Bump Libs

[agusaldasoro]

This pull request introduces a new runSafely utility function to wrap calls that set Solana program IDs, improving robustness by handling potential panics gracefully. The change is applied consistently across all deployment and configuration scripts for Solana chain contracts, ensuring safer initialization and configuration of program IDs. Additionally, the Solana-related dependencies in core/scripts/go.mod are updated to newer versions.

[github-actions]

✅ No conflicts with other open PRs targeting develop

[github-actions]

I see you updated files related to core. Please run make gocs in the root directory to add a changeset as well as in the text include at least one of the following tags:

• #added For any new functionality added.
• #breaking_change For any functionality that requires manual action for the node to boot.
• #bugfix For bug fixes.
• #changed For any change to the existing functionality.
• #db_update For any feature that introduces updates to database schema.
• #deprecation_notice For any upcoming deprecation functionality.
• #internal For changesets that need to be excluded from the final changelog.
• #nops For any feature that is NOP facing and needs to be in the official Release Notes for the release.
• #removed For any functionality/config that is removed.
• #updated For any functionality that is updated.
• #wip For any change that is not ready yet and external communication about it should be held off till it is feature complete.

[github-actions]

CORA - Pending Reviewers

All codeowners have approved! ✅

Legend: ✅ Approved | ❌ Changes Requested | 💬 Commented | 🚫 Dismissed | ⏳ Pending | ❓ Unknown

For more details, see the full review summary.

[trunk-io]

     

View Full Report ↗︎ ⋅ Docs

[cl-sonarqube-production]

Quality Gate failed

Failed conditions
45.5% Duplication on New Code (required ≤ 10%)

See analysis details on SonarQube

[Copilot]

Pull request overview

Risk Rating: HIGH — touches Solana CCIP deployment changesets and contract initialization logic across multiple Go modules, plus widespread dependency bumps.

This PR updates Solana-related CCIP dependencies and adjusts deployment/test helper code to use newer Solana program/gobindings versions, including changes to Solana deployment flows.

Changes:

• Bump chainlink-ccip/chains/solana and .../gobindings pseudo-versions across root + submodules (integration/system/core scripts/deployment).
• Update Solana deployment changesets (v0_1_0 + v0_1_1) to wrap many SetProgramID calls and extend RMN Remote initialization for v0_1_1.
• Update deployment test helpers to use v0_1_1 fee quoter types and adjust Solana build config inputs.

Reviewed changes

Copilot reviewed 29 out of 36 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
system-tests/tests/go.mod	Bump Solana CCIP module versions (indirect deps).
system-tests/tests/go.sum	Sync go.sum entries for bumped Solana CCIP deps.
system-tests/lib/go.mod	Bump Solana CCIP module versions.
system-tests/lib/go.sum	Sync go.sum entries for bumped Solana CCIP deps.
integration-tests/load/go.mod	Bump Solana CCIP module versions.
integration-tests/load/go.sum	Sync go.sum entries for bumped Solana CCIP deps.
integration-tests/go.mod	Bump Solana CCIP module versions.
integration-tests/go.sum	Sync go.sum entries for bumped Solana CCIP deps.
core/scripts/go.mod	Bump Solana CCIP module versions (indirect deps).
core/scripts/go.sum	Sync go.sum entries for bumped Solana CCIP deps.
go.mod	Bump root Solana CCIP module version; add indirect metaplex dependency.
go.sum	Sync go.sum after dependency graph changes.
go.md	Update dependency graph documentation output.
deployment/go.mod	Bump deployment module Solana CCIP versions and add metaplex.
deployment/go.sum	Sync go.sum entries for bumped deployment deps.
deployment/environment/crib/ccip_deployer.go	Switch Solana build config to v0_1_1 config struct + contract version.
deployment/ccip/changeset/testhelpers/test_environment.go	Move Solana test deployment config types to v0_1_1 fee quoter + v0_1_1 changeset config.
deployment/ccip/changeset/testhelpers/test_helpers_solana_v0_1_0.go	Add panic-recovery wrapper around receiver SetProgramID and introduce runSafely.
deployment/ccip/changeset/solana_v0_1_1/self_serve.go	Wrap token pool SetProgramID calls.
deployment/ccip/changeset/solana_v0_1_1/ownership_transfer_helpers.go	Wrap token pool SetProgramID calls.
deployment/ccip/changeset/solana_v0_1_1/cs_token_pool.go	Wrap token pool SetProgramID calls across token pool ops.
deployment/ccip/changeset/solana_v0_1_1/cs_token_admin_registry.go	Wrap router SetProgramID calls.
deployment/ccip/changeset/solana_v0_1_1/cs_ops.go	Wrap multiple program SetProgramID calls.
deployment/ccip/changeset/solana_v0_1_1/cs_disable_remote_chain.go	Wrap fee quoter/offramp SetProgramID calls.
deployment/ccip/changeset/solana_v0_1_1/cs_billing.go	Wrap fee quoter/router SetProgramID calls.
deployment/ccip/changeset/solana_v0_1_1/cs_set_ocr3.go	Wrap offramp SetProgramID and introduce runSafely.
deployment/ccip/changeset/solana_v0_1_1/cs_deploy_chain.go	Switch RMN remote binding version and extend RMN remote init to set event authorities.
deployment/ccip/changeset/solana_v0_1_0/ownership_transfer_helpers.go	Wrap multiple program SetProgramID calls.
deployment/ccip/changeset/solana_v0_1_0/cs_token_pool.go	Wrap token pool SetProgramID calls across token pool ops.
deployment/ccip/changeset/solana_v0_1_0/cs_token_admin_registry.go	Wrap router SetProgramID calls.
deployment/ccip/changeset/solana_v0_1_0/cs_ops.go	Wrap multiple program SetProgramID calls.
deployment/ccip/changeset/solana_v0_1_0/cs_disable_remote_chain.go	Wrap fee quoter/offramp SetProgramID calls.
deployment/ccip/changeset/solana_v0_1_0/cs_billing.go	Wrap fee quoter/router SetProgramID calls.
deployment/ccip/changeset/solana_v0_1_0/cs_set_ocr3.go	Wrap offramp SetProgramID and introduce runSafely.
deployment/ccip/changeset/solana_v0_1_0/cs_deploy_chain.go	Wrap program SetProgramID calls.
deployment/ccip/changeset/solana_v0_1_0/cs_add_remote_chain.go	Wrap router/feequoter/offramp SetProgramID calls.

