
| working-directory: ./bold | ||
| run: | | ||
| go get -v -t -d ./... | ||
| - name: Build | ||
| working-directory: ./bold | ||
| run: go build -v ./... | ||
|
|
||
| - name: Test | ||
| working-directory: ./bold | ||
| run: ANVIL=$(which anvil) go test -v -covermode=atomic -coverprofile=coverage.out -timeout=20m ./... | ||
|
|
||
| - name: Upload coverage reports to Codecov | ||
| uses: codecov/codecov-action@v5 | ||
| env: | ||
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 2 months ago
General fix:
Add a permissions: block specifying the least privilege required for the workflow or its jobs. For build and test jobs, the minimal permission is usually contents: read. This can be set for the entire workflow (applies to all jobs unless overridden) or specifically for the job flagged by CodeQL.
Best way to fix:
Add permissions: contents: read at the top level of the workflow file, immediately after the workflow name, or to the build job itself (if you want granular control). The idiomatic approach is to set it at the workflow root unless jobs need different scopes.
Edits required:
-
In
.github/workflows/bold.yml, addpermissions: contents: read
after line 1.
-
No other imports, methods, or changes are required.
| @@ -1,4 +1,6 @@ | ||
| name: Go | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| workflow_dispatch: |
| go-version: 1.24.x | ||
|
|
||
| - name: Install Foundry | ||
| uses: foundry-rs/foundry-toolchain@v1 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| run: ANVIL=$(which anvil) go test -v -covermode=atomic -coverprofile=coverage.out -timeout=20m ./... | ||
|
|
||
| - name: Upload coverage reports to Codecov | ||
| uses: codecov/codecov-action@v5 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
|
|
||
| - name: Upload coverage to Codecov | ||
| uses: codecov/codecov-action@v2 | ||
| uses: codecov/codecov-action@v5 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| restore-keys: ${{ runner.os }}-buildx- | ||
| - name: Build nitro-node docker | ||
| uses: docker/build-push-action@v5 | ||
| uses: docker/build-push-action@v6 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max | ||
| - name: Build nitro-node-dev docker | ||
| uses: docker/build-push-action@v5 | ||
| uses: docker/build-push-action@v6 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| with: | ||
| go-version: "stable" | ||
| - id: list | ||
| uses: shogo82148/actions-go-fuzz/list@v1 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| - uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: "stable" | ||
| - uses: shogo82148/actions-go-fuzz/run@v1 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
|
|
||
| - name: Upload coverage to Codecov | ||
| uses: codecov/codecov-action@v2 | ||
| uses: codecov/codecov-action@v5 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
| - name: Upload coverage to Codecov | ||
| if: steps.changed-files.outputs.any_changed == 'true' | ||
| uses: codecov/codecov-action@v2 | ||
| uses: codecov/codecov-action@v5 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
20 participants
Overview
Updates the main branch to a v3.7.5 compatible release