build(deps): bump the go_modules group with 6 updates

[dependabot]

Bumps the go_modules group with 6 updates:

Package	From	To
github.com/cosmos/cosmos-sdk	0.47.10	0.50.5
github.com/cosmos/ibc-go/v7	7.2.0	7.4.0
github.com/ethereum/go-ethereum	1.10.26	1.13.5
golang.org/x/net	0.19.0	0.21.0
golang.org/x/crypto	0.16.0	0.19.0
google.golang.org/protobuf	1.32.0	1.33.0

Updates github.com/cosmos/cosmos-sdk from 0.47.10 to 0.50.5

Release notes

Sourced from github.com/cosmos/cosmos-sdk's releases.

v0.50.5

Cosmos SDK v0.50.5 Release Notes

💬 Release Discussion

🚀 Highlights

This is time for another patch release of Cosmos SDK Eden. This release includes a few notable fixes:

• Fix a bypass delegator slashing: GHSA-86h5-xcpx-cfqc
• Fix an issue in baseapp.ValidateVoteExtensions helper: GHSA-95rx-m9m5-m94v
• Allow to provide custom signers for x/auth/tx using depinject

We recommended to upgrade to this patch release as soon as possible.
When upgrading from <= v0.50.4, please ensure that 2/3 of the validator power upgrade to v0.50.5.

📝 Changelog

Check out the changelog for an exhaustive list of changes, or compare changes from the last release.

Refer to the upgrading guide when migrating from v0.47.x to v0.50.1. Note, that the next SDK release, v0.51, will not include x/params migration, when migrating from < v0.47, v0.50.x or v0.47.x, is a mandatory migration.

v0.50.4

Cosmos SDK v0.50.4 Release Notes

💬 Release Discussion

🚀 Highlights

Some months ago Cosmos SDK Eden was released. Missed the announcement? Read it here. For this month patch release of the v0.50.x line, a few features and improvements were added to the SDK.

Notably, we added and fixed the following:

• Adds in-place testnet CLI command for creating testnets from local state (kudos to @​czarcas7ic)
• Multiple fixes in baseapp, with fixes in DefaultProposalHandler and vote extensions
• Add a missed check in x/auth/vesting: GHSA-4j93-fm92-rp4m

We recommended to upgrade to this patch release as soon as possible.
When upgrading from <= v0.50.3, please ensure that 2/3 of the validator power upgrade to v0.50.4.

📝 Changelog

Check out the changelog for an exhaustive list of changes, or compare changes from the last release.

Refer to the upgrading guide when migrating from v0.47.x to v0.50.1. Note, that the next SDK release, v0.51.0, will not include x/params migration, when migrating from < v0.47, v0.50.x or v0.47.x, is a mandatory migration.

... (truncated)

Changelog

Sourced from github.com/cosmos/cosmos-sdk's changelog.

v0.50.5 - 2024-03-12

Features

• (baseapp) #19626 Add DisableBlockGasMeter option to BaseApp, which removes the block gas meter during transaction execution.

Improvements

• (x/distribution) #19707 Add autocli config for DelegationTotalRewards for CLI consistency with q rewards commands in previous versions.
• (x/auth) #19651 Allow empty public keys in GetSignBytesAdapter.

Bug Fixes

• (x/gov) #19725 Fetch a failed proposal tally from proposal.FinalTallyResult in the gprc query.
• (types) #19709 Fix skip staking genesis export when using CoreAppModuleAdaptor / CoreAppModuleBasicAdaptor for it.
• (x/auth) #19549 Accept custom get signers when injecting x/auth/tx.
• (x/staking) Fix a possible bypass of delegator slashing: GHSA-86h5-xcpx-cfqc
• (baseapp) Fix a bug in baseapp.ValidateVoteExtensions helper (GHSA-95rx-m9m5-m94v). The helper has been fixed and for avoiding API breaking changes currentHeight and chainID arguments are ignored. Those arguments are removed from the helper in v0.51+.

v0.50.4 - 2023-02-19

Features

• (server) #19280 Adds in-place testnet CLI command.

