Skip to content

Commit

Permalink
fix: fix dependency security issues (#287)
Browse files Browse the repository at this point in the history 
* fix: fix dependency security issues

* fix fee distribution bug of oracle claim
  • Loading branch information
@yutianwu
yutianwu authored Aug 29, 2023
1 parent 93cb2fa commit c17384e
Show file tree
Hide file tree
Showing 7 changed files with 155 additions and 130 deletions.
17 changes: 9 additions & 8 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ require (
github.com/cosmos/iavl v0.20.0
github.com/cosmos/ledger-cosmos-go v0.12.2
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0
github.com/ethereum/go-ethereum v1.10.19
github.com/ethereum/go-ethereum v1.10.26
github.com/golang/mock v1.6.0
github.com/golang/protobuf v1.5.3
github.com/google/gofuzz v1.2.0
Expand All @@ -44,7 +44,7 @@ require (
github.com/jhump/protoreflect v1.15.1
github.com/magiconair/properties v1.8.6
github.com/manifoldco/promptui v0.9.0
github.com/mattn/go-isatty v0.0.18
github.com/mattn/go-isatty v0.0.19
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.14.0
github.com/prometheus/common v0.42.0
Expand Down Expand Up @@ -96,7 +96,7 @@ require (
github.com/felixge/httpsnoop v1.0.2 // indirect
github.com/ferranbt/fastssz v0.0.0-20210905181407-59cf6761a7d5 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/gin-gonic/gin v1.8.1 // indirect
github.com/gin-gonic/gin v1.9.1 // indirect
github.com/go-kit/kit v0.12.0 // indirect
github.com/go-kit/log v0.2.1 // indirect
github.com/go-logfmt/logfmt v0.5.1 // indirect
Expand All @@ -118,7 +118,7 @@ require (
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jmhodges/levigo v1.0.0 // indirect
github.com/klauspost/compress v1.16.3 // indirect
github.com/klauspost/cpuid/v2 v2.0.9 // indirect
github.com/klauspost/cpuid/v2 v2.2.4 // indirect
github.com/lib/pq v1.10.7 // indirect
github.com/libp2p/go-buffer-pool v0.1.0 // indirect
github.com/linxGnu/grocksdb v1.7.16 // indirect
Expand All @@ -131,7 +131,7 @@ require (
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
github.com/mtibben/percent v0.2.1 // indirect
github.com/pelletier/go-toml v1.9.5 // indirect
github.com/pelletier/go-toml/v2 v2.0.7 // indirect
github.com/pelletier/go-toml/v2 v2.0.8 // indirect
github.com/petermattis/goid v0.0.0-20230317030725-371a4b8eda08 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_model v0.3.0 // indirect
Expand All @@ -145,11 +145,12 @@ require (
github.com/spf13/afero v1.9.2 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/subosito/gotenv v1.4.1 // indirect
github.com/supranational/blst v0.3.8-0.20220526154634-513d2456b344 // indirect
github.com/supranational/blst v0.3.11 // indirect
github.com/thomaso-mirodin/intmath v0.0.0-20160323211736-5dc6d854e46e // indirect
github.com/urfave/cli/v2 v2.3.0 // indirect
github.com/urfave/cli/v2 v2.10.2 // indirect
github.com/wealdtech/go-bytesutil v1.1.1 // indirect
github.com/wealdtech/go-eth2-types/v2 v2.5.2 // indirect
github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
github.com/zondax/hid v0.9.1 // indirect
github.com/zondax/ledger-go v0.14.1 // indirect
go.etcd.io/bbolt v1.3.7 // indirect
Expand Down Expand Up @@ -179,7 +180,7 @@ replace (
github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.4.2
// Fix upstream GHSA-h395-qcrw-5vmq and GHSA-3vp4-m3rf-835h vulnerabilities.
// TODO Remove it: https://github.com/cosmos/cosmos-sdk/issues/10409
github.com/gin-gonic/gin => github.com/gin-gonic/gin v1.9.0
github.com/gin-gonic/gin => github.com/gin-gonic/gin v1.9.1
// replace broken goleveldb
github.com/syndtr/goleveldb => github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7
)
Expand Down
73 changes: 41 additions & 32 deletions go.sum
View file

Large diffs are not rendered by default.

