Merge pull request #135 from fetchai/upgrade_v0.45.9

## v0.45.9 - 2022-10-14

ATTENTION:

This is a security release for the 
[Dragonberry security advisory](https://forum.cosmos.network/t/ibc-security-advisory-dragonberry/7702). 

All users should upgrade immediately.

Users *must* add a replace directive in their go.mod for the
new `ics23` package in the SDK:

```
replace (
    github.com/confio/ics23/go => github.com/cosmos/cosmos-sdk/ics23
)

```

### Features

* [#13435](cosmos/cosmos-sdk#13435) Extend error context when a simulation fails.

### Improvements

* [#13369](cosmos/cosmos-sdk#13369) Improve UX for `keyring.List` by returning all retrieved keys.
* [#13323](cosmos/cosmos-sdk#13323) Ensure `withdraw_rewards` rewards are emitted from all actions that result in rewards being withdrawn.
* [#13321](cosmos/cosmos-sdk#13321) Add flag to disable fast node migration and usage.
* (store) [#13326](cosmos/cosmos-sdk#13326) Implementation of ADR-038 file StreamingService, backport #8664.
* (store) [#13540](cosmos/cosmos-sdk#13540) Default fastnode migration to false to prevent suprises. Operators must enable it, unless they have it enabled already. 

### API Breaking Changes

* (cli) [#13089](cosmos/cosmos-sdk#13089) Fix rollback command don't actually delete multistore versions, added method `RollbackToVersion` to interface `CommitMultiStore` and added method `CommitMultiStore` to `Application` interface.

### Bug Fixes

* [#...](https://github.com/cosmos/cosmos-sdk/pull/) Implement dragonberry security patch.
  * For applying the patch please refer to the [RELEASE NOTES](./RELEASE_NOTES.md)
* (store) [#13459](cosmos/cosmos-sdk#13459) Don't let state listener observe the uncommitted writes.

.github/workflows/atlas.yml

@@ -3,7 +3,7 @@ name: Atlas
 on:
   push:
     branches:
-      - master
+      - main
     paths:
       - "x/**/atlas/*"
   pull_request:

.github/workflows/lint.yml

@@ -1,27 +1,26 @@
 name: Lint
-# Lint runs golangci-lint over the entire cosmos-sdk repository
-# This workflow is run on every pull request and push to master
-# The `golangci` will pass without running if no *.{go, mod, sum} files have been changed.
 on:
-  pull_request:
   push:
+    tags:
+      - v*
     branches:
-      - master
+      - main
+  pull_request:
+permissions:
+  contents: read
+  # Optional: allow read access to pull request. Use with `only-new-issues` option.
+  # pull-requests: read
 jobs:
   golangci:
     name: golangci-lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-go@v2.1.4
+      - uses: actions/setup-go@v3
         with:
-          go-version: 1.18
-      - uses: technote-space/get-diff-action@v5
-        id: git_diff
+          go-version: 1.19
+      - uses: actions/checkout@v3
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
         with:
-          PATTERNS: |
-            **/**.go
-            go.mod
-            go.sum
-      - name: run go linters
-        run: make lint-go
-        if: env.GIT_DIFF
+          # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
+          version: latest

.github/workflows/sims.yml

@@ -5,7 +5,7 @@ on:
   pull_request:
   push:
     branches:
-      - master
+      - main
 
 jobs:
   build:

.github/workflows/test.yml

@@ -1,11 +1,11 @@
 name: Tests / Code Coverage
 #  Tests / Code Coverage workflow runs unit tests and uploads a code coverage report
-#  This workflow is run on pushes to master & every Pull Requests where a .go, .mod, .sum have been changed
+#  This workflow is run on pushes to main & every Pull Requests where a .go, .mod, .sum have been changed
 on:
   pull_request:
   push:
     branches:
-      - master
+      - main
 jobs:
   install-tparse:
     runs-on: ubuntu-latest
@@ -222,7 +222,7 @@ jobs:
 
   # Disabled since this can't build
   # the contrib/images/simd-env/Dockerfile is looking for a 
-  # db/go.mod file, which only exists on cosmos/cosmos-sdk master
+  # db/go.mod file, which only exists on cosmos/cosmos-sdk main
   # branch...
   #
   # liveness-test:

.gitignore

@@ -6,6 +6,7 @@
 *.swm
 *.swn
 *.pyc
+.dccache
 
 # private files
 private[.-]*

.golangci.yml

@@ -1,51 +1,35 @@
 run:
   tests: false
-#   # timeout for analysis, e.g. 30s, 5m, default is 1m
-#   timeout: 5m
+  # timeout for analysis, e.g. 30s, 5m, default is 1m
+  timeout: 5m
 
 linters:
   disable-all: true
   enable:
-    - bodyclose
-    - deadcode
     - depguard
     - dogsled
-    # - errcheck
+    - exportloopref
     - goconst
     - gocritic
-    - gofmt
-    - goimports
+    - gofumpt
     - gosec
     - gosimple
     - govet
     - ineffassign
     - misspell
     - nakedret
-    - prealloc
-    - revive
-    - exportloopref
+    - nolintlint
     - staticcheck
-    - structcheck
     - stylecheck
     - typecheck
     - unconvert
     - unused
-    - unparam
-    - misspell
-    # - wsl
-    - nolintlint
 
 issues:
   exclude-rules:
     - text: "Use of weak random number generator"
       linters:
         - gosec
-    - text: "comment on exported var"
-      linters:
-        - golint
-    - text: "don't use an underscore in package name"
-      linters:
-        - golint
     - text: "ST1003:"
       linters:
         - stylecheck
@@ -54,7 +38,10 @@ issues:
     - text: "ST1016:"
       linters:
         - stylecheck
-    - path: "legacy"
+    - text: "should be written without leading space as"
+      linters:
+        - nolintlint
+    - path: "migrations"
       text: "SA1019:"
       linters:
         - staticcheck
@@ -70,6 +57,5 @@ linters-settings:
     suggest-new: true
   nolintlint:
     allow-unused: false
-    allow-leading-space: true
     require-explanation: false
-    require-specific: false
+    require-specific: false

.mergify.yml

@@ -1,8 +1,8 @@
 pull_request_rules:
-  - name: automerge to master with label automerge and branch protection passing
+  - name: automerge to main with label automerge and branch protection passing
     conditions:
       - "#approved-reviews-by>1"
-      - base=master
+      - base=main
       - label=automerge
     actions:
       merge:
@@ -11,15 +11,15 @@ pull_request_rules:
         commit_message: title+body
   - name: backport patches to v0.42.x branch
     conditions:
-      - base=master
+      - base=main
       - label=backport/0.42.x (Stargate)
     actions:
       backport:
         branches:
           - release/v0.42.x
   - name: backport patches to v0.39.x branch
     conditions:
-      - base=master
+      - base=main
       - label=backport/0.39.x (Launchpad)
     actions:
       backport:

CHANGELOG.md

@@ -37,6 +37,47 @@ Ref: https://keepachangelog.com/en/1.0.0/
 
 ## [Unreleased]
 
+## v0.45.9 - 2022-10-14
+
+ATTENTION:
+
+This is a security release for the 
+[Dragonberry security advisory](https://forum.cosmos.network/t/ibc-security-advisory-dragonberry/7702). 
+
+All users should upgrade immediately.
+
+Users *must* add a replace directive in their go.mod for the
+new `ics23` package in the SDK:
+
+```
+replace (
+    github.com/confio/ics23/go => github.com/cosmos/cosmos-sdk/ics23
+)
+
+```
+
+### Features
+
+* [#13435](https://github.com/cosmos/cosmos-sdk/pull/13435) Extend error context when a simulation fails.
+
+### Improvements
+
+* [#13369](https://github.com/cosmos/cosmos-sdk/pull/13369) Improve UX for `keyring.List` by returning all retrieved keys.
+* [#13323](https://github.com/cosmos/cosmos-sdk/pull/13323) Ensure `withdraw_rewards` rewards are emitted from all actions that result in rewards being withdrawn.
+* [#13321](https://github.com/cosmos/cosmos-sdk/pull/13321) Add flag to disable fast node migration and usage.
+* (store) [#13326](https://github.com/cosmos/cosmos-sdk/pull/13326) Implementation of ADR-038 file StreamingService, backport #8664.
+* (store) [#13540](https://github.com/cosmos/cosmos-sdk/pull/13540) Default fastnode migration to false to prevent suprises. Operators must enable it, unless they have it enabled already. 
+
+### API Breaking Changes
+
+* (cli) [#13089](https://github.com/cosmos/cosmos-sdk/pull/13089) Fix rollback command don't actually delete multistore versions, added method `RollbackToVersion` to interface `CommitMultiStore` and added method `CommitMultiStore` to `Application` interface.
+
+### Bug Fixes
+
+* [#...](https://github.com/cosmos/cosmos-sdk/pull/) Implement dragonberry security patch.
+  * For applying the patch please refer to the [RELEASE NOTES](./RELEASE_NOTES.md)
+* (store) [#13459](https://github.com/cosmos/cosmos-sdk/pull/13459) Don't let state listener observe the uncommitted writes.
+
 ## v0.45.8 - 2022-08-25
 
 ### Improvements
@@ -45,6 +86,8 @@ Ref: https://keepachangelog.com/en/1.0.0/
 * [#12885](https://github.com/cosmos/cosmos-sdk/pull/12885) Amortize cost of processing cache KV store.
 * [#12970](https://github.com/cosmos/cosmos-sdk/pull/12970) Bump Tendermint to `v0.34.21` and IAVL to `v0.19.1`.
 * [#12693](https://github.com/cosmos/cosmos-sdk/pull/12693) Make sure the order of each node is consistent when emitting proto events.
+* (simapp) [#13107](https://github.com/cosmos/cosmos-sdk/pull/13107) Call `SetIAVLCacheSize` with the configured value in simapp.
+* (cli) [#12742](https://github.com/cosmos/cosmos-sdk/pull/12742) Add the `prune` CLI cmd to manually prune app store history versions based on the pruning options.
 
