Merge remote-tracking branch 'origin/main' into avoid-reverifying-min…

…ed-mempool-txs

.github/mergify.yml

@@ -10,90 +10,60 @@ merge_queue:
 # Provides a means to set configuration values that act as fallbacks
 # for queue_rules and pull_request_rules
 defaults:
-  actions:
-    squash:
-      # TODO: Adapt our PR template to use title+body
-      commit_message: all-commits
-
+  # Define our default queue rules
   queue_rule:
     # Allow to update/rebase the original pull request if possible to check its mergeability,
     # and it does not create a draft PR if not needed
     allow_inplace_checks: True
-    batch_size: 20
     # Wait for about 10% of the time it takes Rust PRs to run CI (~1h)
     batch_max_wait_time: "10 minutes"
     queue_conditions:
       # Mergify automatically applies status check, approval, and conversation rules,
       # which are the same as the GitHub main branch protection rules
       # https://docs.mergify.com/conditions/#about-branch-protection
       - base=main
+      # is not in draft
+      - -draft
+      # does not include the do-not-merge label
+      - label!=do-not-merge
+      # has at least one approving reviewer
+      - "#approved-reviews-by >= 1"
+
 
 # Allows to define the rules that reign over our merge queues
 queue_rules:
   - name: urgent
-    batch_size: 8
+    batch_size: 5
     # Wait a short time to embark hotfixes together in a merge train
     batch_max_wait_time: "2 minutes"
+    queue_conditions:
+      # is labeled with Critical priority
+      - 'label~=^P-Critical'
 
   - name: batched
+    batch_size: 20
+
+pull_request_rules:
+  - name: move to any queue if GitHub Rulesets are satisfied
+    conditions: []
+    actions:
+      queue:
 
 # Rules that will determine which priority a pull request has when entering
 # our merge queue
 #
 # These rules are checked in order, the first one to be satisfied applies
 priority_rules:
-  - name: move to urgent queue when CI passes with multiple reviews
+  - name: urgent
     conditions:
-      # This queue handles a PR if it:
-      # has multiple approving reviewers
-      - "#approved-reviews-by>=2"
       # is labeled with Critical priority
       - 'label~=^P-Critical'
-      # and satisfies the standard merge conditions:
-      # targets main
-      - base=main
-      # is not in draft
-      - -draft
-      # does not include the do-not-merge label
-      - label!=do-not-merge
     allow_checks_interruption: true
     priority: high
 
-  - name: move to urgent queue when CI passes with 1 review
+  - name: low
     conditions:
-      # This queue handles a PR if it:
-      # has at least one approving reviewer (branch protection rule)
-      # does not need extra reviews
-      - 'label!=extra-reviews'
-      # is labeled with Critical priority
-      - 'label~=^P-Critical'
-      # and satisfies the standard merge conditions:
-      - base=main
-      - -draft
-      - label!=do-not-merge
-    priority: high
-
-  - name: move to medium queue when CI passes with multiple reviews
-    conditions:
-      # This queue handles a PR if it:
-      # has multiple approving reviewers
-      - "#approved-reviews-by>=2"
-      # is labeled with any other priority (rules are checked in order)
-      # and satisfies the standard merge conditions:
-      - base=main
-      - -draft
-      - label!=do-not-merge
-    priority: medium
-
-  - name: move to low queue when CI passes with 1 review
-    conditions:
-      # This queue handles a PR if it:
-      # has at least one approving reviewer (branch protection rule)
-      # does not need extra reviews
-      - 'label!=extra-reviews'
-      # is labeled with any other priority (rules are checked in order)
-      # and satisfies the standard merge conditions:
-      - base=main
-      - -draft
-      - label!=do-not-merge
+      # is labeled with Optional or Low priority
+      - 'label~=^P-(Optional|Low)'
+    allow_checks_interruption: true
     priority: low

.github/workflows/ci-coverage.yml

@@ -103,4 +103,4 @@ jobs:
         run: cargo llvm-cov --lcov --no-run --output-path lcov.info
 
       - name: Upload coverage report to Codecov
-        uses: codecov/codecov-action@v4.6.0
+        uses: codecov/codecov-action@v5.0.7

.github/workflows/ci-lint.yml

@@ -44,7 +44,7 @@ jobs:
 
       - name: Rust files
         id: changed-files-rust
-        uses: tj-actions/[email protected].3
+        uses: tj-actions/[email protected].4
         with:
           files: |
             **/*.rs
@@ -56,7 +56,7 @@ jobs:
 
       - name: Workflow files
         id: changed-files-workflows
-        uses: tj-actions/[email protected].3
+        uses: tj-actions/[email protected].4
         with:
           files: |
             .github/workflows/*.yml

