Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release v11.2.2 #918

Merged
merged 9 commits into from
Feb 12, 2024
Merged

Release v11.2.2 #918

merged 9 commits into from
Feb 12, 2024

Conversation

Shaptic
Copy link
Contributor

@Shaptic Shaptic commented Jan 29, 2024

This should include the following fixes:

Note that #916 has intentionally been excluded from this patch release. There will come a future major release in which we drop support for TypeScript 5 and other outdated tooling that will incorporate this change with enough warning to downstream systems.

@Shaptic Shaptic requested a review from sreuland January 29, 2024 22:10
Copy link

socket-security bot commented Jan 29, 2024

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@babel/cli@7.23.9 Transitive: environment, eval, filesystem, network, shell, unsafe +84 10.5 MB nicolo-ribaudo
npm/@babel/core@7.23.9 environment, filesystem, unsafe Transitive: shell +51 8.8 MB nicolo-ribaudo
npm/@babel/eslint-parser@7.23.10 unsafe Transitive: environment, eval, filesystem, shell +151 19.8 MB nicolo-ribaudo
npm/@babel/helper-create-class-features-plugin@7.23.10 Transitive: environment, filesystem, shell, unsafe +57 9.24 MB nicolo-ribaudo
npm/@babel/parser@7.23.9 None 0 1.88 MB nicolo-ribaudo
npm/@babel/preset-env@7.23.9 environment Transitive: filesystem, shell, unsafe +159 12.7 MB nicolo-ribaudo
npm/@babel/template@7.23.9 Transitive: environment +15 4.59 MB nicolo-ribaudo
npm/@babel/types@7.23.9 environment +3 2.49 MB nicolo-ribaudo
npm/@stellar/stellar-base@11.0.0 Transitive: environment, filesystem +13 41.3 MB bartekn, cassiomg, fnando_sdf, ...5 more
npm/@types/node@20.11.17 None +1 4.07 MB types
npm/@typescript-eslint/parser@6.21.0 Transitive: environment, eval, filesystem, shell, unsafe +120 45.8 MB jameshenry
npm/@typescript-eslint/types@6.21.0 None 0 156 kB jameshenry
npm/@typescript-eslint/typescript-estree@6.21.0 Transitive: environment, filesystem +34 34.7 MB jameshenry
npm/@typescript-eslint/utils@6.21.0 Transitive: environment, eval, filesystem, shell, unsafe +122 46.1 MB jameshenry
npm/array-buffer-byte-length@1.0.1 Transitive: eval +12 245 kB ljharb
npm/available-typed-arrays@1.0.6 None 0 20.4 kB ljharb
npm/axios@1.6.7 network Transitive: environment, filesystem +8 2.21 MB jasonsaayman
npm/browserslist@4.22.3 environment, filesystem Transitive: shell +5 401 kB ai
npm/call-bind@1.0.6 Transitive: eval +10 214 kB ljharb
npm/chokidar@3.6.0 environment, filesystem +14 531 kB paulmillr
npm/define-data-property@1.1.3 Transitive: eval +8 173 kB ljharb
npm/es-errors@1.3.0 None 0 12.3 kB ljharb
npm/get-intrinsic@1.2.4 eval +5 124 kB ljharb
npm/has-tostringtag@1.0.2 None +1 38.2 kB ljharb
npm/ignore@5.3.1 None 0 51.5 kB kael
npm/is-array-buffer@3.0.4 Transitive: eval +11 232 kB ljharb
npm/is-typed-array@1.1.13 Transitive: eval +16 359 kB ljharb
npm/karma-webpack@5.0.1 filesystem Transitive: environment, eval, network, shell, unsafe +89 18.1 MB evilebottnawi
npm/lint-staged@15.2.2 Transitive: environment, filesystem, shell +54 2.48 MB okonet
npm/mocha@10.3.0 environment, eval, filesystem +58 4.24 MB joshuakgoldberg
npm/prettier@3.2.5 None 0 8.39 MB azz, duailibe, fisker, ...8 more
npm/webpack@5.90.1 environment, filesystem, network, unsafe Transitive: eval, shell +75 17.5 MB evilebottnawi
npm/which-typed-array@1.1.14 Transitive: eval +15 336 kB ljharb