Improvements

• (client) #19393 Add ReadDefaultValuesFromDefaultClientConfig to populate the default values from the default client config in client.Context without creating a app folder.

Bug Fixes

• (x/auth/vesting) GHSA-4j93-fm92-rp4m Add BlockedAddr check in CreatePeriodicVestingAccount.
• (baseapp) #19338 Set HeaderInfo in context when calling setState.
• (baseapp): #19200 Ensure that sdk side ve math matches cometbft.
• #19106 Allow empty public keys when setting signatures. Public keys aren't needed for every transaction.
• (baseapp) #19198 Remove usage of pointers in logs in all optimistic execution goroutines.
• (baseapp) #19177 Fix baseapp DefaultProposalHandler same-sender non-sequential sequence.
• (crypto) #19371 Avoid CLI redundant log in stdout, log to stderr instead.

v0.50.3 - 2023-01-15

Features

• (types) #18991 Add SignerExtractionAdapter to PriorityNonceMempool/Config and provide Default implementation matching existing behavior.
• (gRPC) #19043 Add halt_height to the gRPC /cosmos/base/node/v1beta1/config request.

Improvements

• (x/bank) #18956 Introduced a new DenomOwnersByQuery query method for DenomOwners, which accepts the denom value as a query string parameter, resolving issues with denoms containing slashes.
• (x/gov) #18707 Improve genesis validation.

... (truncated)

Commits

• a321866 chore: prepare v0.50.5 (#19715)
• a877c47 fix(x/gov): grpc query tally for failed proposal (backport #19725) (#19727)
• c382225 feat(x/distribution): add rewards-by-validator autocli config (backport #1970...
• f055cde feat(baseapp): add option to disable block gas meter (#19626)
• 4467110 Merge pull request from GHSA-95rx-m9m5-m94v
• 6689e36 build(deps): Bump deps (backport #19655) (#19711)
• 3382e8e fix(types): check for HasABCIGenesis in CoreAppModuleBasicAdaptor (#19709)
• f9041cd refactor(x/auth): allow empty public keys for GetSignBytesAdapter (backport #...
• 2abd2ec feat(client/v2): marshal enum as string (#19653)
• 09a49fe build(deps): Bump cosmossdk.io/x/tx from 0.13.0 to 0.13.1 (#19665)
• Additional commits viewable in compare view

Updates github.com/cosmos/ibc-go/v7 from 7.2.0 to 7.4.0

Release notes

Sourced from github.com/cosmos/ibc-go/v7's releases.

v7.4.0

This release includes a fix for the ASA-2024-007 security advisory. Credits to Maxwell Dulin (@​mdulin2) at Asymmetric Research for the discovery and disclosure via our bug bounty program.

Please see the v7.4.0 changelog for the full set of changes included in this release.

---

To learn more about ibc-go versioning, please read our RELEASES.md.

IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.47.8 and ibc-go v7.4.0, please follow:

1. The migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x.
2. The migration from ibc-go v1 to v2.
3. The migration from ibc-go v2 to v3.
4. The migration from ibc-go v3 to v4.
5. The migration from ibc-go v4 to v5.
6. The migration from ibc-go v5 to v6.
7. The migration from ibc-go v6 to v7.

v7.3.2

UPDATES

• 5th April 2024: This release is NOT recommended since it is impacted by the ASA-2024-007 security advisory. Please use version >= 7.4.0.

---

We present here a summary of the most relevant changes, please see the v7.3.2 changelog for the full set of changes included in this release.

dependencies

• Cosmos SDK has been bumped to v0.47.8.
• CometBFT has been bumped to v0.37.4.

core

• The emission of events on erroneous IBC application callbacks was removed due to the huckleberry security advisory. Since then, many users have been unable to debug their IBC applications effectively causing a considerable uptick in support requests across many chains. In this release we are introducing re-enabling emission of events on erroneous IBC application callbacks by appending the prefix ibccallbackerror- to all event type and attribute keys.

