feat: upgrade chain dependencies to 1.19

[jbernal87]

Summary

• upgrade the workspace toolchain to Rust 1.88.0
• bump cosmwasm-std to 3.0.5
• bump injective-math to 0.3.6
• bump injective-cosmwasm to 0.3.6
• bump injective-testing to 1.19.0
• refresh example/mock contract manifests and Cargo.lock

Published crates

• injective-math 0.3.6
• injective-cosmwasm 0.3.6
• injective-testing 1.19.0

Summary by CodeRabbit

• Chores

  • Updated Rust toolchain to 1.88.0
  • Upgraded cosmwasm-std to 3.0.5
  • Bumped Injective crates to new versions (injective-cosmwasm/math to 0.3.6; injective-std/test-tube/injective-testing to 1.19.0)
  • Removed commented local override entries from config

• Bug Fixes

  • Oracle update messages no longer enable unverified Chainlink data streams by default when updating Pyth params

• Style

  • Improved internal error and debug message formatting for clearer logs and messages

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 21e975e8-8bf8-4fa8-80d2-fbcdd3caa4ed

📥 Commits

Reviewing files that changed from the base of the PR and between 8f3bdc1 and 01b603d.

📒 Files selected for processing (6)

• contracts/injective-cosmwasm-stargate-example/src/query.rs
• contracts/injective-cosmwasm-stargate-example/src/reply.rs
• packages/injective-cosmwasm/src/exchange/privileged_action.rs
• packages/injective-cosmwasm/src/exchange/types.rs
• packages/injective-testing/src/multi_test/chain_mock.rs
• packages/injective-testing/src/utils.rs

✅ Files skipped from review due to trivial changes (6)

• packages/injective-cosmwasm/src/exchange/privileged_action.rs
• packages/injective-testing/src/multi_test/chain_mock.rs
• packages/injective-testing/src/utils.rs
• packages/injective-cosmwasm/src/exchange/types.rs
• contracts/injective-cosmwasm-stargate-example/src/query.rs
• contracts/injective-cosmwasm-stargate-example/src/reply.rs

---

📝 Walkthrough

Walkthrough

Workspace and package dependency versions were bumped (cosmwasm-std and multiple injective-* crates), CI and rust toolchain updated to 1.88.0, a commented [patch.crates-io] block was removed, and small formatting/parameter-setting tweaks were made in several contract and package source files.

Changes

Cohort / File(s)	Summary
Root Workspace Configuration Cargo.toml	Updated workspace dependencies: cosmwasm-std 3.0.2 → 3.0.5; injective-cosmwasm, injective-math 0.3.5-1 → 0.3.6; injective-std, injective-test-tube 1.18.0 → 1.19.0; injective-testing now pins version = "1.19.0" alongside path. Removed commented [patch.crates-io].
Contract Manifests contracts/atomic-order-example/Cargo.toml, contracts/injective-cosmwasm-mock/Cargo.toml, contracts/injective-cosmwasm-stargate-example/Cargo.toml	Bumped injective-math dependency from 0.3.5-1 → 0.3.6.
Package Manifests packages/injective-cosmwasm/Cargo.toml, packages/injective-math/Cargo.toml, packages/injective-testing/Cargo.toml	Bumped package versions (injective-cosmwasm, injective-math → 0.3.6; injective-testing → 1.19.0); upgraded cosmwasm-std to 3.0.5; aligned Injective dependency versions to workspace.
CI & Toolchain .github/workflows/Basic.yml, rust-toolchain.toml	CI and rust-toolchain updated to Rust 1.88.0 (components/targets unchanged).
Contract Param Updates contracts/injective-cosmwasm-mock/src/utils.rs, contracts/injective-cosmwasm-stargate-example/src/utils.rs	Helpers proposing MsgUpdateParams no longer set accept_unverified_chainlink_data_streams_reports = true; only pyth_contract and chainlink_data_streams_verification_gas_limit are sent.
Formatting & Error Messages contracts/.../src/query.rs, contracts/.../src/reply.rs, packages/injective-cosmwasm/src/exchange/..., packages/injective-cosmwasm/src/exchange/types.rs, packages/injective-testing/src/...	Replaced older format!/positional formatting with Rust inline/capture {var} or {:?} capture styles and minor string-format simplifications; no control-flow or API signature changes.
Test Harness Minor packages/injective-testing/src/multi_test/chain_mock.rs, packages/injective-testing/src/utils.rs	Simplified format! usage in error/assert helpers; formatting style changes only.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped through crates and nudged a line,
Bumped versions neat, made the toolchain fine.
Trimmed a param, polished each string,
Workspace springs ready — watch it sing.
🥕