🚮 Removed packages: npm/@babel/cli@7.23.4, npm/@babel/core@7.23.7, npm/@babel/eslint-parser@7.23.3, npm/@babel/helper-create-class-features-plugin@7.23.7, npm/@babel/parser@7.23.6, npm/@babel/preset-env@7.23.8, npm/@babel/types@7.23.6, npm/@stellar/stellar-base@10.0.2, npm/@types/node@20.11.5, npm/@typescript-eslint/parser@6.19.1, npm/@typescript-eslint/types@6.19.1, npm/@typescript-eslint/typescript-estree@6.19.1, npm/@typescript-eslint/utils@6.19.1, npm/axios@1.6.5, npm/browserslist@4.22.2, npm/call-bind@1.0.5, npm/define-data-property@1.1.1, npm/get-intrinsic@1.2.2, npm/ignore@5.3.0, npm/is-array-buffer@3.0.2, npm/is-typed-array@1.1.12, npm/karma-webpack@5.0.0, npm/lint-staged@15.2.0, npm/mocha@10.2.0, npm/prettier@3.2.4, npm/which-typed-array@1.1.13

View full report↗︎

Copy link

socket-security bot commented Jan 29, 2024

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/chokidar@3.6.0, npm/webpack@5.90.1

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

Copy link

github-actions bot commented Jan 29, 2024

Size Change: +20.9 kB (0%)

Total Size: 11.4 MB

Filename Size Change
dist/stellar-sdk.js 6.31 MB +12.6 kB (0%)
dist/stellar-sdk.min.js 5.08 MB +8.26 kB (0%)

compressed-size-action

@Shaptic Shaptic requested a review from a team January 29, 2024 22:47
@Shaptic Shaptic requested a review from tamirms February 12, 2024 20:27
@Shaptic
Copy link
Contributor Author

Shaptic commented Feb 12, 2024

Both of these packages are only used during development and at packaging time. webpack is obvious, and chokidar is transient through other build tools:

yarn why chokidar
[...]
=> Found "chokidar@3.6.0"
info Reasons this module exists
   - Hoisted from "@babel#cli#chokidar"
   - Hoisted from "karma#chokidar"
[...]
=> Found "mocha#chokidar@3.5.3"
info This module exists because "mocha" depends on it.
[...]

Thus, merging this PR introduces expected and acceptable dependency changes.

@Shaptic
Copy link
Contributor Author

Shaptic commented Feb 12, 2024

@SocketSecurity ignore npm/webpack@5.90.1
@SocketSecurity ignore npm/chokidar@3.6.0

@Shaptic Shaptic merged commit 4c42a4d into master Feb 12, 2024
9 checks passed
@Shaptic Shaptic deleted the v11.2.2 branch February 12, 2024 20:36
chadoh added a commit to AhaLabs/js-stellar-sdk that referenced this pull request Mar 5, 2024
* master:
  Drop all usage of array-based passing (stellar#924)
  Release v11.2.2 (stellar#918)
  Ensure that event streaming tests write a valid stream (stellar#917)
  Release v11.2.1 (stellar#913)
  Eliminating `utility-types` dependency entirely (stellar#912)
  Prepare v11.2.0 for release (stellar#908)
  Update README to flow better (stellar#907)
  Add support for new `sendTransaction` response field (stellar#905)
  Export the individual event response instance (stellar#904)
  Bump follow-redirects from 1.15.3 to 1.15.4 (stellar#906)
  Update examples to use new module and package structure. (stellar#900)
chadoh added a commit to AhaLabs/js-stellar-sdk that referenced this pull request Mar 5, 2024
* master:
  Drop all usage of array-based passing (stellar#924)
  Release v11.2.2 (stellar#918)
  Ensure that event streaming tests write a valid stream (stellar#917)
  Release v11.2.1 (stellar#913)
  Eliminating `utility-types` dependency entirely (stellar#912)
  Prepare v11.2.0 for release (stellar#908)
  Update README to flow better (stellar#907)
  Add support for new `sendTransaction` response field (stellar#905)
  Export the individual event response instance (stellar#904)
  Bump follow-redirects from 1.15.3 to 1.15.4 (stellar#906)
  Update examples to use new module and package structure. (stellar#900)
Shaptic added a commit that referenced this pull request Mar 12, 2024
* Update examples to use new module and package structure. (#900)

* Fixup deprecation to specify exact version
* Upgrade references to use latest modules

* Bump follow-redirects from 1.15.3 to 1.15.4 (#906)

Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.3 to 1.15.4.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.3...v1.15.4)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Export the individual event response instance (#904)

* Add support for new `sendTransaction` response field (#905)

* Add checks to ensure incorrect fields don't sneak in

* Update README to flow better (#907)

* Prepare v11.2.0 for release (#908)

* Upgrade all dependencies besides chai
* Add changelog entries

* Eliminating `utility-types` dependency entirely (#912)

Eliminated the 'utility-types' package since its functionalities are likely
replaced by native TypeScript features. This change includes cleaning up imports
and references in the codebase and updating the package.json and yarn.lock
accordingly, resulting in a leaner dependency graph and potentially reducing
installation times and package size.

Co-authored-by: Sérgio Luis <sergiocl@airtm.io>

* Release v11.2.1 (#913)

* Upgrade dependencies and stellar-base

* fix: stop using TimeoutInfinite

* optional simulate & wallet, editable TransactionBuilder

- Can now pass an `account` OR `wallet` when constructing the
  ContractClient, or none! If you pass none, you can still make view
  calls, since they don't need a signer. You will need to pass a
  `wallet` when calling things that need it, like `signAndSend`.

- You can now pass `simulate: false` when first creating your
  transaction to skip simulation. You can then modify the transaction
  using the TransactionBuilder at `tx.raw` before manually calling
  `simulate`. Example:

      const tx = await myContract.myMethod(
        { args: 'for', my: 'method', ... },
        { simulate: false }
      );
      tx.raw.addMemo(Memo.text('Nice memo, friend!'))
      await tx.simulate();

- Error types are now collected under `AssembledTransaction.Errors` and
  `SentTransaction.Errors`.

* Ensure that event streaming tests write a valid stream (#917)
* Release v11.2.2 (#918)
* export ExampleNodeWallet from lib

Tyler van der Hoeven thought this would be useful.

The current place it's exported from is surpassingly silly. But it
functions properly and the tests fail the same way they failed before.

* Drop all usage of array-based passing (#924)

* feat(e2e-tests): new account & contract per test

- New `clientFor` that instantiates a ContractClient for given
  contract, as well as initializes a new account, funding it with
  friendbot
- Can also use `generateFundedKeypair` directly, as with test-swap
- Stop generating anything in initialize.sh. Just check that the network
  is running and the pinned binary is installed, and fund the
  `$SOROBAN_ACCOUNT`.

  Ideally we wouldn't use the binary at all, but for now the tests are
  still shelling out to the CLI, so it's worth keeping the pinning
  around

* wallet/signer only needs three methods

* feat: no more `Wallet` interface

Instead, just accept the things that Wallet contained.

This avoids the conundrum of what to call the thing.

- `Wallet` seems too high-level. Too high-level to be the concern of
  stellar-sdk, and too high-level for the thing being described here.
  It's really just two functions: `signTransaction` and `signAuthEntry`.
- No need for this thing to defined `getPublicKey`, let alone any of the
  more complicated wrappers around it that it used to. Just have people
  pass in a `publicKey`. For convenience' sake, I also allowed this to
  be a Promise of a string, so that you don't need to instantiate
  ContractClient asynchronously, instead doing something like:

      new ContractClient({
        publicKey: asyncPublicKeyLookupFromWallet(),
        ...
      })

  This helps when getting public keys in a browser environment, where
  public key lookup is async, and adds little complexity to the logic
  here.

* rm getAccount from exposed interface

* make simulation public; wrap comments

* explicit allowHttp

* test(ava): set timeout to 2m

* build: move ExampleNodeWallet to own entrypoint

No need to pollute the global API or bundle size with this.

* build: move ContractClient & AssembledTransaction

These are a bit higher-level and experimental, at this point, so let's
not clutter the global API or the bundle size unless people really want
it.

* fix: allow overriding 'publicKey' for 'signAuthEntries'

* feat(contract-client): require publicKey

* fix: use Networks from stellar-base

* doc: explain 'errorTypes' param

* build: ContractClient-related things in one dir

* typo

* move primitive type defs to contractclient

* rm ContractClient.generate; do it in constructor

* feat: separate rust_types to own import path

* feat: don't make people import and use Networks enum

I personally find TS enums a little surprising to work with, and my own
codebases already have network passphrases littered throughout. I think
we can upgrade to use the enum later, after more discussion about the
exact interface. Let's not tangle that up in this change.