Special thanks to our external contributors in this release: @​emidev98

---

To learn more about ibc-go versioning, please read our RELEASES.md.

IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.47.8 and ibc-go v7.3.2, please follow:

1. The migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x.
2. The migration from ibc-go v1 to v2.
3. The migration from ibc-go v2 to v3.
4. The migration from ibc-go v3 to v4.
5. The migration from ibc-go v4 to v5.

... (truncated)

Changelog

Sourced from github.com/cosmos/ibc-go/v7's changelog.

v7.4.0 - 2024-04-05

v7.3.2 - 2024-01-31

Dependencies

• #5717 Update Cosmos SDK to v0.47.8 and CometBFT to v0.37.4.

Improvements

• (core) #5541 Enable emission of events on erroneous IBC application callbacks by appending a prefix to all event type and attribute keys.

Bug Fixes

• (apps/27-interchain-accounts) #4944 Add missing proto interface registration.

v7.3.1 - 2023-10-20

Dependencies

• #4539 Update Cosmos SDK to v0.47.5.

Improvements

• (apps/27-interchain-accounts) #4537 Add argument to generate-packet-data cli to choose the encoding format for the messages in the ICA packet data.

Bug Fixes

• (apps/transfer) #4709 Order query service RPCs to fix availability of denom traces endpoint when no args are provided.

v7.3.0 - 2023-08-31

Dependencies

• #4122 Update Cosmos SDK to v0.47.4.

Improvements

• #4187 Adds function WithICS4Wrapper to keepers to allow to set the middleware after the keeper's creation.
• (light-clients/06-solomachine) #4429 Remove IBC key from path of bytes signed by solomachine and not escape the path.

Features

• (apps/27-interchain-accounts) #3796 Adds support for json tx encoding for interchain accounts.
• #4188 Adds optional PacketDataUnmarshaler interface that allows a middleware to request the packet data to be unmarshaled by the base application.
• #4199 Adds optional PacketDataProvider interface for retrieving custom packet data stored on behalf of another application.
• #4200 Adds optional PacketData interface which application's packet data may implement.

Bug Fixes

... (truncated)

Commits

• 802ca26 Update CHANGELOG.md
• 90c6f37 update changelog before v7.4.0
• e78b3a2 Merge pull request from GHSA-j496-crgh-34mx
• 373fc7f Update CHANGELOG.md
• 747eb6f update changelog before v7.3.2 release
• 5a45eda deps(release/v7.3.x): update sdk v0.47.8 (#5717)
• 825fe90 imp(core): allow huckleberry events with a prefix (backport #5541) (#5574)
• bef2278 fix(msg): register proto interface (backport #4944) (#4953)
• d73c6d0 Update CHANGELOG.md
• bc74146 prepare changelog for v7.3.1 release
• Additional commits viewable in compare view

Updates github.com/ethereum/go-ethereum from 1.10.26 to 1.13.5

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Carbonaceous (v1.13.5)

Geth v1.13.5 is a scheduled maintenance release fixing a potential data corruption in path scheme which could occur due to a power failure (i.e. entire OS / machine crash).

• Extend ethclient and the simulated backend to allow eth_call against specific block hashes (#28084).
• Downgrade annoying stale transaction propagation logs from warning to debug (#28364).
• Switch to the new KZG trusted setup parameters (#28383).
• Return an error on GraphQL if querying invalid block ranges (#28393, #28412).
• Start publishing Apple Silicon pre-built binaries (#28474, #28475).

And bugfixes:

• Fix a number of corner-cases in path scheme state management (#28198, #28426, #28483).
• Fix an issue when allocating excessively large Pebble caches (#28444).
• Fix a potential snap sync issue with the path based storage (#28327).
• Fix ethclient to properly forwarding explicit 1559 gas caps (#28462).
• Fix gas estimation for 0 priced txs accessing the basefee (#28470).
• Fix an issue where resubscribing to events would hang (#28359).
• Fix ethstats transaction count report regressiob (#28398).
• Fix negative number encoding in ethclient/rpc (#28358).
• Fix GraphQL content type in the response (#28417).

