Skip to content

Sync main with upstream provenance-io (2026-06-26)#6

Merged
nullpointer0x00 merged 92 commits into
mainfrom
sync/upstream-main-2026-06-26
Jun 26, 2026
Merged

Sync main with upstream provenance-io (2026-06-26)#6
nullpointer0x00 merged 92 commits into
mainfrom
sync/upstream-main-2026-06-26

Conversation

@nullpointer0x00

Copy link
Copy Markdown
Collaborator

Summary

Syncs the ProvLabs fork's main with upstream provenance-io/provenance main as of 2026-06-26. Merges 91 upstream commits into our main via merge commit 5ffe4f20.

Notable upstream changes

Notes

  • This is a merge sync; no ProvLabs-specific changes are included beyond the merge resolution.
  • Conflicts (if any) were resolved during the local merge.

🤖 Generated with Claude Code

nuxtreact and others added 30 commits February 12, 2026 18:35
* bump Golang from 1.23 to 1.25

* added changelog

* rebased onto main and updated changelog

* rebase onto main, update changelog and go.mod.

* heighliner update build to use Go 1.25
…ovenance-io#2620)

* chore(deps): bump github.com/provlabs/vault from 1.0.14 to 1.0.15

Bumps [github.com/provlabs/vault](https://github.com/provlabs/vault) from 1.0.14 to 1.0.15.
- [Release notes](https://github.com/provlabs/vault/releases)
- [Changelog](https://github.com/ProvLabs/vault/blob/main/CHANGELOG.md)
- [Commits](ProvLabs/vault@v1.0.14...v1.0.15)

---
updated-dependencies:
- dependency-name: github.com/provlabs/vault
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#2575)

* added AddOracleAddress and RemoveOracleAddress messages and cli command for flatfees

* added changelog

* rebased onto main and remove ErrMaxOraclesExceeded.

* fix ErrInvalidOracleAddr code

* rebase onto main and resolved all suggesstions.

* fix format and error handling for ErrOracleNotFound.

* fix genesis test cases and msg_server test cases.

* fix flatfees test cases.

* rebase onto main, fix test cases.

* fix test cases
…o#2605)

* Bump the sdk to v0.53.5-pio-1 (from v0.50.14-pio-2) (and a bunch of other stuff with it).

* Add changelog entry.

* Update the require line to match the base version of the sdk that we're using.

* Add the auth module to the pre-blockers ordering.

* Enable unordered Txs. Have NewAnteHandler return an error if either the circuit or feegrant keepers aren't provided.

* Clean up some invariant stuff and add nolint comments on a bunch more. The crisis module (and stuff) was deprecated, but we still want it, at least for now.

* Switch to ReadGovPropCmdFlags (from ReadGovPropFlags) since the old func is now deprecated.

* Bump sdk to v0.53.5-pio-2 (from v0.53.5-pio-1) so that we can expedite gov props.

* Fix the comment on quarantine's RegisterInvariants method.

* Fix the upgrade tests that broke because the logger now has module=baseapp in it by default.

* Fix the config command tests that failed because a couple new fields were added.

* Fix a couple test on sim stuff that needed fixing because the SDK changed an expected string.

* update tutorial wasm for contract sim tests

* update tutorial wasm download script to latest released version

* sims: Use the checked-in tutorial wasm file in the github actions rather than downloading a new one (with a specific version) each time.

* Set the fee and bond denom to the sdk's default in the sims. Also, when instantiating the contract, only use the bond denom for fees.

* Exclude the protocolpool and epochs proto files when updating dependencies (since we don't use those modules).

* Update third party protos to get the newest stuff from the sdk.

* Add punctuation to the new upgrade process log messages.

* Add the module=baseapp part to a couple new upgrade log lines.

* Exclude the counter module which is just for testing it seems.

* Update the changelog entry.

* Ignore the vault payout verification entries in the import-export test.

* sims: Get rid of the calls to SetProvConfig since we'd rather have this stuff run using nhash. Switch out calls to deprecated SimulationOperations (with BuildSimulationOperations).

* Revert "sims: Get rid of the calls to SetProvConfig since we'd rather have this stuff run using nhash. Switch out calls to deprecated SimulationOperations (with BuildSimulationOperations)."

This reverts commit 117799d.

---------

Co-authored-by: kwt <4344285+kwtalley@users.noreply.github.com>
* Bump the heighliner-tag to v1.7.5 (from v1.7.0).