 ### Bug Fixes
 
@@ -69,9 +112,6 @@ Ref: https://keepachangelog.com/en/1.0.0/
 ### Bug Fixes
 
 * (x/mint) [#12384](https://github.com/cosmos/cosmos-sdk/pull/12384) Ensure `GoalBonded` must be positive when performing `x/mint` parameter validation.
-* (simapp) [#12437](https://github.com/cosmos/cosmos-sdk/pull/12437) fix the non-determinstic behavior in simulations caused by `GenTx` and check
-empty coins slice before it is used to create `banktype.MsgSend`.
-* (x/capability) [12818](https://github.com/cosmos/cosmos-sdk/pull/12818) Use fixed length hex for pointer at FwdCapabilityKey.
 
 ## [v0.45.6](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.45.6) - 2022-06-28
 

Makefile

@@ -328,9 +328,8 @@ lint-go:
 .PHONY: lint lint-fix
 
 format:
-	find . -name '*.go' -type f -not -path "./vendor*" -not -path "*.git*" -not -path "./client/docs/statik/statik.go" -not -path "./tests/mocks/*" -not -name '*.pb.go' | xargs gofmt -w -s
-	find . -name '*.go' -type f -not -path "./vendor*" -not -path "*.git*" -not -path "./client/docs/statik/statik.go" -not -path "./tests/mocks/*" -not -name '*.pb.go' | xargs misspell -w
-	find . -name '*.go' -type f -not -path "./vendor*" -not -path "*.git*" -not -path "./client/docs/statik/statik.go" -not -path "./tests/mocks/*" -not -name '*.pb.go' | xargs goimports -w -local github.com/cosmos/cosmos-sdk
+	find . -name '*.go' -type f -not -path "./vendor*" -not -path "*.git*" -not -path "./client/docs/statik/statik.go" -not -path "./tests/mocks/*" -not -name "*.pb.go" -not -name "*.pb.gw.go" -not -name "*.pulsar.go" -not -path "./crypto/keys/secp256k1/*" | xargs gofumpt -w -l
+	golangci-lint run --fix
 .PHONY: format
 
 ###############################################################################
@@ -396,12 +395,12 @@ proto-lint:
 	@$(DOCKER_BUF) lint --error-format=json
 
 proto-check-breaking:
-	@$(DOCKER_BUF) breaking --against $(HTTPS_GIT)#branch=master
+	@$(DOCKER_BUF) breaking --against $(HTTPS_GIT)#branch=main
 
 
 TM_URL              = https://raw.githubusercontent.com/tendermint/tendermint/v0.34.0-rc6/proto/tendermint
 GOGO_PROTO_URL      = https://raw.githubusercontent.com/regen-network/protobuf/cosmos
-COSMOS_PROTO_URL    = https://raw.githubusercontent.com/regen-network/cosmos-proto/master
+COSMOS_PROTO_URL    = https://raw.githubusercontent.com/regen-network/cosmos-proto/main
 CONFIO_URL          = https://raw.githubusercontent.com/confio/ics23/v0.6.3
 
 TM_CRYPTO_TYPES     = third_party/proto/tendermint/crypto

RELEASE_NOTES.md

@@ -1,7 +1,20 @@
-# Cosmos SDK v0.45.8 Release Notes
+# Cosmos SDK v0.45.9 Release Notes
 
-This release introduces few improvements, such as the speed-up of the crisis invariant checks (thanks to a Juno bounty), and updated Tendermint and IAVL dependencies.
+This is a security release for the 
+[Dragonberry security advisory](https://forum.cosmos.network/t/ibc-security-advisory-dragonberry/7702). 
+Please upgrade ASAP.
 
-See the [Cosmos SDK v0.45.8 Changelog](https://github.com/cosmos/cosmos-sdk/blob/v0.45.8/CHANGELOG.md) for the exhaustive list of all changes.
+Next to this, we have also included a few minor bugfixes.
 
-**Full Commit History**: https://github.com/cosmos/cosmos-sdk/compare/v0.45.7...v0.45.8
+Chains must add the following to their go.mod for the application:
+
+```go
+replace github.com/confio/ics23/go => github.com/cosmos/cosmos-sdk/ics23
+```
+
+Bumping the SDK version should be smooth, however, feel free to tag core devs to review your upgrading PR:
+
+- **CET**: @tac0turtle, @okwme, @AdityaSripal, @colin-axner, @julienrbrt
+- **EST**: @ebuchman, @alexanderbez, @aaronc
+- **PST**: @jtremback, @nicolaslara, @czarcas7ic, @p0mvn
+- **CDT**: @ValarDragon, @zmanian