Merge pull request #117 from neutron-org/upd/neutron-upd-0.43

upd: wasmd 0.43

.circleci/config.yml

@@ -63,7 +63,7 @@ jobs:
 
   lint:
     docker:
-      - image: golangci/golangci-lint:v1.52.2
+      - image: golangci/golangci-lint:v1.54.2
     steps:
       - checkout
       - run:

.github/workflows/codeql-analizer.yml

@@ -19,7 +19,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.0.0
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL

.github/workflows/proto-buf-publisher.yml

@@ -16,8 +16,8 @@ jobs:
   push:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3.5.3
-      - uses: bufbuild/buf-setup-action@v1.25.0
+      - uses: actions/checkout@v4.0.0
+      - uses: bufbuild/buf-setup-action@v1.26.1
 
       # lint checks
       - uses: bufbuild/buf-lint-action@v1

.golangci.yml

@@ -1,17 +1,24 @@
 run:
   tests: true
-  # timeout for analysis, e.g. 30s, 5m, default is 1m
-  timeout: 5m
+  timeout: 15m
+  sort-results: true
+  allow-parallel-runners: true
+  exclude-dir: testutil/testdata
+  skip-files:
+    - server/grpc/gogoreflection/fix_registration.go
+    - ".*\\.pb\\.go$"
+    - ".*\\.pb\\.gw\\.\\.go$"
+    - ".*\\.pulsar\\.go$"
 
 linters:
   disable-all: true
   enable:
-    - bodyclose
-    - dogsled
     - errcheck
+    - dogsled
     - exportloopref
     - goconst
     - gocritic
+    - gci
     - gofumpt
     - gosec
     - gosimple
@@ -20,42 +27,122 @@ linters:
     - misspell
     - nakedret
     - nolintlint
-    - revive
     - staticcheck
+    - revive
     - stylecheck
     - typecheck
+#    - thelper # too many positives with table tests that have custom setup(*testing.T)
     - unconvert
-    - unparam
     - unused
 
 issues:
   exclude-rules:
-    - text: "Use of weak random number generator"
+    - text: 'Use of weak random number generator'
       linters:
         - gosec
-    - text: "ST1003:"
+    - text: 'ST1003:'
       linters:
         - stylecheck
     # FIXME: Disabled until golangci-lint updates stylecheck with this fix:
     # https://github.com/dominikh/go-tools/issues/389
-    - text: "ST1016:"
+    - text: 'ST1016:'
       linters:
         - stylecheck
-    - path: "migrations"
-      text: "SA1019:"
+    - path: 'migrations'
+      text: 'SA1019:'
       linters:
         - staticcheck
-
+    - text: 'SA1019: codec.NewAminoCodec is deprecated' # TODO remove once migration path is set out
+      linters:
+        - staticcheck
+    - text: 'SA1019: legacybech32.MustMarshalPubKey' # TODO remove once ready to remove from the sdk
+      linters:
+        - staticcheck
+    - text: 'SA1019: legacybech32.MarshalPubKey' # TODO remove once ready to remove from the sdk
+      linters:
+        - staticcheck
+    - text: 'SA1019: legacybech32.UnmarshalPubKey' # TODO remove once ready to remove from the sdk
+      linters:
+        - staticcheck
+    - text: 'SA1019: params.SendEnabled is deprecated' # TODO remove once ready to remove from the sdk
+      linters:
+        - staticcheck
+    - text: 'leading space'
+      linters:
+        - nolintlint
   max-issues-per-linter: 10000
   max-same-issues: 10000
 
 linters-settings:
+  gci:
+    custom-order: true
+    sections:
+      - standard # Standard section: captures all standard packages.
+      - default # Default section: contains all imports that could not be matched to another section type.
+      - prefix(cosmossdk.io)
+      - prefix(github.com/cosmos/cosmos-sdk)
+      - prefix(github.com/CosmWasm/wasmd)
   revive:
-    # When set to false, ignores files with "GENERATED" header, similar to golint
-    ignore-generated-header: true
+    rules:
+      - name: redefines-builtin-id
+        disabled: true
 