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: upgrade chain dependencies to 1.19' accurately reflects the main objective of the PR, which is upgrading multiple chain-related dependencies (injective-std, injective-test-tube, and injective-testing) to version 1.19.0.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/upgrade-to-chain-1.19

---

_{Review rate limit: 4/5 reviews remaining, refill in 12 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	injective-test-tube@​1.18.0 ⏵ 1.19.0	+1
	injective-cosmwasm@​0.3.5-1 ⏵ 0.3.6			-3
	injective-math@​0.3.5-1 ⏵ 0.3.6			-3
	injective-std@​1.18.0 ⏵ 1.19.0

View full report

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Cargo.toml`:
- Around line 13-14: The workspace Cargo.toml pins cosmwasm-schema to 1.5.0
which is incompatible with cosmwasm-std 3.0.5; update the cosmwasm-schema
dependency entry in Cargo.toml to the current stable release (3.0.4) so schema
tooling aligns with the runtime library (change the cosmwasm-schema = { version
= "1.5.0" } line to use version "3.0.4"); ensure any workspace inheritance for
contracts/* continues to reference this updated cosmwasm-schema version.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5a1b9c03-bf4d-4341-a84f-b4533cc39286

📥 Commits

Reviewing files that changed from the base of the PR and between 37de961 and 5ffa8a0.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (8)

• Cargo.toml
• contracts/atomic-order-example/Cargo.toml
• contracts/injective-cosmwasm-mock/Cargo.toml
• contracts/injective-cosmwasm-stargate-example/Cargo.toml
• packages/injective-cosmwasm/Cargo.toml
• packages/injective-math/Cargo.toml
• packages/injective-testing/Cargo.toml
• rust-toolchain.toml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Find the Cargo.toml file and examine the workspace dependencies
find . -name "Cargo.toml" -type f | head -20

Repository: InjectiveLabs/cw-injective

Length of output: 380

---

🏁 Script executed:

# Check the root Cargo.toml to see the workspace and dependency declarations
cat -n Cargo.toml | head -30

Repository: InjectiveLabs/cw-injective

Length of output: 1669

---

🌐 Web query:

cosmwasm-std 3.0.5 Cargo.toml dev-dependencies cosmwasm-schema

💡 Result:

In the Cargo.toml for cosmwasm-std version 3.0.5, the [dev-dependencies] section includes cosmwasm-schema = { workspace = true }, along with cosmwasm-core = { workspace = true }, chrono = { version = "0.4", default-features = false, features = ["alloc", "std"] }, crc32fast = "1.3.2", hex-literal = "0.4.1", paste = "1.0.15", and proptest = { version = "1.5.0", default-features = false, features = ["attr-macro", "std"] }. This is confirmed directly from the original Cargo.toml source on docs.rs for version 3.0.5, which shows cosmwasm-schema referenced via workspace inheritance in the dev-dependencies.

Citations:

• 1: https://docs.rs/crate/cosmwasm-std/latest/source/Cargo.toml.orig
• 2: https://docs.rs/crate/cosmwasm-std/3.0.3
• 3: https://docs.rs/crate/cosmwasm-std/latest/source/Cargo.toml

---

🌐 Web query:

cosmwasm-schema latest release version 2024 2025

💡 Result:

The latest release version of cosmwasm-schema is 3.0.4, released on 2026-02-10.

Citations:

• 1: https://crates.io/crates/cosmwasm-schema
• 2: https://crates.io/crates/cosmwasm-schema/2.3.0
• 3: https://github.com/CosmWasm/cosmwasm
• 4: https://docs.rs/cosmwasm-schema/3.0.4/aarch64-unknown-linux-gnu/cosmwasm_schema/
• 5: https://docs.rs/cosmwasm-schema

---

Bump cosmwasm-schema to match current releases.

contracts/* inherit cosmwasm-schema from the workspace, but it is pinned to 1.5.0 while cosmwasm-std is at 3.0.5. The current stable release of cosmwasm-schema is 3.0.4, and schema generation tooling should align with the runtime library version to avoid compatibility issues.

