Because, in cometbft-db v0.13+, the iterator is being reused so we need
to always copy key and value if we're storing them in a map or other
in-memory structure.

Closes cometbft#4295

…ft#4328)

Use `github.com/decred/dcrd/dcrec/secp256k1/v4` directly rather than
`github.com/btcsuite/btcd/btcec/v2` which is just a wrapper around the
underlying decred library. Inspired by
cosmos/cosmos-sdk#15018

`github.com/btcsuite/btcd/btcec/v2` has a very annoying breaking change
when upgrading from `v2.3.3` to `v2.3.4`. The easiest way to workaround
this is to just remove the wrapper.

Would be very nice if you could backport this to v0.37.x and v0.38.x.

References:
- btcsuite/btcd#2221
- cometbft#3728
- zeta-chain/node#2934

---

#### PR checklist

- [ ] Tests written/updated
- [x] Changelog entry added in `.changelog` (we use
[unclog](https://github.com/informalsystems/unclog) to manage our
changelog)
- [ ] Updated relevant documentation (`docs/` or `spec/`) and code
comments
<hr>This is an automatic backport of pull request cometbft#4294 done by
[Mergify](https://mergify.com).

---------

Co-authored-by: Alex Gartner <[email protected]>
Co-authored-by: Anton Kaliaev <[email protected]>

[CHANGELOG](https://github.com/cometbft/cometbft/blob/release/v0.38.13/CHANGELOG.md)

#### PR checklist

- [ ] Tests written/updated
- [ ] Changelog entry added in `.changelog` (we use
[unclog](https://github.com/informalsystems/unclog) to manage our
changelog)
- [ ] Updated relevant documentation (`docs/` or `spec/`) and code
comments

[CHANGELOG](https://github.com/cometbft/cometbft/blob/release/v0.38.13/CHANGELOG.md)

#### PR checklist

- [ ] Tests written/updated
- [ ] Changelog entry added in `.changelog` (we use
[unclog](https://github.com/informalsystems/unclog) to manage our
changelog)
- [ ] Updated relevant documentation (`docs/` or `spec/`) and code
comments

…1.20.5 (cometbft#4385)

