Bump the go_modules group across 1 directory with 4 updates

[dependabot]

Bumps the go_modules group with 2 updates in the / directory: github.com/cosmos/cosmos-sdk and github.com/cosmos/ibc-go/v4.

Updates github.com/cosmos/cosmos-sdk from 0.45.16 to 0.50.5

Release notes

Sourced from github.com/cosmos/cosmos-sdk's releases.

v0.50.5

Cosmos SDK v0.50.5 Release Notes

💬 Release Discussion

🚀 Highlights

This is time for another patch release of Cosmos SDK Eden. This release includes a few notable fixes:

• Fix a bypass delegator slashing: GHSA-86h5-xcpx-cfqc
• Fix an issue in baseapp.ValidateVoteExtensions helper: GHSA-95rx-m9m5-m94v
• Allow to provide custom signers for x/auth/tx using depinject

We recommended to upgrade to this patch release as soon as possible.
When upgrading from <= v0.50.4, please ensure that 2/3 of the validator power upgrade to v0.50.5.

📝 Changelog

Check out the changelog for an exhaustive list of changes, or compare changes from the last release.

Refer to the upgrading guide when migrating from v0.47.x to v0.50.1. Note, that the next SDK release, v0.51, will not include x/params migration, when migrating from < v0.47, v0.50.x or v0.47.x, is a mandatory migration.

v0.50.4

Cosmos SDK v0.50.4 Release Notes

💬 Release Discussion

🚀 Highlights

Some months ago Cosmos SDK Eden was released. Missed the announcement? Read it here. For this month patch release of the v0.50.x line, a few features and improvements were added to the SDK.

Notably, we added and fixed the following:

• Adds in-place testnet CLI command for creating testnets from local state (kudos to @​czarcas7ic)
• Multiple fixes in baseapp, with fixes in DefaultProposalHandler and vote extensions
• Add a missed check in x/auth/vesting: GHSA-4j93-fm92-rp4m

We recommended to upgrade to this patch release as soon as possible.
When upgrading from <= v0.50.3, please ensure that 2/3 of the validator power upgrade to v0.50.4.

📝 Changelog

Check out the changelog for an exhaustive list of changes, or compare changes from the last release.

Refer to the upgrading guide when migrating from v0.47.x to v0.50.1. Note, that the next SDK release, v0.51.0, will not include x/params migration, when migrating from < v0.47, v0.50.x or v0.47.x, is a mandatory migration.

... (truncated)

Changelog

Sourced from github.com/cosmos/cosmos-sdk's changelog.

v0.50.5 - 2024-03-12

Features

• (baseapp) #19626 Add DisableBlockGasMeter option to BaseApp, which removes the block gas meter during transaction execution.

Improvements

• (x/distribution) #19707 Add autocli config for DelegationTotalRewards for CLI consistency with q rewards commands in previous versions.
• (x/auth) #19651 Allow empty public keys in GetSignBytesAdapter.

Bug Fixes

• (x/gov) #19725 Fetch a failed proposal tally from proposal.FinalTallyResult in the gprc query.
• (types) #19709 Fix skip staking genesis export when using CoreAppModuleAdaptor / CoreAppModuleBasicAdaptor for it.
• (x/auth) #19549 Accept custom get signers when injecting x/auth/tx.
• (x/staking) Fix a possible bypass of delegator slashing: GHSA-86h5-xcpx-cfqc
• (baseapp) Fix a bug in baseapp.ValidateVoteExtensions helper (GHSA-95rx-m9m5-m94v). The helper has been fixed and for avoiding API breaking changes currentHeight and chainID arguments are ignored. Those arguments are removed from the helper in v0.51+.

v0.50.4 - 2023-02-19

Features

• (server) #19280 Adds in-place testnet CLI command.

Improvements

• (client) #19393 Add ReadDefaultValuesFromDefaultClientConfig to populate the default values from the default client config in client.Context without creating a app folder.

Bug Fixes

• (x/auth/vesting) GHSA-4j93-fm92-rp4m Add BlockedAddr check in CreatePeriodicVestingAccount.
• (baseapp) #19338 Set HeaderInfo in context when calling setState.
• (baseapp): #19200 Ensure that sdk side ve math matches cometbft.
• #19106 Allow empty public keys when setting signatures. Public keys aren't needed for every transaction.
• (baseapp) #19198 Remove usage of pointers in logs in all optimistic execution goroutines.
• (baseapp) #19177 Fix baseapp DefaultProposalHandler same-sender non-sequential sequence.
• (crypto) #19371 Avoid CLI redundant log in stdout, log to stderr instead.

v0.50.3 - 2023-01-15

Features

• (types) #18991 Add SignerExtractionAdapter to PriorityNonceMempool/Config and provide Default implementation matching existing behavior.
• (gRPC) #19043 Add halt_height to the gRPC /cosmos/base/node/v1beta1/config request.

Improvements

• (x/bank) #18956 Introduced a new DenomOwnersByQuery query method for DenomOwners, which accepts the denom value as a query string parameter, resolving issues with denoms containing slashes.
• (x/gov) #18707 Improve genesis validation.