* Add changelog entry.
* [2630]: Add the async-icq storekey to be deleted with the daisy upgrade.

* [2630]: Remove the async-icq module setup stuff from app.New.

* [2630]: Remove setup of async-icq from sims tests.

* [2630]: Unwire the oracle module too.

* [2630]: Add the oracle key to be deleted in the daisy upgrade.

* [2630]: Remove the oracle queries from the stargate list.

* [2630]: Fix comment on ibcratelimit NewTxCmd.

* [2630]: Remove oracle from the head module README.

* [2630]: Remove oracle from swagger.

* [2630]: Remove the oracle module code.

* [2630]: Remove the oracle protos.

* [2630]: Remove a couple oracle msg types from a unit test.

* [2630]: Replace use of an icq variable with it's value (for deleting the store key during the upgrade) so that there are fewer dependencies on the icq library.

* [2630]: Remove the async-icq import from go.mod.

* [2630]: Fix TestMsgServerProtoAnnotations to not expect an error about the async-icq stuff anymore.

* [2630]: Fix a couple tests in ibcratelimit that were using the oracle keeper to get the authority (now uses their own keeper to get it).

* [2630]: Add changelog entries.

* [2630]: Fix imports (lint issue) in the upgrades.go file.

* [2630]: Fix comment on upgrades referenced as colors to now reference flowers since that's what we use now.
…#2638)

* chore(deps): bump docker/setup-qemu-action from 3 to 4

Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3 to 4.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@v3...v4)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump docker/login-action from 3 to 4

Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@v3...v4)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
…io#2640)

* chore(deps): bump docker/setup-buildx-action from 3 to 4

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@v3...v4)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
…#2642)

* chore(deps): bump docker/build-push-action from 6 to 7

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@v6...v7)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
)

* chore(deps): bump docker/metadata-action from 5 to 6

Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](docker/metadata-action@v5...v6)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
…ce-io#2636)

* chore(deps): bump crazy-max/ghaction-import-gpg from 6 to 7

Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 6 to 7.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases)
- [Commits](crazy-max/ghaction-import-gpg@v6...v7)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
…o#2634)

* chore(deps): bump actions/download-artifact from 7 to 8

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7 to 8.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v7...v8)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
…2633)

* chore(deps): bump actions/upload-artifact from 6 to 7

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v6...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
* Fix admin check in CreateSecuritization.

* fix asset module test cases.

---------

Co-authored-by: Daniel Wedul <github@wedul.com>
…ance-io#2646)

Signed-off-by: tsinglua <tsinglua@outlook.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
* publish events for the flatfees module.

* fix coin type to string in event proto.
)

* chore(deps): bump codecov/codecov-action from 5 to 6

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5 to 6.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v5...v6)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix sims tests and attribute genesis validation

* rebase onto main and resolved sims.yaml conflicts

* fix sims tests with matching sdk format & attribute test cases.

* fix sims.mk tag sims

* fix SEEDARGS & remove DB_BACKEND in sims.mk.

* fix SEEDARGS & remove DB_BACKEND in sims.mk.

* resolved the seed comment and fix the TestAppStateDeterminism.

* resolved benchmark and fix the TestAppSimulationAfterImport.
…m v8). (provenance-io#2627)

* Bump wasmd to v0.61.8-pio-1 (from v0.52.0-pio-1).

* Add changelog entry.

* Update wasm types import to fix build problem.

* Start fixing compilation issues.

* Revert "Start fixing compilation issues."

This reverts commit c285289.

* Bump ibc-go to v10.5.0 (from v8.6.1). Remove capability module and start going through ibc migration guide.

* Update the ibchooks interfaces to match ibc-apps v10.

* Fix remaining app/app.go compiliation failures.

* Fix the hooks to have the proper signatures.

* Change SendPacketAfterHooks back since it seems that we need it that way.

* remove the ibc DenomTrace query from the stargate whitelist since that query seems to have been removed without replacement.

* Fix the tx marker ibc-transfer command which used a helper function that the SDK helpfully removed without replacement.

* Update third_party protos.

* Regenerate swagger stuff to get rid of the oracle module stuff.

* Switch the MsgIbcTransferRequest.Transfer field to have a custom type in v10 (instead of v8). Regenerate proto stuff.

* Fix some compilation issues in the ibc testutil stuff (things got renamed/moved).

* Fix low-hangning lint issues.

* Add some nolint:staticcheck directives on deprecated things that we still have to use.

* Add the tm and solomachine light clients.

* Initialize pinned wasm codes.

