build(deps): bump github.com/cometbft/cometbft from 0.38.17 to 0.38.21

[dependabot]

Bumps github.com/cometbft/cometbft from 0.38.17 to 0.38.21.

Release notes

Sourced from github.com/cometbft/cometbft's releases.

v0.38.21

What's Changed

• chore(statesync): add max snapshot chunks configuration (v0.38.x) by @​mattac21 in cometbft/cometbft#5548
• test: add unit tests for TotalVotingPowerSafe (backport #5570) by @​mergify[bot] in cometbft/cometbft#5581

Full Changelog: cometbft/cometbft@v0.38.20...v0.38.21

v0.38.20

What's Changed

• Create NOTICE (backport #5495) by @​mergify[bot] in cometbft/cometbft#5496
• chore: add voting power validation (v0.38.x) by @​technicallyty in cometbft/cometbft#5520

Full Changelog: cometbft/cometbft@v0.38.19...v0.38.20

v0.38.19

This is a security patch release to the CometBFT v0.38.x family that fixes GHSA-hrhf-2vcr-ghch

What's Changed

• chore: fix test docker image by @​aljo242 in cometbft/cometbft#5299
• chore: refactor changelogs by @​aljo242 in cometbft/cometbft#5303
• chore: update and fix mockery tooling on v0.38 by @​aljo242 in cometbft/cometbft#5301
• chore: fix the linter by @​aljo242 in cometbft/cometbft#5304
• fix(store): Properly prune extended commits (backport #5276) by @​mergify[bot] in cometbft/cometbft#5313
• chore: clean up the repo by @​aljo242 in cometbft/cometbft#5315
• fix: remove exposed dockertest port to unblock postgres test by @​almk-dev in cometbft/cometbft#5325
• fix(consensus/reactor): reject oversized proposals (backport #5324) by @​mergify[bot] in cometbft/cometbft#5407
• GHSA-hrhf-2vcr-ghch

Full Changelog: cometbft/cometbft@v0.38.18...v0.38.19

v0.38.18

What's Changed

• fix: remove redundant error check for PubKeyToProto by @​islishude in cometbft/cometbft#4917
• ci: remove govulncheck (backport #4946) by @​mergify[bot] in cometbft/cometbft#4961
• build(deps): Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 by @​dependabot[bot] in cometbft/cometbft#4936
• fix(ci): Fix docker builds (backport #4949) by @​mergify[bot] in cometbft/cometbft#4963
• build(deps): Bump docker/build-push-action from 6.13.0 to 6.14.0 by @​dependabot[bot] in cometbft/cometbft#4972
• build(deps): Bump docker/setup-buildx-action from 3.9.0 to 3.10.0 by @​dependabot[bot] in cometbft/cometbft#5008
• build(deps): Bump docker/build-push-action from 6.14.0 to 6.15.0 by @​dependabot[bot] in cometbft/cometbft#5009
• build(deps): Bump golang.org/x/sync from 0.10.0 to 0.11.0 by @​dependabot[bot] in cometbft/cometbft#4990
• build(deps): Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by @​dependabot[bot] in cometbft/cometbft#4992
• build(deps): Bump golang.org/x/net from 0.34.0 to 0.35.0 by @​dependabot[bot] in cometbft/cometbft#4998
• build(deps): Bump github.com/decred/dcrd/dcrec/secp256k1/v4 from 4.3.0 to 4.4.0 by @​dependabot[bot] in cometbft/cometbft#4997
• build(deps): Bump google.golang.org/protobuf from 1.36.4 to 1.36.5 by @​dependabot[bot] in cometbft/cometbft#4994
• build(deps): Bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 by @​dependabot[bot] in cometbft/cometbft#4995
• chore: fix typo in workflow_dispatch (backport #5164) by @​mergify[bot] in cometbft/cometbft#5166
• ci(testapp-docker): release two images, not one (backport #5014) by @​mergify[bot] in cometbft/cometbft#5168

... (truncated)

Changelog

Sourced from github.com/cometbft/cometbft's changelog.

CHANGELOG

UNRELEASED

DEPENDENCIES

BUG FIXES

• [evidence] Add validation for Light Client Attack evidence ByzantineValidators (#5638)
• [types] Fix buffer offset bug in ProposerPriorityHash that caused hash collisions when validator priorities differed (#5613)
• [p2p] fix(privval): Ephemeral Port Exhaustion (#5433)
• [blocksync] fix(blocksync): ExtendedCommit verification via next blocks LastCommit (#5629)
• [p2p] fix(lp2p): enforce stream max size (#5647)
• [metrics] fix(metrics)!: peer_send_queue_size (#5648)
• [statesync] fix adaptive_sync and streamline stateSync logic (#5663)
• [blocksync] Modify blocksync to use full commit verification instead of light (#5663)
• [adaptivesync] Simplify loop, reuse blockExec.ValidateBlock (#5717)

IMPROVEMENTS

• [ci]: add lp2p testnet (#5643)
• [mempool] feat!(p2p): introduce follower-mode. Improve lib-p2p integraap access
• [types] Add validation for AuthorityParams.Authority field in consensus params, enforcing a maximum length of 256 characters (#5511)
• [mempool] perf(mempool/cache): Optimize LRUTxCache.Remove to reduce lock contention and map access (#5244)
• [e2e] add support for testing different keytypes, including BLS (#3513)
• [crypto] Reduce BLS signature size to 48 bytes by increasing pubkey size to 192 bytes (#3624
• [statesync] Add configurable max-snapshot-chunks parameter to validate max amount of chunks in a SnapshotResponse. (#5549)
• [p2p] feat(lp2p): make reactor queue configurable (#5662)
• [cli] print lib-p2p peer id (#5667)
• [p2p] Add warning when go-libp2p transport is enabled, conveying that the setting should only be activated if it can be enabled simultaneously for all validators and peer IDs have been predetermined and exchanged (#5692)
• [p2p] feat(p2p): add adaptive sync for comet-p2p (#5705)

... (truncated)

Commits

• c56d64e Merge commit from fork
• 01d5ea5 test: add unit tests for TotalVotingPowerSafe (backport #5570) (#5581)
• bd517d2 test: remove unnecessary loop variable capture
• 7c43155 test: add coverage for TotalVotingPowerSafe
• eeb4a59 fix test cases in validation
• 161f7ac fix tests
• a4e41a1 fix linter errors
• 26dc17f Add ValidateBlock tests for median time
• c36a8ed fix verbs
• dcf7e3b add test and fix a test
• Additional commits viewable in compare view

[spooktheducks]

@dependabot rebase