From d36b4c95d63368afa217b771f4fb2e275b94a43c Mon Sep 17 00:00:00 2001
From: mmsqe <mavis@crypto.com>
Date: Wed, 18 Dec 2024 15:08:07 +0800
Subject: [PATCH 1/5] Problem: security patch from cosmos sdk is not included

---
 CHANGELOG.md   | 6 ++++++
 go.mod         | 2 +-
 go.sum         | 4 ++--
 gomod2nix.toml | 4 ++--
 4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8d41d3497..affec44bf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## UNRELEASED
+
+### Bug Fixes
+
+* [#1097](https://github.com/crypto-org-chain/chain-main/pull/1097) Include a security patch from cosmos sdk.
+
 *Mar 29, 2024*
 
 ## v4.2.9
diff --git a/go.mod b/go.mod
index 2f5700b9b..0e11fae43 100644
--- a/go.mod
+++ b/go.mod
@@ -185,7 +185,7 @@ replace (
 	// use cosmos fork of keyring
 	github.com/99designs/keyring => github.com/cosmos/keyring v1.2.0
 	github.com/cometbft/cometbft-db => github.com/crypto-org-chain/cometbft-db v0.0.0-20230412133340-ac70df4b45f6
-	github.com/cosmos/cosmos-sdk => github.com/crypto-org-chain/cosmos-sdk v0.46.3-0.20240229063231-63265c2283dd
+	github.com/cosmos/cosmos-sdk => github.com/crypto-org-chain/cosmos-sdk v0.46.3-0.20241218065916-928830128a80
 	// dgrijalva/jwt-go is deprecated and doesn't receive security updates.
 	// TODO: remove it: https://github.com/cosmos/cosmos-sdk/issues/13134
 	github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.4.2
diff --git a/go.sum b/go.sum
index 7f17aaa87..ccbc46f4f 100644
--- a/go.sum
+++ b/go.sum
@@ -414,8 +414,8 @@ github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7Do
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/crypto-org-chain/cometbft-db v0.0.0-20230412133340-ac70df4b45f6 h1:d4h4Ki1UE/LF6CKwYEm3OZ+HIBCrzSmOokG1vce0O98=
 github.com/crypto-org-chain/cometbft-db v0.0.0-20230412133340-ac70df4b45f6/go.mod h1:hF5aclS++7WrW8USOA3zPeKI0CuzwUD2TPYug25ANlQ=
-github.com/crypto-org-chain/cosmos-sdk v0.46.3-0.20240229063231-63265c2283dd h1:0yyzNqs6gNA1a/KYtRN8nwewLHTeLMVrh8bDFAy1Zh0=
-github.com/crypto-org-chain/cosmos-sdk v0.46.3-0.20240229063231-63265c2283dd/go.mod h1:05U50tAsOzQ8JOAePshJCbJQw5ib1YJR6IXcqyVI1Xg=
+github.com/crypto-org-chain/cosmos-sdk v0.46.3-0.20241218065916-928830128a80 h1:eMb3mXw4+tRC+mPej6CHcGiC04AroU3BS5QAC1mWdjM=
+github.com/crypto-org-chain/cosmos-sdk v0.46.3-0.20241218065916-928830128a80/go.mod h1:05U50tAsOzQ8JOAePshJCbJQw5ib1YJR6IXcqyVI1Xg=
 github.com/crypto-org-chain/cronos/memiavl v0.0.5-0.20230904032434-c575f4797ca4 h1:TXArRgse2/3r1FxFbbukJhQpE5HHxJaOI3YAwz4Zu00=
 github.com/crypto-org-chain/cronos/memiavl v0.0.5-0.20230904032434-c575f4797ca4/go.mod h1:sCbJoEppeM3/7+Ox1heGlbVt+eWBcTmLb9UEjuotXIc=
 github.com/crypto-org-chain/cronos/store v0.0.5-0.20230904032434-c575f4797ca4 h1:9jlbWwXuuoWCOxBJX3MqtyBuK8YA2Tnmp9QBQVl79Uk=
diff --git a/gomod2nix.toml b/gomod2nix.toml
index 402facae2..93a707d10 100644
--- a/gomod2nix.toml
+++ b/gomod2nix.toml
@@ -109,8 +109,8 @@ schema = 3
     version = "v1.0.0-beta.1"
     hash = "sha256-oATkuj+fM5eBn+ywO+w/tL0AFSIEkx0J3Yz+VhVe0QA="
   [mod."github.com/cosmos/cosmos-sdk"]
-    version = "v0.46.3-0.20240229063231-63265c2283dd"
-    hash = "sha256-UMr2Jw/XkhqmNUXd4i9YusntCmUi5wiCJhgExoYAkiM="
+    version = "v0.46.3-0.20241218065916-928830128a80"
+    hash = "sha256-ekmhTIIfTosqdjUV+DDZCVTWcPlFUU/8TjcVjVYZsFk="
     replaced = "github.com/crypto-org-chain/cosmos-sdk"
   [mod."github.com/cosmos/go-bip39"]
     version = "v1.0.0"

