build(deps): bump the go_modules group across 1 directory with 10 updates

[dependabot]

Bumps the go_modules group with 6 updates in the / directory:

Package	From	To
github.com/ethereum/go-ethereum	1.10.19	1.13.15
github.com/evmos/ethermint	0.6.1-0.20220919141022-34226aa7b1fa	0.18.0
google.golang.org/grpc	1.50.1	1.56.3
github.com/btcsuite/btcd	0.22.1	0.24.0
github.com/dvsekhvalnov/jose2go	1.5.0	1.6.0
github.com/hashicorp/go-getter	1.6.1	1.7.4

Updates github.com/ethereum/go-ethereum from 1.10.19 to 1.13.15

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Ontamalca (v1.13.15)

Geth v1.13.15 is a maintenance-release that contains some fixes mainly to avoid snapsync-related data-corruption.

We recommend all users to upgrade to v1.13.15 as soon as possible.

---

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go.
• Ubuntu packages in our Launchpad PPA repository.
• OSX packages in our Homebrew Tap repository.

Altaaya (v1.13.14)

Geth v1.13.14 is a small maintenance release with a handful of polishes to the blob pool:

• Disallow blob transactions below the protocol minimum of 1 wei to enter the pool (#29081).
• Reduce the blob pool's max capacity to 2.5GB for the rollout. (#29090).
• Fix gas estimation for blob transactions (#29085).

This release is NOT critical for the Cancun fork, but recommended to make Geth lighter in anticipation to unknown blob load.

Other fixes:

• Support overriding the basefee during tracing (#29051).
• Fix call tracers missing top level logs in top-only mode (#29068).
• Support unlimited gas for eth_createAccessList if --gascap=0 (#28846).

For a full rundown of the changes please consult the Geth 1.13.14 release milestone.

---

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go.
• Ubuntu packages in our Launchpad PPA repository.
• OSX packages in our Homebrew Tap repository.

Alsages (v1.13.13)

This is a minor release with fixes for several issues related to the upcoming Cancun mainnet fork. As such, it is recommended for all mainnet users.

Changes in this release:

• Block-building performance with blob transactions has been improved a lot. (#29026, #29008, #29005)
• A corner case in the EVM related to out-of-order fork scheduling has been fixed. (#29023)
• eth_fillTransaction has seen some bug fixes related to blob transactions as well. (#28929, #29037)
• A rare panic in the ethstats client related to chain reorgs is resolved. (#29020)
• The blobpool database will now recover from disk corruption faults instead of crashing geth on startup. (#29001)

... (truncated)

Commits

• c5ba367 params: release Geth v 1.13.15
• 35e0525 core, eth/protocols/snap, trie: fix cause for snap-sync corruption, implement...
• 7bcb553 eth/filters: enforce topic-limit early on filter criterias (#29535)
• e343ddf core/rawdb: add sanity-limit to header accessor (#29534)
• 5dcf503 eth/protocols/snap: skip retrieval for completed storages (#29378)
• 2bd6bd0 Merge branch 'master' into release/1.13
• 9038ba6 params: release Geth v1.13.14
• 51b479e core/txpool: elevate the 'already reserved' error into a constant (#29095)
• 5a0f468 eth/tracers: Fix callTracer logs on onlyTopCall == true (#29068)
• 45a272c core/txpool: no need to log loud rotate if no local txs (#29083)
• Additional commits viewable in compare view

Updates github.com/evmos/ethermint from 0.6.1-0.20220919141022-34226aa7b1fa to 0.18.0

Release notes

Sourced from github.com/evmos/ethermint's releases.

v0.18.0

v0.18.0

Changelog

State Machine Breaking

• (evm) #1174 Don't allow eth txs with 0 in mempool.

Improvements

• (ante) #1208 Change default MaxGasWanted value.

Full Diff: evmos/ethermint@v0.17.2...v0.18.0

v0.17.2

v0.17.2 - 2022-07-26

Changelog

• (rpc) #1190 Fix UnmarshalJSON panic of breaking EVM and fee market Params.
• (evm) #1187 Fix TxIndex value (expected 0, actual 1) when trace the first tx of a block via debug_traceTransaction API.

