build(deps): bump the go_modules group with 8 updates

[dependabot]

Bumps the go_modules group with 8 updates:

Package	From	To
github.com/cosmos/ibc-go/v6	6.1.0	6.3.0
github.com/ethereum/go-ethereum	1.10.26	1.13.5
golang.org/x/net	0.9.0	0.17.0
google.golang.org/grpc	1.54.0	1.56.3
github.com/dvsekhvalnov/jose2go	1.5.0	1.6.0
github.com/hashicorp/go-getter	1.7.0	1.7.4
golang.org/x/crypto	0.5.0	0.14.0
google.golang.org/protobuf	1.29.1	1.30.0

Updates github.com/cosmos/ibc-go/v6 from 6.1.0 to 6.3.0

Release notes

Sourced from github.com/cosmos/ibc-go/v6's releases.

v6.3.0

This release includes a fix for the ASA-2024-007 security advisory. Credits to Maxwell Dulin (@​mdulin2) at Asymmetric Research for the discovery and disclosure via our bug bounty program.

Please see the v6.3.0 changelog for the full set of changes included in this release.

---

To learn more about ibc-go versioning, please read our RELEASES.md.

IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.46.12 and ibc-go v6.3.0, please follow:

1. The migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x.
2. The migration from ibc-go v1 to v2.
3. The migration from ibc-go v2 to v3.
4. The migration from ibc-go v3 to v4.
5. The migration from ibc-go v4 to v5.
6. The migration from ibc-go v5 to v6.

v6.2.1

UPDATES

• 5th April 2024: This release is NOT recommended since it is impacted by the ASA-2024-007 security advisory. Please use version >= 6.3.0.

---

We present here a summary of the most relevant changes, please see the v6.2.1 changelog for the full set of changes included in this release.

apps/transfer

• The REST endpoints /ibc/apps/transfer/v1/denom_traces/{hash} and /ibc/apps/transfer/v1/denom_hashes/{trace} accept now values for hash and trace that contain slashes.

Special thanks to our external contributors in this release: @​emidev98

---

To learn more about ibc-go versioning, please read our RELEASES.md.

IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.46.12 and ibc-go v6.2.1, please follow:

1. The migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x.
2. The migration from ibc-go v1 to v2.
3. The migration from ibc-go v2 to v3.
4. The migration from ibc-go v3 to v4.
5. The migration from ibc-go v4 to v5.
6. The migration from ibc-go v5 to v6.

v6.1.2

UPDATES

• 5th April 2024: This release is NOT recommended since it is impacted by the ASA-2024-007 security advisory. Please use version >= 6.3.0.

... (truncated)

Changelog

Sourced from github.com/cosmos/ibc-go/v6's changelog.

v6.3.0 - 2024-04-05

v6.2.1 - 2023-10-20

Bug Fixes

• (apps/transfer) #3045 allow value with slashes in URL template for denom_traces and denom_hashes queries.
• (apps/transfer) #4709 Order query service RPCs to fix availability of denom traces endpoint when no args are provided.

v6.2.0 - 2023-05-31

Dependencies

• #3393 Bump Cosmos SDK to v0.46.12 and replace Tendermint with CometBFT v0.34.37.

Improvements

• (core) #3082 Add HasConnection and HasChannel methods.
• (apps/transfer) #3454 Support transfer authorization unlimited spending when the max uint256 value is provided as limit.

Features

• #3079 Add authz support for ics20.

Bug Fixes

• #3346 Properly handle ordered channels in UnreceivedPackets query.

v6.1.2 - 2023-10-20

Bug Fixes

• (apps/transfer) #3045 allow value with slashes in URL template for denom_traces and denom_hashes queries.
• (apps/transfer) #4709 Order query service RPCs to fix availability of denom traces endpoint when no args are provided.

v6.1.1 - 2023-05-25

Bug Fixes

• #3346 Properly handle ordered channels in UnreceivedPackets query.

Commits

• 8e31269 Update CHANGELOG.md
• 25f7779 update changelog before v6.3.0
• 04275aa Merge pull request from GHSA-j496-crgh-34mx
• bbf1066 Update CHANGELOG.md
• e6b013a prepare changelog for v6.2.1 release
• 627fbd4 fix: denom traces order (backport #4709) (#4885)
• 9b6ad81 fix: allow value with slashes in URL template (backport #3045) (#4869)
• e2201aa Bump ubuntu image used, 22.04 has a more recent version of libc that should m...
• eb90640 Update CHANGELOG.md
• d32a71b remove empty sections
• Additional commits viewable in compare view

Updates github.com/ethereum/go-ethereum from 1.10.26 to 1.13.5

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Carbonaceous (v1.13.5)

Geth v1.13.5 is a scheduled maintenance release fixing a potential data corruption in path scheme which could occur due to a power failure (i.e. entire OS / machine crash).