19 changes: 10 additions & 9 deletions simapp/go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@ require (
cosmossdk.io/core v0.6.1
cosmossdk.io/depinject v1.0.0-alpha.3
cosmossdk.io/math v1.0.1
github.com/cometbft/cometbft v0.37.2
github.com/cometbft/cometbft v0.37.3
github.com/cometbft/cometbft-db v0.7.0
github.com/cosmos/cosmos-sdk v0.47.2
github.com/cosmos/cosmos-sdk v0.47.3
github.com/golang/mock v1.6.0
github.com/prysmaticlabs/prysm v0.0.0-20220124113610-e26cde5e091b
github.com/spf13/cast v1.5.0
Expand Down Expand Up @@ -58,7 +58,7 @@ require (
github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/dvsekhvalnov/jose2go v1.5.0 // indirect
github.com/ethereum/go-ethereum v1.10.19 // indirect
github.com/ethereum/go-ethereum v1.10.26 // indirect
github.com/felixge/httpsnoop v1.0.2 // indirect
github.com/ferranbt/fastssz v0.0.0-20210905181407-59cf6761a7d5 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
Expand Down Expand Up @@ -92,14 +92,14 @@ require (
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jmhodges/levigo v1.0.0 // indirect
github.com/klauspost/compress v1.16.3 // indirect
github.com/klauspost/cpuid/v2 v2.0.9 // indirect
github.com/klauspost/cpuid/v2 v2.2.4 // indirect
github.com/lib/pq v1.10.7 // indirect
github.com/libp2p/go-buffer-pool v0.1.0 // indirect
github.com/linxGnu/grocksdb v1.7.16 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/manifoldco/promptui v0.9.0 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.18 // indirect
github.com/mattn/go-isatty v0.0.19 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/mimoo/StrobeGo v0.0.0-20210601165009-122bf33a46e0 // indirect
github.com/minio/highwayhash v1.0.2 // indirect
Expand All @@ -109,7 +109,7 @@ require (
github.com/mtibben/percent v0.2.1 // indirect
github.com/onsi/gomega v1.20.0 // indirect
github.com/pelletier/go-toml v1.9.5 // indirect
github.com/pelletier/go-toml/v2 v2.0.7 // indirect
github.com/pelletier/go-toml/v2 v2.0.8 // indirect
github.com/petermattis/goid v0.0.0-20230317030725-371a4b8eda08 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
Expand All @@ -128,16 +128,17 @@ require (
github.com/spf13/afero v1.9.3 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/subosito/gotenv v1.4.2 // indirect
github.com/supranational/blst v0.3.8-0.20220526154634-513d2456b344 // indirect
github.com/supranational/blst v0.3.11 // indirect
github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
github.com/tendermint/go-amino v0.16.0 // indirect
github.com/thomaso-mirodin/intmath v0.0.0-20160323211736-5dc6d854e46e // indirect
github.com/tidwall/btree v1.6.0 // indirect
github.com/urfave/cli/v2 v2.3.0 // indirect
github.com/urfave/cli/v2 v2.10.2 // indirect
github.com/wealdtech/go-bytesutil v1.1.1 // indirect
github.com/wealdtech/go-eth2-types/v2 v2.5.2 // indirect
github.com/wealdtech/go-eth2-util v1.6.3 // indirect
github.com/willf/bitset v1.1.3 // indirect
github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
github.com/zondax/hid v0.9.1 // indirect
github.com/zondax/ledger-go v0.14.1 // indirect
go.etcd.io/bbolt v1.3.7 // indirect
Expand Down Expand Up @@ -170,7 +171,7 @@ replace (
github.com/cosmos/cosmos-sdk => ../.
github.com/cosmos/iavl => github.com/bnb-chain/greenfield-iavl v0.20.1
// Downgraded to avoid bugs in following commits which caused simulations to fail.
github.com/gin-gonic/gin => github.com/gin-gonic/gin v1.9.0
github.com/gin-gonic/gin => github.com/gin-gonic/gin v1.9.1
// Fix upstream GHSA-h395-qcrw-5vmq and GHSA-3vp4-m3rf-835h vulnerabilities.
// TODO Remove it: https://github.com/cosmos/cosmos-sdk/issues/10409

Expand Down
Loading

0 comments on commit c17384e

Please sign in to comment.