From 814cf3849868ff8c5c68062188c4878f368c8bc2 Mon Sep 17 00:00:00 2001
From: mmsqe <mavis@crypto.com>
Date: Wed, 18 Dec 2024 15:18:06 +0800
Subject: [PATCH 2/5] fix ci

---
 .github/workflows/build.yml | 12 ++++++------
 .github/workflows/nix.yml   | 18 +++++++++---------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 0a361b1d1..a866943e7 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -124,7 +124,7 @@ jobs:
           echo ${{ job.status }} > status_build.txt
       - name: Upload file status_build.txt as an artifact
         if: github.event_name == 'issue_comment'
-        uses: actions/upload-artifact@v1
+        uses: actions/upload-artifact@v3
         with:
           name: pass_status_build
           path: status_build.txt
@@ -189,7 +189,7 @@ jobs:
           echo ${{ job.status }} > status_install.txt
       - name: Upload file status_install.txt as an artifact
         if: github.event_name == 'issue_comment'
-        uses: actions/upload-artifact@v1
+        uses: actions/upload-artifact@v3
         with:
           name: pass_status_install
           path: status_install.txt
@@ -236,7 +236,7 @@ jobs:
           echo ${{ job.status }} > status_sim1.txt
       - name: Upload file status_sim1.txt as an artifact
         if: github.event_name == 'issue_comment'
-        uses: actions/upload-artifact@v1
+        uses: actions/upload-artifact@v3
         with:
           name: pass_status_sim1
           path: status_sim1.txt
@@ -283,7 +283,7 @@ jobs:
           echo ${{ job.status }} > status_sim2.txt
       - name: Upload file status_sim2.txt as an artifact
         if: github.event_name == 'issue_comment'
-        uses: actions/upload-artifact@v1
+        uses: actions/upload-artifact@v3
         with:
           name: pass_status_sim2
           path: status_sim2.txt
@@ -330,7 +330,7 @@ jobs:
           echo ${{ job.status }} > status_sim3.txt
       - name: Upload file status_sim3.txt as an artifact
         if: github.event_name == 'issue_comment'
-        uses: actions/upload-artifact@v1
+        uses: actions/upload-artifact@v3
         with:
           name: pass_status_sim3
           path: status_sim3.txt
@@ -427,7 +427,7 @@ jobs:
           set +e
           (git diff --no-ext-diff --exit-code)
           echo "changed=$?" >> $GITHUB_OUTPUT
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         if: steps.changes.outputs.changed == 1
         with:
           name: gomod2nix.toml
diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml
index 78b0520b1..91e6f7c2c 100644
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@@ -63,7 +63,7 @@ jobs:
       - name: Tar debug files
         if: failure()
         run: tar cfz debug_files.tar.gz -C "$TMPDIR/pytest-of-runner" .
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: debug_files
@@ -127,7 +127,7 @@ jobs:
       - name: Tar debug files
         if: failure()
         run: tar cfz debug_files_upgrade.tar.gz -C /tmp/pytest-of-runner .
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: debug_files_upgrade
@@ -164,7 +164,7 @@ jobs:
       - name: Tar debug files
         if: failure()
         run: tar cfz debug_files_ledger.tar.gz -C /tmp/pytest-of-runner .
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: debug_files_ledger
@@ -201,7 +201,7 @@ jobs:
       - name: Tar debug files
         if: failure()
         run: tar cfz debug_files_solomachine.tar.gz -C /tmp/pytest-of-runner .
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: debug_files_solomachine
@@ -238,7 +238,7 @@ jobs:
       - name: Tar debug files
         if: failure()
         run: tar cfz debug_files_slow.tar.gz -C /tmp/pytest-of-runner .
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: debug_files_slow
@@ -275,7 +275,7 @@ jobs:
       - name: Tar debug files
         if: failure()
         run: tar cfz debug_files_ibc.tar.gz -C /tmp/pytest-of-runner .
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: debug_files_ibc
@@ -312,7 +312,7 @@ jobs:
       - name: Tar debug files
         if: failure()
         run: tar cfz debug_files_byzantine.tar.gz -C /tmp/pytest-of-runner .
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: debug_files_byzantine
@@ -349,7 +349,7 @@ jobs:
       - name: Tar debug files
         if: failure()
         run: tar cfz debug_files_gov.tar.gz -C /tmp/pytest-of-runner .
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: debug_files_gov
@@ -387,7 +387,7 @@ jobs:
       - name: Tar debug files
         if: failure()
         run: tar cfz debug_files_grpc.tar.gz -C /tmp/pytest-of-runner .
-      - uses: actions/upload-artifact@v2
+      - uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: debug_files_grpc

