Release/v1.13 to master

[aarmoa]

• Updated proto dependencies to Injective chain v1.18.0 and Indexer v1.18.3

Summary by CodeRabbit

• New Features

  • Chainlink Data Streams oracle support; new Chainlink price-states query and relay
  • New RPCs: auction account status, RFQ service, and post-only mode activation

• Updates

  • Indexer/core compatibility updated to v1.18.x
  • Oracle list can be filtered by symbol and type
  • Namespace APIs now accept separate WASM and EVM hook fields
  • Trading examples use string-based Decimal literals for precision

• Chores

  • OFAC list updated

[coderabbitai]

Important

Review skipped

Review was skipped as selected files did not have any reviewable changes.

💤 Files selected but had no reviewable changes (1)

• pyproject.toml

⛔ Files ignored due to path filters (1)

• poetry.lock is excluded by !**/*.lock

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Bumps Injective proto/version pins to v1.18.x, adds Chainlink Data Streams oracle proto and RPCs, extends RFQ and IAM/routing proto stubs, updates EIP-712 order hashing, introduces wasm_hook/evm_hook in namespace messages, parameterizes oracle list APIs, and standardizes Decimal literals in examples.

Changes

Cohort / File(s)	Summary
Version & Repo config /.gitignore, CHANGELOG.md, Makefile, README.md, buf.gen.yaml	Updated dependency/version pins to Injective v1.18.0 / indexer v1.18.3, added .python-version, updated changelog and copyright year; buf.gen.yaml git_repo tag bumps.
Examples — Decimal literals examples/chain_client/..., examples/exchange_client/...	Converted numeric Decimal constructors to string-based forms (e.g., Decimal("1")), and replaced several runtime margin calculations with explicit Decimal literals across many example scripts.
Oracle API surface (clients) pyinjective/async_client.py, pyinjective/indexer_client.py, pyinjective/client/indexer/grpc/indexer_grpc_oracle_api.py, examples/exchange_client/oracle_rpc/3_OracleList.py	Added optional filters to fetch_oracle_list: symbol, oracle_type, per_page, token; parameters forwarded through async/client/indexer gRPC layers.
Namespace hooks (permissions) pyinjective/composer.py, pyinjective/composer_v2.py, examples/chain_client/permissions/1_MsgCreateNamespace.py, examples/chain_client/permissions/2_MsgUpdateNamespace.py	Replaced contract_hook with wasm_hook and introduced evm_hook in msg_create_namespace / msg_update_namespace signatures and payload construction, updating call sites.
EIP-712 / Order hashing pyinjective/orderhash.py	Refactored EIP-712 types to use domain-based EIP712Domain and abi.string typed fields for SpotOrder, DerivativeOrder, and OrderInfo; adjusted imports and type declarations.
OFAC list pyinjective/ofac.json	Added three Ethereum addresses to the OFAC list.
New & updated protobufs — oracle (Chainlink Data Streams) pyinjective/proto/injective/oracle/v1beta1/*, pyinjective/proto/injective/oracle/v1beta1/query_pb2_grpc.py, .../events_pb2.py, .../tx_pb2.py, .../genesis_pb2.py, .../oracle_pb2.py, .../proposal_pb2.py	Added Chainlink Data Streams messages/RPCs (QueryChainlinkDataStreamsPriceStates, MsgRelayChainlinkPrices, EventSetChainlinkDataStreamsPrices) and removed/replaced some Band-related RPC wiring; updated many generated descriptor options and indices.
New RPC / proto modules added pyinjective/proto/exchange/injective_rfqrpc_pb2.py, pyinjective/proto/exchange/injective_rfqrpc_pb2_grpc.py, pyinjective/proto/google/api/routing_pb2.py, pyinjective/proto/google/api/routing_pb2_grpc.py, pyinjective/proto/google/iam/v1/*, pyinjective/proto/google/iam/v1/*_pb2_grpc.py	Introduced generated protobuf + gRPC bindings for Injective RFQ service (multiple RPCs), Google routing and IAM policy protos and stubs.
Exchange / market proto updates (v2) pyinjective/proto/injective/exchange/v2/*	Added EnforcedRestrictionsContract type and new Params fields (post-only mode, instant market launch flags), new MsgActivatePostOnlyMode and RPC wiring; extensive generated descriptor updates.
Auction RPC extension pyinjective/proto/exchange/injective_auction_rpc_pb2_grpc.py	Added new AuctionAccountStatus RPC to gRPC stubs/servicer registration and client helpers.
Numerous generated proto descriptor recalibrations pyinjective/proto/.../pb2.py (many files)	Updated serialized descriptor start/end offsets, per-field serialized options, and generated metadata across many protobuf modules to align with updated .proto inputs; most changes are internal descriptor metadata with few semantic message additions noted above.
Misc generated proto tweaks pyinjective/proto/cosmos/authz/v1beta1/tx_pb2.py, other _pb2/_pb2_grpc files	Adjusted descriptor serialized options and added deprecation note in one servicer docstring; various generated metadata updates.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant AsyncClient
    participant IndexerClient
    participant IndexerGRPC
    Client->>AsyncClient: fetch_oracle_list(symbol, oracle_type, per_page, token)
    AsyncClient->>IndexerClient: fetch_oracle_list(symbol, oracle_type, per_page, token)
    IndexerClient->>IndexerGRPC: OracleListRequest{symbol, oracle_type, per_page, token}
    IndexerGRPC->>IndexerClient: OracleListResponse(oracles, next, token)
    IndexerClient->>AsyncClient: parsed response dict
    AsyncClient->>Client: return filtered oracle list

Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

Possibly related PRs

• Release/v1.13 #406: Bumps Injective/indexer/injective-core version pins in Makefile and buf.gen.yaml; overlaps with version/tag changes here.

Poem

🐰 I hopped through protos, line by line,

Chainlink streams now sing in time,
Decimal seeds sown as strings so neat,
Hooks split to wasm and evm, a treat,
EIP712 domains now twirl and shine.

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 30.30% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Release/v1.13 to master' accurately reflects the main purpose of the pull request, which is to merge version 1.13.0 changes into the master branch with updated proto dependencies.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into master

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch release/v1_13_to_master

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	black@​25.11.0 ⏵ 25.12.0	+1
	ckzg@​2.1.5
	certifi@​2025.10.5 ⏵ 2025.11.12
	cchecksum@​0.3.5
	cfgv@​3.4.0 ⏵ 3.5.0	+1

View full report

[Copilot]

Pull request overview

This PR updates the Injective Python SDK to support Injective chain v1.18.0 and Indexer v1.18.3. The changes include protocol buffer regenerations, API signature updates for new features (particularly around permissions and oracle functionality), and various test/example updates to align with the new protocol versions.

Changes:

• Updated proto dependencies to Injective chain v1.18.0 and Indexer v1.18.3
• Renamed contract_hook to wasm_hook and added evm_hook parameter in permissions namespace operations
• Added support for Chainlink Data Streams oracle and removed deprecated Band oracle methods
• Added new funding-related fields to derivative positions
• Enhanced oracle list API with filtering capabilities

Reviewed changes

Copilot reviewed 65 out of 81 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
pyproject.toml	Version bump from 1.12.0 to 1.13.0
buf.gen.yaml	Updated dependency tags for chain v1.18.0
Makefile	Updated indexer version to v1.18.3
CHANGELOG.md	Added v1.13.0 release notes
pyinjective/composer.py, composer_v2.py	Updated namespace methods with wasm_hook and evm_hook parameters
pyinjective/indexer_client.py, async_client.py	Added filtering parameters to fetch_oracle_list
pyinjective/client/indexer/grpc/indexer_grpc_oracle_api.py	Implemented oracle list filtering
pyinjective/orderhash.py	Updated EIP-712 implementation to use new library structure
tests/*.py	Updated tests for renamed parameters and new fields
examples/*.py	Updated examples for consistency with string Decimal literals
pyinjective/proto/**/*.py	Regenerated proto files for v1.18 compatibility
pyinjective/ofac.json	Added 3 new addresses to OFAC list

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Import of 'google_dot_iam_dot_v1_dot_options__pb2' is not used.

