build(deps): bump github.com/cosmos/cosmos-sdk from v0.50.9 to v0.50.11

[zakir-code]

Summary by CodeRabbit

• New Features

  • Upgraded dependencies to newer versions, potentially enhancing performance and introducing new features.

• Bug Fixes

  • Updated dependencies may include bug fixes that improve overall stability.

[coderabbitai]

Walkthrough

The pull request focuses on updating dependency versions in the go.mod file. The changes include upgrading github.com/cosmos/cosmos-sdk from v0.50.9 to v0.50.11, and github.com/aws/aws-sdk-go from v1.44.224 to v1.55.5. The replace directives have been modified to point to specific forks and commits of key libraries, including redirections for Cosmos SDK, Ethereum, and Ethermint dependencies to maintained versions from alternative repositories.

Changes

File	Change Summary
go.mod	- Updated github.com/cosmos/cosmos-sdk to v0.50.11 - Updated github.com/aws/aws-sdk-go to v1.55.5 - Modified replace directives for Cosmos SDK, Ethereum, and Ethermint dependencies

Possibly related PRs

• build(deps): bump github.com/cosmos/ibc-go/v8 from 8.5.1 to 8.5.2 #809: Updates to github.com/cosmos/cosmos-sdk dependency
• build(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0 #810: Another update to github.com/cosmos/cosmos-sdk dependency
• build(deps): bump cosmossdk.io/log from 1.4.1 to 1.5.0 #814: Modification of github.com/cosmos/cosmos-sdk dependency

Poem

🐰 Hop, hop, dependencies dance!
Versions leap with each new chance
Forks and commits, a coding spree
Libraries update, setting modules free
Go mod, you're looking mighty fine today! 🚀

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d1f3ee2 and 5d0d1fc.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod (2 hunks)

🔇 Additional comments (3)

go.mod (3)

Line range hint 249-254: LGTM on replace directives.

The replace directives are properly configured to use specific commits from maintained forks:

• cosmos-sdk → crypto-org-chain/cosmos-sdk
• go-ethereum → functionx/go-ethereum
• ethermint → pundiai/ethermint

This is a common practice in blockchain projects to maintain stability and custom features.

Let's verify these repositories and commits exist:

Also applies to: 256-266

✅ Verification successful

Replace directives are correctly configured and verified

The replace directives in go.mod are properly configured and match the review's assessment:

• github.com/cosmos/cosmos-sdk → github.com/crypto-org-chain/cosmos-sdk at commit d78d66e74712
• github.com/ethereum/go-ethereum → github.com/functionx/go-ethereum at commit ebb09502e7a7
• github.com/evmos/ethermint → github.com/pundiai/ethermint at commit 5e0afc7c501c

Additional replace directives are also present and follow standard practices for blockchain projects, including using a cosmos fork of keyring and specific versions of dependencies like pebble and goleveldb.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the existence of the replacement repositories and commits

# Check crypto-org-chain/cosmos-sdk
gh api repos/crypto-org-chain/cosmos-sdk/commits/d78d66e74712 --silent || echo "crypto-org-chain/cosmos-sdk commit not found"

# Check functionx/go-ethereum
gh api repos/functionx/go-ethereum/commits/ebb09502e7a7 --silent || echo "functionx/go-ethereum commit not found"

# Check pundiai/ethermint
gh api repos/pundiai/ethermint/commits/5e0afc7c501c --silent || echo "pundiai/ethermint commit not found"

Length of output: 202

---

Script:

#!/bin/bash
# Let's verify the replace directives in go.mod directly
cat go.mod | grep -A 10 "^replace"

Length of output: 775

---

93-93: Verify compatibility with aws-sdk-go v1.55.5.

The upgrade from v1.44.224 to v1.55.5 is a significant version jump that might introduce breaking changes.

Let's check for any breaking changes in the aws-sdk-go changelog:

---

24-24: LGTM on cosmos-sdk upgrade.

The upgrade from v0.50.9 to v0.50.11 is a minor version bump, likely containing bug fixes and improvements.

Let's verify the changelog for any breaking changes:

✅ Verification successful

Cosmos SDK v0.50.11 upgrade is safe with notable security fixes

The upgrade from v0.50.9 to v0.50.11 includes important changes:

• Security fixes for ABS-0043/ABS-0044 vulnerabilities
• New Linux-only backend with keyctl support
• Bug fixes and UX improvements
• No breaking changes identified

Let's verify if there are any direct dependencies on the fixed components:

---

Cosmos SDK v0.50.11 upgrade requires attention to upgrade module changes

The upgrade from v0.50.9 to v0.50.11 includes security fixes and changes to the upgrade module's behavior, particularly around PreBlock events. Given that your codebase heavily uses the upgrade module (found in multiple files including app/upgrade.go, app/upgrades/v8/upgrade.go, etc.), you should:

• Test the upgrade module functionality, especially around PreBlock events
• Verify the security fixes (ABS-0043/ABS-0044) don't affect your custom implementations
• Review the upgrade handler implementations in app/upgrades/v8/upgrade.go

Let's verify the specific upgrade module usage:

---

Cosmos SDK v0.50.11 upgrade is safe with specific attention points

Based on the codebase analysis, the upgrade is safe but requires attention to:

• The codebase correctly implements PreBlock events in app/app.go and tests them in app/upgrade_test.go
• The upgrade module is properly prioritized in block execution order
• The security fixes (ABS-0043/ABS-0044) don't impact the custom upgrade handler in app/upgrades/v8/upgrade.go

The changes in v0.50.11 align well with your current implementation, and the fixes for PreBlock events will enhance the reliability of your upgrade system.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check the changelog between v0.50.9 and v0.50.11

# Fetch the changelog from the cosmos-sdk repository
gh api repos/cosmos/cosmos-sdk/releases --jq '.[] | select(.tag_name == "v0.50.11" or .tag_name == "v0.50.10") | .body'

Length of output: 2594

---

Script:

#!/bin/bash
# Search for any direct usage of keyctl or upgrade-related components
rg -l "keyctl|PreBlock|module-hash-by-height" --type go

# Check for any upgrade-related imports
rg -l "cosmos.*/upgrade" --type go

Length of output: 358

---

Script:

#!/bin/bash
# Check upgrade module implementation details
rg "PreBlock" --type go -C 2

# Check upgrade handler implementation
cat app/upgrades/v8/upgrade.go

Length of output: 10088

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[nulnut]

mg