Have looked into this - all are transitive dependencies from drand/drand. Curiously, tlock pulls in the whole of drand rather than just the client, and running go get github.com/drand/drand/client seems to do this.
Updating the downstream dependency on quic-go requires an update to a libp2p lib, which I've raised a PR for here
actually quic-go has already been upgraded in newer versions of drand. I've raised a PR to update tlock-go deps here: https://github.com/drand/tlock/pull/58
Have looked into this - all are transitive dependencies from
drand/drand
. Curiously, tlock pulls in the whole of drand rather than just the client, and runninggo get github.com/drand/drand/client
seems to do this. Updating the downstream dependency onquic-go
requires an update to a libp2p lib, which I've raised a PR for here