Bump the go_modules group across 1 directory with 7 updates

[dependabot]

Bumps the go_modules group with 4 updates in the / directory: github.com/cosmos/ibc-go/v6, github.com/dvsekhvalnov/jose2go, github.com/hashicorp/go-getter and golang.org/x/crypto.

Updates github.com/cosmos/ibc-go/v6 from 6.1.1 to 6.3.0

Release notes

Sourced from github.com/cosmos/ibc-go/v6's releases.

v6.3.0

This release includes a fix for the ASA-2024-007 security advisory. Credits to Maxwell Dulin (@​mdulin2) at Asymmetric Research for the discovery and disclosure via our bug bounty program.

Please see the v6.3.0 changelog for the full set of changes included in this release.

---

To learn more about ibc-go versioning, please read our RELEASES.md.

IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.46.12 and ibc-go v6.3.0, please follow:

1. The migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x.
2. The migration from ibc-go v1 to v2.
3. The migration from ibc-go v2 to v3.
4. The migration from ibc-go v3 to v4.
5. The migration from ibc-go v4 to v5.
6. The migration from ibc-go v5 to v6.

v6.2.1

UPDATES

• 5th April 2024: This release is NOT recommended since it is impacted by the ASA-2024-007 security advisory. Please use version >= 6.3.0.

---

We present here a summary of the most relevant changes, please see the v6.2.1 changelog for the full set of changes included in this release.

apps/transfer

• The REST endpoints /ibc/apps/transfer/v1/denom_traces/{hash} and /ibc/apps/transfer/v1/denom_hashes/{trace} accept now values for hash and trace that contain slashes.

Special thanks to our external contributors in this release: @​emidev98

---

To learn more about ibc-go versioning, please read our RELEASES.md.

IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.46.12 and ibc-go v6.2.1, please follow:

1. The migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x.
2. The migration from ibc-go v1 to v2.
3. The migration from ibc-go v2 to v3.
4. The migration from ibc-go v3 to v4.
5. The migration from ibc-go v4 to v5.
6. The migration from ibc-go v5 to v6.

v6.1.2

UPDATES

• 5th April 2024: This release is NOT recommended since it is impacted by the ASA-2024-007 security advisory. Please use version >= 6.3.0.

... (truncated)

Changelog

Sourced from github.com/cosmos/ibc-go/v6's changelog.

v6.3.0 - 2024-04-05

v6.2.1 - 2023-10-20

Bug Fixes

• (apps/transfer) #3045 allow value with slashes in URL template for denom_traces and denom_hashes queries.
• (apps/transfer) #4709 Order query service RPCs to fix availability of denom traces endpoint when no args are provided.

v6.2.0 - 2023-05-31

Dependencies

• #3393 Bump Cosmos SDK to v0.46.12 and replace Tendermint with CometBFT v0.34.37.

Improvements

• (core) #3082 Add HasConnection and HasChannel methods.
• (apps/transfer) #3454 Support transfer authorization unlimited spending when the max uint256 value is provided as limit.

Features

• #3079 Add authz support for ics20.

Bug Fixes

• #3346 Properly handle ordered channels in UnreceivedPackets query.

v6.1.2 - 2023-10-20

Bug Fixes

• (apps/transfer) #3045 allow value with slashes in URL template for denom_traces and denom_hashes queries.
• (apps/transfer) #4709 Order query service RPCs to fix availability of denom traces endpoint when no args are provided.

Commits

• 8e31269 Update CHANGELOG.md
• 25f7779 update changelog before v6.3.0
• 04275aa Merge pull request from GHSA-j496-crgh-34mx
• bbf1066 Update CHANGELOG.md
• e6b013a prepare changelog for v6.2.1 release
• 627fbd4 fix: denom traces order (backport #4709) (#4885)
• 9b6ad81 fix: allow value with slashes in URL template (backport #3045) (#4869)
• e2201aa Bump ubuntu image used, 22.04 has a more recent version of libc that should m...
• eb90640 Update CHANGELOG.md
• d32a71b remove empty sections
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.53.0 to 1.54.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.54.0

Behavior Changes

• xds: remove support for xDS v2 transport API (#6013)

New Features

• server: expose SetSendCompressor API to set send compressor name (#5744)
  • Special Thanks: @​jronak
• xdsclient: include Node proto only in the first discovery request message, to improve performance (#6078)

Bug Fixes

• metadata: fix validation logic and properly validate metadata appended via AppendToOutgoingContext (#6001)
  • Special Thanks: @​ktalg
• transport: do not close connections when we encounter I/O errors until after all data is consumed (#6110)
• ringhash: ensure addresses are consistently hashed across updates (#6066)
• xds/clusterimpl: fix a bug causing unnecessary closing and re-opening of LRS streams (#6112)
• xds: NACK route configuration if sum of weights of weighted clusters exceeds uint32_max (#6085)

Documentation

• resolver: update Resolver.Scheme() docstring to mention requirement of lowercase scheme names (#6014)
• resolver: document expected error handling of UpdateState errors (#6002)
  • Special Thanks: @​fho
• examples: add example for ORCA load reporting (#6114)
• examples: add an example to illustrate authorization (authz) support (#5920)
  • Special Thanks: @​KenxinKun

