support the new cheatcodes added in
foundry-rs/foundry#11236
support new nonce diffs added in
foundry-rs/foundry#11215

---------

Co-authored-by: grandizzy <grandizzy.the.egg@gmail.com>

Ref foundry-rs/foundry#11296

Adds:

```solidity
    /// Returns an array of `StorageAccess` from current `vm.stateStateDiffRecording` session
    function getStorageAccesses() external view returns (StorageAccess[] memory storageAccesses);
```

---------

Co-authored-by: Yash Atreya <yash@Yashs-Laptop.local>

- update of read fork cheatcodes:
foundry-rs/foundry#11302
- `getStorageAccesses` cheatcode:
foundry-rs/foundry#11296

---------

Co-authored-by: grandizzy <grandizzy.the.egg@gmail.com>

This PR introduces a new contract, `StdConfig`, which encapsulates all
the logic to read and write from a user-defined `.toml` config file that
sticks to a predetermined structure (access permissions must be granted
via `foundry.toml` as usual).

It also introduces a new abstract contract, `Config`, which can be
inherited together with`Test` and `Script`. Users can then tap into the
new features that `Config` and `StdConfig` enable to streamline the
setup of multi-chain environments.

## Features

### Comprehensive + Easily Programmable Config File

The TOML structure must have top-level keys representing the target
chains. Under each chain key, variables are organized by type in
separate sub-tables like `[<chain>.<type>]`.
- chain must either be: a `uint` or a valid alloy-chain alias.
- type must be one of: `bool`, `address`, `uint`, `bytes32`, `string`,
or `bytes`.

```toml
# see `test/fixtures/config.toml` for a full example

[mainnet]
endpoint_url = "${MAINNET_RPC}"

[mainnet.bool]
is_live = true

[mainnet.address]
weth = "0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2"
whitelisted_admins = [
   "${MAINNET_ADMIN}",
   "0x00000000000000000000000000000000deadbeef"
]
```

> **NOTE**: env vars are supported and automatically resolved by
`StdConfig`.

### Ease dev burden when dealing with Multi-Chain Setups

The new `Config` abstract contract introduces a minimal set of storage
variables that expose the user config:

```solidity
/// @dev Contract instance holding the data from the TOML config file.
StdConfig internal config;

/// @dev Array of chain IDs for which forks have been created.
uint256[] internal chainIds;

/// @dev A mapping from a chain ID to its initialized fork ID.
mapping(uint256 => uint256) internal forkOf;
```

These variables are populated with a single function that users can call
when setting up their tests or scripts:

```solidity
/// @notice  Loads configuration from a file.
///
/// @dev     This function instantiates a `StdConfig` contract, caching all its config variables.
///
/// @param   filePath The path to the TOML configuration file.
/// @param   writeToFile: whether updates are written back to the TOML file.
function _loadConfig(string memory filePath, bool writeToFile) internal;

/// @notice  Loads configuration from a file and creates forks for each specified chain.
///
/// @dev     This function instantiates a `StdConfig` contract, caches its variables,
///          and iterates through the configured chains to create a fork for each one.
///          It also populates the `forkOf[chainId] -> forkId` map to easily switch between forks.
///
/// @param   filePath The path to the TOML configuration file.
/// @param   writeToFile: whether updates are written back to the TOML file.

function _loadConfigAndForks(string memory filePath, bool writeToFile) internal;
```

### Intuitive and type-safe API with `StdConfig` and `LibVariable`

- `StdConfig` reads, resolves, and parses all variables when
initialized, caching them in storage.
- To access variables, `StdConfig` exposes a generic `get` method that
returns a `Variable` struct. This struct holds the raw data and its type
information.
- The `LibVariable` library is used to safely cast the `Variable` struct
to a concrete Solidity type. This ensures type safety at runtime,
reverting with a clear error if a variable is missing or cast
incorrectly.
- All methods can be used without having to inform the chain ID, and the
currently selected chain will be automatically derived.

```solidity
// GETTER FUNCTIONS

/// @notice   Reads a variable and returns it in a generic `Variable` container.
/// @dev      The caller should use `LibVariable` to safely coerce the type.
///           Example: `uint256 myVar = config.get("my_key").toUint256();`
function get(uint256 chain_id, string memory key) public view returns (Variable memory);
function get(string memory key) public view returns (Variable memory);

/// @notice Reads the RPC URL.
function getRpcUrl(uint256 chainId) public view returns (string memory);
function getRpcUrl() public view returns (string memory);

/// @notice Returns the numerical chain ids for all configured chains.
function getChainIds() public view returns (uint256[] memory);
```

