Bump the go_modules group across 1 directory with 6 updates

[dependabot]

Bumps the go_modules group with 4 updates in the / directory: github.com/ethereum/go-ethereum, golang.org/x/net, google.golang.org/grpc and github.com/dvsekhvalnov/jose2go.

Updates github.com/ethereum/go-ethereum from 1.10.26 to 1.13.5

Release notes

Sourced from github.com/ethereum/go-ethereum's releases.

Carbonaceous (v1.13.5)

Geth v1.13.5 is a scheduled maintenance release fixing a potential data corruption in path scheme which could occur due to a power failure (i.e. entire OS / machine crash).

• Extend ethclient and the simulated backend to allow eth_call against specific block hashes (#28084).
• Downgrade annoying stale transaction propagation logs from warning to debug (#28364).
• Switch to the new KZG trusted setup parameters (#28383).
• Return an error on GraphQL if querying invalid block ranges (#28393, #28412).
• Start publishing Apple Silicon pre-built binaries (#28474, #28475).

And bugfixes:

• Fix a number of corner-cases in path scheme state management (#28198, #28426, #28483).
• Fix an issue when allocating excessively large Pebble caches (#28444).
• Fix a potential snap sync issue with the path based storage (#28327).
• Fix ethclient to properly forwarding explicit 1559 gas caps (#28462).
• Fix gas estimation for 0 priced txs accessing the basefee (#28470).
• Fix an issue where resubscribing to events would hang (#28359).
• Fix ethstats transaction count report regressiob (#28398).
• Fix negative number encoding in ethclient/rpc (#28358).
• Fix GraphQL content type in the response (#28417).

For a full rundown of the changes please consult the Geth 1.13.5 release milestone.

---

As with all our previous releases, you can find the:

• Pre-built binaries for all platforms on our downloads page.
• Docker images published under ethereum/client-go.
• Ubuntu packages in our Launchpad PPA repository.
• OSX packages in our Homebrew Tap repository.

Archanes (v1.13.4)

Geth v1.13.4 is a non-urgent hotfix release. The previous version of Geth (v1.13.3) introduced a warning log for bad transaction announcements, and on mainnet it generated too much logging noise due to a protocol violation in Erigon. To prevent overwhelming logging systems, Geth v1.13.4 lower the log to a more reasonable level until the bug in Erigon is fixed #28356.

Apart from the above reason, the release contains:

• Fix a snap sync corner-case that could cause a hang by a maliciously constructed contract storage (#28306).
• Update various dependencies to unstick versions of Go libs (#28329, #28333, #28334, #28332, #28336).
• Enable Pebble database support on 32bit platforms and on OpenBSD too (#28335).
• Fix returning the correct code hash for eth_getProof with empty storage (#28357).
• Simplify trie range prover for some upcoming snap sync optimisations (#28311).
• Fix a timeout mechanism in the transaction fetcher (#28220).

For a full rundown of the changes please consult the Geth 1.13.4 release milestone.

---

As with all our previous releases, you can find the:

... (truncated)

Commits

• 916d6a4 params: release Geth v1.15.5
• f265cc2 cmd/geth: remove some whitespace in code and comments (#28148)
• 49b2c5f build: upgrade -dlgo version to Go 1.21.4 (#28505)
• ce5a480 ethclient: add empty/nonexist account testcase for eth_getProof RPC (#28482)
• 2f4833b cmd/evm: allow state dump regardless if test passes in statetest (#28484)
• 326fa00 core/rawdb: fsync the index file after each freezer write (#28483)
• e38b9f1 eth/filters: exit early if topics-filter has more than 4 topics (#28494)
• f7dde2a ethdb/pebble: add Errorf function to panicLogger (#28491)
• b77a9b1 cmd/geth: more testcases for logging (#28501)
• 7ea860d graphql: type of yParity from Long to BigInt (#28456)
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.19.0 to 0.23.0

Commits

• c48da13 http2: fix TestServerContinuationFlood flakes
• 762b58d http2: fix tipos in comment
• ba87210 http2: close connections when receiving too many headers
• ebc8168 all: fix some typos
• 3678185 http2: make TestCanonicalHeaderCacheGrowth faster
• 448c44f http2: remove clientTester
• c7877ac http2: convert the remaining clientTester tests to testClientConn
• d8870b0 http2: use synthetic time in TestIdleConnTimeout
• d73acff http2: only set up deadline when Server.IdleTimeout is positive
• 89f602b http2: validate client/outgoing trailers
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.60.1 to 1.63.2

