fix(security): "Barberry" vulnerability patch [DEV-2775] (#613)

* Patched version replacement * Tidy deps * Update package-lock.json * Update dispatch.yml --------- Co-authored-by: Ankur Banerjee <[email protected]>
cheqd · Jun 9, 2023 · d8a8ad8 · d8a8ad8
1 parent 2c7976b
commit d8a8ad8
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 28 deletions.
diff --git a/.github/workflows/dispatch.yml b/.github/workflows/dispatch.yml
@@ -14,13 +14,12 @@ jobs:
 
   call-build:
     name: "Build"
-    needs: call-lint
     uses: ./.github/workflows/build.yml
     secrets: inherit
 
   call-test:
     name: "Tests"
-    needs: call-build
+    needs: [ call-lint, call-build ]
     uses: ./.github/workflows/test.yml
     secrets: inherit
 

diff --git a/go.mod b/go.mod
@@ -183,7 +183,7 @@ replace (
 	github.com/cheqd/cheqd-node/api/v2 => ./api
 
 	// cosmos-sdk state sync allow fast forward to latest height version
-	github.com/cosmos/cosmos-sdk => github.com/cheqd/cosmos-sdk v0.46.10-state-sync
+	github.com/cosmos/cosmos-sdk => github.com/cheqd/cosmos-sdk v0.46.10-barberry
 
 	// iavl allow pruning of uneven heights
 	github.com/cosmos/iavl => github.com/cheqd/iavl v0.19.5-cheqd

diff --git a/go.sum b/go.sum
@@ -318,8 +318,8 @@ github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s=
-github.com/cheqd/cosmos-sdk v0.46.10-state-sync h1:4JWHwmEvDRw0ppU8RAeJluwW1hPtFYyP5dZMKFOipHE=
-github.com/cheqd/cosmos-sdk v0.46.10-state-sync/go.mod h1:ZFL/yjcIZq67H8FiWoLCnnaChkXnbRRYEEhGrFq8fzE=
+github.com/cheqd/cosmos-sdk v0.46.10-barberry h1:ZTp4EvHZw0CLAhvb8nYXIJAo9/Bcq/2KcMt9aDv2eUY=
+github.com/cheqd/cosmos-sdk v0.46.10-barberry/go.mod h1:ZFL/yjcIZq67H8FiWoLCnnaChkXnbRRYEEhGrFq8fzE=
 github.com/cheqd/iavl v0.19.5-cheqd h1:GRiKnoDKMnuTRUuEZmSihY2MtBtbVz87Edzny0o4TL8=
 github.com/cheqd/iavl v0.19.5-cheqd/go.mod h1:X9PKD3J0iFxdmgNLa7b2LYWdsGd90ToV5cAONApkEPw=
 github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=

diff --git a/go.work.sum b/go.work.sum
@@ -679,6 +679,8 @@ github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOo
 github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M=
 github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
 github.com/cheggaaa/pb v1.0.27 h1:wIkZHkNfC7R6GI5w7l/PdAdzXzlrbcI3p8OAlnkTsnc=
+github.com/cheqd/cosmos-sdk v0.46.10-barberry h1:ZTp4EvHZw0CLAhvb8nYXIJAo9/Bcq/2KcMt9aDv2eUY=
+github.com/cheqd/cosmos-sdk v0.46.10-barberry/go.mod h1:ZFL/yjcIZq67H8FiWoLCnnaChkXnbRRYEEhGrFq8fzE=
 github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
 github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc=
 github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
@@ -852,8 +854,6 @@ github.com/cosmos/cosmos-sdk/db v1.0.0-beta.1 h1:6YvzjQtc+cDwCe9XwYPPa8zFCxNG79N
 github.com/cosmos/gogoproto v1.4.2/go.mod h1:cLxOsn1ljAHSV527CHOtaIP91kK6cCrZETRBrkzItWU=
 github.com/cosmos/gogoproto v1.4.5 h1:7B2UrCbDCpMdQIwU8vSXzEdK7ciCTdWUyGjVTEe0j74=
 github.com/cosmos/gogoproto v1.4.5/go.mod h1:VS/ASYmPgv6zkPKLjR9EB91lwbLHOzaGCirmKKhncfI=
-github.com/cosmos/ibc-go/v6 v6.1.1 h1:oqqMNyjj6SLQF8rvgCaDGwfdITEIsbhs8F77/8xvRIo=
-github.com/cosmos/ibc-go/v6 v6.1.1/go.mod h1:NL17FpFAaWjRFVb1T7LUKuOoMSsATPpu+Icc4zL5/Ik=
 github.com/cosmos/ledger-go v0.9.2 h1:Nnao/dLwaVTk1Q5U9THldpUMMXU94BOTWPddSmVB6pI=
 github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=

diff --git a/package-lock.json b/package-lock.json