build(deps): bump github.com/cosmos/cosmos-sdk from 0.39.2 to 0.42.0

[dependabot[bot]]

Bumps github.com/cosmos/cosmos-sdk from 0.39.2 to 0.42.0.

Release notes

Sourced from github.com/cosmos/cosmos-sdk's releases.

v0.42.0

Cosmos SDK v0.42.0 "Stargate" Release Notes

This release includes an important security fix for all non Cosmos Hub chains (e.g. any chain that does not use the default cosmos bech32 prefix), and a few performance improvements.

See the Cosmos SDK v0.42.0 milestone on our issue tracker for further details.

Security fix: validator address conversion in evidence handling

The security fix resolves the issue regarding incorrect handling of validators' consensus addresses. Because of this incorrect handling, Cosmos SDK apps that were not using the default cosmos Bech32 address prefix were not able to jail validators that committed misbehaviors such as double signing.

Although the issue does not affect the Cosmos Hub, this issue potentially renders the v0.41 and v0.40 release series unsafe for most chains.

Full header is emitted on IBC UpdateClient message event

The event emitted by the IBC UpdateClient message now contains the full header. This change makes header tracking easier and improves the handling of misbehaviors.

v0.42.0-alpha1

Pre-release of v0.42.0, which includes the introduction of:

• x/authz
• x/fee_grant
• ADR028 support for a more extensible address format

More details can be found in the github milestone here.

v0.41.4

Cosmos SDK v0.41.4 "Stargate" Release Notes

This release includes the addition of the multisign-batch command, minor bug fixes, and performance improvements.

See the Cosmos SDK v0.41.4 milestone on our issue tracker for details.

multisign-batch command

Multisign-batch command was added and it allows generating multiple multisig transactions by merging batches of signatures.

Query tx with multisig addresses

Now the rest endpoint allows to query transactions with multisig addresses.

Improvements

Major performance improvements in store and balance which will speed up genesis verification and initialization.

Genesis now allows 0 coin account balances. This means that genesis initialization will not fail if an address with no balance will be included.

Bugfixes

The keys migration command (i.e. keys migrate) is now functional for offline, multisign, and ledger keys.

... (truncated)

Changelog

Sourced from github.com/cosmos/cosmos-sdk's changelog.

Changelog

[Unreleased]

Features

• #8559 Added Protobuf compatible secp256r1 ECDSA signatures.
• #8786 Enabled secp256r1 in x/auth.

Client Breaking Changes

• #8363 Addresses no longer have a fixed 20-byte length. From the SDK modules' point of view, any 1-255 bytes-long byte array is a valid address.
• #8346 All CLI tx commands generate ServiceMsgs by default. Graceful Amino support has been added to ServiceMsgs to support signing legacy Msgs.
• (crypto/ed25519) [#8690] Adopt zip1215 ed2559 verification rules.

API Breaking Changes

... (truncated)

Commits

• f999b1f update release date
• 69cf20f x/gov: fix NormalizeProposalType() return values (bp #8808) (#8816)
• a8ace5a finalize changelog and release notes (#8804)
• 3bbda14 Re-introduce "Emit header in MsgUpdateClient events (bp #8624) (#8770)""
• b9d0418 perf change (#8796) (#8797)
• c9f15de logging (#8785) (#8791)
• 37946fb Revert "Emit header in MsgUpdateClient events (bp #8624) (#8770)"
• 5bdac50 Emit header in MsgUpdateClient events (bp #8624) (#8770)
• c70a3a3 v0.42.0-rc0 Release (#8778)
• 3aaf1bc update: release notes for v0.41.4 (#8748)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #840.