Full Diff: evmos/ethermint@v0.17.1...v0.17.2

v0.17.1

v0.17.1 - 2022-07-13

Improvements

• (rpc) #1169 Remove unnecessary queries from getBlockNumber function

Full Diff: evmos/ethermint@v0.17.0...v0.17.1

v0.17.0

v0.17.0 - 2022-06-27

Release Notes

This release includes fixes to the fee market module as well as adding configuration to reject non-replay protected transactions. Additionally, the go module has been renamed to evmos/ethermint.

This release is state-breaking, meaning that it will require setting an upgrade handler to bump the EVM module consensus version.

Changelog

State Machine Breaking

• (evm) #1128 Clear tx logs if tx failed in post processing hooks
• (evm) #1124 Reject non-replay-protected tx in AnteHandler to prevent replay attack

... (truncated)

Changelog

Sourced from github.com/evmos/ethermint's changelog.

[v0.18.0] - 2022-08-04

State Machine Breaking

• (evm) #1234 Fix CVE-2022-35936 security vulnerability.
• (evm) #1174 Don't allow eth txs with 0 in mempool.

Improvements

• (ante) #1208 Change default MaxGasWanted value.

[v0.17.2] - 2022-07-26

Bug Fixes

• (rpc) #1190 Fix UnmarshalJSON panic of breaking EVM and fee market Params.
• (evm) #1187 Fix TxIndex value (expected 0, actual 1) when trace the first tx of a block via debug_traceTransaction API.

[v0.17.1] - 2022-07-13

Improvements

• (rpc) #1169 Remove unnecessary queries from getBlockNumber function

[v0.17.0] - 2022-06-27

State Machine Breaking

• (evm) #1128 Clear tx logs if tx failed in post processing hooks
• (evm) #1124 Reject non-replay-protected tx in AnteHandler to prevent replay attack

API Breaking

• (rpc) #1126 Make some JSON-RPC APIS work for pruned nodes.
• (rpc) #1143 Restrict unprotected txs on the node JSON-RPC configuration.
• (all) #1137 Rename go module to evmos/ethermint

API Breaking

• (json-rpc) tharsis#1121 Store eth tx index separately

Improvements

• (deps) #1147 Bump Go version to 1.18.
• (feemarket) #1135 Set lower bound of base fee to min gas price param
• (evm) #1142 Rename RejectUnprotectedTx to AllowUnprotectedTxs for consistency with go-ethereum.

Bug Fixes

• (rpc) #1138 Fix GasPrice calculation with relation to MinGasPrice

... (truncated)

Commits

• See full diff in compare view

Updates google.golang.org/grpc from 1.50.1 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

• server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

  In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

• client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

• client: support channel idleness using WithIdleTimeout dial option (#6263)
  • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
• client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
• xds: Add support for Custom LB Policies (gRFC A52) (#6224)
• xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
• client: add support for pickfirst address shuffling (gRFC A62) (#6311)
• xds: Add support for String Matcher Header Matcher in RDS (#6313)
• xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • Special Thanks: @​s-matyukevich
• xds: enable RLS in xDS by default (#6343)
• orca: add support for application_utilization field and missing range checks on several metrics setters
• balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
• authz: add conversion of json to RBAC Audit Logging config (#6192)
• authz: add support for stdout logger (#6230 and #6298)
• authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

• orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
• xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
• xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

• orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

• xds: enable federation support by default (#6151)
• status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits

• 1055b48 Update version.go to 1.56.3 (#6713)
• 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
• bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
• faab873 Update version.go to v1.56.2 (#6432)
• 6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
• ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
• cd6a794 Update version.go to v1.56.2-dev (#6387)
• 5b67e5e Update version.go to v1.56.1 (#6386)
• d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
• 997c1ea Change version to 1.56.1-dev (#6345)
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.28.1 to 1.30.0

Updates github.com/btcsuite/btcd from 0.22.1 to 0.24.0

Release notes

Sourced from github.com/btcsuite/btcd's releases.

btcd v0.24.0

This release is a major release that includes several general bug fixes, security bug fixes (please update!), and also a series of performance improvements that dramatically reduce the time for initial block download from ~45 hours+ to around 6 hours! With this release,btcd now also supports BIP 155 and has gained support for pruning (--prune=MiB).

