build(deps): Bump the go_modules group across 1 directory with 5 updates

[dependabot]

Bumps the go_modules group with 3 updates in the / directory: github.com/cometbft/cometbft, github.com/hashicorp/go-getter and google.golang.org/protobuf.

Updates github.com/cometbft/cometbft from 0.37.2 to 0.38.8

Release notes

Sourced from github.com/cometbft/cometbft's releases.

v0.38.8

See the CHANGELOG for this release.

v0.38.7

See the CHANGELOG for this release.

v0.38.6

See the CHANGELOG for this release.

v0.38.5

See the CHANGELOG for this release.

v0.38.4

See the CHANGELOG for this release.

v0.38.3

See the CHANGELOG for this release.

v0.38.2

See the CHANGELOG for this release.

v0.38.1

See the CHANGELOG for this release.

v0.38.0

See the CHANGELOG for this release.

v0.38.0-rc3

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-rc2

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-rc1

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-alpha.2

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.38.0-alpha.1

See the CHANGELOG for changes available in this pre-release, but not yet officially released.

v0.37.10

CHANGELOG

v0.37.9

See the CHANGELOG for this release.

v0.37.8

See the CHANGELOG for this release.

... (truncated)

Changelog

Sourced from github.com/cometbft/cometbft's changelog.

v0.38.8

June 27, 2024

This release contains a few bug fixes and performance improvements.

BREAKING CHANGES

• [mempool] Add to the Mempool interface a new method PreUpdate(). This method should be called before acquiring the mempool lock, to signal that a new update is coming. Also add to ErrMempoolIsFull a new field RecheckFull. (#3314)

BUG FIXES

• [mempool] Fix data race when rechecking with async ABCI client (#1827)
• [consensus] Fix a race condition in the consensus timeout ticker. Race is caused by two timeouts being scheduled at the same time. (#3092)
• [types] Do not batch verify a commit if the validator set keys have different types. (#3195

IMPROVEMENTS

• [blockstore] Added peer banning in blockstore (#ABC-0013)
• [blockstore] Send correct error message when vote extensions do not align with received packet (#ABC-0014)
• [config] Added recheck_timeout mempool parameter to set how much time to wait for recheck responses from the app (only applies to non-local ABCI clients). (#1827)
• [rpc] Add a configurable maximum batch size for RPC requests. (#2867).
• [event-bus] Remove the debug logs in PublishEventTx, which were noticed production slowdowns. (#2911)
• [state/execution] Cache the block hash computation inside of the Block Type, so we only compute it once. (#2924)
• [consensus/state] Remove a redundant VerifyBlock call in FinalizeCommit (#2928)
• [p2p/channel] Speedup ProtoIO writer creation time, and thereby speedup channel writing by 5%. (#2949)
• [p2p/conn] Minor speedup (3%) to connection.WritePacketMsgTo, by removing MinInt calls. (#2952)
• [internal/bits] 10x speedup creating initialized bitArrays, which speedsup extendedCommit.BitArray(). This is used in consensus vote gossip. (#2959).
• [blockstore] Remove a redundant Header.ValidateBasic call in LoadBlockMeta, 75% reducing this time. (#2964)
• [p2p/conn] Speedup connection.WritePacketMsgTo, by reusing internal buffers rather than re-allocating. (#2986)
• [blockstore] Use LRU caches in blockstore, significiantly improving consensus gossip routine performance

... (truncated)

Commits

• 6959205 Release/v0.38.8 (#3350)
• 8ba2e4f Merge pull request from GHSA-hg58-rf2h-6rr7
• 0a89ec1 Update blocksync/pool_test.go
• 065810c Readded good peer to test
• 007efd7 Removed defers from test
• 4199f27 Remove one thread to make test more compact
• 8a473ca Update blocksync/pool_test.go
• 872210c Update blocksync/pool_test.go
• 4cb0df8 Update blocksync/pool_test.go
• 26bda8b Test assertions have more detail
• Additional commits viewable in compare view

Updates github.com/cosmos/cosmos-sdk from 0.47.4 to 0.46.7

Changelog

Sourced from github.com/cosmos/cosmos-sdk's changelog.

v0.47.4 - 2023-07-17

Features

• (sims) #16656 Add custom max gas for block for sim config with unlimited as default.

Improvements

• (cli) #16856 Improve simd prune UX by using the app default home directory and set pruning method as first variable argument (defaults to default). pruning.PruningCmd rest unchanged for API compatibility, use pruning.Cmd instead.
• (testutil) #16704 Make app config configurator for testing configurable with external modules.
• (deps) #16565 Bump CometBFT to v0.37.2.