* Bump wasmd to v0.61.9-pio-1 (from v0.61.8-pio-1). This bumped a lot of other things too, so I also redid the changelog entry.

* Fix builds looking for libwasmvm shared library in the old location (now in a v3 dir instead of v2).

* Fix compilation issues in the middleware tests.

* Have Claude fix the middelware unit tests.

* Fix compilation issues in rate-limit middleware tests.

* Have Claude fix the ibcratelimit tests.

* Fix the marker hooks unit tests.

* Fix a test in the marker module that started failing because validation in the ibc stuff changed.

* Remove the capability protos from third_party.

* Add a unit test that outputs everything registered to the interface registry. I keep needing this and keep having to grab it from another branch so it's time to keep it around.

* Add the setting of some msg fees to the upgrade.

* Remove the flatfee entries for some msg types that have been removed (and had entries).

* Return the correct version from OnChanOpenInit.

* Only allow the total-supply bypass (adding marker access) when the total supply is not zero.

* Bump wasmd to v0.61.10-pio-1 (from v0.61.9-pio-1).

* Update the changelog entry.

* In the wasm hooks, SendPacketOverride, return the sequence if we have one even if we're not storing a packet callback.

* Use the client context instead of a new one in QueryLatestConsensusState.

* Replace some uses of deprecated IBC stuff.

* Deprecate the ibchooks params allowed_async_ack_contracts field since it's not used anymore.

* Remove some stuff related to the AllowedAsyncAckContracts params (in ibchooks) since they're not used anymore.

* Fix the use statement for ibchooks update-params command.

* Fix QueryLatestConsensusState to return the other chains latest height instead of our own.

* Fix a couple lint issues.

* Add the cosmwasm_3_0 feature flag.

* Clean up cosmwasm feature flags.

* Add the cosmwasm capabilities back for older versions since the sims seem to need them.
…rovenance-io#2621)

* chore(deps): bump github.com/CosmWasm/wasmvm/v2 from 2.2.4 to 2.3.2

Bumps [github.com/CosmWasm/wasmvm/v2](https://github.com/CosmWasm/wasmvm) from 2.2.4 to 2.3.2.
- [Release notes](https://github.com/CosmWasm/wasmvm/releases)
- [Changelog](https://github.com/CosmWasm/wasmvm/blob/main/CHANGELOG.md)
- [Commits](CosmWasm/wasmvm@v2.2.4...v2.3.2)

---
updated-dependencies:
- dependency-name: github.com/CosmWasm/wasmvm/v2
  dependency-version: 2.3.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…nance-io#2658)

* chore(deps): bump google.golang.org/grpc from 1.75.1 to 1.80.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.75.1 to 1.80.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.75.1...v1.80.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
…rovenance-io#2661)

* chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.1 to 4.1.4

Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.1.1 to 4.1.4.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Commits](go-jose/go-jose@v4.1.1...v4.1.4)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-version: 4.1.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
…ance-io#2657)

* chore(deps): bump github.com/rs/zerolog from 1.34.0 to 1.35.0

Bumps [github.com/rs/zerolog](https://github.com/rs/zerolog) from 1.34.0 to 1.35.0.
- [Commits](rs/zerolog@v1.34.0...v1.35.0)

---
updated-dependencies:
- dependency-name: github.com/rs/zerolog
  dependency-version: 1.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
* During an ibc transfer, ignore the memo field and just make sure that a marker exists for the denom.

* Remove ibc hooks stuff that messes around with the memo field.

* Enable IBC v2 and wire in the x/ibcratelimit module.

* Fix a ratelimit middleware test that chnaged because I took out the marker memo stuff.

* Enhance the ibchooks module to support IBC v2 and wire it up.

* Tests on the new ibc v2 stuff in the ibcratelimit module.

* Tests on the new ibc v2 stuff in the ibcratelimit module.

* Add some unit tests on the app to make sure things are wired up right.

* Fix some lint issues with import ordering and a weird extra space.

* Add changelog entry.

* Parse the amount directly to an sdk Int instead of an int64 first so that large values are properly handled. Copy a TODO comment from v1 hooks to v2 about possibly deleting an entry on error.

* Fix an issue where v1 and v2 were behaving a little differently with respects to the memo and a callback.

* Clean up a couple unit tests.

* Strengthen TestOnRecvPacket_WasmMemo_ModifiesReceiver.

* Some more unit tests.

* Switch to .ErrorContains for a few assertions.