🔧 Proposed fix

-cosmwasm-schema     = { version = "1.5.0" }
+cosmwasm-schema     = { version = "3.0.4" }
 cosmwasm-std        = { version = "3.0.5", features = [ "cosmwasm_1_2", "cosmwasm_1_3", "cosmwasm_1_4", "cosmwasm_2_0", "iterator", "stargate" ] }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	cosmwasm-schema = { version = "1.5.0" }
	cosmwasm-std = { version = "3.0.2", features = [ "cosmwasm_1_2", "cosmwasm_1_3", "cosmwasm_1_4", "cosmwasm_2_0", "iterator", "stargate" ] }
	cosmwasm-std = { version = "3.0.5", features = [ "cosmwasm_1_2", "cosmwasm_1_3", "cosmwasm_1_4", "cosmwasm_2_0", "iterator", "stargate" ] }
	cosmwasm-schema = { version = "3.0.4" }
	cosmwasm-std = { version = "3.0.5", features = [ "cosmwasm_1_2", "cosmwasm_1_3", "cosmwasm_1_4", "cosmwasm_2_0", "iterator", "stargate" ] }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Cargo.toml` around lines 13 - 14, The workspace Cargo.toml pins
cosmwasm-schema to 1.5.0 which is incompatible with cosmwasm-std 3.0.5; update
the cosmwasm-schema dependency entry in Cargo.toml to the current stable release
(3.0.4) so schema tooling aligns with the runtime library (change the
cosmwasm-schema = { version = "1.5.0" } line to use version "3.0.4"); ensure any
workspace inheritance for contracts/* continues to reference this updated
cosmwasm-schema version.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/Basic.yml:
- Line 26: Replace all uses of the archived actions-rs actions: for each step
that uses actions-rs/toolchain@v1 (toolchain setup steps) swap it to
dtolnay/rust-toolchain@stable (or pin a specific toolchain), and for each step
that uses actions-rs/cargo@v1 (cargo command steps) remove the action and
convert the step to a plain run step that invokes the appropriate cargo command
(e.g., run: cargo build/test/check/..."matching the original intent") after the
toolchain install; update all 8 affected steps so toolchain installation uses
dtolnay/rust-toolchain@stable and cargo invocations are plain run: cargo ...
steps.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1502e94e-131d-4b32-9062-71f26b3f4bc8

📥 Commits

Reviewing files that changed from the base of the PR and between 5ffa8a0 and 8f3bdc1.

📒 Files selected for processing (3)

• .github/workflows/Basic.yml
• contracts/injective-cosmwasm-mock/src/utils.rs
• contracts/injective-cosmwasm-stargate-example/src/utils.rs

💤 Files with no reviewable changes (2)

• contracts/injective-cosmwasm-mock/src/utils.rs
• contracts/injective-cosmwasm-stargate-example/src/utils.rs

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify all outdated actions-rs usages in workflows
rg -n --iglob '*.yml' --iglob '*.yaml' 'uses:\s*actions-rs/cargo@v1|uses:\s*actions-rs/toolchain@v1' .github/workflows

# Re-run actionlint after migration (if available in your CI/dev env)
# actionlint

Repository: InjectiveLabs/cw-injective

Length of output: 606

---

🏁 Script executed:

cat -n .github/workflows/Basic.yml | head -100

Repository: InjectiveLabs/cw-injective

Length of output: 3805

---

🌐 Web query:

actions-rs/cargo deprecated GitHub Actions

💡 Result:

Yes, the GitHub Action actions-rs/cargo is deprecated and unmaintained. The repository https://github.com/actions-rs/cargo was archived on October 13, 2023, and is now read-only. It used Node.js 12, which is deprecated, causing warnings and potential failures in workflows. The recommended replacement is to run cargo commands directly using the 'run:' step after setting up the Rust toolchain. GitHub-hosted runners have Rust preinstalled, and the official GitHub Rust workflow template uses: - actions/checkout@v4 - dtolnay/rust-toolchain@stable (or similar for toolchain setup) - actions/cache@v4 for Cargo registry, git, and target directories - Then 'run: cargo check', 'run: cargo test', etc. This approach is simpler, faster, and maintained. For toolchain management, use dtolnay/rust-toolchain or actions-rust-lang/setup-rust-toolchain. Many projects have migrated by removing actions-rs/cargo and using direct cargo runs, as GitHub runners include cargo by default.

Citations:

• 1: Node.js 12 actions are deprecated. Please use Node.js 16 actions-rs/cargo#216
• 2: actions-rs/cargo are outdated and unmaintained versatica/mediasoup#1215
• 3: Move away from actions-rs/cargo libp2p/rust-libp2p#3398
• 4: https://www.reddit.com/r/rust/comments/186kyra/httpsgithubcomactionsrs_is_archived_what_are_the/
• 5: action-rs is deprecated, replace to something else input-output-hk/ce-netsim#3
• 6: CI: Replace deprecated GitHub Actions causing CI workflow failures johnstonskj/rust-email_address#48
• 7: https://github.com/actions-rs/cargo
• 8: https://docs.github.com/en/actions/tutorials/build-and-test-code/rust
• 9: https://github.com/actions-rust-lang/setup-rust-toolchain
• 10: https://github.com/dtolnay/rust-toolchain/blob/master/README.md
• 11: https://github.com/dtolnay/rust-toolchain

