From 8914c75ae9c2680329b404a86bdf5a4446a7b4a0 Mon Sep 17 00:00:00 2001
From: marcello33 <marcelloardizzone@hotmail.it>
Date: Tue, 10 Oct 2023 10:34:18 +0200
Subject: [PATCH 1/7] dev: add: codeQL

---
 .github/workflows/codeql.yml | 41 ++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 .github/workflows/codeql.yml

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 000000000..cc412883a
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,41 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master", "develop" ]
+  pull_request:
+    branches: [ "master", "develop" ]
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go', 'javascript-typescript' ]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{matrix.language}}"

From 425f588f7403159260b77501faea498a92a50ae4 Mon Sep 17 00:00:00 2001
From: marcello33 <marcelloardizzone@hotmail.it>
Date: Tue, 10 Oct 2023 12:33:39 +0200
Subject: [PATCH 2/7] dev: chg: remove js scan after dismissing issues for
 swaggerUI

---
 .github/workflows/codeql.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index cc412883a..dd40670c8 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -21,7 +21,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'go', 'javascript-typescript' ]
+        language: [ 'go' ]
 
     steps:
       - name: Checkout repository

From 617a26bef34b3f7bb56454fd5ae042963034caad Mon Sep 17 00:00:00 2001
From: marcello33 <marcelloardizzone@hotmail.it>
Date: Tue, 10 Oct 2023 15:01:15 +0200
Subject: [PATCH 3/7] dev: chg: bump geth to solve p2p ddos

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 16ab836d7..db552bcd1 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/RichardKnop/machinery v1.7.4
 	github.com/cbergoon/merkletree v0.2.0
 	github.com/cosmos/cosmos-sdk v0.47.3
-	github.com/ethereum/go-ethereum v1.10.26
+	github.com/ethereum/go-ethereum v1.13.2
 	github.com/go-kit/log v0.2.1
 	github.com/gogo/protobuf v1.3.2
 	github.com/golang/mock v1.6.0

From a5234fcb2e6e2d13895fe00e34f8b9253b66d7b8 Mon Sep 17 00:00:00 2001
From: marcello33 <marcelloardizzone@hotmail.it>
Date: Tue, 10 Oct 2023 16:51:21 +0200
Subject: [PATCH 4/7] dev: chg: bump govuln action go versions

---
 .github/workflows/{security-ci.yml => govuln.yml} | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 rename .github/workflows/{security-ci.yml => govuln.yml} (83%)

diff --git a/.github/workflows/security-ci.yml b/.github/workflows/govuln.yml
similarity index 83%
rename from .github/workflows/security-ci.yml
rename to .github/workflows/govuln.yml
index 4d3c4b83e..32161b53e 100644
--- a/.github/workflows/security-ci.yml
+++ b/.github/workflows/govuln.yml
@@ -1,5 +1,5 @@
 name: Security CI
-on: [push, pull_request]
+on: [ push, pull_request ]
 
 jobs:
   govuln:
@@ -8,12 +8,12 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Running govulncheck
-        uses: Templum/govulncheck-action@v0.10.1
+        uses: Templum/govulncheck-action@v1.0.0
         continue-on-error: true
         env:
           DEBUG: "true"
         with:
-          go-version: 1.20.5
+          go-version: 1.21
           package: ./...
           github-token: ${{ secrets.GITHUB_TOKEN }}
           fail-on-vuln: true

From 864e28655996158c1b38b8d072b92aa03b8c033b Mon Sep 17 00:00:00 2001
From: marcello33 <marcelloardizzone@hotmail.it>
Date: Tue, 10 Oct 2023 17:11:19 +0200
Subject: [PATCH 5/7] dev: chg: name of CI for govuln

---
 .github/workflows/govuln.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/govuln.yml b/.github/workflows/govuln.yml
index 32161b53e..3f508015c 100644
--- a/.github/workflows/govuln.yml
+++ b/.github/workflows/govuln.yml
@@ -1,4 +1,4 @@
-name: Security CI
+name: Govuln
 on: [ push, pull_request ]
 
 jobs:

From dec0a79c7c544d6efc4f0ee8bb7a6eb859a1dd57 Mon Sep 17 00:00:00 2001
From: marcello33 <marcelloardizzone@hotmail.it>
Date: Thu, 12 Oct 2023 09:59:58 +0200
Subject: [PATCH 6/7] dev: chg: bump x/net to 0.17 as per PR-1080

---
 go.mod |  8 ++++----
 go.sum | 13 ++++++++-----
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index db552bcd1..deb091143 100644
--- a/go.mod
+++ b/go.mod
@@ -139,11 +139,11 @@ require (
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0
 	go.opentelemetry.io/otel/sdk v1.19.0
 	go.opentelemetry.io/otel/trace v1.19.0
-	golang.org/x/crypto v0.11.0 // indirect
-	golang.org/x/net v0.12.0 // indirect
+	golang.org/x/crypto v0.14.0 // indirect
+	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/oauth2 v0.10.0 // indirect
-	golang.org/x/sys v0.12.0 // indirect
-	golang.org/x/text v0.11.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
 	google.golang.org/api v0.126.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 // indirect
diff --git a/go.sum b/go.sum
index d2f75253c..b3d07f58a 100644
--- a/go.sum
+++ b/go.sum
@@ -2147,8 +2147,9 @@ golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
 golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
-golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
 golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -2307,8 +2308,9 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
-golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
 golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -2503,8 +2505,8 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
-golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -2535,8 +2537,9 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
 golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

From 07c5d8749461931d0aaf9e3e0662b75aeb023570 Mon Sep 17 00:00:00 2001
From: marcello33 <marcelloardizzone@hotmail.it>
Date: Thu, 12 Oct 2023 16:29:04 +0200
Subject: [PATCH 7/7] dev: chg: remove snyk files

---
 .snyk | 25 -------------------------
 .synk |  9 ---------
 2 files changed, 34 deletions(-)
 delete mode 100644 .snyk
 delete mode 100644 .synk

diff --git a/.snyk b/.snyk
deleted file mode 100644
index 739eabc2d..000000000
--- a/.snyk
+++ /dev/null
@@ -1,25 +0,0 @@
-# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.25.0
-# ignores vulnerabilities until expiry date; change duration by modifying expiry date
-ignore:
-  'snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0':
-    - '*':
-        reason: 'As open source org, we have no issues with licenses'
-        created: 2022-11-11T09:31:08.546Z
-  'snyk:lic:golang:github.com:hashicorp:go-bexpr:MPL-2.0':
-    - '*':
-        reason: 'As open source org, we have no issues with licenses'
-        created: 2022-11-11T09:31:21.042Z
-  'snyk:lic:golang:github.com:richardknop:machinery:MPL-2.0':
-    - '*':
-        reason: 'As open source org, we have no issues with licenses'
-        created: 2022-11-11T09:31:31.555Z
-  'snyk:lic:golang:github.com:maticnetwork:polyproto:GPL-3.0':
-    - '*':
-        reason: 'As open source org, we have no issues with licenses'
-        created: 2022-11-11T09:31:55.207Z
-  'snyk:lic:golang:github.com:maticnetwork:heimdall:GPL-3.0':
-    - '*':
-        reason: 'As open source org, we have no issues with licenses'
-        created: 2022-11-11T09:32:07.833Z
-patch: {}
diff --git a/.synk b/.synk
deleted file mode 100644
index bec93a419..000000000
--- a/.synk
+++ /dev/null
@@ -1,9 +0,0 @@
-# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.25.0
-# ignores vulnerabilities until expiry date; change duration by modifying expiry date
-ignore:
-  'SNYK-GOLANG-GOLANGORGXNETHTTP2-3160322':
-    - '*':
-        reason: 'grpc working on a release to fix the issue'
-        created: 2022-12-12T06:50:00.000Z
-patch: {}
\ No newline at end of file