Cosmovisor v1.5.0 currently uses x/upgrade v0.0.0-20230614103911-b3da8bb4e801
We need to bump go-getter in x/upgrade of release/v0.50.x and make cosmovisor use that version.
This is because the current go-getter version cosmovisor (up to 1.5.0) is lower than 1.7.4, which is vulnerable to this: GHSA-q64h-39hv-4cf7.
Making it vulnerable to malicious upgrade proposals with git urls (which would hardly pass, and ever get executed, but we should still fix it).
ref: #20067
Cosmovisor v1.5.0 currently uses x/upgrade
v0.0.0-20230614103911-b3da8bb4e801We need to bump go-getter in x/upgrade of release/v0.50.x and make cosmovisor use that version.
This is because the current go-getter version cosmovisor (up to 1.5.0) is lower than 1.7.4, which is vulnerable to this: GHSA-q64h-39hv-4cf7.
Making it vulnerable to malicious upgrade proposals with git urls (which would hardly pass, and ever get executed, but we should still fix it).
ref: #20067