• Extend ethclient and the simulated backend to allow eth_call against specific block hashes (#28084).
• Downgrade annoying stale transaction propagation logs from warning to debug (#28364).
• Switch to the new KZG trusted setup parameters (#28383).
• Return an error on GraphQL if querying invalid block ranges (#28393, #28412).
• Start publishing Apple Silicon pre-built binaries (#28474, #28475).

And bugfixes:

• Fix a number of corner-cases in path scheme state management (#28198, #28426, #28483).
• Fix an issue when allocating excessively large Pebble caches (#28444).
• Fix a potential snap sync issue with the path based storage (#28327).
• Fix ethclient to properly forwarding explicit 1559 gas caps (#28462).
• Fix gas estimation for 0 priced txs accessing the basefee (#28470).
• Fix an issue where resubscribing to events would hang (#28359).
• Fix ethstats transaction count report regressiob (#28398).
• Fix negative number encoding in ethclient/rpc (#28358).
• Fix GraphQL content type in the response (#28417).

For a full rundown of the changes please consult the Geth 1.13.5 release milestone.

---

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go.
• Ubuntu packages in our Launchpad PPA repository.
• OSX packages in our Homebrew Tap repository.

Archanes (v1.13.4)

Geth v1.13.4 is a non-urgent hotfix release. The previous version of Geth (v1.13.3) introduced a warning log for bad transaction announcements, and on mainnet it generated too much logging noise due to a protocol violation in Erigon. To prevent overwhelming logging systems, Geth v1.13.4 lower the log to a more reasonable level until the bug in Erigon is fixed #28356.

Apart from the above reason, the release contains:

• Fix a snap sync corner-case that could cause a hang by a maliciously constructed contract storage (#28306).
• Update various dependencies to unstick versions of Go libs (#28329, #28333, #28334, #28332, #28336).
• Enable Pebble database support on 32bit platforms and on OpenBSD too (#28335).
• Fix returning the correct code hash for eth_getProof with empty storage (#28357).
• Simplify trie range prover for some upcoming snap sync optimisations (#28311).
• Fix a timeout mechanism in the transaction fetcher (#28220).

For a full rundown of the changes please consult the Geth 1.13.4 release milestone.

---

As with all our previous releases, you can find the:

... (truncated)

Commits

• 916d6a4 params: release Geth v1.15.5
• f265cc2 cmd/geth: remove some whitespace in code and comments (#28148)
• 49b2c5f build: upgrade -dlgo version to Go 1.21.4 (#28505)
• ce5a480 ethclient: add empty/nonexist account testcase for eth_getProof RPC (#28482)
• 2f4833b cmd/evm: allow state dump regardless if test passes in statetest (#28484)
• 326fa00 core/rawdb: fsync the index file after each freezer write (#28483)
• e38b9f1 eth/filters: exit early if topics-filter has more than 4 topics (#28494)
• f7dde2a ethdb/pebble: add Errorf function to panicLogger (#28491)
• b77a9b1 cmd/geth: more testcases for logging (#28501)
• 7ea860d graphql: type of yParity from Long to BigInt (#28456)
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.9.0 to 0.17.0

Commits

• b225e7c http2: limit maximum handler goroutines to MaxConcurrentStreams
• 88194ad go.mod: update golang.org/x dependencies
• 2b60a61 quic: fix several bugs in flow control accounting
• 73d82ef quic: handle DATA_BLOCKED frames
• 5d5a036 quic: handle streams moving from the data queue to the meta queue
• 350aad2 quic: correctly extend peer's flow control window after MAX_DATA
• 21814e7 quic: validate connection id transport parameters
• a600b35 quic: avoid redundant MAX_DATA updates
• ea63359 http2: check stream body is present on read timeout
• ddd8598 quic: version negotiation
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.54.0 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

• server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

  In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

• client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

• client: support channel idleness using WithIdleTimeout dial option (#6263)
  • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
• client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
• xds: Add support for Custom LB Policies (gRFC A52) (#6224)
• xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
• client: add support for pickfirst address shuffling (gRFC A62) (#6311)
• xds: Add support for String Matcher Header Matcher in RDS (#6313)
• xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • Special Thanks: @​s-matyukevich
• xds: enable RLS in xDS by default (#6343)
• orca: add support for application_utilization field and missing range checks on several metrics setters
• balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
• authz: add conversion of json to RBAC Audit Logging config (#6192)
• authz: add support for stdout logger (#6230 and #6298)
• authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

• orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
• xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
• xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

• orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

• xds: enable federation support by default (#6151)
• status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits

• 1055b48 Update version.go to 1.56.3 (#6713)
• 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
• bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
• faab873 Update version.go to v1.56.2 (#6432)
• 6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
• ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
• cd6a794 Update version.go to v1.56.2-dev (#6387)
• 5b67e5e Update version.go to v1.56.1 (#6386)
• d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
• 997c1ea Change version to 1.56.1-dev (#6345)
• Additional commits viewable in compare view

Updates github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0

Commits

• 48ba0b7 Merge pull request #32 from dvsekhvalnov/issue-31-security-tuning
• 05eb007 docs
• e0264a2 added helper matchers: Alg and Eng
• 0f6c7c3 MatchAlg helper
• cf0a53b docs
• 2995762 docs
• 9a18aff docs
• 675bb14 docs
• 8e9e0d1 updated p2c limits with new OWASP numbers, docs
• ed5dd96 Unit tests for custom 'p2c' headers min/max limits
• Additional commits viewable in compare view

Updates github.com/hashicorp/go-getter from 1.7.0 to 1.7.4

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.4

What's Changed

• Escape user-provided strings in git commands hashicorp/go-getter#483
• Fixed a bug in .netrc handling if the file does not exist hashicorp/go-getter#433

Full Changelog: hashicorp/go-getter@v1.7.3...v1.7.4

v1.7.3

What's Changed

• SEC-090: Automated trusted workflow pinning (2023-04-21) by @​hashicorp-tsccr in hashicorp/go-getter#432
• SEC-090: Automated trusted workflow pinning (2023-09-11) by @​hashicorp-tsccr in hashicorp/go-getter#454
• SEC-090: Automated trusted workflow pinning (2023-09-18) by @​hashicorp-tsccr in hashicorp/go-getter#458
• don't change GIT_SSH_COMMAND when there is no sshKeyFile by @​jbardin in hashicorp/go-getter#459

New Contributors

• @​hashicorp-tsccr made their first contribution in hashicorp/go-getter#432

Full Changelog: hashicorp/go-getter@v1.7.2...v1.7.3

v1.7.2

What's Changed

• Don't override GIT_SSH_COMMAND when not needed by @​nl-brett-stime hashicorp/go-getter#300

Full Changelog: hashicorp/go-getter@v1.7.1...v1.7.2

v1.7.1

No release notes provided.

Commits

• 268c11c escape user provide string to git (#483)
• 975961f Merge pull request #433 from adrian-bl/netrc-fix
• 0298a22 Merge pull request #459 from hashicorp/jbardin/setup-git-env
• c70d9c9 don't change GIT_SSH_COMMAND if there's no keyfile
• 3d5770f Merge pull request #458 from hashicorp/tsccr-auto-pinning/trusted/2023-09-18
• 0688979 Result of tsccr-helper -log-level=info -pin-all-workflows .
• e66f244 Merge pull request #454 from hashicorp/tsccr-auto-pinning/trusted/2023-09-11
• e80b3dc Result of tsccr-helper -log-level=info -pin-all-workflows .
• 2d49e24 Merge pull request #432 from hashicorp/tsccr-auto-pinning/trusted/2023-04-21
• 5ccb39a Make addAuthFromNetrc ignore ENOTDIR errors
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.5.0 to 0.14.0

Commits

• e3cc52e go.mod: update golang.org/x dependencies
• 833695f ssh: add server side support for ping@openssh.com protocol extension
• ec07f4e chacha20: drop Go 1.10 compatibility for arm64
• b665ba6 all: use crypto/ed25519 instead of golang.org/x/crypto/ed25519
• a1aeb9b ssh: add test cases for compatibility with old (buggy) clients
• 28c53ff ssh: add MultiAlgorithmSigner
• 3f0842a sha3: have ShakeHash extend hash.Hash
• e90f1e1 cryptobyte: add uint48 methods
• d359caa ssh: support for marshaling keys using the OpenSSH format
• c5370d2 ssh: check the declared public key algo against decoded one
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.29.1 to 1.30.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.