... (truncated)

Commits

• a321866 chore: prepare v0.50.5 (#19715)
• a877c47 fix(x/gov): grpc query tally for failed proposal (backport #19725) (#19727)
• c382225 feat(x/distribution): add rewards-by-validator autocli config (backport #1970...
• f055cde feat(baseapp): add option to disable block gas meter (#19626)
• 4467110 Merge pull request from GHSA-95rx-m9m5-m94v
• 6689e36 build(deps): Bump deps (backport #19655) (#19711)
• 3382e8e fix(types): check for HasABCIGenesis in CoreAppModuleBasicAdaptor (#19709)
• f9041cd refactor(x/auth): allow empty public keys for GetSignBytesAdapter (backport #...
• 2abd2ec feat(client/v2): marshal enum as string (#19653)
• 09a49fe build(deps): Bump cosmossdk.io/x/tx from 0.13.0 to 0.13.1 (#19665)
• Additional commits viewable in compare view

Updates github.com/cosmos/ibc-go/v4 from 4.4.2 to 4.6.0

Release notes

Sourced from github.com/cosmos/ibc-go/v4's releases.

v4.6.0

This release includes a fix for the ASA-2024-007 security advisory. Credits to Maxwell Dulin (@​mdulin2) at Asymmetric Research for the discovery and disclosure via our bug bounty program.

Please see the v4.6.0 changelog for the full set of changes included in this release.

---

To learn more about ibc-go versioning, please read our RELEASES.md.

IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.45.16 and ibc-go v4.6.0, please follow:

1. The migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x.
2. The migration from ibc-go v1 to v2.
3. The migration from ibc-go v2 to v3.
4. The migration from ibc-go v3 to v4.

v4.5.1

We present here a summary of the most relevant changes, please see the v4.5.1 changelog for the full set of changes included in this release.

apps/transfer

• The REST endpoints /ibc/apps/transfer/v1/denom_traces/{hash} and /ibc/apps/transfer/v1/denom_hashes/{trace} accept now values for hash and trace that contain slashes.

Special thanks to our external contributors in this release: @​emidev98

---

Please note that the v4 release line contains a bug where fee-enabled Interchain Accounts channels cannot be reopened in case of channel closure due to packet timeout. Regular Interchain Accounts channels (i.e. non fee-enabled) can be reopened. In order to be able to reopen fee-enabled Interchain Accounts channels, please upgrade to v5.3.1 or above.

---

To learn more about ibc-go versioning, please read our RELEASES.md.

IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.45.16 and ibc-go v4.5.1, please follow:

1. The migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x.
2. The migration from ibc-go v1 to v2.
3. The migration from ibc-go v2 to v3.
4. The migration from ibc-go v3 to v4.

v4.4.3

We present here a summary of the most relevant changes, please see the v4.4.3 changelog for the full set of changes included in this release.

apps/transfer

• The REST endpoints /ibc/apps/transfer/v1/denom_traces/{hash} and /ibc/apps/transfer/v1/denom_hashes/{trace} accept now values for hash and trace that contain slashes.

Special thanks to our external contributors in this release: @​emidev98

---

... (truncated)

Changelog

Sourced from github.com/cosmos/ibc-go/v4's changelog.

v4.6.0 - 2023-04-05

v4.5.1 - 2023-10-20

Bug Fixes

• (apps/transfer) #3045 allow value with slashes in URL template for denom_traces and denom_hashes queries.
• (apps/transfer) #4709 Order query service RPCs to fix availability of denom traces endpoint when no args are provided.

v4.5.0 - 2023-10-03

Dependencies

• #4738 Bump Cosmos SDK to v0.45.16.
• #4782 Bump ics23 to v0.9.1.

Commits

• 5480cf7 update changelog before v4.6.0 release
• a0185df Merge pull request from GHSA-j496-crgh-34mx
• 205cd91 Update CHANGELOG.md
• 9b891f4 prepare changelog for v4.5.1 release
• 27adefe fix: denom traces order (backport #4709) (#4882)
• 9bd6d28 fix: allow value with slashes in URL template (backport #3045) (#4866)
• 665cc3d Update CHANGELOG.md
• 80bc445 update changelog before v4.5.0 release
• fc500e0 deps: bump ics23 v0.9.1 (#4782)
• 6245b89 deps: bump SDK v0.45.16 (#4738)
• Additional commits viewable in compare view

Updates github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0

Commits

• 48ba0b7 Merge pull request #32 from dvsekhvalnov/issue-31-security-tuning
• 05eb007 docs
• e0264a2 added helper matchers: Alg and Eng
• 0f6c7c3 MatchAlg helper
• cf0a53b docs
• 2995762 docs
• 9a18aff docs
• 675bb14 docs
• 8e9e0d1 updated p2c limits with new OWASP numbers, docs
• ed5dd96 Unit tests for custom 'p2c' headers min/max limits
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.31.0 to 1.33.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #8.