Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CosmosSDK] Upgrade SDK version to >= 0.50.5 #591

Closed
2 tasks done
red-0ne opened this issue Jun 5, 2024 · 1 comment
Closed
2 tasks done

[CosmosSDK] Upgrade SDK version to >= 0.50.5 #591

red-0ne opened this issue Jun 5, 2024 · 1 comment
Assignees
@okdas
Labels
on-chain On-chain business logic
Milestone
Shannon Beta Test...

Comments

@red-0ne
Copy link
Contributor

red-0ne commented Jun 5, 2024
edited by okdas
Loading

Objective

Upgrade the CosmosSDK version to 0.50.5 or newer and ensure that dependabot reports dependency security issues.

Origin Document

CosmosSDK had a security issue in versions prior to 0.50.5 and dependabot in the poktroll repository did not catch it.

This is the notification received by shannon-sdk's dependabot [1]:
image

https://github.com/pokt-network/shannon-sdk/security/dependabot/3

Goals

  • Ensure dependabot in the poktroll repository catches future security issues.
  • Use a vulnerability-free version of CosmosSDK.

Deliverables

  • Upgrade poktroll's CosmosSDK (github.com/cosmos/cosmos-sdk) dependency to version 0.50.5 or newer.
  • Make the necessary changes to the poktroll repository to cach future dependency vulnerabilities.

Creator: [@red-0ne]
@red-0ne red-0ne added the on-chain On-chain business logic label Jun 5, 2024
@red-0ne red-0ne added this to Shannon Jun 5, 2024
@red-0ne red-0ne moved this to 📋 Backlog in Shannon Jun 5, 2024
@Olshansk Olshansk added this to the Shannon Beta TestNet Launch milestone Jun 5, 2024
@okdas okdas moved this from 📋 Backlog to 🏗 In progress in Shannon Jul 11, 2024
@okdas okdas mentioned this issue Jul 11, 2024
Merged
14 tasks
@okdas
Copy link
Member

okdas commented Jul 12, 2024

@okdas okdas closed this as completed Jul 12, 2024
@github-project-automation github-project-automation bot moved this from 🏗 In progress to ✅ Done in Shannon Jul 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@okdas okdas

Labels
on-chain On-chain business logic
Projects
Shannon
Status: ✅ Done
Milestone
Shannon Beta TestNet Launch
Development

No branches or pull requests
3 participants
@red-0ne @Olshansk @okdas