[CosmosSDK] Upgrade SDK version to >= 0.50.5 - Githubissues

pokt-network / poktroll

The official Shannon upgrade implementation of the Pocket Network Protocol implemented using the Cosmos SDK

MIT License

15 stars 8 forks source link

[CosmosSDK] Upgrade SDK version to >= 0.50.5 #591

Closed red-0ne closed 3 months ago

red-0ne commented 5 months ago

Objective

Upgrade the CosmosSDK version to 0.50.5 or newer and ensure that dependabot reports dependency security issues.

Origin Document

CosmosSDK had a security issue in versions prior to 0.50.5 and dependabot in the poktroll repository did not catch it.

This is the notification received by shannon-sdk's dependabot [1]:

https://github.com/pokt-network/shannon-sdk/security/dependabot/3

Goals

Ensure dependabot in the poktroll repository catches future security issues.
Use a vulnerability-free version of CosmosSDK.

Deliverables

[x] Upgrade poktroll's CosmosSDK (github.com/cosmos/cosmos-sdk) dependency to version 0.50.5 or newer.
[x] Make the necessary changes to the poktroll repository to cach future dependency vulnerabilities.

Creator: [@red-0ne]

okdas commented 3 months ago

Set up dependabot for security updates and cosmos-sdk releases.
Bumped cosmos-sdk: #682