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.63.2

Bugs

• Fix the user agent string

Release 1.63.1

Bugs

• grpc: fixed subchannel log messages to properly reference the parent channel (#7101)
  • Special thanks: @​daniel-weisse

API Changes

• grpc: remove Deprecated tag from Dial and DialContext; these will be deprecated in v1.64 instead (#7103)

Release 1.63.0

Behavior Changes

• grpc: Return canonical target string from resolver.Address.String() (experimental) (#6923)
• client & server: when using write buffer pooling, use input value for buffer size instead of size*2 (#6983)
  • Special Thanks: @​raghav-stripe

New Features

• grpc: add ClientConn.CanonicalTarget() to return the canonical target string. (#7006)
• xds: implement LRS named metrics support (gRFC A64) (#7027)
  • Special Thanks: @​danielzhaotongliu
• grpc: introduce grpc.NewClient to allow users to create new clients in idle mode and with "dns" as the default resolver (#7010)
  • Special Thanks: @​bruuuuuuuce

API Changes

• grpc: stabilize experimental method ClientConn.Target() (#7006)

Bug Fixes

• xds: fix an issue that would cause the client to send an empty list of resources for LDS/CDS upon reconnecting with the management server (#7026)
• server: Fix some errors returned by a server when using a grpc.Server as an http.Handler with the Go stdlib HTTP server (#6989)
• resolver/dns: add SetResolvingTimeout to allow configuring the DNS resolver's global timeout (#6917)
  • Special Thanks: @​and1truong
• Set the security level of Windows named pipes to NoSecurity (#6956)
  • Special Thanks: @​irsl

Release 1.62.2

Dependencies

• Update http2 library to address vulnerability CVE-2023-45288

Release 1.62.1

Bug Fixes

• xds: fix a bug that results in no matching virtual host found RPC errors due to a difference between the target and LDS resource names (#6997)
• server: fixed stats handler data InPayload.Length for unary RPC calls (#6766)

... (truncated)

Commits

• d32e66c Change version to 1.63.2 (#7104)
• 92f6dd0 channelz: pass parent pointer instead of parent ID to RegisterSubChannel (#7101)
• 0f6ef0f grpc: un-deprecate Dial and DialContext
• 58dc749 Change version to 1.63.1-dev (#7051)
• c68f456 Change version to 1.63.0 (#7050)
• 6369167 *: update http2 dependency (#7082)
• 8854761 cherry-pick: channelz: fix race accessing channelMap without lock (#7079) (#7...
• e62770d channelz: add LocalAddr to listen sockets and test (#7062) (#7063)
• 4ffccf1 googlec2p: use xdstp style template for client LDS resource name (#7048)
• faf9964 gracefulswitch: add ParseConfig and make UpdateClientConnState call SwitchTo ...
• Additional commits viewable in compare view

Updates github.com/dvsekhvalnov/jose2go from 1.6.0 to 1.7.0

Commits

• 0a0673d Merge pull request #34 from dvsekhvalnov/issue-33-deflate-limit
• c3fff7c docs
• e51b47f docs
• c7dde52 fixing workflow
• a194baa added go versions and OSs to matrix
• f31cfc6 fixing yaml
• 1a4ba55 added matrix to workflow
• d2baff2 go workflow
• b14c81a added limitation for deflate decompression stream
• See full diff in compare view

Updates golang.org/x/crypto from 0.16.0 to 0.21.0

Commits

• 7067223 go.mod: update golang.org/x dependencies
• 0d2316b ssh/test: work around for TestCiphers failures on macOS
• 0aab8d0 all: update go.mod x/net dependency
• 5bead59 ocsp: don't use iota for externally defined constants
• 1a86580 x/crypto/internal/poly1305: improve sum_ppc64le.s
• 1c981e6 ssh/test: don't use DSA keys in integrations tests, update test RSA key
• 62c9f17 x509roots/nss: manually exclude a confusingly constrained root
• 405cb3b go.mod: update golang.org/x dependencies
• 913d3ae x509roots/fallback: update bundle
• dbb6ec1 ssh/test: skip tests on darwin that fail on the darwin-amd64-longtest LUCI bu...
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.32.0 to 1.33.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.