[Copilot]

Import of 'google_dot_iam_dot_v1_dot_policy__pb2' is not used.

[Copilot]

Import of 'google_dot_protobuf_dot_field__mask__pb2' is not used.

[Copilot]

Import of 'grpc' is not used.

[Copilot]

Import of 'google_dot_type_dot_expr__pb2' is not used.

[Copilot]

Import of 'grpc' is not used.

[Copilot]

Import of 'google_dot_protobuf_dot_descriptor__pb2' is not used.

[Copilot]

Import of 'grpc' is not used.

[coderabbitai]

Actionable comments posted: 4

🤖 Fix all issues with AI agents

In `@Makefile`:
- Line 29: The Makefile's gen target currently runs the failing git clone
command for InjectiveLabs/injective-indexer (the line with "git clone
https://github.com/InjectiveLabs/injective-indexer.git -b v1.18.3 --depth 1
--single-branch"), which breaks make gen and the subsequent copy-proto step;
update the gen flow so it no longer hard-fails on that clone by either replacing
the URL with an accessible mirror/tag, using a configurable
INJECTIVE_INDEXER_REPO variable, or adding a conditional check that skips
cloning and the copy-proto step if ./injective-indexer/api/gen/grpc/ is missing
(and document how to provide the protos from a local path or vendor archive);
ensure changes touch the gen target and any references to copy-proto so make gen
succeeds even when the original repository is inaccessible.

In `@pyinjective/orderhash.py`:
- Around line 4-8: Pin the eip712 dependency to version 0.3.0 or later in your
project manifest (change eip712 = "*" to eip712 >= 0.3.0) so imports like
EIP712Domain and EIP712Message are available; then change the OrderInfo model to
inherit from the library's EIP712Type (not pydantic.BaseModel) and update its
field/type declarations to match the eip712 struct pattern used by
EIP712Message/EIP712Domain (refer to the EIP712Type usage in the eip712 docs) so
the EIP-712 encoding with EIP712Message works correctly.

In `@pyinjective/proto/exchange/injective_auction_rpc_pb2_grpc.py`:
- Around line 104-109: The generated servicer method AuctionAccountStatus has an
unused request parameter flagged by ARG002; to fix, either configure the linter
to ignore ARG002 for generated gRPC stubs (exclude files matching *_pb2_grpc.py)
or add a local suppression comment to the stub method (e.g., append a noqa for
ARG002 to the function signature or immediately inside the method) so the
generated file no longer triggers the lint error while leaving the generated
code otherwise unchanged.

In `@pyinjective/proto/exchange/injective_rfqrpc_pb2.py`:
- Around line 4-17: The generated protobuf header indicates "Protobuf Python
Version: 5.26.1" (see DESCRIPTOR / the module top comment), but Pipfile.lock is
pinned to protobuf 4.24.2; run pipenv lock to regenerate Pipfile.lock so it
honors the pyproject.toml constraint (^5.26.1) and update the lockfile in the
PR, ensuring the Pipfile.lock protobuf entry matches 5.26.1 (or a compatible
5.x) before merging.

🧹 Nitpick comments (3)

pyinjective/orderhash.py (1)

21-27: Consider extracting the shared EIP712Domain to reduce duplication.

The eip712_domain definition is identical between SpotOrder and DerivativeOrder. Extracting it to a module-level constant would improve maintainability and ensure consistency if domain parameters need to change.

♻️ Suggested refactor to extract shared domain

+INJECTIVE_EIP712_DOMAIN = EIP712Domain(
+    name="Injective Protocol",
+    version="2.0.0",
+    chainId=888,
+    verifyingContract="0xCcCCccccCCCCcCCCCCCcCcCccCcCCCcCcccccccC",
+    salt=HexBytes("0x0000000000000000000000000000000000000000000000000000000000000000"),
+)
+
+
 class SpotOrder(EIP712Message):
-    eip712_domain = EIP712Domain(
-        name="Injective Protocol",
-        version="2.0.0",
-        chainId=888,
-        verifyingContract="0xCcCCccccCCCCcCCCCCCcCcCccCcCCCcCcccccccC",
-        salt=HexBytes("0x0000000000000000000000000000000000000000000000000000000000000000"),
-    )
+    eip712_domain = INJECTIVE_EIP712_DOMAIN

Apply the same change to DerivativeOrder.

pyinjective/proto/exchange/injective_rfqrpc_pb2_grpc.py (1)

70-143: Suppress Ruff ARG002 for generated servicer stubs.

