Skip to content

Releases: onflow/cadence

v1.0.3

21 Nov 17:49
Compare
Choose a tag to compare

What's Changed

🐞 Bug Fixes

Other Changes

  • Merge release/v1.0.2 to v1.0 by @github-actions in #3655

Full Changelog: v1.0.2...v1.0.3

v1.0.2

19 Nov 23:52
Compare
Choose a tag to compare

What's Changed

🐞 Bug Fixes

Other Changes

  • Merge release/v1.0.1 to v1.0 by @github-actions in #3605

Full Changelog: v1.0.1...v1.0.2

v1.2.1

22 Oct 18:33
Compare
Choose a tag to compare

What's Changed

πŸ›  Improvements

πŸ“– Documentation

  • Update release docs with a section for versioning strategy by @SupunS in #3629

Other Changes

  • Re-enable and update the Source Compatiblity Suite GitHub action by @turbolent in #3632
  • Merge release/v1.2.0 to master by @github-actions in #3633

Full Changelog: v1.2.0...v1.2.1

v1.2.0

22 Oct 18:33
Compare
Choose a tag to compare

What's Changed

Other Changes

  • Merge release/v1.1.0 to master by @github-actions in #3628
  • Move Crypto contract on-chain by @turbolent in #3619
  • Cleanup outdated FT/NFT related contract codes and tests by @SupunS in #3630

Full Changelog: v1.1.0...v1.2.0

v1.1.0

18 Oct 19:44
Compare
Choose a tag to compare

What's Changed

πŸ’₯ Go API Breaking Chance

  • Move subdirectories under runtime to top level by @SupunS in #3620

⭐ Features

πŸ›  Improvements

🐞 Bug Fixes

πŸ§ͺ Testing

Other Changes

Full Changelog: v1.0.1...v1.1.0

v1.0.1

08 Oct 20:28
Compare
Choose a tag to compare

What's Changed

🐞 Bug Fixes

Other Changes

Full Changelog: v1.0.0...v1.0.1

v1.0.0

26 Sep 22:16
878f55e
Compare
Choose a tag to compare

We are excited to announce the release of Cadence v1.0! πŸŽ‰

Starting with this release, there will be no more planned breaking changes going forward! πŸš€

Reflecting two years of work since the last major milestone in 2022, v0.24 (Secure Cadence), and the culmination of five years of work since the inception of Cadence in 2019, Cadence 1.0 is a milestone marking several significant enhancements. This release introduces full forward compatibility, enhanced composability through Attachments, and significant performance improvements.

We would like to thank all contributors and community members for their great feedback and amazing contributions – this would have not been possible without you! πŸ™‡

To learn more, visit https://flow.com/upgrade/crescendo/cadence-1.

πŸ’« New features

Attachments

Attachments allow developers to extend a struct or resource type (even one that they did not declare) with new functionality and data, without requiring the original author of the type to plan or account for it.

This feature allows developers to easily build on and extend any existing application, significantly improving the composability story of Cadence.

Entitlements and Safe Downcasting

In Cadence 1.0, access control has improved significantly.

Previously, Cadence’s main access-control mechanism, restricted reference types, has been a source of confusion and mistakes for contract developers. Additionally, references could not be downcast, leading to ergonomic issues.

Access control is now handled using a new feature called Entitlements. A reference can now be β€œentitled” to certain facets of an object.

References can now always be down-casted, the standalone auth modifier is not necessary anymore, and got removed.

Entitled Account Access

Previously, access to accounts was granted wholesale: Users would sign a transaction, authorizing the code of the transaction to perform any kind of operation, for example, write to storage, but also add keys or contracts.

Users had to trust that a transaction would only perform supposed access, e.g. storage access to withdraw tokens, but still had to grant full access, which would allow the transaction to perform other operations.

Dapp developers who require users to sign transactions are now able to request the minimum amount of access to perform the intended operation, i.e. developers are able to follow the principle of least privilege (PoLA).

With the introduction of entitlements, this access is now expressed using entitlements and references.

Access to administrative account operations, such as writing to storage, adding keys, or adding contracts, is now gated by both coarse grained entitlements (e.g. Storage, which grants access to all storage related functions, and Keys, which grants access to all key management functions), as well as fine-grained entitlements (e.g. SaveValue to save a value to storage, or AddKey to add a new key to the account).

Transactions can now request the particular entitlements necessary to perform the operations in the transaction.

View Functions

View functions allow developers to improve the reliability and safety of their programs, and helps them to reason about the effects of their and the programs of others.

Developers can mark their functions as view, which disallows the function from performing state changes. That also makes the intent of functions clear to other programmers, as it allows them to distinguish between functions that change state and ones that do not.

Interface Inheritance

Previously, interfaces could not inherit from other interfaces, which required developers to repeat code. Interface inheritance allows code abstraction and code reuse.

Interfaces can now inherit from other interfaces of the same kind. This makes it easier for developers to structure their conformances and reduces a lot of redundant code.

Capability Controllers

Cadence encourages a capability-based security model. Capabilities are themselves a new concept that most Cadence programmers need to understand.

The existing linking-based capability API has been replaced by a more powerful and easier to use API based on the notion of Capability Controllers. The new API makes the creation of new and the revocation of existing capabilities simpler.

External Mutation Safety

External Mutation Safety prevents a common safety foot-gun, unintentionally granting mutable access to nested data.

