chore(deps): bump github.com/cometbft/cometbft from 0.38.13 to 0.38.15

[dependabot]

Bumps github.com/cometbft/cometbft from 0.38.13 to 0.38.15.

Release notes

Sourced from github.com/cometbft/cometbft's releases.

v0.38.14

See the CHANGELOG for this release.

Changelog

Sourced from github.com/cometbft/cometbft's changelog.

v0.38.14

November 6, 2024

This release fixes a security vulnerability in the vote extensions (VE) validation logic. For more details, please refer to ASA-2024-011.

We recommend upgrading ASAP if you’re using vote extensions (VE).

BUG FIXES

• [consensus] Do not panic if the validator index of a Vote message is out of bounds, when vote extensions are enabled (#ABC-0021)

DEPENDENCIES

• Bump cometbft-db version to v0.15.0 (#4297)
• [go/runtime] Bump Go version to 1.23 (#4297)

IMPROVEMENTS

• [p2p] fix exponential backoff logic to increase reconnect retries close to 24 hours (#3519)

Commits

• ce0949e build: v0.38.14 (#4437)
• 3a023da Merge commit from fork
• deef97f fix(p2p): adjust backoff seconds to increase reconnect retries close to 24 ho...
• 28a308f chore: use the latest cometbft-db in v0.38.x (#4297)
• c71de55 build(deps): Bump bufbuild/buf-setup-action from 1.45.0 to 1.46.0 (#4414)
• ab9cc83 build(deps): Bump golang.org/x/net from 0.29.0 to 0.30.0 (#4384)
• b2866fa build(deps): Bump github.com/prometheus/common from 0.59.1 to 0.60.1 (#4382)
• 899095f build(deps): Bump github.com/decred/dcrd/dcrec/secp256k1/v4 from 4.0.1 to 4.3...
• 7275ed2 build(deps): Bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (#4380)
• 5226a8d build(deps): Bump golang.org/x/crypto from 0.27.0 to 0.28.0 (#4379)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The following labels could not be found: A:automerge.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 57.37%. Comparing base (71df974) to head (6afcbc4).
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #811      +/-   ##
==========================================
+ Coverage   57.36%   57.37%   +0.01%     
==========================================
  Files         214      214              
  Lines       14825    14825              
==========================================
+ Hits         8504     8506       +2     
+ Misses       5707     5705       -2     
  Partials      614      614              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.