Bug Fixes

• (x/auth) #16994 Fix regression where querying transactions events with <= or >= would not work.
• (server) #16827 Properly use --trace flag (before it was setting the trace level instead of displaying the stacktraces).
• (x/auth) #16554 ModuleAccount.Validate now reports a nil .BaseAccount instead of panicking.
• #16588 Propagate snapshotter failures to the caller, (it would create an empty snapshot silently before).
• (x/slashing) #16784 Emit event with the correct reason in SlashWithInfractionReason.

v0.47.3 - 2023-06-08

Features

• (baseapp) #16290 Add circuit breaker setter in baseapp.
• (x/group) #16191 Add EventProposalPruned event to group module whenever a proposal is pruned.
• (tx) #15992 Add WithExtensionOptions in tx Factory to allow SetExtensionOptions with given extension options.

Improvements

• (baseapp) #16407 Make DefaultProposalHandler.ProcessProposalHandler return a ProcessProposal NoOp when using none or a NoOp mempool.
• (deps) #16083 Bumps proto-builder image to 0.13.0.
• (client) #16075 Partly revert #15953 and factory.Prepare now does nothing in offline mode.
• (server) #15984 Use cosmossdk.io/log package for logging instead of CometBFT logger. NOTE: v0.45 and v0.46 were not using CometBFT logger either. This keeps the same underlying logger (zerolog) as in v0.45.x+ and v0.46.x+ but now properly supporting filtered logging.
• (gov) #15979 Improve gov error message when failing to convert v1 proposal to v1beta1.
• (store) #16067 Add local snapshots management commands.
• (server) #16061 Add Comet bootstrap command.
• (snapshots) #16060 Support saving and restoring snapshot locally.
• (x/staking) #16068 Update simulation to allow non-EOA accounts to stake.
• (server) #16142 Remove JSON Indentation from the GRPC to REST gateway's responses. (Saving bandwidth)
• (types) #16145 Rename interface ExtensionOptionI back to TxExtensionOptionI to avoid breaking change.
• (baseapp) #16193 Add Close method to BaseApp for custom app to cleanup resource in graceful shutdown.

Bug Fixes

• Fix barberry security vulnerability.
• (server) #16395 Do not override some Comet config is purposely set differently in InterceptConfigsPreRunHandler.
• (store) #16449 Fix StateSync Restore by excluding memory store.
• (cli) #16312 Allow any addresses in client.ValidatePromptAddress.
• (x/group) #16017 Correctly apply account number in group v2 migration.

... (truncated)

Commits

• f71df80 fix(gov): Fix v3 votes migrations (backport #14214) (#14277)
• 4153b12 chore: prepare 0.46.7 release (#14103)
• 79ac73d fix: fix grpc flag conflict (backport #14244) (#14248)
• fcfa361 chore: audit store/streaming/file/service.go (backport #14234) (#14241)
• eb6d0ef refactor: cleanup store/streaming/constructor.go (backport #14044) (#14236)
• 463f4e4 feat: add --grpc client option (backport #14051) (#14192)
• 45d2f08 refactor: provide a helper for baseapp options (backport #14175) (#14178)
• cc06bce fix: state listener observe writes at wrong time (backport #13516) (#14138)
• a627446 feat: support alternative query multistore (backport #13529) (#14169)
• ff27cd3 fix: remove duplicate ante events (backport #13983) (#14142)
• Additional commits viewable in compare view

Updates github.com/hashicorp/go-getter from 1.7.1 to 1.7.5

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.5

What's Changed

• Prevent Git Config Alteration on Git Update by @​dduzgun-security in hashicorp/go-getter#497

New Contributors

• @​dduzgun-security made their first contribution in hashicorp/go-getter#497

Full Changelog: hashicorp/go-getter@v1.7.4...v1.7.5

v1.7.4

What's Changed

• Escape user-provided strings in git commands hashicorp/go-getter#483
• Fixed a bug in .netrc handling if the file does not exist hashicorp/go-getter#433

Full Changelog: hashicorp/go-getter@v1.7.3...v1.7.4

v1.7.3

What's Changed

• SEC-090: Automated trusted workflow pinning (2023-04-21) by @​hashicorp-tsccr in hashicorp/go-getter#432
• SEC-090: Automated trusted workflow pinning (2023-09-11) by @​hashicorp-tsccr in hashicorp/go-getter#454
• SEC-090: Automated trusted workflow pinning (2023-09-18) by @​hashicorp-tsccr in hashicorp/go-getter#458
• don't change GIT_SSH_COMMAND when there is no sshKeyFile by @​jbardin in hashicorp/go-getter#459

New Contributors

• @​hashicorp-tsccr made their first contribution in hashicorp/go-getter#432

Full Changelog: hashicorp/go-getter@v1.7.2...v1.7.3

v1.7.2

What's Changed

• Don't override GIT_SSH_COMMAND when not needed by @​nl-brett-stime hashicorp/go-getter#300

