Problem: authz module has security vulnerability

[yihuang]

Solution:

• update cosmos-sdk to 0.44.2

👮🏻👮🏻👮🏻 !!!! REFERENCE THE PROBLEM YOUR ARE SOLVING IN THE PR TITLE AND DESCRIBE YOUR SOLUTION HERE !!!! DO NOT FORGET !!!! 👮🏻👮🏻👮🏻

PR Checklist:

• Have you read the CONTRIBUTING.md?
• Does your PR follow the C4 patch requirements?
• Have you rebased your work on top of the latest master?
• Have you checked your code compiles? (make)
• Have you included tests for any non-trivial functionality?
• Have you checked your code passes the unit tests? (make test)
• Have you checked your code formatting is correct? (go fmt)
• Have you checked your basic code style is fine? (golangci-lint run)
• If you added any dependencies, have you checked they do not contain any known vulnerabilities? (go list -json -m all | nancy sleuth)
• If your changes affect the client infrastructure, have you run the integration test?
• If your changes affect public APIs, does your PR follow the C4 evolution of public contracts?
• If your code changes public APIs, have you incremented the crate version numbers and documented your changes in the CHANGELOG.md?
• If you are contributing for the first time, please read the agreement in CONTRIBUTING.md now and add a comment to this pull request stating that your PR is in accordance with the Developer's Certificate of Origin.

Thank you for your code, it's appreciated! :)

[codecov]

Codecov Report

Merging #167 (5ce3b17) into main (3ea70c5) will increase coverage by 4.95%.
The diff coverage is 48.34%.

❗ Current head 5ce3b17 differs from pull request most recent head eda2eca. Consider uploading reports for the commit eda2eca to get more accurate results

@@            Coverage Diff             @@
##             main     #167      +/-   ##
==========================================
+ Coverage   21.51%   26.46%   +4.95%     
==========================================
  Files          27       34       +7     
  Lines        1729     2422     +693     
==========================================
+ Hits          372      641     +269     
- Misses       1324     1733     +409     
- Partials       33       48      +15     

Impacted Files	Coverage Δ
app/prefix.go	0.00% <0.00%> (ø)
app/test_helpers.go	0.00% <0.00%> (ø)
x/cronos/keeper/gravity_hooks.go	0.00% <0.00%> (ø)
x/cronos/keeper/grpc_query.go	0.00% <0.00%> (ø)
x/cronos/keeper/msg_server.go	5.00% <0.00%> (-1.46%)	⬇️
x/cronos/module.go	59.64% <0.00%> (-2.17%)	⬇️
x/cronos/types/codec.go	0.00% <0.00%> (ø)
x/cronos/types/events.go	0.00% <ø> (ø)
x/cronos/types/messages.go	20.22% <ø> (+20.22%)	⬆️
x/cronos/types/params.go	57.35% <ø> (+3.78%)	⬆️
... and 20 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ddc051c...eda2eca. Read the comment docs.

[tomtau]

should be ok to disable -- I was just checking for some inter-module dependencies. so far only saw this in bank: https://github.com/cosmos/cosmos-sdk/blob/59810f3286420ab73452b635aebeffac9146e355/x/bank/types/codec.go#L25
but hopefully that's harmless

[yihuang]

should be ok to disable -- I was just checking for some inter-module dependencies. so far only saw this in bank: https://github.com/cosmos/cosmos-sdk/blob/59810f3286420ab73452b635aebeffac9146e355/x/bank/types/codec.go#L25 but hopefully that's harmless

Changed to bump cosmos-sdk to 0.44.2 instead.

[thomas-nguy]

would that replace the cosmos-sdk dependency in ibc-go and ethermint without any side effect?

[yihuang]

Hard to say about side-effect, but I think it's safer than using different versions at the same time.

[thomas-nguy]

ok lgtm