build(deps): Bump github.com/cometbft/cometbft from 0.37.2 to 0.37.3

[dependabot]

Bumps github.com/cometbft/cometbft from 0.37.2 to 0.37.3.

Release notes

Sourced from github.com/cometbft/cometbft's releases.

v0.37.3

See the CHANGELOG for this release.

Changelog

Sourced from github.com/cometbft/cometbft's changelog.

v0.37.3

November 17, 2023

This release contains, among other things, an opt-in, experimental feature to help reduce the bandwidth consumption associated with the mempool's transaction gossip.

BREAKING CHANGES

• [p2p] Remove unused UPnP functionality (#1113)

BUG FIXES

• [state/indexer] Respect both height params while querying for events (#1529)

FEATURES

• [node/state] Add Go API to bootstrap block store and state store to a height (#1057) (@​yihuang)
• [metrics] Add metric for mempool size in bytes SizeBytes. (#1512)

IMPROVEMENTS

• [crypto/sr25519] Upgrade to [email protected] (#475)
• [node] Make handshake cancelable (cometbft/cometbft#857)
• [node] Close evidence.db OnStop (cometbft/cometbft#1210: @​chillyvee)
• [mempool] Add experimental feature to limit the number of persistent peers and non-persistent peers to which the node gossip transactions (only for "v0" mempool). (#1558) (#1584)
• [config] Add mempool parameters experimental_max_gossip_connections_to_persistent_peers and experimental_max_gossip_connections_to_non_persistent_peers for limiting the number of peers to which the node gossip transactions. (#1558) (#1584)

Commits

• b640900 Release v0.37.3 (#1640)
• 7a084a1 Comment that feature only applies to v0 mempool (#1631)
• 4c6e83d Update SECURITY.md (backport #1626) (#1634)
• 9d26fa4 v0.37.x: Bump Go version to v1.21 (#1625)
• 8b25893 This commit makes the test be the same as in main, that is, it ignores the or...
• 47ffffa Backports #1558 and #1584 to 0.38.x (#1592) (#1611)
• 5b1e711 build(deps): Bump bufbuild/buf-setup-action from 1.27.2 to 1.28.0 (#1601)
• 46951c9 mempool: Add metric size of pool in bytes (backport #1512) (#1567)
• 36c3976 Updates grpc and net dependencies to avoid https://pkg.go.dev/vuln/GO-2023-21...
• f565f92 build(deps): Bump bufbuild/buf-setup-action from 1.27.1 to 1.27.2 (#1549)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Important

Auto Review Skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

---

Tips

Chat with CodeRabbit Bot (@coderabbitai)

• If you reply to a review comment from CodeRabbit, the bot will automatically respond.
• To engage with CodeRabbit bot directly around the specific lines of code in the PR, mention @coderabbitai in your review comment
• Note: Review comments are made on code diffs or files, not on the PR overview.
• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Note: For conversation with the bot, please use the review comments on code diffs or files.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.