Scrupulous human review recommended for:

• runSafely usage across Solana changesets (panic recovery semantics can mask real deployment failures).
• initializeRMNRemote changes in deployment/ccip/changeset/solana_v0_1_1/cs_deploy_chain.go (new on-chain initialization behavior + authorities).
• Cross-module dependency alignment (root vs submodules) to ensure CI “tidy”/build expectations are met.

Reviewer recommendations (CODEOWNERS / history):

• No CODEOWNERS file found in the repository root or .github/, and git history/blame isn’t available via the provided tools. Suggested reviewers: maintainers for deployment/ccip/changeset/** (Solana CCIP deployment) and owners of the system/integration test modules affected by the dependency bumps.

---

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

The root module now pins chainlink-ccip/chains/solana to a newer pseudo-version, but chainlink-ccip/chains/solana/gobindings remains on an older commit. Keeping these submodules out of sync (especially when they come from the same upstream repo) commonly causes go mod tidy churn and can introduce incompatible API mismatches at build time. Consider bumping the gobindings pseudo-version to the matching commit (or otherwise aligning versions intentionally and documenting why) and re-running go mod tidy.

Suggested change

	github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20250912190424-fd2e35d7deb5
	github.com/smartcontractkit/chainlink-ccip/chains/solana/gobindings v0.0.0-20260224214816-cb23ec38649f

[Copilot]

runSafely recovers panics and then continues execution after a failed SetProgramID, which can silently build instructions using the wrong (or default) program ID and mask real failures during deployment. Instead of swallowing the panic, propagate a failure signal (e.g., return an error / fail the changeset) and log via the environment logger rather than fmt.Printf so the failure is visible and actionable.

Suggested change

	func() {
	defer func() {
	if r := recover(); r != nil {
	fmt.Printf("Recovered from panic: %v\n", r)
	}
	}()
	op()
	}()
	op()

[Copilot]

In test helpers, runSafely recovers panics and only prints to stdout, which can let tests proceed in a corrupted state and make failures flaky/non-obvious. Prefer failing the test immediately (e.g., t.Fatalf / require.FailNow) or returning an error to the caller, and use the test logger (t.Logf) rather than fmt.Printf.

Suggested change

	func() {
	defer func() {
	if r := recover(); r != nil {
	fmt.Printf("Recovered from panic: %v\n", r)
	}
	}()
	op()
	}()
	op()

[Copilot]

runSafely recovers panics and then continues execution after a failed SetProgramID, which can silently build instructions using the wrong (or default) program ID and mask real failures during deployment. Instead of swallowing the panic, propagate a failure signal (e.g., return an error / fail the changeset) and log via the environment logger rather than fmt.Printf so the failure is visible and actionable.

Suggested change

	func() {
	defer func() {
	if r := recover(); r != nil {
	fmt.Printf("Recovered from panic: %v\n", r)
	}
	}()
	op()
	}()
	op()

[Copilot]

In this module, chainlink-ccip/chains/solana and chainlink-ccip/chains/solana/gobindings are pinned to different pseudo-versions. Since both come from the same upstream repo and tend to evolve together, this can lead to go mod tidy churn and subtle incompatibilities. If there isn’t a strong reason to keep them split, consider bumping them to the same commit (or documenting why they must differ).

Suggested change

	github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20260224214816-cb23ec38649f
	github.com/smartcontractkit/chainlink-ccip/chains/solana v0.0.0-20260310183131-8d0f0e383288