[CosmosSDK] Upgrade SDK version to >= 0.50.5 - Githubissues

pokt-network / poktroll

The official Shannon upgrade implementation of the Pocket Network Protocol implemented using Rollkit.dev

MIT License

15 stars 6 forks source link

[CosmosSDK] Upgrade SDK version to >= 0.50.5 #591

Open red-0ne opened 3 weeks ago

red-0ne commented 3 weeks ago

Objective

Upgrade the CosmosSDK version to 0.50.5 or newer and ensure that dependabot reports dependency security issues.

Origin Document

CosmosSDK had a security issue in versions prior to 0.50.5 and dependabot in the poktroll repository did not catch it.

This is the notification received by shannon-sdk's dependabot [1]:

https://github.com/pokt-network/shannon-sdk/security/dependabot/3

Goals

Ensure dependabot in the poktroll repository catches future security issues.
Use a vulnerability-free version of CosmosSDK.

Deliverables

[ ] Upgrade poktroll's CosmosSDK (github.com/cosmos/cosmos-sdk) dependency to version 0.50.5 or newer.
[ ] Make the necessary changes to the poktroll repository to cach future dependency vulnerabilities.

Creator: [@red-0ne]