---

🌐 Web query:

actions-rs/toolchain deprecated GitHub Actions

💡 Result:

actions-rs/toolchain is effectively deprecated/unmaintained: it’s referenced by projects as “unmaintained” and people have moved away from it; additionally the broader actions-rs organization repositories were archived (read-only) starting Oct 13, 2023. What to do instead (recommended). 1) Prefer using rustup directly (often no action is needed on GitHub-hosted runners). Pin your toolchain in rust-toolchain.toml (or rust-toolchain) and run cargo commands; rustup supports toolchain overrides via rust-toolchain.toml. 2) If you want a dedicated GitHub Action to install the toolchain, use actions-rust-lang/setup-rust-toolchain or dtolnay/rust-toolchain. Both are designed to install a Rust toolchain via rustup; dtolnay/rust-toolchain documents a concise “uses: dtolnay/rust-toolchain@” pattern. Practical examples. - Use rust-toolchain.toml in your repo (then just run cargo in CI; rustup will pick the pinned toolchain as overrides). - Or in workflow: - uses: actions-rust-lang/setup-rust-toolchain@v1 - uses: dtolnay/rust-toolchain@stable Notes. - The actions-rs/toolchain project also had issues unrelated to maintenance status (e.g., it surfaced GitHub Actions deprecation warnings like set-output / Node 12), and users report switching away from it to other actions.

Citations:

• 1: Project unmaintained actions-rs/toolchain#216
• 2: actions-rs/toolchain is unmaintained cloud-hypervisor/cloud-hypervisor#5929
• 3: https://www.reddit.com/r/rust/comments/186kyra/httpsgithubcomactionsrs_is_archived_what_are_the/
• 4: https://github.com/actions-rs/core/tree/0369fa2eb90aec7963b16c88513a80f3d7c766e3
• 5: https://github.com/actions-rs/core
• 6: https://github.com/actions-rust-lang/setup-rust-toolchain
• 7: https://github.com/dtolnay/rust-toolchain/blob/master/README.md
• 8: https://rust-lang.github.io/rustup/overrides.html?highlight=toolchain
• 9: https://github.com/dtolnay/rust-toolchain

---

Replace all deprecated actions-rs actions (CI blocker).

Both actions-rs/cargo@v1 and actions-rs/toolchain@v1 are archived and unmaintained since October 2023. They use deprecated Node.js 12 and will cause CI failures. Migrate to standard Rust tooling:

• Toolchain setup (lines 18, 42, 57, 81): Replace actions-rs/toolchain@v1 with dtolnay/rust-toolchain@stable (or pin specific version).
• Cargo commands (lines 26, 64, 89, 96): Replace actions-rs/cargo@v1 with plain run: cargo <command> steps after toolchain installation.

Migration example

-      - name: Install stable toolchain
-        uses: actions-rs/toolchain@v1
-        with:
-          profile: minimal
-          toolchain: 1.88.0
-          target: wasm32-unknown-unknown
-          override: true
+      - name: Install stable toolchain
+        uses: dtolnay/rust-toolchain@1.88.0
+        with:
+          targets: wasm32-unknown-unknown

-      - name: Run all Rust tests
-        uses: actions-rs/cargo@v1
-        with:
-          command: test
-          toolchain: 1.88.0
-          args: --workspace --all-targets --locked
+      - name: Run all Rust tests
+        run: cargo test --workspace --all-targets --locked
         env:
           RUST_BACKTRACE: 1

Apply to all 8 affected steps: toolchain install steps (18, 42, 57, 81) and cargo command steps (26, 64, 89, 96).

🧰 Tools

🪛 actionlint (1.7.12)

[error] 26-26: the runner of "actions-rs/cargo@v1" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/Basic.yml at line 26, Replace all uses of the archived
actions-rs actions: for each step that uses actions-rs/toolchain@v1 (toolchain
setup steps) swap it to dtolnay/rust-toolchain@stable (or pin a specific
toolchain), and for each step that uses actions-rs/cargo@v1 (cargo command
steps) remove the action and convert the step to a plain run step that invokes
the appropriate cargo command (e.g., run: cargo build/test/check/..."matching
the original intent") after the toolchain install; update all 8 affected steps
so toolchain installation uses dtolnay/rust-toolchain@stable and cargo
invocations are plain run: cargo ... steps.

[gorgos]

LGTM!