Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(oe): More info log for OE #2683

Merged
merged 1 commit into from
Jan 13, 2025
Merged

chore(oe): More info log for OE #2683

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion protocol/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -472,7 +472,7 @@ replace (
// Use dYdX fork of CometBFT
github.com/cometbft/cometbft => github.com/dydxprotocol/cometbft v0.38.6-0.20241126215519-69cdde955fd0
// Use dYdX fork of Cosmos SDK
github.com/cosmos/cosmos-sdk => github.com/dydxprotocol/cosmos-sdk v0.50.6-0.20250107211707-20a978a867c1
github.com/cosmos/cosmos-sdk => github.com/dydxprotocol/cosmos-sdk v0.50.6-0.20250113155252-f00c500eaff3
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

⚠️ Security vulnerability detected in cosmos-sdk dependency

The version being used (v0.50.6) is vulnerable to a high-severity security issue (ASA-2024-0012, ASA-2024-0013) that can lead to stack overflow or resource exhaustion during transaction decoding. Please update to at least v0.50.11 which contains the security patch.

🔗 Analysis chain

Check for security advisories.

Since this is updating a core dependency, let's verify there are no known security issues.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for any security advisories for cosmos-sdk

# Check GitHub Security Advisories
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: GO, package: "github.com/cosmos/cosmos-sdk") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Length of output: 1764

github.com/cosmos/iavl => github.com/dydxprotocol/iavl v1.1.1-0.20240509161911-1c8b8e787e85
)

Expand Down
4 changes: 2 additions & 2 deletions protocol/go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -960,8 +960,8 @@ github.com/dvsekhvalnov/jose2go v1.6.0 h1:Y9gnSnP4qEI0+/uQkHvFXeD2PLPJeXEL+ySMEA
github.com/dvsekhvalnov/jose2go v1.6.0/go.mod h1:QsHjhyTlD/lAVqn/NSbVZmSCGeDehTB/mPZadG+mhXU=
github.com/dydxprotocol/cometbft v0.38.6-0.20241126215519-69cdde955fd0 h1:KBMuBNAE91SVeULnq2XBnmSDGeimI6aM1+YxlLb0yOI=
github.com/dydxprotocol/cometbft v0.38.6-0.20241126215519-69cdde955fd0/go.mod h1:XSQX1hQbr54qaJb4/5YNNZGXkAQHHa6bi/KMcN1SQ7w=
github.com/dydxprotocol/cosmos-sdk v0.50.6-0.20250107211707-20a978a867c1 h1:zPRNAsR7j1jCkIEO5VwyaHefRDapdDeN4cQlkJ1hdgA=
github.com/dydxprotocol/cosmos-sdk v0.50.6-0.20250107211707-20a978a867c1/go.mod h1:z/5+LD4MJzLqbe+fBCWI2pZLnQbOlzSM82snAw2zceg=
github.com/dydxprotocol/cosmos-sdk v0.50.6-0.20250113155252-f00c500eaff3 h1:F9zv2Yvn7wurRAbC1mrZ/c/7GyWp1ux7uLxk3ZPHLH0=
github.com/dydxprotocol/cosmos-sdk v0.50.6-0.20250113155252-f00c500eaff3/go.mod h1:z/5+LD4MJzLqbe+fBCWI2pZLnQbOlzSM82snAw2zceg=
github.com/dydxprotocol/cosmos-sdk/store v1.0.3-0.20240326192503-dd116391188d h1:HgLu1FD2oDFzlKW6/+SFXlH5Os8cwNTbplQIrQOWx8w=
github.com/dydxprotocol/cosmos-sdk/store v1.0.3-0.20240326192503-dd116391188d/go.mod h1:zMcD3hfNwd0WMTpdRUhS3QxoCoEtBXWeoKsu3iaLBbQ=
github.com/dydxprotocol/iavl v1.1.1-0.20240509161911-1c8b8e787e85 h1:5B/yGZyTBX/OZASQQMnk6Ms/TZja56MYd8OBaVc0Mho=
Expand Down
Loading