Full Changelog: hashicorp/go-getter@v1.7.1...v1.7.2

Commits

• 5a63fd9 Merge pull request #497 from hashicorp/fix-git-update
• 5b7ec5f fetch tags on update and fix tests
• 9906874 recreate git config during update to prevent config alteration
• 268c11c escape user provide string to git (#483)
• 975961f Merge pull request #433 from adrian-bl/netrc-fix
• 0298a22 Merge pull request #459 from hashicorp/jbardin/setup-git-env
• c70d9c9 don't change GIT_SSH_COMMAND if there's no keyfile
• 3d5770f Merge pull request #458 from hashicorp/tsccr-auto-pinning/trusted/2023-09-18
• 0688979 Result of tsccr-helper -log-level=info -pin-all-workflows .
• e66f244 Merge pull request #454 from hashicorp/tsccr-auto-pinning/trusted/2023-09-11
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.18.0 to 0.23.0

Commits

• c48da13 http2: fix TestServerContinuationFlood flakes
• 762b58d http2: fix tipos in comment
• ba87210 http2: close connections when receiving too many headers
• ebc8168 all: fix some typos
• 3678185 http2: make TestCanonicalHeaderCacheGrowth faster
• 448c44f http2: remove clientTester
• c7877ac http2: convert the remaining clientTester tests to testClientConn
• d8870b0 http2: use synthetic time in TestIdleConnTimeout
• d73acff http2: only set up deadline when Server.IdleTimeout is positive
• 89f602b http2: validate client/outgoing trailers
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.31.0 to 1.33.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by CodeRabbit

• Chores
  • Updated several dependencies to their latest versions for improved performance and stability.
  • Removed outdated and unnecessary dependencies to streamline the project.
  • Maintained a clean and structured dependency management file for better future updates.

[coderabbitai]

Walkthrough

The changes in the go.mod file focus on updating the module's dependencies, reflecting a mix of version increments and removals. Key updates include increasing the version of github.com/cometbft/cometbft and github.com/fsnotify/fsnotify, while downgrading github.com/cosmos/cosmos-sdk. Additionally, several indirect dependencies have been removed, streamlining the module's dependency management. Overall, these adjustments aim to improve performance and maintain compatibility with new features.

Changes

File/Package	Change Summary
cosmossdk.io/simapp	Removed
github.com/cometbft/cometbft	Updated from v0.37.2 to v0.38.8
github.com/cosmos/cosmos-sdk	Downgraded from v0.47.4 to v0.46.7
github.com/cosmos/gogoproto	Updated from v1.4.10 to v1.4.11
cloud.google.com/go	Removed
github.com/fsnotify/fsnotify	Updated from v1.6.0 to v1.7.0
google.golang.org/protobuf	Updated from v1.31.0 to v1.33.0
google.golang.org/genproto/googleapis/rpc	Updated from v0.0.0-20231106174013 to v0.0.0-20231120223509
github.com/pelletier/go-toml/v2	Updated from v2.0.7 to v2.1.0

Poem

In the meadow, changes hop,
Dependencies dance, never stop.
Versions rise, some fall away,
A brighter code for a brighter day!
With every bump and gentle sway,
The rabbit smiles, come what may! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 5d05f55 and f2c676f.

Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

Files selected for processing (1)

• go.mod (13 hunks)

Additional comments not posted (10)

go.mod (10)

9-9: Minor update to gogoproto is approved.

The update from version 1.4.10 to 1.4.11 is a minor version change and is likely to include bug fixes or minor improvements.

---

95-95: Minor update to fsnotify is approved.

The update from version 1.6.0 to 1.7.0 is a minor version change and is likely to include bug fixes or minor improvements.

---

139-139: Patch update to go-getter is approved.

The update from version 1.7.1 to 1.7.5 likely includes security or stability improvements, such as preventing Git configuration alterations.

---

186-186: Minor update to go-toml/v2 is approved.

The update from version 2.0.7 to 2.1.0 is a minor version change and is likely to include bug fixes or minor improvements.

---

259-259: Minor update to x/net is approved.

The update from version 0.18.0 to 0.23.0 includes fixes to HTTP/2 handling and performance improvements.

---

267-267: Update to genproto/googleapis/rpc is approved.

The update to a new commit hash 83a465c0220f likely includes bug fixes or improvements.

---

268-268: Minor update to protobuf is approved.

The update from version 1.31.0 to 1.33.0 is a minor version change and is likely to include bug fixes or minor improvements.

---

253-253: Minor update to multierr is approved.

The update to version 1.10.0 is a minor version change and is likely to include bug fixes or minor improvements.

---

7-7: Verify handling of breaking change in cometbft.

The update to github.com/cometbft/cometbft from version 0.37.2 to 0.38.8 introduces a breaking change with the PreUpdate() method in the Mempool interface. Ensure that this change is handled correctly in the codebase.

---

8-8: Verify compatibility with downgraded cosmos-sdk.

The downgrade of github.com/cosmos/cosmos-sdk from version 0.47.4 to 0.46.7 may introduce compatibility issues. Ensure that the codebase remains compatible with the older version.