chore(deps): bump github.com/cometbft/cometbft from 1.0.0 to 1.0.1

[dependabot]

Bumps github.com/cometbft/cometbft from 1.0.0 to 1.0.1.

Release notes

Sourced from github.com/cometbft/cometbft's releases.

v1.0.1

See the CHANGELOG for this release.

Changelog

Sourced from github.com/cometbft/cometbft's changelog.

v1.0.1

February 3, 2025

This release fixes two security issues (ASA-2025-001, ASA-2025-002). Users are encouraged to upgrade as soon as possible.

BUG FIXES

• [blocksync] Ban peer if it reports height lower than what was previously reported (ASA-2025-001)
• [consensus] Fix overflow in synchrony parameters in linux/amd64 architecture. Cap SynchronyParams.MessageDelay to 24hrs. Cap SynchronyParams.Precision to 30 sec. (#4815)
• [crypto/bls12381] Fix JSON marshal of private key (#4772)
• [crypto/bls12381] Modify Sign, Verify to use dstMinPk (#4783)
• [privval] Re-enable some sanity checks related to vote extensions when signing a vote (#3642)
• [types] Check that Part.Index equals Part.Proof.Index (ASA-2025-001)

DEPENDENCIES

• [go/runtime] Bump minimum Go version to 1.23.5 (#4888)

Commits

• d222995 chore: v1.0.1 release (#4907)
• f943aab Merge commit from fork
• 0ee80cd Merge commit from fork
• 481e464 fix(pbts): hardening tests for overflows in SynchronyParams (backport #4816...
• d4a24c1 chore(deps): bump Go version to 1.23.5 (backport #4888) (#4890)
• 8005556 build(deps): Bump google.golang.org/grpc from 1.69.4 to 1.70.0 (#4885)
• 629b28e build(deps): Bump google.golang.org/protobuf from 1.36.3 to 1.36.4 (#4884)
• e45feab build(deps): Bump docker/build-push-action from 6.12.0 to 6.13.0 (#4879)
• 9f97b87 fix(crypto/bls12381): fix marshaling FilePVKey (backport #4772) (#4870)
• 1fb89c8 fix(crypto/bls12381): modify Sign, Verify (backport #4813) (#4871)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)