From 676b5b2023601ac932bc0c426b0018535829ba0f Mon Sep 17 00:00:00 2001
From: mmsqe <mavis@crypto.com>
Date: Wed, 18 Dec 2024 15:21:54 +0800
Subject: [PATCH 3/5] doc

---
 CHANGELOG.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index affec44bf..75fe74223 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,8 @@
 # Changelog
 
-## UNRELEASED
+*Dec 18, 2024*
+
+## v4.2.10
 
 ### Bug Fixes
 

From c656e8f53a767c449f84f9901948a81910ec18a1 Mon Sep 17 00:00:00 2001
From: yihuang <huang@crypto.com>
Date: Wed, 30 Oct 2024 13:06:20 +0800
Subject: [PATCH 4/5] Problem: persist-credentials might leak github token
 unintentionally (#1090)

* Problem: persist-credentials might leak github token unintentionally

Solution:
- try persist-credentials: false

* refresh

---------

Signed-off-by: yihuang <huang@crypto.com>
Co-authored-by: mmsqe <mavis@crypto.com>
---
 .github/workflows/audit.yml           |  2 +-
 .github/workflows/build.yml           | 38 +++++++++++++++++++--------
 .github/workflows/buildwin.yml        |  2 +-
 .github/workflows/codecov.yml         |  2 +-
 .github/workflows/codeql-analysis.yml |  2 +-
 .github/workflows/gosec.yml           |  2 +-
 .github/workflows/lint.yml            |  2 +-
 .github/workflows/nix.yml             | 22 ++++++++--------
 .github/workflows/release.yml         |  4 +--
 .github/workflows/semgrep.yml         |  2 +-
 .github/workflows/staticmajor.yml     |  2 +-
 11 files changed, 48 insertions(+), 32 deletions(-)

diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index cc0f921a3..c8d4490ae 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -17,7 +17,7 @@ jobs:
       uses: actions/setup-go@v3
       with:
         go-version: 1.20.3
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
           submodules: true
     - name: install govulncheck
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index a866943e7..632b05b2e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -83,16 +83,18 @@ jobs:
         with:
           go-version: 1.20.3
       - name: Checkout Comment PR Branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         if: github.event_name == 'issue_comment'
         with:
           submodules: true
+          persist-credentials: false
           token: ${{ secrets.GITHUB_TOKEN }}
           repository: ${{ steps.pr_data.outputs.repo_name }}
           ref: ${{ steps.pr_data.outputs.ref }}
       - name: Normal check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
+          persist-credentials: false
           submodules: true
         if: github.event_name == 'push' || github.event_name == 'pull_request' 
       - id: changed-files
@@ -136,8 +138,10 @@ jobs:
         os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v3
-      - uses: cachix/install-nix-action@v22
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - uses: cachix/install-nix-action@v23
         with:
           # pin to nix-2.13 to workaround compability issue of 2.14,
           # see: https://github.com/cachix/install-nix-action/issues/161
@@ -202,18 +206,20 @@ jobs:
         with:
           go-version: 1.20.3
       - name: Checkout Comment PR Branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         if: github.event_name == 'issue_comment'
         with:
           submodules: true
+          persist-credentials: false
           token: ${{ secrets.GITHUB_TOKEN }}
           repository: ${{ needs.build.outputs.repo_name }}
           ref: ${{ needs.build.outputs.ref }}
       - name: Normal check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         if: github.event_name == 'push' || github.event_name == 'pull_request' 
         with:
           submodules: true
+          persist-credentials: false
       - id: changed-files
         uses: tj-actions/changed-files@v35
         with:
@@ -249,18 +255,20 @@ jobs:
         with:
           go-version: 1.20.3
       - name: Checkout Comment PR Branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         if: github.event_name == 'issue_comment'
         with:
           submodules: true
+          persist-credentials: false
           token: ${{ secrets.GITHUB_TOKEN }}
           repository: ${{ needs.build.outputs.repo_name }}
           ref: ${{ needs.build.outputs.ref }}
       - name: Normal check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         if: github.event_name == 'push' || github.event_name == 'pull_request' 
         with:
           submodules: true
+          persist-credentials: false
       - id: changed-files
         uses: tj-actions/changed-files@v35
         with:
@@ -296,18 +304,20 @@ jobs:
         with:
           go-version: 1.20.3
       - name: Checkout Comment PR Branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         if: github.event_name == 'issue_comment'
         with:
           submodules: true
+          persist-credentials: false
           token: ${{ secrets.GITHUB_TOKEN }}
           repository: ${{ needs.build.outputs.repo_name }}
           ref: ${{ needs.build.outputs.ref }}
       - name: Normal check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         if: github.event_name == 'push' || github.event_name == 'pull_request' 
         with:
           submodules: true
+          persist-credentials: false
       - id: changed-files
         uses: tj-actions/changed-files@v35
         with:
@@ -403,7 +413,13 @@ jobs:
     runs-on: ubuntu-latest
     if: github.event_name == 'push' || github.event_name == 'pull_request'
     steps:
-      - uses: actions/checkout@v3
+<<<<<<< HEAD
+      - uses: actions/checkout@v4
+=======
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+>>>>>>> c23a527 (Problem: persist-credentials might leak github token unintentionally (#1090))
       - id: changed-files
         uses: tj-actions/changed-files@v35
         with:
diff --git a/.github/workflows/buildwin.yml b/.github/workflows/buildwin.yml
index 383b773ec..114320786 100644
--- a/.github/workflows/buildwin.yml
+++ b/.github/workflows/buildwin.yml
@@ -17,7 +17,7 @@ jobs:
         with:
           go-version: 1.20.3
       - name: Normal check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Set GOBIN
diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml
index fae032e17..76eecae43 100644
--- a/.github/workflows/codecov.yml
+++ b/.github/workflows/codecov.yml
@@ -16,7 +16,7 @@ jobs:
         uses: actions/setup-go@v3
         with:
           go-version: 1.20.3
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: true
       - id: changed-files
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 39b668436..842ce198b 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -42,7 +42,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - uses: actions/setup-go@v3
         with:
           go-version: 1.20.3
diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml
index 66e7432d8..76663b637 100644
--- a/.github/workflows/gosec.yml
+++ b/.github/workflows/gosec.yml
@@ -17,7 +17,7 @@ jobs:
     env:
       GO111MODULE: on
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - id: changed-files
         uses: tj-actions/changed-files@v35
         with:
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 8328d42ff..722714a03 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -15,7 +15,7 @@ jobs:
       - uses: actions/setup-go@v3
         with:
           go-version: 1.20.3
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: true
       - id: changed-files
diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml
index 91e6f7c2c..db68c42d7 100644
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@@ -13,7 +13,7 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: true
       - uses: cachix/install-nix-action@v22
@@ -33,7 +33,7 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: true
       - uses: cachix/install-nix-action@v22
@@ -78,7 +78,7 @@ jobs:
         os: [macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: true
       - uses: cachix/install-nix-action@v22
@@ -100,7 +100,7 @@ jobs:
   test-upgrade:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: true
       - uses: cachix/install-nix-action@v22
@@ -137,7 +137,7 @@ jobs:
   test-ledger:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: true
       - uses: cachix/install-nix-action@v18
@@ -174,7 +174,7 @@ jobs:
   test-solomachine:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: true
       - uses: cachix/install-nix-action@v18
@@ -211,7 +211,7 @@ jobs:
   test-slow:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: true
       - uses: cachix/install-nix-action@v18
@@ -248,7 +248,7 @@ jobs:
   test-ibc:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: true
       - uses: cachix/install-nix-action@v18
@@ -285,7 +285,7 @@ jobs:
   test-byzantine:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: true
       - uses: cachix/install-nix-action@v18
@@ -322,7 +322,7 @@ jobs:
   test-gov:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: true
       - uses: cachix/install-nix-action@v18
@@ -360,7 +360,7 @@ jobs:
   test-grpc:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: true
       - uses: cachix/install-nix-action@v18
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d809d0aa4..2e4071cf8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     environment: release
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: cachix/install-nix-action@v22
         with:
           # pin to nix-2.13 to workaround compability issue of 2.14,
@@ -56,7 +56,7 @@ jobs:
     runs-on: macos-latest
     environment: release
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: cachix/install-nix-action@v22
         with:
           # pin to nix-2.13 to workaround compability issue of 2.14,
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
index c04ec28a0..4479ea4fc 100644
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -21,7 +21,7 @@ jobs:
     if: (github.actor != 'dependabot[bot]')
     steps:
       # Fetch project source with GitHub Actions Checkout.
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: true
       # Run the "semgrep ci" command on the command line of the docker image.
diff --git a/.github/workflows/staticmajor.yml b/.github/workflows/staticmajor.yml
index 167fbf296..4312de541 100644
--- a/.github/workflows/staticmajor.yml
+++ b/.github/workflows/staticmajor.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Staticmajor action
         id: staticmajor
         uses: orijtech/staticmajor-action@main

From 8eb7fd1e824ef2b463a0a81633a23836fed51a50 Mon Sep 17 00:00:00 2001
From: HuangYi <huang@crypto.com>
Date: Wed, 18 Dec 2024 15:25:26 +0800
Subject: [PATCH 5/5] bump version

---
 default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/default.nix b/default.nix
index e4b4e1cc0..1cc914d9d 100644
--- a/default.nix
+++ b/default.nix
@@ -38,7 +38,7 @@ let
 in
 buildGoApplication rec {
   pname = "chain-maind";
-  version = "4.2.9";
+  version = "4.2.10";
   go = buildPackages.go_1_20;
   src = lib.cleanSourceWith {
     name = "src";