`StdConfig` supports bidirectional (read + write capabilities)
configuration management:
- The constructor `writeToFile` parameter enables automatic persistence
of changes.
- Use `function writeUpdatesBackToFile(bool)` to toggle write behavior
at runtime.
- All setter methods will update memory (state), but will only write
updates back to the TOML file if the flag is enabled.

```solidity
// SETTER FUNCTIONS

/// @notice   Sets a value for a given key. Overloaded for all supported types and their arrays.
/// @dev      Caches value and writes the it back to the TOML file if `writeToFile` is enabled.
function set(uint256 chainId, string memory key, <type> value) public;

/// @notice Enable or disable automatic writing to the TOML file on `set`.
function writeUpdatesBackToFile(bool enabled) public;
```

### Usage example

> **NOTE:** we use solc `^0.8.13`, so that we can globally declare
`using LibVariable for Variable`, which means devs only need to inherit
`Config` and are all set.

```solidity
contract MyTest is Test, Config {
    function setUp() public {
        // Loads config and creates forks for all chains defined in the TOML.
		// We set `writeToFile = false` cause we don't want to update the TOML file.
        _loadConfigAndForks("./test/fixtures/config.toml", false);
    }

    function test_readSingleChainValues() public {
        // The default chain is the last one from the config.
        // Let's switch to mainnet to read its values.
        vm.selectFork(forkOf[1]);

        // Retrieve a 'uint256' value. Reverts if not found or not a uint.
        uint256 myNumber = config.get("important_number").toUint256();
    }

    function test_readMultiChainValues() public {
        // Read WETH address from Mainnet (chain ID 1)
        vm.selectFork(forkOf[1]);
        address wethMainnet = config.get("weth").toAddress();

        // Read WETH address from Optimism (chain ID 10)
        vm.selectFork(forkOf[10]);
        address wethOptimism = config.get("weth").toAddress();

        // You can now use the chain-specific variables in your test
        assertEq(wethMainnet, 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2);
        assertEq(wethOptimism, 0x4200000000000000000000000000000000000006);
    }

	function test_writeConfig() public {
		// Manually enable as it was set to `false` in the constructor.
		config.writeToFile(true);

        // Changes are automatically persisted to the TOML file
        config.set("my_address", 0x1234...);
        config.set("is_deployed", true);

        // Verify changes were written
        string memory content = vm.readFile("./config.toml");
        address saved = vm.parseTomlAddress(content, "$.mainnet.address.my_address");
        assertEq(saved, 0x1234...);
        address isDeployed = vm.parseTomlBool(content, "$.mainnet.bool.is_deployed");
        assertEq(isDeployed);
    }
}
```

---------

Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>

Corrects a comment typo in `src/StdConfig.sol` for the `writeToFile`
parameter.

Adds @0xrusowsky & @onbjerg

…ly (#728)

In `sync.yml` `contents: write` permissions are required to push perform
the sync as well as persist credentials (explicitly marked at true).

`persist-credentials: true` is required in order to push to the `v1`
branch by the workflow

<!--
Thank you for your Pull Request. Please provide a description above and
review
the requirements below.

Bug fixes and new features should include tests.

Contributors guide:
https://github.com/foundry-rs/foundry/blob/master/CONTRIBUTING.md

The contributors guide includes instructions for running rustfmt and
building the
documentation.
-->

<!-- ** Please select "Allow edits from maintainers" in the PR Options
** -->

## Motivation

<!--
Explain the context and why you're making that change. What is the
problem
you're trying to solve? In some cases there is not a problem and this
can be
thought of as being the motivation for your change.
-->

This PR introduces CodeQL code scanning initially just focused on Github
actions as it is fast to run.


https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql

Results are reported privately in the `security` tab.

## Solution

<!--
Summarize the solution and provide any necessary context needed to
understand
the code change.
-->

This workflow was derived from the default workflow example Github
provides enhanced with concurrency cancel in progress, updated cron to
run daily and allow workflow dispatch. Trigger on cron, pull requests
and pushes to master.