+  gosec:
+    # To select a subset of rules to run.
+    # Available rules: https://github.com/securego/gosec#available-rules
+    # Default: [] - means include all rules
+    includes:
+      #  - G101 # Look for hard coded credentials
+      - G102 # Bind to all interfaces
+      - G103 # Audit the use of unsafe block
+      - G104 # Audit errors not checked
+      - G106 # Audit the use of ssh.InsecureIgnoreHostKey
+      - G107 # Url provided to HTTP request as taint input
+      - G108 # Profiling endpoint automatically exposed on /debug/pprof
+      - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32
+      - G110 # Potential DoS vulnerability via decompression bomb
+      - G111 # Potential directory traversal
+      - G112 # Potential slowloris attack
+      - G113 # Usage of Rat.SetString in math/big with an overflow (CVE-2022-23772)
+      - G114 # Use of net/http serve function that has no support for setting timeouts
+      - G201 # SQL query construction using format string
+      - G202 # SQL query construction using string concatenation
+      - G203 # Use of unescaped data in HTML templates
+      - G204 # Audit use of command execution
+      - G301 # Poor file permissions used when creating a directory
+      - G302 # Poor file permissions used with chmod
+      - G303 # Creating tempfile using a predictable path
+      - G304 # File path provided as taint input
+      - G305 # File traversal when extracting zip/tar archive
+      - G306 # Poor file permissions used when writing to a new file
+      - G307 # Deferring a method which returns an error
+      - G401 # Detect the usage of DES, RC4, MD5 or SHA1
+      - G402 # Look for bad TLS connection settings
+      - G403 # Ensure minimum RSA key length of 2048 bits
+      - G404 # Insecure random number source (rand)
+      - G501 # Import blocklist: crypto/md5
+      - G502 # Import blocklist: crypto/des
+      - G503 # Import blocklist: crypto/rc4
+      - G504 # Import blocklist: net/http/cgi
+      - G505 # Import blocklist: crypto/sha1
+      - G601 # Implicit memory aliasing of items from a range statement
+  misspell:
+    locale: US
+  gofumpt:
+    extra-rules: true
+  dogsled:
+    max-blank-identifiers: 6
+  maligned:
+    suggest-new: true
   nolintlint:
     allow-unused: false
     allow-leading-space: true
     require-explanation: false
     require-specific: false
+  gosimple:
+    checks: ['all']
+  gocritic:
+    disabled-checks:
+      - regexpMust
+      - appendAssign
+      - ifElseChain

CHANGELOG.md

@@ -29,7 +29,59 @@ It solves some incompatibility problems by improving cache invalidation. See [\#
 