Verifying the Release

In order to verify the release, you'll need to have gpg or gpg2 installed on your system. Once you've obtained a copy (and hopefully verified that as well), you'll first need to import the keys that have signed this release if you haven't done so already:

curl https://raw.githubusercontent.com/lightningnetwork/lnd/master/scripts/keys/roasbeef.asc | gpg --import

Once you have the required PGP keys, you can verify the release (assuming manifest-roasbeef-v0.24.0.sig and manifest-v0.24.0.txt are in the current directory) with:

gpg --verify manifest-roasbeef-v0.24.0.sig manifest-v0.24.0.txt

You should see the following if the verification was successful:

gpg: Signature made Sat Dec 30 17:11:22 2023 PST
gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
gpg: Good signature from "Olaoluwa Osuntokun <laolu32@gmail.com>" [ultimate]

That will verify the signature of the manifest file, which ensures integrity and authenticity of the archive you've downloaded locally containing the binaries. Next, depending on your operating system, you should then re-compute the sha256 hash of the archive with shasum -a 256 <filename>, compare it with the corresponding one in the manifest file, and ensure they match exactly.

What's Changed

• Musig2: Update to 1.0.0.rc2 by @​sputn1ck in btcsuite/btcd#1913
• btcec/schnorr/musig2: fix BenchmarkPartialVerify by @​Roasbeef in btcsuite/btcd#1920
• base58: fix decoding issue by @​guggero in btcsuite/btcd#1923
• Update Docker documentation towards building your own image by @​guiand888 in btcsuite/btcd#1925
• chainhash: JSON marshal hash as string by @​ffranr in btcsuite/btcd#1932
• Update Dockerfile to Alpine 3.16 by @​guiand888 in btcsuite/btcd#1924
• Fix memory leak in connmanager by @​hxw in btcsuite/btcd#1576
• Update mining.md by @​jagottsicher in btcsuite/btcd#1938
• Sighash taproot keyspend bug fix by @​Roasbeef in btcsuite/btcd#1941
• btcutil/psbt: export helper functions, fix/add encoding of unknown fields by @​guggero in btcsuite/btcd#1942
• docs: Update Go version as per the Readme. by @​hristog in btcsuite/btcd#1944
• txscript: Fix typo in IsUnspendable() comment by @​kcalvinalvin in btcsuite/btcd#1945
• txscript: allow script builder capacity to be specified by @​guggero in btcsuite/btcd#1954
• Export MakeScritpNum, AsSmallInt, and IsSmallInt by @​martonp in btcsuite/btcd#1956
• chainhash: JSON Unmarshal hash from appropriate string. by @​LindenWang01 in btcsuite/btcd#1952
• psbt: add verification method for utxo data by @​ziggie1984 in btcsuite/btcd#1964
• txscript: fix typos by @​hieblmi in btcsuite/btcd#1957
• chaincfg: Update checkpoints by @​kcalvinalvin in btcsuite/btcd#1968
• btcd: Add memory profiling flag by @​kcalvinalvin in btcsuite/btcd#1953
• blockchain: Use slices when fetching utxos by @​kcalvinalvin in btcsuite/btcd#1972
• main: Update README.md's minimum go version by @​kcalvinalvin in btcsuite/btcd#1977

... (truncated)

Commits

• b1b9420 Merge pull request #2082 from btcsuite/btcd-24
• 4ec8f01 rpcclient: fix race condition in doDisconnect
• 8d2ab63 build: bump version to btcd v0.24
• 3c24785 chaincfg: update mainnet block hashes
• bf23715 btcd: add SECURITY.md
• d64de4a build: update to btcutil v1.1.5
• 16684f6 Merge pull request #2073 from Roasbeef/wire-opts
• 790c570 Merge pull request #2081 from Roasbeef/dont-serialize-tx-for-txhash
• b0e9636 wire: consistently use defer for returning scratch buffers
• e102a81 btcutil: add benchmarks for Hash + WitnessHash
• Additional commits viewable in compare view

Updates github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0

Commits

• 48ba0b7 Merge pull request #32 from dvsekhvalnov/issue-31-security-tuning
• 05eb007 docs
• e0264a2 added helper matchers: Alg and Eng
• 0f6c7c3 MatchAlg helper
• cf0a53b docs
• 2995762 docs
• 9a18aff docs
• 675bb14 docs
• 8e9e0d1 updated p2c limits with new OWASP numbers, docs
• ed5dd96 Unit tests for custom 'p2c' headers min/max limits
• Additional commits viewable in compare view