… weekly (#730)

Pinning hashes for dependencies in workflows is a security best practice

Excluded from pinning are actions from the `github/*` and `actions/*`
given that these are officially managed by Github and are not raised by
`zizmor`

By configuring dependabot with `package-ecosystem: "github-actions"` it
will open a pull request only for updating pinned hashes (not cargo,
etc..):
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot#enabling-dependabot-version-updates-for-actions

The `<hash> #<branch_name>` syntax is what dependabot picks up on

Note: `foundry-toolchain@v1` has been left unpinned as it will help us
catch issues more easily and it is in our interest to be up to date. Let
me know if this makes sense @grandizzy or if we should pin instead.

…ilege (#731)

By assigning

```
permissions: {}
```

we disable all permissions by default

we then grant it on a per-job basis to exactly what is strictly required

…success` (#734)

Moves CodeQL to `ci.yml` and makes it a condition for `ci-success`

Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.36.2 to
1.36.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.36.3</h2>
<h2>[1.36.3] - 2025-09-25</h2>
<h3>Fixes</h3>
<ul>
<li>Fix typo in correction to <code>analysises</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="http://keepachangelog.com/">Keep a
Changelog</a>
and this project adheres to <a href="http://semver.org/">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.36.3] - 2025-09-25</h2>
<h3>Fixes</h3>
<ul>
<li>Fix typo in correction to <code>analysises</code></li>
</ul>
<h2>[1.36.2] - 2025-09-04</h2>
<h3>Fixes</h3>
<ul>
<li>Fix regression from 1.36.1 when rendering an error for a line with
invalid UTF-8</li>
</ul>
<h2>[1.36.1] - 2025-09-03</h2>
<h3>Fixes</h3>
<ul>
<li>Replaced the error rendering for various quality of life
improvements</li>
</ul>
<h2>[1.36.0] - 2025-09-02</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1345">August
2025</a> changes</li>
</ul>
<h2>[1.35.8] - 2025-09-02</h2>
<h2>[1.35.7] - 2025-08-29</h2>
<h3>Documentation</h3>
<ul>
<li>Expand PyPI metadata</li>
</ul>
<h2>[1.35.6] - 2025-08-28</h2>
<h3>Fixes</h3>
<ul>
<li>Track <code>go.mod</code> as a golang file (regression from
1.13.21)</li>
</ul>
<h2>[1.35.5] - 2025-08-18</h2>
<h3>Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/crate-ci/typos/commit/0c17dabcee8b8f1957fa917d17393a23e02e1583"><code>0c17dab</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/d4a3b7b012dee49dc53215698995dd0049d08527"><code>d4a3b7b</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/8feb042263e9940f81b30978f4ead9827aeabbbc"><code>8feb042</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1379">#1379</a>
from epage/dict</li>
<li><a
href="https://github.com/crate-ci/typos/commit/6995b89f82e5b64a30bec59e37076f31d04dbab1"><code>6995b89</code></a>
fix(dict): Don't correct too analysises</li>
<li><a
href="https://github.com/crate-ci/typos/commit/87d09ddc3711b776c4db3103067957b6c4bd70fa"><code>87d09dd</code></a>
fix(codespell): Update to 2f3751e</li>
<li><a
href="https://github.com/crate-ci/typos/commit/5e1db27ee9590c41aa1f23ddc03e0ba18b866d70"><code>5e1db27</code></a>
docs(readme): Specify --locked</li>
<li><a
href="https://github.com/crate-ci/typos/commit/2abc5d928aaa84e3a901dda4f148299486dcd818"><code>2abc5d9</code></a>
chore(deps): Update Rust Stable to v1.90 (<a
href="https://redirect.github.com/crate-ci/typos/issues/1375">#1375</a>)</li>
<li>See full diff in <a
href="https://github.com/crate-ci/typos/compare/85f62a8a84f939ae994ab3763f01a0296d61a7ee...0c17dabcee8b8f1957fa917d17393a23e02e1583">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crate-ci/typos&package-manager=github_actions&previous-version=1.36.2&new-version=1.36.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.36.3 to
1.37.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/releases">crate-ci/typos's
releases</a>.</em></p>
<blockquote>
<h2>v1.37.2</h2>
<h2>[1.37.2] - 2025-10-03</h2>
<h3>Fixes</h3>
<ul>
<li>Don't suggest <code>diagnostic</code> for <code>diagnotics</code>,
preferring <code>diagnostics</code></li>
</ul>
<h2>v1.37.1</h2>
<h2>[1.37.1] - 2025-10-01</h2>
<h3>Fixes</h3>
<ul>
<li>Don't offer corrections to <code>&quot;&quot;</code></li>
</ul>
<h2>v1.37.0</h2>
<h2>[1.37.0] - 2025-09-30</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1370">September
2025</a> changes</li>
<li>Pull in other dictionary updates</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's
changelog</a>.</em></p>
<blockquote>
<h1>Change Log</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a href="https://keepachangelog.com/">Keep a
Changelog</a>
and this project adheres to <a href="https://semver.org/">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased] - ReleaseDate</h2>
<h2>[1.37.2] - 2025-10-03</h2>
<h3>Fixes</h3>
<ul>
<li>Don't suggest <code>diagnostic</code> for <code>diagnotics</code>,
preferring <code>diagnostics</code></li>
</ul>
<h2>[1.37.1] - 2025-10-01</h2>
<h3>Fixes</h3>
<ul>
<li>Don't offer corrections to <code>&quot;&quot;</code></li>
</ul>
<h2>[1.37.0] - 2025-09-30</h2>
<h3>Features</h3>
<ul>
<li>Updated the dictionary with the <a
href="https://redirect.github.com/crate-ci/typos/issues/1370">September
2025</a> changes</li>
<li>Pull in other dictionary updates</li>
</ul>
<h2>[1.36.3] - 2025-09-25</h2>
<h3>Fixes</h3>
<ul>
<li>Fix typo in correction to <code>analysises</code></li>
</ul>
<h2>[1.36.2] - 2025-09-04</h2>
<h3>Fixes</h3>
<ul>
<li>Fix regression from 1.36.1 when rendering an error for a line with
invalid UTF-8</li>
</ul>
<h2>[1.36.1] - 2025-09-03</h2>
<h3>Fixes</h3>
<ul>
<li>Replaced the error rendering for various quality of life
improvements</li>
</ul>
<h2>[1.36.0] - 2025-09-02</h2>
<h3>Features</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/crate-ci/typos/commit/7436548694def3314aacd93ed06c721b1f91ea04"><code>7436548</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/1823e2b025b337936690eaded5042d4406f4ec0f"><code>1823e2b</code></a>
docs: Update changelog</li>
<li><a
href="https://github.com/crate-ci/typos/commit/f0ee432398dc9de52800d63ebf1525bb17dd7cf7"><code>f0ee432</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/c29d486d2807323860ff02621a6f8bdd35d79110"><code>c29d486</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/38f26066b20d537746770da846ddf9bf8fe4b8ba"><code>38f2606</code></a>
chore: Release</li>
<li><a
href="https://github.com/crate-ci/typos/commit/e8116273bc0bda9d7a5edda4b2fed63e7608af42"><code>e811627</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1391">#1391</a>
from epage/corrections</li>
<li><a
href="https://github.com/crate-ci/typos/commit/89bd8580382c5d1047239b46776d35734f0e31d2"><code>89bd858</code></a>
fix(dict): Remove correction to focus on nearest option</li>
<li><a
href="https://github.com/crate-ci/typos/commit/ac57a77c745a6c2ca7a2f180d69eb3b0c2acf605"><code>ac57a77</code></a>
Merge pull request <a
href="https://redirect.github.com/crate-ci/typos/issues/1390">#1390</a>
from epage/update</li>
<li><a
href="https://github.com/crate-ci/typos/commit/5f38952876aeb2861c8241c87e6cf4dc86b7d84b"><code>5f38952</code></a>
style: Make clippy happy</li>
<li><a
href="https://github.com/crate-ci/typos/commit/17f77b960b2a59bf11f6470ee27631704a63bff2"><code>17f77b9</code></a>
chore: Update dependencies</li>
<li>Additional commits viewable in <a
href="https://github.com/crate-ci/typos/compare/0c17dabcee8b8f1957fa917d17393a23e02e1583...7436548694def3314aacd93ed06c721b1f91ea04">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=crate-ci/typos&package-manager=github_actions&previous-version=1.36.3&new-version=1.37.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps `package.json` for next 1.11.0 release