Bumps
[github.com/prometheus/client_golang](https://github.com/prometheus/client_golang)
from 1.20.4 to 1.20.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/prometheus/client_golang/releases">github.com/prometheus/client_golang's
releases</a>.</em></p>
<blockquote>
<h2>v1.20.5 / 2024-10-15</h2>
<p>We decided to revert <a
href="https://redirect.github.com/prometheus/client_golang/pull/1424">the
<code>testutil</code> change</a> that made our util functions less
error-prone, but created a lot of work for our downstream users.
Apologies for the pain! This revert should not cause any major breaking
change, even if you already did the work--unless you depend on the <a
href="https://redirect.github.com/grafana/mimir/pull/9624#issuecomment-2413401565">exact
error message</a>.</p>
<p>Going forward, we plan to reinforce our release testing strategy <a
href="https://redirect.github.com/prometheus/client_golang/issues/1646">[1]</a>,<a
href="https://redirect.github.com/prometheus/client_golang/issues/1648">[2]</a>
and deliver an enhanced <a
href="https://redirect.github.com/prometheus/client_golang/issues/1639"><code>testutil</code>
package/module</a> with more flexible and safer APIs.</p>
<p>Thanks to <a
href="https://github.com/dashpole"><code>@​dashpole</code></a> <a
href="https://github.com/dgrisonnet"><code>@​dgrisonnet</code></a> <a
href="https://github.com/kakkoyun"><code>@​kakkoyun</code></a> <a
href="https://github.com/ArthurSens"><code>@​ArthurSens</code></a> <a
href="https://github.com/vesari"><code>@​vesari</code></a> <a
href="https://github.com/logicalhan"><code>@​logicalhan</code></a> <a
href="https://github.com/krajorama"><code>@​krajorama</code></a> <a
href="https://github.com/bwplotka"><code>@​bwplotka</code></a> who
helped in this patch release! 🤗</p>
<h3>Changelog</h3>
<p>[BUGFIX] testutil: Reverted <a
href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a>;
functions using compareMetricFamilies are (again) only failing if
filtered metricNames are in the expected input. <a
href="https://redirect.github.com/prometheus/client_golang/issues/1645">#1645</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md">github.com/prometheus/client_golang's
changelog</a>.</em></p>
<blockquote>
<h2>1.20.5 / 2024-10-15</h2>
<ul>
<li>[BUGFIX] testutil: Reverted <a
href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a>;
functions using compareMetricFamilies are (again) only failing if
filtered metricNames are in the expected input.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/prometheus/client_golang/commit/48e12a185519fd76b4e514b597483781d9ba4093"><code>48e12a1</code></a>
Merge pull request <a
href="https://redirect.github.com/prometheus/client_golang/issues/1645">#1645</a>
from prometheus/cut-1204-pr1424</li>
<li><a
href="https://github.com/prometheus/client_golang/commit/504ad9bf5c6419449d2cacf8cf8855bfdcfcfc18"><code>504ad9b</code></a>
Cut 1.20.5; update comments.</li>
<li><a
href="https://github.com/prometheus/client_golang/commit/584a7ce3d935e4fdca7b893f5f741d59f3289140"><code>584a7ce</code></a>
Revert &quot;testutil compareMetricFamilies: make less error-prone (<a
href="https://redirect.github.com/prometheus/client_golang/issues/1424">#1424</a>)&quot;</li>
<li>See full diff in <a
href="https://github.com/prometheus/client_golang/compare/v1.20.4...v1.20.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/prometheus/client_golang&package-manager=go_modules&previous-version=1.20.4&new-version=1.20.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…bft#4383)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from
1.67.0 to 1.67.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's
releases</a>.</em></p>
<blockquote>
<h2>Release 1.67.1</h2>
<h1>Bug Fixes</h1>
<ul>
<li>transport: Fix a bug causing stream failures due to miscalculation
of the flow control window in both clients and servers. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7667">#7667</a>)</li>
<li>xds/server: Fix xDS Server memory leak. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7681">#7681</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/grpc/grpc-go/commit/3f95b38ded016ebf32507fc7cb6baeb2f15aef59"><code>3f95b38</code></a>
Update version to 1.67.1 (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7682">#7682</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/4f6c5f2348afe333a3552aa4c4854eae62e22353"><code>4f6c5f2</code></a>
xds/server: Fix xDS Server leak (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7664">#7664</a>)
(<a
href="https://redirect.github.com/grpc/grpc-go/issues/7681">#7681</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/935f8cb5ac28f604d696d8ca9f5187e75551c185"><code>935f8cb</code></a>
transport: Fix reporting of bytes read while reading headers (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7660">#7660</a>)
(<a
href="https://redirect.github.com/grpc/grpc-go/issues/7667">#7667</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/02bbb657b6e68e7f838f51e71722630d34060fb2"><code>02bbb65</code></a>
Change version to 1.67.1-dev (<a
href="https://redirect.github.com/grpc/grpc-go/issues/7605">#7605</a>)</li>
<li>See full diff in <a
href="https://github.com/grpc/grpc-go/compare/v1.67.0...v1.67.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/grpc&package-manager=go_modules&previous-version=1.67.0&new-version=1.67.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

…#4379)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from
0.27.0 to 0.28.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/crypto/commit/adef4cc1a8c2ca4da1b1f4e6c976b59ca22dbfb8"><code>adef4cc</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/crypto/commit/a0819fbb0244af70857f03b6984e1d4f93e6cabf"><code>a0819fb</code></a>
sha3: fix cSHAKE initialization for extremely large N and or S</li>
<li><a
href="https://github.com/golang/crypto/commit/42ee18b963777d907bbef3e59665cf80968d57e6"><code>42ee18b</code></a>
ssh: return ServerAuthError after too many auth failures</li>
<li><a
href="https://github.com/golang/crypto/commit/9e92970a1eb41e446822e037016aa89d24c0ce7a"><code>9e92970</code></a>
bn256: add missing symbols in comment</li>
<li>See full diff in <a
href="https://github.com/golang/crypto/compare/v0.27.0...v0.28.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/crypto&package-manager=go_modules&previous-version=0.27.0&new-version=0.28.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>