Updates github.com/hashicorp/go-getter from 1.6.1 to 1.7.4

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.4

What's Changed

• Escape user-provided strings in git commands hashicorp/go-getter#483
• Fixed a bug in .netrc handling if the file does not exist hashicorp/go-getter#433

Full Changelog: hashicorp/go-getter@v1.7.3...v1.7.4

v1.7.3

What's Changed

• SEC-090: Automated trusted workflow pinning (2023-04-21) by @​hashicorp-tsccr in hashicorp/go-getter#432
• SEC-090: Automated trusted workflow pinning (2023-09-11) by @​hashicorp-tsccr in hashicorp/go-getter#454
• SEC-090: Automated trusted workflow pinning (2023-09-18) by @​hashicorp-tsccr in hashicorp/go-getter#458
• don't change GIT_SSH_COMMAND when there is no sshKeyFile by @​jbardin in hashicorp/go-getter#459

New Contributors

• @​hashicorp-tsccr made their first contribution in hashicorp/go-getter#432

Full Changelog: hashicorp/go-getter@v1.7.2...v1.7.3

v1.7.2

What's Changed

• Don't override GIT_SSH_COMMAND when not needed by @​nl-brett-stime hashicorp/go-getter#300

Full Changelog: hashicorp/go-getter@v1.7.1...v1.7.2

v1.7.1

No release notes provided.

v1.7.0

What's Changed

• docs: provide logging recommendations by @​mickael-hc in hashicorp/go-getter#371
• Update aws sdk version by @​Jukie in hashicorp/go-getter#384
• Update S3 URL in README by @​twelvelabs in hashicorp/go-getter#378
• Migrate to GHA by @​claire-labry in hashicorp/go-getter#379
• [COMPLIANCE] Update MPL 2.0 LICENSE by @​hashicorp-copywrite in hashicorp/go-getter#386
• remove codesign entirely from go-getter by @​claire-labry in hashicorp/go-getter#408
• Add decompression bomb mitigation options for v1 by @​picatz in hashicorp/go-getter#412
• v1: decompressors: add LimitedDecompressors helper by @​shoenig in hashicorp/go-getter#413

New Contributors

• @​mickael-hc made their first contribution in hashicorp/go-getter#371
• @​Jukie made their first contribution in hashicorp/go-getter#384
• @​twelvelabs made their first contribution in hashicorp/go-getter#378
• @​hashicorp-copywrite made their first contribution in hashicorp/go-getter#386

Full Changelog: hashicorp/go-getter@v1.6.2...v1.7.0

v1.6.2

What's Changed

• Fix no getter available for X-Terraform-Get source protocol when using bare github or bitbucket hostnames: #370

Commits

• 268c11c escape user provide string to git (#483)
• 975961f Merge pull request #433 from adrian-bl/netrc-fix
• 0298a22 Merge pull request #459 from hashicorp/jbardin/setup-git-env
• c70d9c9 don't change GIT_SSH_COMMAND if there's no keyfile
• 3d5770f Merge pull request #458 from hashicorp/tsccr-auto-pinning/trusted/2023-09-18
• 0688979 Result of tsccr-helper -log-level=info -pin-all-workflows .
• e66f244 Merge pull request #454 from hashicorp/tsccr-auto-pinning/trusted/2023-09-11
• e80b3dc Result of tsccr-helper -log-level=info -pin-all-workflows .
• 2d49e24 Merge pull request #432 from hashicorp/tsccr-auto-pinning/trusted/2023-04-21
• 5ccb39a Make addAuthFromNetrc ignore ENOTDIR errors
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.0.0-20220926161630-eccd6366d1be to 0.17.0

Commits

• See full diff in compare view

Updates golang.org/x/net from 0.0.0-20220909164309-bea034e7d591 to 0.18.0

Commits

• See full diff in compare view

Updates golang.org/x/text from 0.3.7 to 0.14.0

Commits

• 6c97a16 all: update go directive to 1.18
• f488e19 unicode/norm: fix function name on comment
• fb697c0 cmd/gotext: actually use -dir flag
• f3e69ed cmd/gotext: fix misbehaviors
• ab07ad1 all: remove repetitive words
• e503480 encoding/japanese, language: shorten very long sub-test names
• 2df65d7 all: regenerate for Unicode 15.0.0
• e3c038a all: prepare for Unicode 15.0.0
• 3a7a255 internal/export/idna: make more space for mapping index
• d61dd50 go.mod: delete repeated "indirect"
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.