Commits

• 2997e84 Change version to 1.54.0 (#6129)
• b638faf stats/opencensus: Add message prefix to metrics names (#6126)
• c84a500 credentials/alts: defer ALTS stream creation until handshake time (#6077)
• 6f44ae8 metadata: add benchmark test for FromIncomingContext and ValueFromIncomingCon...
• a1e657c client: log last error on subchannel connectivity change (#6109)
• 36fd0a4 gcp/observability: Add compressed metrics to observability module and synchro...
• 52ca957 xds: make comparison of server configs in bootstrap more reliable (#6112)
• 7507ea6 gcp/observability: Change logging schema and set queue size limit for logs an...
• 16c3b7d examples: add example for ORCA load reporting (#6114)
• b458a4f transport: stop always closing connections when loopy returns (#6110)
• Additional commits viewable in compare view

Updates github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0

Commits

• 48ba0b7 Merge pull request #32 from dvsekhvalnov/issue-31-security-tuning
• 05eb007 docs
• e0264a2 added helper matchers: Alg and Eng
• 0f6c7c3 MatchAlg helper
• cf0a53b docs
• 2995762 docs
• 9a18aff docs
• 675bb14 docs
• 8e9e0d1 updated p2c limits with new OWASP numbers, docs
• ed5dd96 Unit tests for custom 'p2c' headers min/max limits
• Additional commits viewable in compare view

Updates github.com/hashicorp/go-getter from 1.7.0 to 1.7.4

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.4

What's Changed

• Escape user-provided strings in git commands hashicorp/go-getter#483
• Fixed a bug in .netrc handling if the file does not exist hashicorp/go-getter#433

Full Changelog: hashicorp/go-getter@v1.7.3...v1.7.4

v1.7.3

What's Changed

• SEC-090: Automated trusted workflow pinning (2023-04-21) by @​hashicorp-tsccr in hashicorp/go-getter#432
• SEC-090: Automated trusted workflow pinning (2023-09-11) by @​hashicorp-tsccr in hashicorp/go-getter#454
• SEC-090: Automated trusted workflow pinning (2023-09-18) by @​hashicorp-tsccr in hashicorp/go-getter#458
• don't change GIT_SSH_COMMAND when there is no sshKeyFile by @​jbardin in hashicorp/go-getter#459

New Contributors

• @​hashicorp-tsccr made their first contribution in hashicorp/go-getter#432

Full Changelog: hashicorp/go-getter@v1.7.2...v1.7.3

v1.7.2

What's Changed

• Don't override GIT_SSH_COMMAND when not needed by @​nl-brett-stime hashicorp/go-getter#300

Full Changelog: hashicorp/go-getter@v1.7.1...v1.7.2

v1.7.1

No release notes provided.

Commits

• 268c11c escape user provide string to git (#483)
• 975961f Merge pull request #433 from adrian-bl/netrc-fix
• 0298a22 Merge pull request #459 from hashicorp/jbardin/setup-git-env
• c70d9c9 don't change GIT_SSH_COMMAND if there's no keyfile
• 3d5770f Merge pull request #458 from hashicorp/tsccr-auto-pinning/trusted/2023-09-18
• 0688979 Result of tsccr-helper -log-level=info -pin-all-workflows .
• e66f244 Merge pull request #454 from hashicorp/tsccr-auto-pinning/trusted/2023-09-11
• e80b3dc Result of tsccr-helper -log-level=info -pin-all-workflows .
• 2d49e24 Merge pull request #432 from hashicorp/tsccr-auto-pinning/trusted/2023-04-21
• 5ccb39a Make addAuthFromNetrc ignore ENOTDIR errors
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.5.0 to 0.17.0

Commits

• 9d2ee97 ssh: implement strict KEX protocol changes
• 4e5a261 ssh: close net.Conn on all NewServerConn errors
• 152cdb1 x509roots/fallback: update bundle
• fdfe1f8 ssh: defer channel window adjustment
• b8ffc16 blake2b: drop Go 1.6, Go 1.8 compatibility
• 7e6fbd8 ssh: wrap errors from client handshake
• bda2f3f argon2: avoid clobbering BP
• 325b735 ssh/test: skip TestSSHCLIAuth on Windows
• 1eadac5 go.mod: update golang.org/x dependencies
• b2d7c26 ssh: add (*Client).DialContext method
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.7.0 to 0.10.0

Commits

• daac0ce go.mod: update golang.org/x dependencies
• 82780d6 http2: don't reuse connections that are experiencing errors
• 0bfab66 ipv4, ipv6: drop redundant skip checks based on GOOS
• 938ff15 ipv4, ipv6, nettest: skip unsupported tests on wasip1
• eb1572c html: another shot at security doc
• 9001ca7 nettest: re-enable unixpacket tests on netbsd/386
• 3d5a8ee internal/socks: permit authenticating with an empty password
• 694cff8 go.mod: update golang.org/x dependencies
• 6960703 http2: log the correct error when retrying in (*Transport).RoundTripOpt
• 9f24bb4 http2: properly discard data received after request/response body is closed
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.28.2-0.20220831092852-f930b1dc76e8 to 1.30.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.