PinSave icon indicating copy to clipboard operation
PinSave copied to clipboard

Published 20 hours ago verified publisher icon PinSaveDAO

Bump o1js from 0.17.0 to 1.6.0 in /packages/frontend

Open dependabot[bot] opened this issue 1 year ago • 0 comments

Bumps o1js from 0.17.0 to 1.6.0.

Changelog

Sourced from o1js's changelog.

1.6.0 - 2024-07-23

Added

Changed

  • Reduced maximum bit length for xor, not, and and, operations from 254 to 240 bits to prevent overflow vulnerabilities. o1-labs/o1js#1745
  • Allow using Type instead of Type.provable in APIs that expect a provable type o1-labs/o1js#1751
    • Example: Provable.witness(Bytes32, () => bytes)
  • Automatically wrap and unwrap Unconstrained in fromValue and toValue, so that we don't need to deal with "unconstrained" values outside provable code o1-labs/o1js#1751

1.5.0 - 2024-07-09

Breaking changes

  • Fixed a vulnerability in OffchainState where it didn't store the IndexedMerkleTree length onchain and left it unconstrained o1-labs/o1js#1676

Added

  • A warning about the current reducer API limitations, as well as a mention of active work to mitigate them was added to doc comments and examples o1-labs/o1js#1728
  • ForeignField-based representation of scalars via ScalarField o1-labs/o1js#1705
  • Introduced new V2 methods for nullifier operations: isUnusedV2(), assertUnusedV2(), and setUsedV2() o1-labs/o1js#1715
  • Int64.create() method for safe instance creation with canonical zero representation o1-labs/o1js#1735
  • New V2 methods for Int64 operations: fromObjectV2, divV2() o1-labs/o1js#1735
  • Experimental.BatchReducer to reduce actions in batches o1-labs/o1js#1676
    • Avoids the account update limit
    • Handles arbitrary numbers of pending actions thanks to recursive validation of the next batch
  • Add conditional versions of all preconditions: .requireEqualsIf() o1-labs/o1js#1676
  • AccountUpdate.createIf() to conditionally add an account update to the current transaction o1-labs/o1js#1676
  • IndexedMerkleMap.setIf() to set a key-value pair conditionally o1-labs/o1js#1676
  • Provable.assertEqualIf() to conditionally assert that two values are equal o1-labs/o1js#1676
  • Add offchainState.setContractClass() which enables us to declare the connected contract at the top level, without creating a contract instance o1-labs/o1js#1676
    • This is enough to call offchainState.compile()
  • More low-level methods to interact with MerkleList o1-labs/o1js#1676
    • popIfUnsafe(), toArrayUnconstrained() and lengthUnconstrained()

Changed

Deprecated

  • Deprecated Nullifier.isUnused(), Nullifier.assertUnused(), and Nullifier.setUsed() methods o1-labs/o1js#1715
  • createEcdsa, createForeignCurve, ForeignCurve and EcdsaSignature deprecated in favor of V2 versions due to a security vulnerability found in the current implementation o1-labs/o1js#1703
  • Int64 constructor, recommending Int64.create() instead o1-labs/o1js#1735
  • Original div() and fromObject, methods in favor of V2 versions o1-labs/o1js#1735

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Jul 25 '24 15:07 dependabot[bot]