* Enhance a couple tests to check the actual results.

* Check that the ibcKeeper is set when checking if the hooks are properly configured.

* Fix extractDenomFromV2PacketOnRecv to use the source client instead of destination client.

* Added IsContractConfigured early-return guards to OnTimeoutPacket and OnAcknowledgementPacket.

* Remove the errorContexts from errRecvResult and do better about wrapping those errors.

* In the v1 marker hooks, parse the amount as an sdk Int instead of int64.

* In both v1 and v2 of OnAcknowledgementPacketOverride, delete the packet regardless of sudo outcome.

* Move the DeletePacketCallback call back to after the error since the error would just revert the deletion anyway. Also fix some JSON creation to use types instead of string construction.

* In v1 wasm hooks, use types to create the response json instead of fmt.Sprintf.

* Add changelog entry about the marker memo removal.

* Lint fixes.
* Increase the wasm code limit to 800k (from 600k).

* Add changelog entry.
dependabot Bot and others added 27 commits May 19, 2026 12:44
…-io#2719)

* chore(deps): bump golang.org/x/text from 0.36.0 to 0.37.0

Bumps [golang.org/x/text](https://github.com/golang/text) from 0.36.0 to 0.37.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.36.0...v0.37.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
…rovenance-io#2723)

* chore(deps): bump github.com/CosmWasm/wasmvm/v3 from 3.0.3 to 3.0.5

Bumps [github.com/CosmWasm/wasmvm/v3](https://github.com/CosmWasm/wasmvm) from 3.0.3 to 3.0.5.
- [Release notes](https://github.com/CosmWasm/wasmvm/releases)
- [Changelog](https://github.com/CosmWasm/wasmvm/blob/v3.0.5/CHANGELOG.md)
- [Commits](CosmWasm/wasmvm@v3.0.3...v3.0.5)

---
updated-dependencies:
- dependency-name: github.com/CosmWasm/wasmvm/v3
  dependency-version: 3.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
provenance-io#2718)

* chore(deps): bump github.com/cometbft/cometbft from 0.38.21 to 0.38.23

Bumps [github.com/cometbft/cometbft](https://github.com/cometbft/cometbft) from 0.38.21 to 0.38.23.
- [Release notes](https://github.com/cometbft/cometbft/releases)
- [Changelog](https://github.com/cometbft/cometbft/blob/v0.38.23/CHANGELOG.md)
- [Commits](cometbft/cometbft@v0.38.21...v0.38.23)

---
updated-dependencies:
- dependency-name: github.com/cometbft/cometbft
  dependency-version: 0.38.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

* Update config test to include the newly added consensus.block_time_tolerance option.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
provenance-io#2689)

Bumps [rand](https://github.com/rust-random/rand) from 0.8.5 to 0.8.6.
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.8.6/CHANGELOG.md)
- [Commits](rust-random/rand@0.8.5...0.8.6)

---
updated-dependencies:
- dependency-name: rand
  dependency-version: 0.8.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
…e-io#2688)

Bumps [rand](https://github.com/rust-random/rand) from 0.8.5 to 0.8.6.
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.8.6/CHANGELOG.md)
- [Commits](rust-random/rand@0.8.5...0.8.6)

---
updated-dependencies:
- dependency-name: rand
  dependency-version: 0.8.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
…2687)

Bumps [rand](https://github.com/rust-random/rand) from 0.8.5 to 0.8.6.
- [Release notes](https://github.com/rust-random/rand/releases)
- [Changelog](https://github.com/rust-random/rand/blob/0.8.6/CHANGELOG.md)
- [Commits](rust-random/rand@0.8.5...0.8.6)

---
updated-dependencies:
- dependency-name: rand
  dependency-version: 0.8.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
…ance-io#2681)

* chore(deps): bump github.com/rs/zerolog from 1.35.0 to 1.35.1

Bumps [github.com/rs/zerolog](https://github.com/rs/zerolog) from 1.35.0 to 1.35.1.
- [Commits](rs/zerolog@v1.35.0...v1.35.1)

---
updated-dependencies:
- dependency-name: github.com/rs/zerolog
  dependency-version: 1.35.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
* Properly restrict block-time trigger timestamps.

* update changelog with PR link and rebase onto main.
* Ensure correct queuing of matching events for trigger execution.

* Fix scanning of events for event triggers.

* update changelog with PR link and rebase onto main.

* update changelog
* Fixed an  authorization bypass caused by stale supply checks.

* updated changelog with PR link.

