Upgrade vulnerable dependencies

[masihyeganeh]

Description

Reviewers checklist:

• Try to write more meaningful comments with clear actions to be taken.
• Nit-picking should be unblocking. Focus on core issues.

Authors checklist

• Provide a concise and meaningful description
• Review the code yourself first, before making the PR.
• Annotate your PR in places that require explanation.
• Think and try to split the PR to smaller PR if it is big.

---

This change is 

[masihyeganeh]

Reviewable status: 0 of 7 files reviewed, 1 unresolved discussion (waiting on @dzmitryhil, @miladz68, @wojtek-coreum, and @ysv)

---

contract/Cargo.toml line 39 at r1 (raw file):

sha2 = "0.10.8"
thiserror = "1.0.56"
libsecp256k1 = "0.5.0"

I'm not sure if adding new version of the transitive dependencies is going to make any difference here, but I can't find a good way to actually replace them. I'm aware of "patch"ing, but it seems that there is no standard way to upgrade them:
rust-lang/cargo#5640

[dzmitryhil]

Reviewable status: 0 of 7 files reviewed, 1 unresolved discussion (waiting on @keyleu, @miladz68, @wojtek-coreum, and @ysv)

---

contract/Cargo.toml line 39 at r1 (raw file):

Previously, masihyeganeh (Masih Yeganeh) wrote…

I'm not sure if adding new version of the transitive dependencies is going to make any difference here, but I can't find a good way to actually replace them. I'm aware of "patch"ing, but it seems that there is no standard way to upgrade them:
rust-lang/cargo#5640

@keyleu WDYT ?

[keyleu]

Reviewable status: 0 of 9 files reviewed, 1 unresolved discussion (waiting on @dzmitryhil, @masihyeganeh, @miladz68, @wojtek-coreum, and @ysv)

---

contract/Cargo.toml line 39 at r1 (raw file):

Previously, dzmitryhil (Dzmitry Hil) wrote…

@keyleu WDYT ?

I don't think this is going to make any difference. The only "important" one even though we are also not affected is the cosmwasm-std one. I think we can remove the rest.

[dzmitryhil]

Reviewable status: 0 of 9 files reviewed, all discussions resolved (waiting on @miladz68, @wojtek-coreum, and @ysv)

[keyleu]

Reviewed 5 of 7 files at r1, 4 of 4 files at r3, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on @miladz68, @wojtek-coreum, and @ysv)

[miladz68]

Reviewed 5 of 7 files at r1, 4 of 4 files at r3, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on @wojtek-coreum and @ysv)

[miladz68]

Reviewed 5 of 5 files at r4, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on @wojtek-coreum and @ysv)

[dzmitryhil]

Reviewed 4 of 4 files at r3, 5 of 5 files at r5, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on @wojtek-coreum and @ysv)

[ysv]

Reviewed 4 of 4 files at r3, 5 of 5 files at r5, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on @wojtek-coreum)

[ysv]

Reviewed 2 of 2 files at r6, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @masihyeganeh and @wojtek-coreum)

---

.DS_Store line 0 at r6 (raw file):
ignore ?

[ysv]

Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @masihyeganeh and @wojtek-coreum)

---

.DS_Store line at r6 (raw file):

Previously, ysv (Yaroslav Savchuk) wrote…

ignore ?

eventually we had a rule that we add only project-specific files to .gitignore e.g wasm binaries etc
But global things which are dependent on system etc we prefer everyone to have .gitignore_global and put there any files specific for their system etc

[masihyeganeh]

Reviewed 1 of 7 files at r7.
Reviewable status: 5 of 11 files reviewed, 1 unresolved discussion (waiting on @dzmitryhil, @wojtek-coreum, and @ysv)

---

.DS_Store line at r6 (raw file):

Previously, ysv (Yaroslav Savchuk) wrote…

eventually we had a rule that we add only project-specific files to .gitignore e.g wasm binaries etc
But global things which are dependent on system etc we prefer everyone to have .gitignore_global and put there any files specific for their system etc

Done.

[ysv]

Reviewed 2 of 7 files at r7, 7 of 7 files at r8, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on @wojtek-coreum)

[ysv]

Reviewed 3 of 3 files at r9, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on @wojtek-coreum)

[masihyeganeh]

Reviewed 4 of 4 files at r3, 1 of 7 files at r7, 5 of 7 files at r8, 3 of 3 files at r9, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on @wojtek-coreum)

[miladz68]

Reviewed 1 of 7 files at r7, 5 of 7 files at r8, 3 of 3 files at r9, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on @wojtek-coreum)

[ysv]

Reviewed 5 of 5 files at r10, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on @wojtek-coreum)

[miladz68]

Reviewed 5 of 5 files at r10, all commit messages.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on @wojtek-coreum)