build(deps): bump github.com/tendermint/tendermint from 0.33.9 to 0.34.10

[dependabot[bot]]

Bumps github.com/tendermint/tendermint from 0.33.9 to 0.34.10.

Release notes

Sourced from github.com/tendermint/tendermint's releases.

0.34.10 (WARNING: BETA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.34.10/CHANGELOG.md#v0.34.10

0.34.9 (WARNING: BETA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.34.9/CHANGELOG.md#v0.34.9

0.34.8 (WARNING: BETA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.34.8/CHANGELOG.md#v0.34.8

0.34.7 (WARNING: BETA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.34.7/CHANGELOG.md#v0.34.7

0.34.4 (WARNING: BETA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.34.4/CHANGELOG.md#v0.34.4

0.34.3 (WARNING: BETA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.34.3/CHANGELOG.md#v0.34.3

0.34.2 (WARNING: BETA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.34.2/CHANGELOG.md#v0.34.2

0.34.1 (WARNING: BETA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.34.1/CHANGELOG.md#v0.34.1

0.34.0 (WARNING: BETA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.34.0/CHANGELOG.md#v0.34.0

Changelog

Sourced from github.com/tendermint/tendermint's changelog.

v0.34.10

April 14, 2021

This release fixes a bug where peers would sometimes try to send messages on incorrect channels. Special thanks to our friends at Oasis Labs for surfacing this issue!

Friendly reminder: We have a bug bounty program.

• [p2p/node] #6339 Fix bug with using custom channels (@​cmwaters)
• [light] #6346 Correctly handle too high errors to improve client robustness (@​cmwaters)

v0.34.9

April 8, 2021

This release fixes a moderate severity security issue, Security Advisory Alderfly, which impacts all networks that rely on Tendermint light clients. Further details will be released once networks have upgraded.

This release also includes a small Go API-breaking change, to reduce panics in the RPC layer.

Special thanks to our external contributors on this release: @​gchaincl

Friendly reminder: We have a bug bounty program.

BREAKING CHANGES

• Go API
  • [rpc/jsonrpc/server] #6204 Modify WriteRPCResponseHTTP(Error) to return an error (@​melekes)

FEATURES

• [rpc] #6226 Index block events and expose a new RPC method, /block_search, to allow querying for blocks by BeginBlock and EndBlock events (@​alexanderbez)

BUG FIXES

• [rpc/jsonrpc/server] #6191 Correctly unmarshal RPCRequest when data is null (@​melekes)
• [p2p] #6289 Fix "unknown channels" bug on CustomReactors (@​gchaincl)
• [light/evidence] Adds logic to handle forward lunatic attacks (@​cmwaters)

v0.34.8

February 25, 2021

This release, in conjunction with a fix in the Cosmos SDK, introduces changes that should mean the logs are much, much quieter. 🎉

Friendly reminder: We have a bug bounty program.

... (truncated)

Commits

• 68eceda changelog: update for 0.34.10 (#6357)
• b878326 e2e: relax timeouts (#6356)
• 693e11c e2e: tx load to use broadcast sync instead of commit (backport #6347) (#6352)
• 6cc3e23 light: handle too high errors correctly (backport #6346) (#6351)
• a9ac635 p2p: fix using custom channels (#6339)
• bd968ab build(deps): Bump google.golang.org/grpc from 1.36.1 to 1.37.0 (bp #6330) (#6...
• e54fdb6 changelog: prepare changelog for 0.34.9 release (#6333)
• 7869f5e light/evidence: handle FLA backport (#6331)
• af35ca9 state: fix block event indexing reserved key check (#6314) (#6315)
• c9966cd p2p: Fix "Unknown Channel" bug on CustomReactors (#6297)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions[bot]]

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days-before-close if no further activity occurs. Thank you for your contributions.

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.