* update comment in changelog and accountControlsAllSupply.

* update comment in accountControlsAllSupply.
* Add the Edelweiss upgrades.

* Add changelog entry.
…rovenance-io#2736)

* chore(deps): bump github.com/cosmos/ibc-go/v10 from 10.6.0 to 10.7.0

Bumps [github.com/cosmos/ibc-go/v10](https://github.com/cosmos/ibc-go) from 10.6.0 to 10.7.0.
- [Release notes](https://github.com/cosmos/ibc-go/releases)
- [Changelog](https://github.com/cosmos/ibc-go/blob/v10.7.0/CHANGELOG.md)
- [Commits](cosmos/ibc-go@v10.6.0...v10.7.0)

---
updated-dependencies:
- dependency-name: github.com/cosmos/ibc-go/v10
  dependency-version: 10.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… the query result type). (provenance-io#2741)

* Make the wasm GRPC Querier return the ResponseQuery again (instead of the query result type).

* Add changelog entry.

* Add an empty edelweiss-rc2 upgrade.
* Prevent markers from being created with the prefix 'nft/'.

* Add changelog entry.

* Add the edelweiss-rc3 upgrade handler. Have it do stuff this time because we'll need it from other stuff.

* Move the reserved denom check up for a faster failure.

* Make the check case-insensitive.

* Make the check case-sensitive again, but keep the new (fixed) unit tests.
* update vault app.go wiring, update protos, update swagger

* add upgrade handlers

* correct address

* update go mod and thrid_party

* add changelogs

* fix lint

* add blocktime to tests to prevent vault from complaining

* remove now usage

* fix time so authz doe not expire

* fix pr with correct number
* Use a gas meter with the tx limit when processing the msgs from a trigger.

* Add changelog entry.
…venance-io#2739)

Signed-off-by: caltechustc <caltechustc@outlook.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
* Speed up unit test GitHub actions

* updated comment in TestRandomizedGenStateImportExport

* remove duplicate actions/setups in test.yml

---------

Co-authored-by: Daniel Wedul <github@wedul.com>
…-io#2759)

* chore(deps): bump golang.org/x/text from 0.37.0 to 0.38.0

Bumps [golang.org/x/text](https://github.com/golang/text) from 0.37.0 to 0.38.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.37.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
…rovenance-io#2740)

* chore(deps): bump github.com/CosmWasm/wasmvm/v3 from 3.0.5 to 3.0.6

Bumps [github.com/CosmWasm/wasmvm/v3](https://github.com/CosmWasm/wasmvm) from 3.0.5 to 3.0.6.
- [Release notes](https://github.com/CosmWasm/wasmvm/releases)
- [Changelog](https://github.com/CosmWasm/wasmvm/blob/main/CHANGELOG.md)
- [Commits](CosmWasm/wasmvm@v3.0.5...v3.0.6)

---
updated-dependencies:
- dependency-name: github.com/CosmWasm/wasmvm/v3
  dependency-version: 3.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
)

* chore(deps): bump codecov/codecov-action from 6 to 7

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 6 to 7.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v6...v7)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Wedul <github@wedul.com>
* chore(deps): bump actions/checkout from 6 to 7

Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v6...v7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Updated Changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@greptile-apps

greptile-apps Bot commented Jun 26, 2026

Copy link
Copy Markdown

Greptile Summary

This PR syncs the ProvLabs fork's main branch with 91 upstream provenance-io/provenance commits as of 2026-06-26, introducing safety improvements to the trigger module, marker validation, vault v1.1.0 integration, and a collection of dependency bumps and CI speedups. No ProvLabs-specific changes are included; the diff is entirely upstream code merged into the fork.

  • Trigger gas limiting (x/trigger/keeper/trigger_dispatcher.go): handleMsgs now installs a NewGasMeter(TxGasLimit) (4 M gas) before dispatching a trigger's messages, preventing unbounded BeginBlock gas consumption that could stall the chain.
  • Marker reserved-denom validation (x/marker/types/marker.go): ValidateNotReservedDenom blocks creation of markers whose denom starts with nft/, protecting the metadata module's scope-value-owner namespace from marker-driven supply mismatches.
  • Edelweiss-rc3 / Edelweiss upgrade handlers (app/upgrades.go): A new edelweiss-rc3 upgrade path and an addition to the existing edelweiss handler both call setupVaultParams to initialize vault module parameters on existing chains; the function is idempotent.
  • Vault v1.1.0 proto surface (third_party/proto/provlabs/vault/v1/*): New proto files add AUM fee collection, per-vault fee-bip overrides, swap-value limits, a Params message, and a QueryParams RPC.