Static analysis flags unused request/request_iterator in generated servicer methods. To avoid CI noise without editing generated files, consider a per-file ignore or path exclusion for these gRPC stubs.

Example Ruff config snippet:

[tool.ruff.per-file-ignores]
"pyinjective/proto/**/injective_*_pb2_grpc.py" = ["ARG002"]

pyinjective/composer.py (1)

1625-1650: Consider grouping related parameters wasm_hook and evm_hook together in the signature.

The wasm_hook parameter is at position 3 while evm_hook is at position 9 (end of signature). These are logically related hook configurations and would be easier to use if adjacent. Also consider whether these should be Optional[str] if empty hooks are valid.

Suggested parameter reordering

 def msg_create_namespace(
     self,
     sender: str,
     denom: str,
     wasm_hook: str,
+    evm_hook: str,
     role_permissions: List[injective_permissions_pb.Role],
     actor_roles: List[injective_permissions_pb.ActorRoles],
     role_managers: List[injective_permissions_pb.RoleManager],
     policy_statuses: List[injective_permissions_pb.PolicyStatus],
     policy_manager_capabilities: List[injective_permissions_pb.PolicyManagerCapability],
-    evm_hook: str,
 ) -> injective_permissions_tx_pb.MsgCreateNamespace:

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
git ls-remote --tags https://github.com/InjectiveLabs/injective-indexer.git v1.18.3

Repository: InjectiveLabs/sdk-python

Length of output: 185

---

🏁 Script executed:

#!/bin/bash
# Find and examine the Makefile
git ls-files | grep -i makefile

Repository: InjectiveLabs/sdk-python

Length of output: 76

---

🏁 Script executed:

#!/bin/bash
# Check the Makefile around line 29 for context
if git ls-files | grep -q "Makefile"; then
  wc -l Makefile
  echo "---"
  sed -n '25,35p' Makefile
fi

Repository: InjectiveLabs/sdk-python

Length of output: 344

---

🏁 Script executed:

#!/bin/bash
# Search for injective references in the codebase
rg -i "injective" --max-count 20

Repository: InjectiveLabs/sdk-python

Length of output: 50382

---

🏁 Script executed:

#!/bin/bash
# Find all targets in Makefile and their dependencies
cat -n Makefile | head -41

Repository: InjectiveLabs/sdk-python

Length of output: 1525

---

🏁 Script executed:

#!/bin/bash
# Search for 'gen' target and clone dependencies
grep -n "gen\|clone" Makefile

Repository: InjectiveLabs/sdk-python

Length of output: 550

---

🌐 Web query:

InjectiveLabs injective-indexer GitHub repository

💡 Result:

The GitHub repository InjectiveLabs/injective-indexer is referenced as the upstream repo for Injective’s published indexer client/proto packages on npm (e.g., @injectivelabs/indexer-api, @injectivelabs/indexer-proto-ts). [1][2]

However, the GitHub repo URL currently returns 404 (Not Found), which typically means it’s been deleted, made private, or renamed:

https://github.com/InjectiveLabs/injective-indexer

[3]

If your goal is to work with the indexer (without that repo), the official Injective docs still describe the Indexer API and how to run/query it. [4]

Sources: [1] [2] [3] [4]

---

Repository InjectiveLabs/injective-indexer is inaccessible and will block the make gen target.

The make gen command depends on cloning https://github.com/InjectiveLabs/injective-indexer.git at tag v1.18.3, but this repository returns 404 (deleted, made private, or renamed). The clone will fail immediately, causing copy-proto to fail since it expects ./injective-indexer/api/gen/grpc/ to exist. Either restore repository access, point to a different source, or update the build process to work without this dependency.