 ### Migration notes:
 - This release does not include any state migrations or breaking changes, therefore a coordinated chain upgrade is not required.
-[Full Changelog](https://github.com/CosmWasm/wasmd/compare/v0.41.0...HEAD)
+[Full Changelog](https://github.com/CosmWasm/wasmd/compare/v0.43.0...HEAD)
+
+## [v0.43.0](https://github.com/CosmWasm/wasmd/tree/v0.43.0) (2023-10-10)
+
+[Full Changelog](https://github.com/CosmWasm/wasmd/compare/v0.42.0...v0.43.0)
+
+- Make contract label updatable [\#1601](https://github.com/CosmWasm/wasmd/issues/1601)
+- Remove gov v1beta1 dependencies and deprecated proposals [\#1608](https://github.com/CosmWasm/wasmd/issues/1608)
+- Retract v0.42.0 release [\#1651](https://github.com/CosmWasm/wasmd/issues/1651)
+- Bump wasmvm to v1.4.1 [\#1657](https://github.com/CosmWasm/wasmd/issues/1657)
+
+### Notable changes:
+- Wasmd v0.42.0 was retracted because an issue was found in CosmWasm 1.4.0. See https://twitter.com/CosmWasm/status/1709507168448229497
+- This release bundles CosmWasm v1.4.1 patch release. If you are using wasmd v0.42.0 please upgrade to wasmd 0.43.0 as soon as possible.
+- Deprecated wasm gov proposals have been removed completely from the codebase together with all the govv1beta1 dependencies.
+- MsgUpdateContractLabel was introduced to allow contract label updates.
+
+### Migration notes:
+- This release does not include any state migrations but breaking changes that require a coordinated chain upgrade.
+
+## [v0.42.0](https://github.com/CosmWasm/wasmd/tree/v0.42.0) (2023-09-20)
+
+[Full Changelog](https://github.com/CosmWasm/wasmd/compare/v0.41.0...v0.42.0)
+
+- Fix label validation error [\#1555](https://github.com/CosmWasm/wasmd/pull/1555)
+- Improve ToWasmVMGas/FromWasmVMGas code level documentation [\#1564](https://github.com/CosmWasm/wasmd/pull/1564)
+- Fix gas calculation [\#1567](https://github.com/CosmWasm/wasmd/pull/1567)
+- Bump cosmos-sdk to v0.47.5 [\#1467](https://github.com/CosmWasm/wasmd/issues/1467)
+- fix: make sure wasmvm cache metrics collector registration after VM setup[\#1575](https://github.com/CosmWasm/wasmd/pull/1575)
+- Remove legacy gov proposal dependencies [\#1587](https://github.com/CosmWasm/wasmd/pull/1587)
+- Upgrade to wasmvm 1.4 [\#1586](https://github.com/CosmWasm/wasmd/issues/1586)
+- Custom StoreCode Authorization for authz module [\#1584](https://github.com/CosmWasm/wasmd/issues/1584)
+- Bump github.com/cosmos/ibc-go/v7 from 7.2.0 to 7.3.0 [\#1594](https://github.com/CosmWasm/wasmd/pull/1594)
+- Log query error before redacting [\#1593](https://github.com/CosmWasm/wasmd/issues/1593)
+- Restrict pagination on all-state-query [\#1619](https://github.com/CosmWasm/wasmd/pull/1619)
+- Bug in IbcQuery::ListChannels implementation when port is unset [\#1597](https://github.com/CosmWasm/wasmd/issues/1597)
+- Ensure some contraints and limits on pin/unpin code ids [\#1624](https://github.com/CosmWasm/wasmd/pull/1624)
+- Ensure genesis import works with both address generators [\#1629](https://github.com/CosmWasm/wasmd/issues/1629)
+- Set default query limit and ensure constraints [\#1632](https://github.com/CosmWasm/wasmd/pull/1632)
+
+### Notable changes:
+- Fix gas calculation [\#1567](https://github.com/CosmWasm/wasmd/pull/1567)
+- Upgrade to wasmvm 1.4 [\#1586](https://github.com/CosmWasm/wasmd/issues/1586)
+- Bug in IbcQuery::ListChannels implementation when port is unset [\#1597](https://github.com/CosmWasm/wasmd/issues/1597)
+  - If `port_id` is omitted, all channels bound to the contract's port will be listed.
+- Restrict pagination on all-state-query [\#1619](https://github.com/CosmWasm/wasmd/pull/1619)
+  - Pagination limit is set to 100 for all-state-query. See also [\#1632](https://github.com/CosmWasm/wasmd/pull/1632)
+- Ensure some contraints and limits on pin/unpin code ids [\#1624](https://github.com/CosmWasm/wasmd/pull/1624)
+  - Total number of code ids is limited to 50 for pin/unpin operations
+- Custom StoreCode Authorization for authz module [\#1584](https://github.com/CosmWasm/wasmd/issues/1584)
+
+### Migration notes:
+- This release does not include any state migrations but breaking changes that require a coordinated chain upgrade.
 
 ## [v0.41.0](https://github.com/CosmWasm/wasmd/tree/v0.41.0) (2023-07-28)
 

Dockerfile

@@ -15,10 +15,10 @@ RUN apk add git
 WORKDIR /code
 COPY . /code/
 # See https://github.com/CosmWasm/wasmvm/releases
-ADD https://github.com/CosmWasm/wasmvm/releases/download/v1.3.0/libwasmvm_muslc.aarch64.a /lib/libwasmvm_muslc.aarch64.a
-ADD https://github.com/CosmWasm/wasmvm/releases/download/v1.3.0/libwasmvm_muslc.x86_64.a /lib/libwasmvm_muslc.x86_64.a
-RUN sha256sum /lib/libwasmvm_muslc.aarch64.a | grep b1610f9c8ad8bdebf5b8f819f71d238466f83521c74a2deb799078932e862722
-RUN sha256sum /lib/libwasmvm_muslc.x86_64.a | grep b4aad4480f9b4c46635b4943beedbb72c929eab1d1b9467fe3b43e6dbf617e32
+ADD https://github.com/CosmWasm/wasmvm/releases/download/v1.4.1/libwasmvm_muslc.aarch64.a /lib/libwasmvm_muslc.aarch64.a
+ADD https://github.com/CosmWasm/wasmvm/releases/download/v1.4.1/libwasmvm_muslc.x86_64.a /lib/libwasmvm_muslc.x86_64.a
+RUN sha256sum /lib/libwasmvm_muslc.aarch64.a | grep a8259ba852f1b68f2a5f8eb666a9c7f1680196562022f71bb361be1472a83cfd
+RUN sha256sum /lib/libwasmvm_muslc.x86_64.a | grep 324c1073cb988478d644861783ed5a7de21cfd090976ccc6b1de0559098fbbad
 