Confidence Score: 5/5

This is a clean upstream sync merge; all substantive logic changes are well-scoped safety improvements with accompanying tests.

The trigger gas-limiting change is the most consequential runtime behavior change — it caps each trigger's message execution at 4 M gas and converts out-of-gas panics to recoverable errors, which is strictly safer than the previous unbounded BeginBlock execution. The marker reserved-denom validation is additive and fully tested. The upgrade handlers call a validated, idempotent setup function. Vault proto additions are third-party reference files with no direct execution impact in this repo. No regressions were identified across the changed files.

No files require special attention; the key runtime changes are in x/trigger/keeper/trigger_dispatcher.go and x/marker/types/marker.go, both of which have clear test coverage and well-documented intent.

Important Files Changed

Filename Overview
x/trigger/keeper/trigger_dispatcher.go Adds a 4 M gas meter to handleMsgs so trigger message execution is bounded per trigger; safeHandle already catches out-of-gas panics and converts them to errors.
x/marker/types/marker.go Adds ValidateNotReservedDenom to block nft/-prefixed marker denoms; integrated into Validate() and fully unit-tested.
app/upgrades.go Adds edelweiss-rc3 upgrade handler and extends edelweiss handler; both call idempotent setupVaultParams which validates params before writing them.
app/app.go Updates VaultKeeper init: authority arg changed from []byte to sdk.AccAddress, NameKeeper and AttributeKeeper added; module registration updated to match.
third_party/proto/provlabs/vault/v1/tx.proto Vault v1.1.0: adds swap-value limit RPCs, UpdateParams, UpdateVaultAUMFeeBips, and corresponding request/response messages.
third_party/proto/provlabs/vault/v1/vault.proto Adds AUM fee tracking fields (fee_period_start/timeout, outstanding_aum_fee, aum_fee_bips) and swap-value limit fields to VaultAccount.
go.mod Bumps wasmvm v3.0.5→v3.0.6, vault v1.0.15→v1.1.0, golang.org/x/text 0.37→0.38, and several other stdlib/indirect dependencies.
.github/workflows/test.yml Adds Go module cache to setup-tests, unit-test, and race-test jobs; bumps checkout to v7 and codecov-action to v7.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant BB as BeginBlock
    participant TD as TriggerDispatcher
    participant CC as CacheContext
    participant GM as GasMeter(4M)
    participant H as MsgHandler

    BB->>TD: ProcessTriggers(ctx)
    loop up to 5 triggers
        TD->>CC: ctx.CacheContext()
        TD->>TD: runActions(cacheCtx, actions)
        TD->>GM: "NewGasMeter(TxGasLimit=4_000_000)"
        TD->>CC: cacheCtx.WithGasMeter(GM)
        loop each message in trigger
            TD->>H: safeHandle(ctx, msg, handler)
            H-->>GM: consume gas
            alt out of gas
                GM-->>TD: ErrorOutOfGas (recovered)
                TD-->>BB: trigger failed (no state written)
            else success
                H-->>TD: sdk.Result
            end
        end
        TD->>CC: writeCache() (only on full success)
        TD->>BB: emitTriggerExecuted
    end
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant BB as BeginBlock
    participant TD as TriggerDispatcher
    participant CC as CacheContext
    participant GM as GasMeter(4M)
    participant H as MsgHandler

    BB->>TD: ProcessTriggers(ctx)
    loop up to 5 triggers
        TD->>CC: ctx.CacheContext()
        TD->>TD: runActions(cacheCtx, actions)
        TD->>GM: "NewGasMeter(TxGasLimit=4_000_000)"
        TD->>CC: cacheCtx.WithGasMeter(GM)
        loop each message in trigger
            TD->>H: safeHandle(ctx, msg, handler)
            H-->>GM: consume gas
            alt out of gas
                GM-->>TD: ErrorOutOfGas (recovered)
                TD-->>BB: trigger failed (no state written)
            else success
                H-->>TD: sdk.Result
            end
        end
        TD->>CC: writeCache() (only on full success)
        TD->>BB: emitTriggerExecuted
    end
Loading

Reviews (1): Last reviewed commit: "update" | Re-trigger Greptile

@nullpointer0x00 nullpointer0x00 merged commit b1d5d57 into main Jun 26, 2026
40 of 43 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

10 participants