I'm also going to add the retros for all previous security incidents to this directory - I'd like to have them somewhere more central than the Cosmos Forum, where they currently live.

ref: #5912

Co-authored-by: Callum <cmwaters19@gmail.com>

Closes #6155

closes: #6159

## Description

Add docs on how to get tendermint version into RPC version outputs

ref: https://github.com/tendermint/tendermint/pull/6140#discussion_r578635756

ref: https://github.com/tendermint/tendermint/issues/5912

fixes https://github.com/tendermint/tendermint/runs/1926771645
```
ERROR [2021-02-18 12:16:30,492] main - jepsen.cli Oh jeez, I'm sorry,
Jepsen broke. Here's why:

clojure.lang.ExceptionInfo: throw+: {:dir "/", :private-key-path nil,
:password "root", :username "root", :type :jepsen.control/session-error,
:port 22, :strict-host-key-checking false, :host nil, :sudo nil, :dummy
false, :message "Error opening SSH session. Verify username, password,
and node hostnames are correct.", :session nil}
```

```
bash: line 0: cd: tendermint: No such file or directory
```

fixes https://github.com/tendermint/tendermint/runs/1925580432
```
No :main namespace specified in project.clj.
```

Fixes https://github.com/tendermint/tendermint/runs/1925329781

```
OCI runtime exec failed: exec failed: container_linux.go:370: starting
container process caused: exec: "lein run test --nemesis none --workload
cas-register --concurrency 10 --tendermint-url
https://github.com/melekes/katas/releases/download/0.2.0/tendermint.tar.gz
--merkleeyes-url
https://github.com/melekes/katas/releases/download/0.2.0/merkleeyes_0.1.7.tar.gz":
stat lein run test --nemesis none --workload cas-register --concurrency
10 --tendermint-url
https://github.com/melekes/katas/releases/download/0.2.0/tendermint.tar.gz
--merkleeyes-url
https://github.com/melekes/katas/releases/download/0.2.0/merkleeyes_0.1.7.tar.gz:
no such file or directory: unknown
```

fixes https://github.com/tendermint/tendermint/runs/1924860805

```
Run docker exec -it jepsen-control 'cd tendermint && lein run test
--nemesis  --workload ' the input device is not a TTY
```

Missed setting the buffer size on the subscription. Note, this doesn't really "fix" this test (a la ref: https://github.com/tendermint/tendermint/pull/5710).

However, I spent a good chunk of time looking at this test with many logs and I'm pretty sure this is mainly due to the fact that none of the nodes get the conflicting vote in time.

closes: #6127

Fixes the race condition between a callback being set and called during ReCheckTx. Note, I do not see equivalent logic in the gRPC client (anymore) as #5439 suggests, so only the socket client was updated.

closes: #5439

Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
Co-authored-by: Callum Waters <cmwaters19@gmail.com>
Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com>

## Description

Fix protobuf file names

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from v2.3.0 to v2.4.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2.3.0...544d2efb307b3f205f34886f2787046abe7fb26e)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Closes #6095.

Co-authored-by: Tess Rinearson <tess.rinearson@gmail.com>

Co-authored-by: Tess Rinearson <tess.rinearson@gmail.com>

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.2...v1.1.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tess Rinearson <tess.rinearson@gmail.com>
Co-authored-by: Callum Waters <cmwaters19@gmail.com>

Bumps [github.com/tendermint/tm-db](https://github.com/tendermint/tm-db) from 0.6.3 to 0.6.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/tendermint/tm-db/releases">github.com/tendermint/tm-db's releases</a>.</em></p>
<blockquote>
<h2>v0.6.4</h2>
<p><a href="https://github.com/tendermint/tm-db/blob/v0.6.4/CHANGELOG.md#064">https://github.com/tendermint/tm-db/blob/v0.6.4/CHANGELOG.md#064</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/tendermint/tm-db/blob/master/CHANGELOG.md">github.com/tendermint/tm-db's changelog</a>.</em></p>
<blockquote>
<h2>0.6.4</h2>
<p><strong>2021-02-09</strong></p>
<p>Bump protobuf to 1.3.2 and grpc to 1.35.0.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="6f9a08cd45"><code>6f9a08c</code></a> update changelog for v0.6.4 (<a href="https://github-redirect.dependabot.com/tendermint/tm-db/issues/150">#150</a>)</li>
<li><a href="4de5f6b9a4"><code>4de5f6b</code></a> CODEOWNERS: remove erikgrinaker (<a href="https://github-redirect.dependabot.com/tendermint/tm-db/issues/148">#148</a>)</li>
<li><a href="9f5cde003a"><code>9f5cde0</code></a> build(deps): bump google.golang.org/grpc from 1.33.2 to 1.35.0 (<a href="https://github-redirect.dependabot.com/tendermint/tm-db/issues/143">#143</a>)</li>
<li><a href="c606a78361"><code>c606a78</code></a> build(deps): bump github.com/stretchr/testify from 1.6.1 to 1.7.0 (<a href="https://github-redirect.dependabot.com/tendermint/tm-db/issues/142">#142</a>)</li>
<li><a href="0438145e16"><code>0438145</code></a> build(deps): bump github.com/gogo/protobuf from 1.3.1 to 1.3.2 (<a href="https://github-redirect.dependabot.com/tendermint/tm-db/issues/140">#140</a>)</li>
<li><a href="f2b292dfc2"><code>f2b292d</code></a> testing: docker deployment (<a href="https://github-redirect.dependabot.com/tendermint/tm-db/issues/144">#144</a>)</li>
<li><a href="3157a92898"><code>3157a92</code></a> changelog: update with 0.5.2 release (<a href="https://github-redirect.dependabot.com/tendermint/tm-db/issues/138">#138</a>)</li>
<li>See full diff in <a href="https://github.com/tendermint/tm-db/compare/v0.6.3...v0.6.4">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/tendermint/tm-db&package-manager=go_modules&previous-version=0.6.3&new-version=0.6.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Bumps [JamesIves/github-pages-deploy-action](https://github.com/JamesIves/github-pages-deploy-action) from 3.7.1 to 4.0.0.
- [Release notes](https://github.com/JamesIves/github-pages-deploy-action/releases)
- [Commits](https://github.com/JamesIves/github-pages-deploy-action/compare/3.7.1...049a95c516cd5723d8cfde79dc7a79fcdcbd6c97)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [watchpack](https://github.com/webpack/watchpack) from 2.1.0 to 2.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/webpack/watchpack/releases">watchpack's releases</a>.</em></p>
<blockquote>
<h2>v2.1.1</h2>
<h1>Bugfix</h1>
<ul>
<li>fix warnings with ENOENT when symlinks are resolved by watchpack</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="f1b5e2da2d"><code>f1b5e2d</code></a> 2.1.1</li>
<li><a href="cbfc11a8d7"><code>cbfc11a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/webpack/watchpack/issues/188">#188</a> from Aghassi/fix/enoent-throwing</li>
<li><a href="7684df0846"><code>7684df0</code></a> fix: adds ENOENT for non windows errors</li>
<li>See full diff in <a href="https://github.com/webpack/watchpack/compare/v2.1.0...v2.1.1">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=watchpack&package-manager=npm_and_yarn&previous-version=2.1.0&new-version=2.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

https://stackoverflow.com/a/66073112/820520