Skip to content

[CosmosSDK] Upgrade SDK version to >= 0.50.5 #591

Closed
Closed
[CosmosSDK] Upgrade SDK version to >= 0.50.5#591
Assignees
okdas
Labels
on-chainOn-chain business logic
Milestone
Shannon Beta TestNet Launch
@red-0ne

Description

@red-0ne
red-0ne
opened on Jun 5, 2024

Objective

Upgrade the CosmosSDK version to 0.50.5 or newer and ensure that dependabot reports dependency security issues.

Origin Document

CosmosSDK had a security issue in versions prior to 0.50.5 and dependabot in the poktroll repository did not catch it.

This is the notification received by shannon-sdk's dependabot [1]:
image

https://github.com/pokt-network/shannon-sdk/security/dependabot/3

Goals

  • Ensure dependabot in the poktroll repository catches future security issues.
  • Use a vulnerability-free version of CosmosSDK.

Deliverables

  • Upgrade poktroll's CosmosSDK (github.com/cosmos/cosmos-sdk) dependency to version 0.50.5 or newer.
  • Make the necessary changes to the poktroll repository to cach future dependency vulnerabilities.

Creator: [@red-0ne]

Metadata

Metadata

Assignees

Labels

on-chainOn-chain business logic

Type

No type

Fields

No fields configured for issues without a type.

Projects

Shannon
Status
✅ Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions