build(deps): Bump github.com/celestiaorg/nmt from 0.10.0 to 0.11.0

[dependabot]

Bumps github.com/celestiaorg/nmt from 0.10.0 to 0.11.0.

Release notes

Sourced from github.com/celestiaorg/nmt's releases.

v0.11.0

What's Changed

• Update to Go 1.18 by @​rootulp in celestiaorg/nmt#62
• Add Apache License 2.0 by @​rootulp in celestiaorg/nmt#64
• Update example in README by @​rahulghangas in celestiaorg/nmt#65
• Remove dependency on nebulous in verification by @​rahulghangas in celestiaorg/nmt#67
• Fix import usage by @​rahulghangas in celestiaorg/nmt#69
• Remove dependency on nebulous in proof generation by @​rahulghangas in celestiaorg/nmt#68

New Contributors

• @​rootulp made their first contribution in celestiaorg/nmt#62
• @​rahulghangas made their first contribution in celestiaorg/nmt#65

Full Changelog: celestiaorg/nmt@v0.10.0...v0.11.0

Commits

• 230d27f Remove dependency on nebulous in proof generation (#68)
• 6274243 Fix import usage (#69)
• f1abf11 Remove dependency on nebulous in verification (#67)
• 793b868 Merge pull request #65 from rahulghangas/chore/update-README
• f2e5ff2 Merge pull request #64 from rootulp/rp/license
• d5d0780 chore: update example in README
• 41cb2b4 Update to Go 1.18 (#62)
• 91e1662 Add Apache License 2.0
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[rootulp]

on re-review, it's not immediately clear why this dependency was removed in this PR. This repo doesn't depend on rsmt2d (see search) but nmt never depended on it so upgrading from v0.10.0 -> v0.11.0 didn't remove a transitive dependency.

I suspect, dependabot runs go mod tidy after updating a dependency. But I'm still curious as to how a previous commit that removed usage of rsmt2d didn't remove this line. I'll inspect commits that moved code from celestia-core to celestia-app b/c I expect one of them to have also included this removal

[rootulp]

From commit prior to this PR 79548a4

$ go mod why -m github.com/celestiaorg/rsmt2d
# github.com/celestiaorg/rsmt2d
(main module does not need module github.com/celestiaorg/rsmt2d)

From last PR that upgraded rsmt2d fcf4583

$ go mod why -m github.com/celestiaorg/rsmt2d
# github.com/celestiaorg/rsmt2d
github.com/tendermint/tendermint/pkg/consts
github.com/celestiaorg/rsmt2d

[liamsi]

Note that I ran go mod tidy locally on a version before this PR here and it also removed rsmt2d.

[rootulp]

go mod tidy hasn't been run since 97c3cce which deleted the last usage of rsmtd from this repo

[rootulp]

we should have a CI check in this repo that fails if go mod tidy introduces any git diff: #873