Bump github.com/tendermint/tendermint from 0.34.3 to 0.34.11

[dependabot]

Bumps github.com/tendermint/tendermint from 0.34.3 to 0.34.11.

Release notes

Sourced from github.com/tendermint/tendermint's releases.

0.34.11 (WARNING: BETA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.34.11/CHANGELOG.md#v0.34.11

0.34.10 (WARNING: BETA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.34.10/CHANGELOG.md#v0.34.10

0.34.9 (WARNING: BETA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.34.9/CHANGELOG.md#v0.34.9

0.34.8 (WARNING: BETA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.34.8/CHANGELOG.md#v0.34.8

0.34.7 (WARNING: BETA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.34.7/CHANGELOG.md#v0.34.7

0.34.4 (WARNING: BETA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.34.4/CHANGELOG.md#v0.34.4

Changelog

Sourced from github.com/tendermint/tendermint's changelog.

v0.34.11

June 18, 2021

This release improves the robustness of statesync; tweaking channel priorities and timeouts and adding two new parameters to the state sync config.

Friendly reminder, we have a bug bounty program.

BREAKING CHANGES

• Apps
  • [Version] #6494 TMCoreSemVer is not required to be set as a ldflag any longer.

IMPROVEMENTS

• [statesync] #6566 Allow state sync fetchers and request timeout to be configurable. (@​alexanderbez)
• [statesync] #6378 Retry requests for snapshots and add a minimum discovery time (5s) for new snapshots. (@​tychoish)
• [statesync] #6582 Increase chunk priority and add multiple retry chunk requests (@​cmwaters)

BUG FIXES

• [evidence] #6375 Fix bug with inconsistent LightClientAttackEvidence hashing (@​cmwaters)

v0.34.10

April 14, 2021

This release fixes a bug where peers would sometimes try to send messages on incorrect channels. Special thanks to our friends at Oasis Labs for surfacing this issue!

Friendly reminder: We have a bug bounty program.

• [p2p/node] #6339 Fix bug with using custom channels (@​cmwaters)
• [light] #6346 Correctly handle too high errors to improve client robustness (@​cmwaters)

v0.34.9

April 8, 2021

This release fixes a moderate severity security issue, Security Advisory Alderfly, which impacts all networks that rely on Tendermint light clients. Further details will be released once networks have upgraded.

This release also includes a small Go API-breaking change, to reduce panics in the RPC layer.

Special thanks to our external contributors on this release: @​gchaincl

Friendly reminder: We have a bug bounty program.

... (truncated)

Commits

• c2908ef release: prepare changelog for v0.34.11 (#6597)
• d515bbc statesync: increase chunk priority and robustness (#6582)
• be8c983 state sync: tune request timeout and chunkers (backport #6566) (#6581)
• 358b1f2 p2p/conn: check for channel id overflow before processing receive msg (backpo...
• c376b44 Backport: #6494 (#6506)
• 8dd8a4e libs/os: avoid CopyFile truncating destination before checking if regular fil...
• 353e3a3 evidence: fix bug with hashes (backport #6375) (#6381)
• a9b4fac .github: make core team codeowners (#6384)
• 1614e12 statesync: improve e2e test outcomes (backport #6378) (#6380)
• 68eceda changelog: update for 0.34.10 (#6357)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The following labels could not be found: T:dependencies.

[codecov-commenter]

Codecov Report

Merging #96 (ea4da60) into master (3d497c3) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master      #96   +/-   ##
=======================================
  Coverage   52.26%   52.26%           
=======================================
  Files          16       16           
  Lines        1460     1460           
=======================================
  Hits          763      763           
  Misses        598      598           
  Partials       99       99