 # Copy the library you want to the final location that will be found by the linker flag `-lwasmvm_muslc`
 RUN cp /lib/libwasmvm_muslc.${arch}.a /lib/libwasmvm_muslc.a

Makefile

@@ -125,7 +125,7 @@ distclean: clean
 ### Testing
 
 test: test-unit
-test-all: check test-race test-cover test-system
+test-all: test-race test-cover test-system
 
 test-unit:
 	@VERSION=$(VERSION) go test -mod=readonly -tags='ledger test_ledger_mock' ./...
@@ -165,12 +165,12 @@ format-tools:
 
 lint: format-tools
 	golangci-lint run --tests=false
-	find . -name '*.go' -type f -not -path "./vendor*" -not -path "*.git*" -not -path "*_test.go" | xargs gofumpt -d
+	find . -name '*.go' -type f -not -path "./vendor*" -not -path "./tests/system/vendor*" -not -path "*.git*" -not -path "*_test.go" | xargs gofumpt -d
 
 format: format-tools
-	find . -name '*.go' -type f -not -path "./vendor*" -not -path "*.git*" -not -path "./client/lcd/statik/statik.go" | xargs gofumpt -w
-	find . -name '*.go' -type f -not -path "./vendor*" -not -path "*.git*" -not -path "./client/lcd/statik/statik.go" | xargs misspell -w
-	find . -name '*.go' -type f -not -path "./vendor*" -not -path "*.git*" -not -path "./client/lcd/statik/statik.go" | xargs goimports -w -local github.com/CosmWasm/wasmd
+	find . -name '*.go' -type f -not -path "./vendor*" -not -path "./tests/system/vendor*" -not -path "*.git*" -not -path "./client/lcd/statik/statik.go" | xargs gofumpt -w
+	find . -name '*.go' -type f -not -path "./vendor*" -not -path "./tests/system/vendor*" -not -path "*.git*" -not -path "./client/lcd/statik/statik.go" | xargs misspell -w
+	find . -name '*.go' -type f -not -path "./vendor*" -not -path "./tests/system/vendor*" -not -path "*.git*" -not -path "./client/lcd/statik/statik.go" | xargs goimports -w -local github.com/CosmWasm/wasmd
 
 
 ###############################################################################

README.md

@@ -27,6 +27,7 @@ compatibility list:
 
 | wasmd | wasmvm       | cosmwasm-vm | cosmwasm-std |
 |-------|--------------|-------------|--------------|
+| 0.42  | v1.4.0       |             | 1.0-1.4      |
 | 0.41  | v1.3.0       |             | 1.0-1.3      |
 | 0.40  | v1.2.3       |             | 1.0-1.2      |
 | 0.31  | v1.2.0       |             | 1.0-1.2      |
@@ -198,9 +199,6 @@ Available flags:
 
 * `-X github.com/CosmWasm/wasmd/app.NodeDir=.corald` - set the config/data directory for the node (default `~/.wasmd`)
 * `-X github.com/CosmWasm/wasmd/app.Bech32Prefix=coral` - set the bech32 prefix for all accounts (default `wasm`)
-* `-X github.com/CosmWasm/wasmd/app.ProposalsEnabled=true` - enable all x/wasm governance proposals (default `false`)
-* `-X github.com/CosmWasm/wasmd/app.EnableSpecificProposals=MigrateContract,UpdateAdmin,ClearAdmin` - 
-    enable a subset of the x/wasm governance proposal types (overrides `ProposalsEnabled`)
 
 Examples:
 
@@ -227,8 +225,7 @@ We strongly suggest **to limit the max block gas in the genesis** and not use th
 ```
 
 Tip: if you want to lock this down to a permisisoned network, the following script can edit the genesis file
-to only allow permissioned use of code upload or instantiating. (Make sure you set `app.ProposalsEnabled=true`
-in this binary):
+to only allow permissioned use of code upload or instantiating:
 
 `sed -i 's/permission": "Everybody"/permission": "Nobody"/'  .../config/genesis.json`