🤖 Prompt for AI Agents

In `@Makefile` at line 29, The Makefile's gen target currently runs the failing
git clone command for InjectiveLabs/injective-indexer (the line with "git clone
https://github.com/InjectiveLabs/injective-indexer.git -b v1.18.3 --depth 1
--single-branch"), which breaks make gen and the subsequent copy-proto step;
update the gen flow so it no longer hard-fails on that clone by either replacing
the URL with an accessible mirror/tag, using a configurable
INJECTIVE_INDEXER_REPO variable, or adding a conditional check that skips
cloning and the copy-proto step if ./injective-indexer/api/gen/grpc/ is missing
(and document how to provide the protos from a local path or vendor archive);
ensure changes touch the gen target and any references to copy-proto so make gen
succeeds even when the original repository is inaccessible.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Suppress ARG002 for the generated servicer stub (unused request).

Ruff flags the unused request parameter in the new method. Consider excluding generated *_pb2_grpc.py from ARG002 or adding a local noqa to keep lint clean.

🧹 Minimal suppression (if linting generated files)

-    def AuctionAccountStatus(self, request, context):
+    def AuctionAccountStatus(self, request, context):  # noqa: ARG002

🧰 Tools

🪛 Ruff (0.15.0)

[warning] 104-104: Unused method argument: request

(ARG002)

🤖 Prompt for AI Agents

In `@pyinjective/proto/exchange/injective_auction_rpc_pb2_grpc.py` around lines
104 - 109, The generated servicer method AuctionAccountStatus has an unused
request parameter flagged by ARG002; to fix, either configure the linter to
ignore ARG002 for generated gRPC stubs (exclude files matching *_pb2_grpc.py) or
add a local suppression comment to the stub method (e.g., append a noqa for
ARG002 to the function signature or immediately inside the method) so the
generated file no longer triggers the lint error while leaving the generated
code otherwise unchanged.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Find and examine dependency files for protobuf version constraints
fd -e toml -e txt -e cfg -e py -e lock 2>/dev/null | grep -E '(pyproject|requirements|setup|Pipfile|poetry|poetry\.lock)' | head -20

Repository: InjectiveLabs/sdk-python

Length of output: 119

---

🏁 Script executed:

#!/bin/bash
# Check protobuf version constraints in all dependency files
echo "=== pyproject.toml ==="
cat pyproject.toml | grep -A 5 -B 5 protobuf || echo "No protobuf found in pyproject.toml"

echo -e "\n=== poetry.lock (protobuf entries) ==="
grep -A 10 'name = "protobuf"' poetry.lock | head -30

echo -e "\n=== Pipfile.lock (protobuf entries) ==="
grep -A 10 '"protobuf"' Pipfile.lock | head -30

Repository: InjectiveLabs/sdk-python

Length of output: 1900

---

🏁 Script executed:

#!/bin/bash
# Verify the exact protobuf version from Pipfile.lock
python3 << 'EOF'
import json
import re

# Try to parse Pipfile.lock to find protobuf version
try:
    with open('Pipfile.lock', 'r') as f:
        pipfile_lock = json.load(f)
        if 'default' in pipfile_lock and 'protobuf' in pipfile_lock['default']:
            protobuf_info = pipfile_lock['default']['protobuf']
            print(f"Pipfile.lock protobuf version: {protobuf_info.get('version', 'N/A')}")
except Exception as e:
    print(f"Could not parse Pipfile.lock: {e}")

# Also check if grpcio version constraints exist
print("\n=== grpcio constraints ===")
with open('pyproject.toml', 'r') as f:
    for line in f:
        if 'grpcio' in line:
            print(line.strip())
EOF

Repository: InjectiveLabs/sdk-python

Length of output: 167

---

🏁 Script executed:

#!/bin/bash
# Check for API differences between protobuf 4.24.2 and 5.26.1
# Specifically around _builder import
python3 << 'EOF'
# Protobuf 5.x introduced significant changes to descriptor APIs
# The _builder module exists in both, but let's verify compatibility

print("=== Protobuf Version Mismatch Analysis ===")
print("\nDependency Configuration:")
print("- pyproject.toml declares: protobuf = \"^5.26.1\"")
print("- poetry.lock locks to: protobuf 5.29.5 ✓ (satisfies constraint)")
print("- Pipfile.lock locks to: protobuf 4.24.2 ✗ (does NOT satisfy constraint)")
print("\nGenerated file declares: Protobuf Python Version: 5.26.1")
print("\nRisk Analysis:")
print("1. Pipenv users will get protobuf 4.24.2 (major version mismatch)")
print("2. Poetry users will get protobuf 5.29.5 (compatible)")
print("3. The generated code may fail with protobuf 4.24.2 due to API changes")
print("\nCritical Issue: Pipfile.lock and pyproject.toml are out of sync")
EOF

Repository: InjectiveLabs/sdk-python

Length of output: 653

---

🏁 Script executed:

#!/bin/bash
# Check if there are other generated proto files for comparison
fd -name "*_pb2.py" | head -5

Repository: InjectiveLabs/sdk-python

Length of output: 298

---

🏁 Script executed:

#!/bin/bash
# Check proto files and their protobuf version declarations
find . -name "*_pb2.py" -type f | head -10

Repository: InjectiveLabs/sdk-python

Length of output: 589

---

🏁 Script executed:

#!/bin/bash
# Check version declarations in multiple proto files
echo "=== Protobuf version declarations in generated files ==="
grep -h "Protobuf Python Version" ./pyinjective/proto/amino/amino_pb2.py ./pyinjective/proto/exchange/injective_rfqrpc_pb2.py ./pyinjective/proto/capability/v1/capability_pb2.py 2>/dev/null | sort | uniq -c

Repository: InjectiveLabs/sdk-python

Length of output: 166

---

🏁 Script executed:

#!/bin/bash
# Verify the impact by checking if both dependency managers are actively maintained
echo "=== Checking which dependency managers are in use ==="
echo "pyproject.toml exists: $([ -f pyproject.toml ] && echo 'YES' || echo 'NO')"
echo "Pipfile exists: $([ -f Pipfile ] && echo 'YES' || echo 'NO')"
echo "poetry.lock exists: $([ -f poetry.lock ] && echo 'YES' || echo 'NO')"
echo "Pipfile.lock exists: $([ -f Pipfile.lock ] && echo 'YES' || echo 'NO')"

echo -e "\n=== Checking for poetry configuration ==="
grep -E '\[tool\.poetry\]|build-backend' pyproject.toml | head -3

Repository: InjectiveLabs/sdk-python

Length of output: 316

---

Update Pipfile.lock to match protobuf dependency constraint.

The generated module targets Protobuf Python 5.26.1, but Pipfile.lock is pinned to protobuf 4.24.2 while pyproject.toml requires ^5.26.1. Pipenv users will install an incompatible version. Update Pipfile.lock by running pipenv lock to align with the pyproject.toml constraint and resolve the version mismatch.

🤖 Prompt for AI Agents

In `@pyinjective/proto/exchange/injective_rfqrpc_pb2.py` around lines 4 - 17, The
generated protobuf header indicates "Protobuf Python Version: 5.26.1" (see
DESCRIPTOR / the module top comment), but Pipfile.lock is pinned to protobuf
4.24.2; run pipenv lock to regenerate Pipfile.lock so it honors the
pyproject.toml constraint (^5.26.1) and update the lockfile in the PR, ensuring
the Pipfile.lock protobuf entry matches 5.26.1 (or a compatible 5.x) before
merging.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@pyinjective/orderhash.py`:
- Around line 4-6: pyinjective/orderhash.py imports eth_pydantic_types.abi but
that package is only a transitive dependency; add eth-pydantic-types as a direct
dependency by updating the [tool.poetry.dependencies] section in pyproject.toml
to include eth-pydantic-types = "^0.2.4" so imports like eth_pydantic_types
(used in pyinjective/orderhash.py) are guaranteed at runtime.