[TRST-1.2-R2] Dependencies with known vulnerabilities

[0xHansLee]

Description and context

The codebase includes multiple dependencies that have known security vulnerabilities. The affected dependencies and their respective vulnerabilities include:

• net/http - Request smuggling due to acceptance of invalid chunked data in net/http
  • Impact: The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
  • Reference: CVE-2025-22871
• github.com/cosmos/cosmos-sdk - Transaction decoding may result in a stack overflow or resource exhaustion
  • Impact: Transaction decoding may result in a stack overflow or resource exhaustion
  • Reference: GHSA-8wcc-m6j2-qxvm

Suggested solution

While the aforementioned vulnerabilities do not directly impact the chain, it is recommended updating the affected dependencies to their latest patched versions.