* doc: include rust_types readme info in build

the README.md file is not included in the `lib/rust_types` built
version, so it's better to include it in a file that people can find by
using the go-to-definition function in their editor, such as a
`rust_types.ts` file directly, which gets built as
`lib/rust_types.d.ts`.

* build: make it easier to import rust_types

* feat: basicNodeSigner as a plain-object factory

Our suggested approach of spreading `signer` into `ContractClient`
constructors causes typing issues, since `networkPassphrase` is a
private field inside BasicNodeSigner. This means the `signer` needs to
be spread in before the inclusion of `networkPassphrase`, otherwise it
gets overwritten with `undefined` (or maybe TypeScript just thinks it
will get overwritten).

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: George <Shaptic@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sérgio Luis <sergiolclem@gmail.com>
Co-authored-by: Sérgio Luis <sergiocl@airtm.io>
chadoh added a commit to AhaLabs/js-stellar-sdk that referenced this pull request Mar 14, 2024
* master:
  Move TypeScript to devDependencies to reduce bundle size (stellar#926)
  Drop all usage of array-based passing (stellar#924)
  Release v11.2.2 (stellar#918)
  Ensure that event streaming tests write a valid stream (stellar#917)
  Release v11.2.1 (stellar#913)
  Eliminating `utility-types` dependency entirely (stellar#912)
  Prepare v11.2.0 for release (stellar#908)
  Update README to flow better (stellar#907)
  Add support for new `sendTransaction` response field (stellar#905)
  Export the individual event response instance (stellar#904)
  Bump follow-redirects from 1.15.3 to 1.15.4 (stellar#906)
  Update examples to use new module and package structure. (stellar#900)
Shaptic added a commit that referenced this pull request Mar 20, 2024
* Add generation of contract clients and an `AssembledTransaction` abstraction (#891)
- new e2e tests copied from cli `ts-tests` for the generated bindings, but
  with TypeScript removed because the ContractClient is generated here
  dynamically at run time, so we cannot know the types at compile time in
  the tests.
- generate JSON specs from local .wasm files during initiaze.sh instead
  of generating TS bindings. As explained in the new wasms/specs/README,
  this is a bummer, but is temporary
* Update soroban-cli and sync with upstream `master` (#911)

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: George <Shaptic@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Make simulation optional, simplify wallet/signer interface (#921)

* Update examples to use new module and package structure. (#900)

* Fixup deprecation to specify exact version
* Upgrade references to use latest modules

* Bump follow-redirects from 1.15.3 to 1.15.4 (#906)

Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.3 to 1.15.4.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.3...v1.15.4)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Export the individual event response instance (#904)

* Add support for new `sendTransaction` response field (#905)

* Add checks to ensure incorrect fields don't sneak in

* Update README to flow better (#907)

* Prepare v11.2.0 for release (#908)

* Upgrade all dependencies besides chai
* Add changelog entries

* Eliminating `utility-types` dependency entirely (#912)

Eliminated the 'utility-types' package since its functionalities are likely
replaced by native TypeScript features. This change includes cleaning up imports
and references in the codebase and updating the package.json and yarn.lock
accordingly, resulting in a leaner dependency graph and potentially reducing
installation times and package size.

Co-authored-by: Sérgio Luis <sergiocl@airtm.io>

* Release v11.2.1 (#913)

* Upgrade dependencies and stellar-base

* fix: stop using TimeoutInfinite

* optional simulate & wallet, editable TransactionBuilder

- Can now pass an `account` OR `wallet` when constructing the
  ContractClient, or none! If you pass none, you can still make view
  calls, since they don't need a signer. You will need to pass a
  `wallet` when calling things that need it, like `signAndSend`.

- You can now pass `simulate: false` when first creating your
  transaction to skip simulation. You can then modify the transaction
  using the TransactionBuilder at `tx.raw` before manually calling
  `simulate`. Example:

      const tx = await myContract.myMethod(
        { args: 'for', my: 'method', ... },
        { simulate: false }
      );
      tx.raw.addMemo(Memo.text('Nice memo, friend!'))
      await tx.simulate();

- Error types are now collected under `AssembledTransaction.Errors` and
  `SentTransaction.Errors`.

* Ensure that event streaming tests write a valid stream (#917)
* Release v11.2.2 (#918)
* export ExampleNodeWallet from lib

Tyler van der Hoeven thought this would be useful.

