Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.1.0 to 0.2.0.
<details>
<summary>Commits</summary>
<ul>
<li><a href="183a9b70cc"><code>183a9b7</code></a> go.mod: update golang.org/x dependencies</li>
<li><a href="334521b960"><code>334521b</code></a> ssh: fix typo</li>
<li><a href="a3485e1740"><code>a3485e1</code></a> all: use math/bits.RotateLeft</li>
<li>See full diff in <a href="https://github.com/golang/crypto/compare/v0.1.0...v0.2.0">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
The current text gives margin to committing changes to the app state during EndBlock, but it should only happen during Commit.
Also, PrepareProposal is not allowed to modify transactions, but only the transaction set.
Bumps [github.com/gofrs/uuid](https://github.com/gofrs/uuid) from 4.3.0+incompatible to 4.3.1+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/gofrs/uuid/releases">github.com/gofrs/uuid's releases</a>.</em></p>
<blockquote>
<h2>v4.3.1</h2>
<ul>
<li>Update UUIDv7 to use unix millisecond calculation that is friendly to legacy go versions by <a href="https://github.com/convto"><code>@convto</code></a>
Full Changelog: v4.3.0...v4.3.1</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="e1079f31cf"><code>e1079f3</code></a> Use legacy go versions compatible unix millisecond calculation (<a href="https://github-redirect.dependabot.com/gofrs/uuid/issues/104">#104</a>)</li>
<li>See full diff in <a href="https://github.com/gofrs/uuid/compare/v4.3.0...v4.3.1">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
* Set cache control in the HTTP-RPC response header
* Add a simply cache policy to the RPC routes
* add a condition to check the RPC request has default height settings
* fix cherry pick error
* update pending log
* use options struct intead of single parameter
* refacor FuncOptions to functional options
* add functional options in WebSocket RPC function
* revert doc
* replace deprecated function call
* revise functional options
* remove unuse comment
* fix revised error
* adjust cache-control settings
* Update rpc/jsonrpc/server/http_json_handler.go
Co-authored-by: Thane Thomson <connect@thanethomson.com>
* linter: Fix false positive
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* rpc: Separate cacheable and non-cacheable HTTP response writers
Allows us to roll this change out in a non-API-breaking way, since this
is an additive change.
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* rpc: Ensure consistent caching strategy
Ensure a consistent caching strategy across both JSONRPC- and URI-based
requests.
This requires a bit of a refactor of the previous caching logic, which
is complicated a little by the complex reflection-based approach taken
in the Tendermint RPC.
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* rpc: Add more tests for caching
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* Update CHANGELOG_PENDING
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* light: Sync routes config with RPC core
Signed-off-by: Thane Thomson <connect@thanethomson.com>
* rpc: Update OpenAPI docs
Signed-off-by: Thane Thomson <connect@thanethomson.com>
Signed-off-by: Thane Thomson <connect@thanethomson.com>
Co-authored-by: jayt106 <jaytseng106@gmail.com>
Co-authored-by: jay tseng <jay.tseng@crypto.com>
Co-authored-by: JayT106 <JayT106@users.noreply.github.com>
Bumps [github.com/vektra/mockery/v2](https://github.com/vektra/mockery) from 2.14.0 to 2.14.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/vektra/mockery/releases">github.com/vektra/mockery/v2's releases</a>.</em></p>
<blockquote>
<h2>v2.14.1</h2>
<h2>Changelog</h2>
<ul>
<li>1361e94 Merge pull request <a href="https://github-redirect.dependabot.com/vektra/mockery/issues/493">#493</a> from CorentinClabaut/doc</li>
<li>546b334 Merge pull request <a href="https://github-redirect.dependabot.com/vektra/mockery/issues/496">#496</a> from ccoVeille/typos</li>
<li>94c17ff Merge pull request <a href="https://github-redirect.dependabot.com/vektra/mockery/issues/511">#511</a> from acln0/respect-dumb-terminal</li>
<li>178902b PR update</li>
<li>464ea71 Slightly improve documentation</li>
<li>c60fce5 cmd: respect TERM=dumb by not using colors</li>
<li>4ca0450 fix typos and style in documentation, test and error reporting</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="94c17ff51f"><code>94c17ff</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/vektra/mockery/issues/511">#511</a> from acln0/respect-dumb-terminal</li>
<li><a href="c60fce57fa"><code>c60fce5</code></a> cmd: respect TERM=dumb by not using colors</li>
<li><a href="546b33489d"><code>546b334</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/vektra/mockery/issues/496">#496</a> from ccoVeille/typos</li>
<li><a href="4ca0450f9b"><code>4ca0450</code></a> fix typos and style in documentation, test and error reporting</li>
<li><a href="1361e94bd2"><code>1361e94</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/vektra/mockery/issues/493">#493</a> from CorentinClabaut/doc</li>
<li><a href="178902b330"><code>178902b</code></a> PR update</li>
<li><a href="464ea71ef6"><code>464ea71</code></a> Slightly improve documentation</li>
<li>See full diff in <a href="https://github.com/vektra/mockery/compare/v2.14.0...v2.14.1">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Fixes a very silly linter complaint that makes absolutely no sense and is blocking the merging of several PRs.
---
#### PR checklist
- [x] Tests written/updated, or no tests needed
- [x] `CHANGELOG_PENDING.md` updated, or no changelog entry needed
- [x] Updated relevant documentation (`docs/`) and code comments, or no
documentation updates needed
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.0 to 1.6.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/spf13/cobra/releases">github.com/spf13/cobra's releases</a>.</em></p>
<blockquote>
<h2>v1.6.1</h2>
<h3>Bug fixes 🐛</h3>
<ul>
<li>Fixes a panic when <code>AddGroup</code> isn't called before <code>AddCommand(my-sub-command)</code> is executed. This can happen within more complex cobra file structures that have many different <code>init</code>s to be executed. Now, the check for groups has been moved to <code>ExecuteC</code> and provides more flexibility when working with grouped commands - <a href="https://github.com/marckhouzam"><code>@marckhouzam</code></a> (and shout out to <a href="https://github.com/aawsome"><code>@aawsome</code></a>, <a href="https://github.com/andig"><code>@andig</code></a> and <a href="https://github.com/KINGSABRI"><code>@KINGSABRI</code></a> for a deep investigation into this! 👏🏼)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="b43be995eb"><code>b43be99</code></a> Check for group presence after full initialization (<a href="https://github-redirect.dependabot.com/spf13/cobra/issues/1839">#1839</a>) (<a href="https://github-redirect.dependabot.com/spf13/cobra/issues/1841">#1841</a>)</li>
<li>See full diff in <a href="https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Bumps [github.com/btcsuite/btcd/btcec/v2](https://github.com/btcsuite/btcd) from 2.2.1 to 2.3.0.
<details>
<summary>Commits</summary>
<ul>
<li><a href="2cc19083f2"><code>2cc1908</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/btcsuite/btcd/issues/1894">#1894</a> from Roasbeef/musig2-1-0</li>
<li><a href="eef9fbc5c9"><code>eef9fbc</code></a> btcec/schnorr/musig2: always pass in priv key for early nonce gen</li>
<li><a href="323871ff16"><code>323871f</code></a> btcec/musig2: remove old canned test vector code</li>
<li><a href="5d895bbea5"><code>5d895bb</code></a> btcec/schnorr/musig2: add sig combine test vectors</li>
<li><a href="ca28a98425"><code>ca28a98</code></a> btcec/schnorr/musig2: add sig verify+sign test vectors</li>
<li><a href="cc12483f0a"><code>cc12483</code></a> btcec/schnorr/musig2: add key tweak sign test vectors</li>
<li><a href="4e55273815"><code>4e55273</code></a> btcec/schnorr/musig2: update key agg test vectors to musig2 1.0.0</li>
<li><a href="3d9f4484df"><code>3d9f448</code></a> btcec/schnorr/musig: update nonce test vectors to musig2 1.0.0</li>
<li><a href="1567f20055"><code>1567f20</code></a> btcec/schnorr/musig2: update to musig 1.0.0</li>
<li><a href="a34e777916"><code>a34e777</code></a> btcec/schnorr/musig2: update musig2 impl to version 0.7.0</li>
<li>Additional commits viewable in <a href="https://github.com/btcsuite/btcd/compare/btcec/v2.2.1...btcec/v2.3.0">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
At present we allow automated dependency updates on release branches via Dependabot. This seems fine for `main`, but is risky for release branches.
This PR enables _daily_ checks for security-related dependency updates on release branches, but only performs automated non-security-related updates for `main` (weekly).
---
#### PR checklist
- [x] Tests written/updated, or no tests needed
- [x] `CHANGELOG_PENDING.md` updated, or no changelog entry needed
- [x] Updated relevant documentation (`docs/`) and code comments, or no
documentation updates needed
