Upgrade Cosmos SDK to v0.47.8

[wojtek-coreum]

Description

Reviewers checklist:

• Try to write more meaningful comments with clear actions to be taken.
• Nit-picking should be unblocking. Focus on core issues.

Authors checklist

• Provide a concise and meaningful description
• Review the code yourself first, before making the PR.
• Annotate your PR in places that require explanation.
• Think and try to split the PR to smaller PR if it is big.

---

This change is 

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (5cbf342) 36.26% compared to head (7d1fbde) 36.26%.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #779   +/-   ##
=======================================
  Coverage   36.26%   36.26%           
=======================================
  Files         172      172           
  Lines       48299    48299           
=======================================
  Hits        17515    17515           
  Misses      27526    27526           
  Partials     3258     3258           

Flag	Coverage Δ
coreum	33.05% <ø> (ø)
coreum-integration-tests-modules	18.07% <ø> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[miladz68]

Reviewed 5 of 5 files at r1, all commit messages.
Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @dzmitryhil, @wojtek-coreum, and @ysv)

---

go.mod line 10 at r1 (raw file):

	// dgrijalva/jwt-go is deprecated and doesn't receive security updates.
	// TODO(v4): remove it: https://github.com/cosmos/cosmos-sdk/issues/13134
	github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.4.2

removing this replace introduces dependency for github.com/dgrijalva/jwt-go into our go.sum. I doubt it is safe to remove it.

---

go.mod line 13 at r1 (raw file):

	// Fix upstream GHSA-h395-qcrw-5vmq vulnerability.
	// TODO(v4) Remove it: https://github.com/cosmos/cosmos-sdk/issues/10409
	github.com/gin-gonic/gin => github.com/gin-gonic/gin v1.9.0

by removing this replace we go down to gin 1.8 and 1.6 in our go mod. I doubt it is safe to remove it.

[dzmitryhil]

Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @miladz68, @wojtek-coreum, and @ysv)

---

go.mod line 10 at r1 (raw file):

Previously, miladz68 (milad) wrote…

removing this replace introduces dependency for github.com/dgrijalva/jwt-go into our go.sum. I doubt it is safe to remove it.

Does the updated version fix all the TODOs ?

[wojtek-coreum]

Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @miladz68 and @ysv)

---

go.mod line 10 at r1 (raw file):

Previously, dzmitryhil (Dzmitry Hil) wrote…

Does the updated version fix all the TODOs ?

Hmm... but why is this dependency not present in go.mod as an indirect one? Same for the next case too...

[miladz68]

Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @dzmitryhil, @wojtek-coreum, and @ysv)

---

go.mod line 10 at r1 (raw file):

Previously, wojtek-coreum (Wojtek) wrote…

Hmm... but why is this dependency not present in go.mod as an indirect one? Same for the next case too...

take a look at this

go list -m all | grep dgrijalva                                      
github.com/dgrijalva/jwt-go v3.2.0+incompatible => github.com/golang-jwt/jwt/v4 v4.4.2

I think this means that jwt/v4 v4.4.2 depend on dgrijalva/jwt-go v3.2.0
So maybe dependencies of your indirect dependencies don't show up in go.mod.

There are not a lot of sources on the internet on how go mod works.

[wojtek-coreum]

Reviewable status: 3 of 5 files reviewed, 2 unresolved discussions (waiting on @miladz68 and @ysv)

---

go.mod line 10 at r1 (raw file):

Previously, miladz68 (milad) wrote…

take a look at this

go list -m all | grep dgrijalva                                      
github.com/dgrijalva/jwt-go v3.2.0+incompatible => github.com/golang-jwt/jwt/v4 v4.4.2

I think this means that jwt/v4 v4.4.2 depend on dgrijalva/jwt-go v3.2.0
So maybe dependencies of your indirect dependencies don't show up in go.mod.

There are not a lot of sources on the internet on how go mod works.

Done.

---

go.mod line 13 at r1 (raw file):

Previously, miladz68 (milad) wrote…

by removing this replace we go down to gin 1.8 and 1.6 in our go mod. I doubt it is safe to remove it.

Done.

[dzmitryhil]

Reviewable status: 3 of 8 files reviewed, 2 unresolved discussions (waiting on @miladz68 and @ysv)

[miladz68]

Reviewed 5 of 5 files at r2, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on @ysv)