For a full rundown of the changes please consult the Geth 1.13.5 release milestone.

---

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go.
• Ubuntu packages in our Launchpad PPA repository.
• OSX packages in our Homebrew Tap repository.

Archanes (v1.13.4)

Geth v1.13.4 is a non-urgent hotfix release. The previous version of Geth (v1.13.3) introduced a warning log for bad transaction announcements, and on mainnet it generated too much logging noise due to a protocol violation in Erigon. To prevent overwhelming logging systems, Geth v1.13.4 lower the log to a more reasonable level until the bug in Erigon is fixed #28356.

Apart from the above reason, the release contains:

• Fix a snap sync corner-case that could cause a hang by a maliciously constructed contract storage (#28306).
• Update various dependencies to unstick versions of Go libs (#28329, #28333, #28334, #28332, #28336).
• Enable Pebble database support on 32bit platforms and on OpenBSD too (#28335).
• Fix returning the correct code hash for eth_getProof with empty storage (#28357).
• Simplify trie range prover for some upcoming snap sync optimisations (#28311).
• Fix a timeout mechanism in the transaction fetcher (#28220).

For a full rundown of the changes please consult the Geth 1.13.4 release milestone.

---

As with all our previous releases, you can find the:

... (truncated)

Commits

• 916d6a4 params: release Geth v1.15.5
• f265cc2 cmd/geth: remove some whitespace in code and comments (#28148)
• 49b2c5f build: upgrade -dlgo version to Go 1.21.4 (#28505)
• ce5a480 ethclient: add empty/nonexist account testcase for eth_getProof RPC (#28482)
• 2f4833b cmd/evm: allow state dump regardless if test passes in statetest (#28484)
• 326fa00 core/rawdb: fsync the index file after each freezer write (#28483)
• e38b9f1 eth/filters: exit early if topics-filter has more than 4 topics (#28494)
• f7dde2a ethdb/pebble: add Errorf function to panicLogger (#28491)
• b77a9b1 cmd/geth: more testcases for logging (#28501)
• 7ea860d graphql: type of yParity from Long to BigInt (#28456)
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.19.0 to 0.21.0

Commits

• 73d21fd go.mod: update golang.org/x dependencies
• 643fd16 html: fix SOLIDUS '/' handling in attribute parsing
• 73e4b50 dns/dnsmessage: allow name compression for SRV resource parsing
• b2208d0 internal/quic/qlog: fix typo
• 0d0b98c http2: avoid goroutine starvation in TestServer_Push_RejectAfterGoAway
• 07e05fd http2: remove suspicious uint32->v conversion in frame code
• 26b646e quic: avoid deadlock in Endpoint.Close
• cb5b10f go.mod: update golang.org/x dependencies
• 689bbc7 quic: deflake TestStreamsCreateConcurrency
• f12db26 internal/quic/cmd/interop: use wget --no-verbose in Dockerfile
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.16.0 to 0.19.0

Commits

• 405cb3b go.mod: update golang.org/x dependencies
• 913d3ae x509roots/fallback: update bundle
• dbb6ec1 ssh/test: skip tests on darwin that fail on the darwin-amd64-longtest LUCI bu...
• 403f699 ssh/test: avoid leaking a net.UnixConn in server.TryDialWithAddr
• 055043d go.mod: update golang.org/x dependencies
• 08396bb internal/poly1305: drop Go 1.12 compatibility
• 9d2ee97 ssh: implement strict KEX protocol changes
• 4e5a261 ssh: close net.Conn on all NewServerConn errors
• 152cdb1 x509roots/fallback: update bundle
• fdfe1f8 ssh: defer channel window adjustment
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.32.0 to 1.33.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #32.