The mutability of containers (updating a field of a composite value, key of a map, or index of an array) through references has changed: When a field/element is accessed through a reference, a reference to the accessed inner object is returned, instead of the actual object. These returned references are unauthorized by default, and the author of the object (struct/resource/etc.) can control what operations are permitted on these returned references by using entitlements and entitlement mappings.

Event Definition And Emission In Interfaces

Contract interfaces may now define event types, and these events can be emitted from function conditions and default implementations in those contract interfaces.

Force Destruction of Resources

All resources are now guaranteed to be destroyable.

It was previously possible to panic in the body of a resource or attachment’s destroy method, effectively preventing the destruction or removal of that resource from an account. This could be used as an attack vector by handing people undesirable resources or hydrating resources to make them extremely large or otherwise contain undesirable content.

Contracts may no longer define destroy functions on their resources, and are no longer required to explicitly handle the destruction of resource fields. These will instead be implicitly
destroyed whenever a resource is destroyed.

Additionally, developers may define a ResourceDestroyed event which will be emitted whenever a resource of that type is destroyed.

Inlined and Deduplicated Storage

Cadence uses the Atree library for storing objects. Cadence 1.0 integrates Atree v0.8.0, which inlines and deduplicates stored data, which significantly reduces the amount of data stored and memory need. On Flow Testnet, this reduced memory usage by ~1/2 without sacrificing speed.

For more information, visit the release page https://github.com/onflow/atree/releases/tag/v0.8.0

⚑ Breaking Improvements

Many of the improvements of Cadence 1.0 fundamentally change how Cadence works and how it is used. That also means it was necessary to break existing code to release this version, which guarantees stability (no more planned breaking changes) going forward.

As breaking changes are simply no longer acceptable after Cadence 1.0, we used this last chance to fix and improve Cadence, ensuring it delivers on its promise of being a language that provides security and safety, while also enabling composability and simplicity.

We appreciate that updating existing code can be challenging for developers. However, we believe these improvements are worthwhile, as they make Cadence development significantly more powerful and efficient, enabling developers to write and deploy immutable contracts.

The improvements were intentionally bundled into one release to avoid breaking Cadence programs multiple times.

References to Resource-Kinded Values Get Invalidated When the Referenced Values Are Moved

References are now invalidated if the referenced resource is moved after the reference was taken. The reference is invalidated upon the first move, regardless of the origin and the destination.

Previously, when a reference is taken to a resource, that reference remains valid even if the resource was moved, for example when created and moved into an account, or moved from one account into another.

In other words, references to resources stayed alive forever. This could be a potential safety foot-gun, where one could gain/give/retain unintended access to resources through references.

Conditions No Longer Allow State Changes

In the current version of Cadence, pre-conditions and post-conditions may perform state changes, e.g. by calling a function that performs a mutation. This may result in unexpected behavior, which might lead to bugs.

To make conditions predictable, they are no longer allowed to perform state changes.

Pre-conditions and post-conditions are now considered view contexts, meaning that any operations that would be prevented inside of a view function are also not permitted in a pre-condition or post-condition.

This is to prevent underhanded code wherein a user modifies global or contract state inside of a condition, where they are meant to simply be asserting properties of that state.

Semantics for Variables in For-Loop Statements Got Improved

The behavior of for-in loops improved, so that a new iteration variable is introduced for each iteration.

Previously, the iteration variable of for-in loops was re-assigned on each iteration.

Even though this is a common behavior in many programming languages, it is surprising behavior and a source of bugs.

The behavior was improved to the often assumed/expected behavior of a new iteration variable being introduced for each iteration, which reduces the likelihood for a bug.

Restricted Types Got Replaced with Intersection Types

With the improvements to access control enabled by entitlements and safe down-casting, the restricted type feature is redundant.
...

Read more

v1.0.0-preview.52

31 Aug 15:01
Compare
Choose a tag to compare
v1.0.0-preview.52 Pre-release
Pre-release

What's Changed

πŸ›  Improvements

🐞 Bug Fixes

  • Handle unmigrated path capabilities and path links in Account.capabilities functions by @turbolent in #3562

πŸ§ͺ Testing

  • Add contract-update test for removing a field from nested resource by @SupunS in #3559
  • Add test for modifying events during contract updates by @SupunS in #3561

Other Changes

  • Merge release/v1.0.0-preview.51 to master by @github-actions in #3558

Full Changelog: v1.0.0-preview.51...v1.0.0-preview.52

v1.0.0-preview.51

29 Aug 23:25
Compare
Choose a tag to compare
v1.0.0-preview.51 Pre-release
Pre-release

What's Changed

⭐ Features

🐞 Bug Fixes

πŸ§ͺ Testing

πŸ“– Documentation

Other Changes

  • Merge release/v1.0.0-preview.50 to master by @github-actions in #3549

Full Changelog: v1.0.0-preview.50...v1.0.0-preview.51

v1.0.0-preview.50

23 Aug 00:17
Compare
Choose a tag to compare
v1.0.0-preview.50 Pre-release
Pre-release

What's Changed

🐞 Bug Fixes

πŸ“– Documentation

Other Changes

  • Merge release/v1.0.0-preview.49 to master by @github-actions in #3545

Full Changelog: v1.0.0-preview.49...v1.0.0-preview.50