Bump the go_modules group across 1 directory with 10 updates

[dependabot]

Bumps the go_modules group with 8 updates in the /clients/go/client directory:

Package	From	To
cosmossdk.io/math	1.0.0-rc.0	1.4.0
github.com/cosmos/ibc-go/v7	7.0.0-rc0	7.10.0
github.com/golang/glog	1.2.0	1.2.4
github.com/ulikunitz/xz	0.5.11	0.5.14
golang.org/x/crypto	0.24.0	0.35.0
golang.org/x/net	0.26.0	0.38.0
golang.org/x/oauth2	0.18.0	0.27.0
google.golang.org/grpc	1.64.0	1.64.1

Updates cosmossdk.io/math from 1.0.0-rc.0 to 1.4.0

Release notes

Sourced from cosmossdk.io/math's releases.

Cosmovisor v1.3.0

Release Notes

• Fix failure when installing cosmovisor via go install.

Changelog

For more details, please see the CHANGELOG.

Cosmovisor v1.2.0

Release Notes

New Features

With the cosmovisor init command, all the necessary folders for using cosmovisor are automatically created. You do not need to manually symlink the chain binary anymore.

We've added a new configuration option: DAEMON_RESTART_DELAY (as env variable). When set, Cosmovisor will wait that delay between the node halt and backup. See the README file for more details.

Bug Fixes

• Fix Cosmovisor binary usage for pre-upgrade. Cosmovisor was using the wrong binary when running a pre-upgrade command.

Changelog

For more details, please see the CHANGELOG.

collections/v1.2.0

Improvements

• #24081 Remove cosmossdk.io/core dependency.

schema/v1.1.0

Breaking Changes

cosmossdk.io/schema was previously tagged as v1.0.0, but several stubs were included in this release which were unimplemented. v1.1.0 removes any unimplemented stubs and retracts v1.0.0 so that the schema v1 API is actually reflective of the codebase.

Commits

• 6b4557d chore: prepare log v1.4.0 (#21197)
• 5a08833 build(deps): Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#21189)
• 655b303 build(deps): Bump github.com/spf13/cast from 1.6.0 to 1.7.0 (#21190)
• cc25f59 ci: add compat check 052 x main (#21174)
• 5b7d8b6 test(stf/mock): Unmarshal with knowing the message type (#21178)
• 641f964 ci: attempt to fix goreleaser (#21194)
• a0fdab2 test(server/v2): Update testdata prune options (#21192)
• 4b4ec47 build(deps): Bump bufbuild/buf-setup-action from 1.35.1 to 1.36.0 (#21191)
• feb0e07 feat: [ADR-071] Cryptography v2 (#18824)
• 111a999 docs: rename v2 to di (#21181)
• Additional commits viewable in compare view

Updates github.com/cosmos/ibc-go/v7 from 7.0.0-rc0 to 7.10.0

Release notes

Sourced from github.com/cosmos/ibc-go/v7's releases.

v7.10.0

This release contains a fix for ISA-2025-001.

This version addresses a security vulnerability in IBC-go's deserialisation of acknowledgements and we strongly encourage everyone in the affected versions to update their chain immediately. This patch is not state-breaking, so chains can upgrade in a rolling manner. This does not have to be a co-ordinated upgrade. However, validators should upgrade as soon as possible when the release is made available. If the vulnerability is exploited before 2/3 is patched, the chain will halt.

Full Changelog: cosmos/ibc-go@v7.9.2...v7.10.0

---

To learn more about ibc-go versioning, please read our RELEASES.md.

IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.50.9 and ibc-go v8.5.1, please follow:

1. The migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x.
2. The migration from ibc-go v1 to v2.
3. The migration from ibc-go v2 to v3.
4. The migration from ibc-go v3 to v4.
5. The migration from ibc-go v4 to v5.
6. The migration from ibc-go v5 to v6.
7. The migration from ibc-go v6 to v7.
8. The migration from ibc-go v7 to v7.1.
9. The migration from ibc-go v7.2 to v7.3.

v7.9.2

This release contains a fix to ASA-2025-004

It is recommended to upgrade to this version as soon as possible.

Full Changelog: cosmos/ibc-go@v7.8.0...v7.9.2

---

To learn more about ibc-go versioning, please read our RELEASES.md.

IMPORTANT: Please read the migration guides for any versions of ibc-go that you might be going through when upgrading to this version. For example: if you upgrade from the IBC module contained in the Cosmos SDK 0.42.0 to SDK v0.50.9 and ibc-go v8.5.1, please follow:

1. The migration from SDK 0.41.x or 0.42.x to the IBC module in the ibc-go repository based on the SDK v0.44.x.
2. The migration from ibc-go v1 to v2.
3. The migration from ibc-go v2 to v3.
4. The migration from ibc-go v3 to v4.
5. The migration from ibc-go v4 to v5.
6. The migration from ibc-go v5 to v6.
7. The migration from ibc-go v6 to v7.
8. The migration from ibc-go v7 to v7.1.
9. The migration from ibc-go v7.2 to v7.3.

v7.8.0

We present here a summary of the most relevant changes, please see the v7.8.0 changelog for more details. Please note that this release, as indicated in our release versioning policy, is state machine breaking and requires a coordinated upgrade.

core/03-connection

... (truncated)

Changelog

Sourced from github.com/cosmos/ibc-go/v7's changelog.

v7.10.0 - 2025-03-12

• ISA-2025-001 Fix ISA-2025-001

v7.9.1 - 2025-02-27

• ASA-2025-004 Fix ASA-2025-004

Bug Fixes

v7.8.0 - 2024-08-30

State Machine Breaking

• (core/03-connection) #7128 Remove verification of self client and consensus state from connection handshake.

v7.7.0 - 2024-07-29

Dependencies

• #6943 Update Cosmos SDK to v0.47.13.

Features

• (apps/transfer) #6877 Added the possibility to transfer the entire user balance of a particular denomination by using UnboundedSpendLimit as the token amount.

v7.6.0 - 2024-06-20

State Machine Breaking

• (apps/transfer, apps/27-interchain-accounts, app/29-fee) #4992 Set validation for length of string fields.

v7.5.1 - 2024-05-22

Improvements

• (core/ante) #6302 Performance: Skip app callbacks during RecvPacket execution in checkTx within the redundant relay ante handler.
• (core/ante) #6280 Performance: Skip redundant proof checking in RecvPacket execution in reCheckTx within the redundant relay ante handler.
• (core/ante) #6306 Performance: Skip misbehaviour checks in UpdateClient flow and skip signature checks in reCheckTx mode.

v7.5.0 - 2024-05-14

Dependencies

• #6254 Update Cosmos SDK to v0.47.11 and CometBFT to v0.37.5.

State Machine Breaking

• (light-clients/07-tendermint) #6276 Fix: No-op to avoid panicking on UpdateState for invalid misbehaviour submissions.

... (truncated)

Commits

• 4632144 chore: update changelog and retract v7.9.2
• a5b5b92 Merge commit from fork
• f45181b chore: retract 7.9.1
• 9869b3c fix: backport remarshal (#8066)
• 37ab926 Merge branch 'gjermund/redact-v7.0-to-v7.8' into release/v7.9.x
• cc6fe55 Merge commit from fork
• 27bebf3 chore: update changelog and redact
• ff0a82e Update CHANGELOG.md
• de02723 bump goreleaser action
• a5dde80 Update CHANGELOG.md
• Additional commits viewable in compare view

Updates github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0

Commits

• 48ba0b7 Merge pull request #32 from dvsekhvalnov/issue-31-security-tuning
• 05eb007 docs
• e0264a2 added helper matchers: Alg and Eng
• 0f6c7c3 MatchAlg helper
• cf0a53b docs
• 2995762 docs
• 9a18aff docs
• 675bb14 docs
• 8e9e0d1 updated p2c limits with new OWASP numbers, docs
• ed5dd96 Unit tests for custom 'p2c' headers min/max limits
• Additional commits viewable in compare view

Updates github.com/golang/glog from 1.2.0 to 1.2.4

Release notes

Sourced from github.com/golang/glog's releases.

v1.2.4

What's Changed

• Fail if log file already exists by @​chressie in golang/glog#74:
  • glog: Don't try to create/rotate a given syncBuffer twice in the same second
  • glog: introduce createInDir function as in internal version
  • glog: have createInDir fail if the file already exists

Full Changelog: golang/glog@v1.2.3...v1.2.4

v1.2.3

What's Changed

• glog: check that stderr is valid before using it by default by @​chressie in golang/glog#72
• glog: fix typo by @​chressie in golang/glog#73

Full Changelog: golang/glog@v1.2.2...v1.2.3

v1.2.2

What's Changed

• glog: avoid calling user.Current() on windows by @​bentekkie in golang/glog#69

Full Changelog: golang/glog@v1.2.1...v1.2.2

v1.2.1

What's Changed

• glog: don't hold mutex when sync'ing by @​chressie in golang/glog#68

Full Changelog: golang/glog@v1.2.0...v1.2.1

Commits

• a0e3c40 glog: have createInDir fail if the file already exists
• 7139da2 glog: introduce createInDir function as in internal version
• dd58629 glog: Don't try to create/rotate a given syncBuffer twice in the same second
• 04dbec0 glog: fix typo (#73)
• 459cf3b glog: check that stderr is valid before using it by default (#72)
• 9730314 glog: avoid calling user.Current() on windows (#69)
• 861d094 glog: don't hold mutex when sync'ing (#68)
• See full diff in compare view

Updates github.com/hashicorp/go-getter from 1.7.0 to 1.7.5

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.5

What's Changed

• Prevent Git Config Alteration on Git Update by @​dduzgun-security in hashicorp/go-getter#497

New Contributors

• @​dduzgun-security made their first contribution in hashicorp/go-getter#497

Full Changelog: hashicorp/go-getter@v1.7.4...v1.7.5

v1.7.4

What's Changed

• Escape user-provided strings in git commands hashicorp/go-getter#483
• Fixed a bug in .netrc handling if the file does not exist hashicorp/go-getter#433

Full Changelog: hashicorp/go-getter@v1.7.3...v1.7.4

v1.7.3

What's Changed

• SEC-090: Automated trusted workflow pinning (2023-04-21) by @​hashicorp-tsccr in hashicorp/go-getter#432
• SEC-090: Automated trusted workflow pinning (2023-09-11) by @​hashicorp-tsccr in hashicorp/go-getter#454
• SEC-090: Automated trusted workflow pinning (2023-09-18) by @​hashicorp-tsccr in hashicorp/go-getter#458
• don't change GIT_SSH_COMMAND when there is no sshKeyFile by @​jbardin in hashicorp/go-getter#459

New Contributors

• @​hashicorp-tsccr made their first contribution in hashicorp/go-getter#432

Full Changelog: hashicorp/go-getter@v1.7.2...v1.7.3

v1.7.2

What's Changed

• Don't override GIT_SSH_COMMAND when not needed by @​nl-brett-stime hashicorp/go-getter#300

Full Changelog: hashicorp/go-getter@v1.7.1...v1.7.2

v1.7.1

No release notes provided.

Commits

• 5a63fd9 Merge pull request #497 from hashicorp/fix-git-update
• 5b7ec5f fetch tags on update and fix tests
• 9906874 recreate git config during update to prevent config alteration
• 268c11c escape user provide string to git (#483)
• 975961f Merge pull request #433 from adrian-bl/netrc-fix
• 0298a22 Merge pull request #459 from hashicorp/jbardin/setup-git-env
• c70d9c9 don't change GIT_SSH_COMMAND if there's no keyfile
• 3d5770f Merge pull request #458 from hashicorp/tsccr-auto-pinning/trusted/2023-09-18
• 0688979 Result of tsccr-helper -log-level=info -pin-all-workflows .
• e66f244 Merge pull request #454 from hashicorp/tsccr-auto-pinning/trusted/2023-09-11
• Additional commits viewable in compare view

Updates github.com/ulikunitz/xz from 0.5.11 to 0.5.14

Commits

• 7184815 Preparation of release v0.5.14
• 88ddf1d Address Security Issue GHSA-jc7w-c686-c4v9
• c8314b8 Add new package xio with WriteCloserStack
• 4f11dce Update README.md and SECURITY.md to address security questions
• f56ebbf TODO.md: fix a typo
• See full diff in compare view

Updates golang.org/x/crypto from 0.24.0 to 0.35.0

Commits

• 7292932 ssh: limit the size of the internal packet queue while waiting for KEX
• f66f74b acme/autocert: check host policy before probing the cache
• b0784b7 x509roots/fallback: drop obsolete build constraint
• 911360c all: bump golang.org/x/crypto dependencies of asm generators
• 89ff08d all: upgrade go directive to at least 1.23.0 [generated]
• e47973b all: update certs for go1.24
• 9290511 go.mod: update golang.org/x dependencies
• fa5273e x509roots/fallback: update bundle
• a8ea4be ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface
• 71d3a4c acme: support challenges that require the ACME client to send a non-empty JSO...
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.26.0 to 0.38.0

Commits

• e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
• ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
• 1f1fa29 publicsuffix: regenerate table
• 1215081 http2: improve error when server sends HTTP/1
• 312450e html: ensure <search> tag closes <p> and update tests
• 09731f9 http2: improve handling of lost PING in Server
• 55989e2 http2/h2c: use ResponseController for hijacking connections
• 2914f46 websocket: re-recommend gorilla/websocket
• 99b3ae0 go.mod: update golang.org/x dependencies
• 85d1d54 go.mod: update golang.org/x dependencies
• Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.18.0 to 0.27.0

Commits

• 681b4d8 jws: split token into fixed number of parts
• 3f78298 all: upgrade go directive to at least 1.23.0 [generated]
• 109dabf endpoints: add links/provider for Discord
• ac571fa oauth2: fix docs for Config.DeviceAuth
• 314ee5b endpoints: add patreon endpoint
• b9c813b google: add warning about externally-provided credentials
• 49a531d all: make method and struct comments match the names
• 22134a4 README: don't recommend go get
• 3e64809 x/oauth2: add Token.ExpiresIn
• 16a9973 jwt: rename example to avoid vet error
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.64.0 to 1.64.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.64.1

Dependencies

• Update x/net/http2 to address CVE-2023-45288 (#7352)
• metadata: remove String method from MD to make printing consistent (#7374)

Commits

• 4d833de Change version to 1.64.1 (#7381)
• e9193a4 *: update deps (#7375)
• ab29241 metadata: remove String method (#7374)
• 355b9a5 Change version to 1.64.1-dev (#7219)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.