Bump github.com/tendermint/tendermint from 0.34.1 to 0.34.3

[dependabot]

Bumps github.com/tendermint/tendermint from 0.34.1 to 0.34.3.

Release notes

Sourced from github.com/tendermint/tendermint's releases.

0.34.3 (WARNING: BETA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.34.3/CHANGELOG.md#v0.34.3

0.34.2 (WARNING: BETA SOFTWARE)

https://github.com/tendermint/tendermint/blob/v0.34.2/CHANGELOG.md#v0.34.2

Changelog

Sourced from github.com/tendermint/tendermint's changelog.

v0.34.3

January 19, 2021

This release includes a fix for a high-severity security vulnerability. More information on this vulnerability will be released on January 26, 2021 and this changelog will be updated.

It also updates GoGo Protobuf to 1.3.2 in order to pick up the fix for https://nvd.nist.gov/vuln/detail/CVE-2021-3121.

Friendly reminder: We have a bug bounty program.

BUG FIXES

• [evidence] [N/A] Use correct source of evidence time (@cmwaters)
• [proto] #5886 Bump gogoproto to 1.3.2 (@marbar3778)

v0.34.2

January 12, 2021

This release fixes a substantial bug in evidence handling where evidence could sometimes be broadcast before the block containing that evidence was fully committed, resulting in some nodes panicking when trying to verify said evidence.

Friendly reminder, we have a bug bounty program.

BREAKING CHANGES

• Go API
  • [libs/os] #5871 EnsureDir now propagates IO errors and checks the file type (@erikgrinaker)

BUG FIXES

• [evidence] #5890 Add a buffer to evidence from consensus to avoid broadcasting and proposing evidence before the height of such an evidence has finished (@cmwaters)
• [statesync] #5889 Set LastHeightConsensusParamsChanged when bootstrapping Tendermint state (@cmwaters)

Commits

• 6b2ab0f changelog: update for 0.34.3 (#5926)
• a2a6852 use correct source of evidence time
• 7ea4dc5 readme: add security mailing list (#5916)
• d969a5e build(deps): Bump vuepress-theme-cosmos from 1.0.179 to 1.0.180 in /docs (#5915)
• 0def3a9 config: fix mispellings (#5914)
• 54338a5 proto: bump gogoproto (1.3.2) (#5886)
• bf45df0 mod: go mod tidy
• 46fa6e6 .github/codeowners: add alexanderbez (#5913)
• a18e3de build(deps): Bump google.golang.org/grpc from 1.34.0 to 1.35.0 (#5902)
• e8d3559 build(deps): Bump github.com/stretchr/testify from 1.6.1 to 1.7.0 (#5897)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The following labels could not be found: T:dependencies.