.github/workflows/scripts/release-crates-dry-run.sh

@@ -20,11 +20,11 @@ fi
 # We use the same commands as the [release drafter](https://github.com/ZcashFoundation/zebra/blob/main/.github/PULL_REQUEST_TEMPLATE/release-checklist.md#update-crate-versions)
 # with an extra `--no-confirm` argument for non-interactive testing.
 # Update everything except for alpha crates and zebrad:
-cargo release version --verbose --execute --no-confirm --allow-branch '*' --workspace --exclude zebrad --exclude zebra-scan --exclude zebra-grpc patch
+cargo release version --verbose --execute --no-confirm --allow-branch '*' --workspace --exclude zebrad --exclude zebra-scan --exclude zebra-grpc beta
 
 # Due to a bug in cargo-release, we need to pass exact versions for alpha crates:
-cargo release version --verbose --execute --no-confirm --allow-branch '*' --package zebra-scan 0.1.0-alpha.11
-cargo release version --verbose --execute --no-confirm --allow-branch '*' --package zebra-grpc 0.1.0-alpha.9
+cargo release version --verbose --execute --no-confirm --allow-branch '*' --package zebra-scan 0.1.0-alpha.13
+cargo release version --verbose --execute --no-confirm --allow-branch '*' --package zebra-grpc 0.1.0-alpha.11
 
 # Update zebrad:
 cargo release version --verbose --execute --no-confirm --allow-branch '*' --package zebrad patch

.github/workflows/sub-build-docker-image.yml

@@ -93,7 +93,7 @@ jobs:
       # Automatic tag management and OCI Image Format Specification for labels
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v5.5.1
+        uses: docker/metadata-action@v5.6.1
         with:
           # list of Docker images to use as base name for tags
           # We only publish images to DockerHub if a release is not a pre-release
@@ -161,7 +161,7 @@ jobs:
       # Build and push image to Google Artifact Registry, and possibly DockerHub
       - name: Build & push
         id: docker_build
-        uses: docker/build-push-action@v6.9.0
+        uses: docker/build-push-action@v6.10.0
         with:
           target: ${{ inputs.dockerfile_target }}
           context: .
@@ -193,7 +193,7 @@ jobs:
         # - `dev` for a pull request event
       - name: Docker Scout
         id: docker-scout
-        uses: docker/[email protected].0
+        uses: docker/[email protected].1
         # We only run Docker Scout on the `runtime` target, as the other targets are not meant to be released
         # and are commonly used for testing, and thus are ephemeral.
         # TODO: Remove the `contains` check once we have a better way to determine if just new vulnerabilities are present.

CHANGELOG.md

@@ -5,6 +5,45 @@ All notable changes to Zebra are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org).
 
+## [Zebra 2.1.0](https://github.com/ZcashFoundation/zebra/releases/tag/v2.1.0) - 2024-12-06
+
+This release adds a check to verify that V5 transactions in the mempool have the correct consensus branch ID; 
+Zebra would previously accept those and return a transaction ID (indicating success) even though they would
+be eventually rejected by the block consensus checks. Similarly, Zebra also now returns an error when trying
+to submit transactions that would eventually fail some consensus checks (e.g. double spends) but would also 
+return a transaction ID indicating success.  The release also bumps
+Zebra's initial minimum protocol version such that this release of Zebra will always reject connections with peers advertising
+a network protocol version below 170,120 on Mainnet and 170,110 on Testnet instead of accepting those connections until Zebra's
+chain state reaches the NU6 activation height.
+The `getblock` RPC method has been updated and now returns some additional information
+such as the block height (even if you provide a block hash) and other fields as supported
+by the `getblockheader` RPC call.
+
+### Breaking Changes
+
+- Upgrade minimum protocol versions for all Zcash networks ([#9058](https://github.com/ZcashFoundation/zebra/pull/9058))
+
+### Added
+
+- `getblockheader` RPC method ([#8967](https://github.com/ZcashFoundation/zebra/pull/8967))
+- `rust-toolchain.toml` file ([#8985](https://github.com/ZcashFoundation/zebra/pull/8985))
+
+### Changed
+
+- Updated `getblock` RPC to more closely match zcashd ([#9006](https://github.com/ZcashFoundation/zebra/pull/9006))
+- Updated error messages to include inner error types (notably for the transaction verifier) ([#9066](https://github.com/ZcashFoundation/zebra/pull/9066))
+
+### Fixed
+
+- Validate consensus branch ids of mempool transactions ([#9063](https://github.com/ZcashFoundation/zebra/pull/9063))
+- Verify mempool transactions with unmined inputs if those inputs are in the mempool to support TEX transactions ([#8857](https://github.com/ZcashFoundation/zebra/pull/8857))
+- Wait until transactions have been added to the mempool before returning success response from `sendrawtransaction` RPC ([#9067](https://github.com/ZcashFoundation/zebra/pull/9067))
+
+### Contributors
+
+Thank you to everyone who contributed to this release, we couldn't make Zebra without you:
+@arya2, @conradoplg, @cypherpepe, @gustavovalverde, @idky137, @oxarbitrage, @pinglanlu and @upbqdn
+
 ## [Zebra 2.0.1](https://github.com/ZcashFoundation/zebra/releases/tag/v2.0.1) - 2024-10-30
 
 - Zebra now supports NU6 on Mainnet. This patch release updates dependencies