The current place it's exported from is surpassingly silly. But it
functions properly and the tests fail the same way they failed before.

* Drop all usage of array-based passing (#924)

* feat(e2e-tests): new account & contract per test

- New `clientFor` that instantiates a ContractClient for given
  contract, as well as initializes a new account, funding it with
  friendbot
- Can also use `generateFundedKeypair` directly, as with test-swap
- Stop generating anything in initialize.sh. Just check that the network
  is running and the pinned binary is installed, and fund the
  `$SOROBAN_ACCOUNT`.

  Ideally we wouldn't use the binary at all, but for now the tests are
  still shelling out to the CLI, so it's worth keeping the pinning
  around

* wallet/signer only needs three methods

* feat: no more `Wallet` interface

Instead, just accept the things that Wallet contained.

This avoids the conundrum of what to call the thing.

- `Wallet` seems too high-level. Too high-level to be the concern of
  stellar-sdk, and too high-level for the thing being described here.
  It's really just two functions: `signTransaction` and `signAuthEntry`.
- No need for this thing to defined `getPublicKey`, let alone any of the
  more complicated wrappers around it that it used to. Just have people
  pass in a `publicKey`. For convenience' sake, I also allowed this to
  be a Promise of a string, so that you don't need to instantiate
  ContractClient asynchronously, instead doing something like:

      new ContractClient({
        publicKey: asyncPublicKeyLookupFromWallet(),
        ...
      })

  This helps when getting public keys in a browser environment, where
  public key lookup is async, and adds little complexity to the logic
  here.

* rm getAccount from exposed interface

* make simulation public; wrap comments

* explicit allowHttp

* test(ava): set timeout to 2m

* build: move ExampleNodeWallet to own entrypoint

No need to pollute the global API or bundle size with this.

* build: move ContractClient & AssembledTransaction

These are a bit higher-level and experimental, at this point, so let's
not clutter the global API or the bundle size unless people really want
it.

* fix: allow overriding 'publicKey' for 'signAuthEntries'

* feat(contract-client): require publicKey

* fix: use Networks from stellar-base

* doc: explain 'errorTypes' param

* build: ContractClient-related things in one dir

* typo

* move primitive type defs to contractclient

* rm ContractClient.generate; do it in constructor

* feat: separate rust_types to own import path

* feat: don't make people import and use Networks enum

I personally find TS enums a little surprising to work with, and my own
codebases already have network passphrases littered throughout. I think
we can upgrade to use the enum later, after more discussion about the
exact interface. Let's not tangle that up in this change.

* doc: include rust_types readme info in build

the README.md file is not included in the `lib/rust_types` built
version, so it's better to include it in a file that people can find by
using the go-to-definition function in their editor, such as a
`rust_types.ts` file directly, which gets built as
`lib/rust_types.d.ts`.

* build: make it easier to import rust_types

* feat: basicNodeSigner as a plain-object factory

Our suggested approach of spreading `signer` into `ContractClient`
constructors causes typing issues, since `networkPassphrase` is a
private field inside BasicNodeSigner. This means the `signer` needs to
be spread in before the inclusion of `networkPassphrase`, otherwise it
gets overwritten with `undefined` (or maybe TypeScript just thinks it
will get overwritten).

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: George <Shaptic@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sérgio Luis <sergiolclem@gmail.com>
Co-authored-by: Sérgio Luis <sergiocl@airtm.io>

* fix(contract-client): stop jsifying method names

This implementation needs to match what is done in the TS Bindings in
Rust. Keeping "JSification" logic consistent in both is not worth the
slight nicety of allowing people to type camelCaseMethodNames in JS.

Additionally, having camelCaseMethodNames in one context when the real
method name is probably_snake_case could lead to confusion. If someone
types a camelCaseName in their CLI, the CLI will complain, and they
might not know what's going on.

* docs(contract-client): clean api, write a book

Yes, a whole book about AssembledTransaction. It needed documentation;
why not make it useful.

This also removes an obsolute method, marks a couple as private,
adds detail to other comments, fixes the `fee` type, updates
SentTransaction docs, and organizes the code a bit.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: George <Shaptic@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sérgio Luis <sergiolclem@gmail.com>
Co-authored-by: Sérgio Luis <sergiocl@airtm.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants