search

satoshipay / solar

🌞 Stellar wallet. Secure and user-friendly.
https://solarwallet.io
MIT License
192 stars 57 forks source link

Bump stellar-sdk from 7.0.0 to 8.2.3 #1261

Closed dependabot[bot] closed 3 years ago

dependabot[bot] commented 3 years ago

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps stellar-sdk from 7.0.0 to 8.2.3.

Release notes

Sourced from stellar-sdk's releases.

v8.2.3

Fix

  • Fix server signature verification in Utils.readChallengeTx. The function was not verifying the server account had signed the challenge transaction. Refer to the advisory for more details.

v8.2.2

Fix

v8.2.1

Fix

v8.2.0

Add

  • Added support for querying the relevant transactions and operations for a claimable balance [(#628)](stellar/js-stellar-sdk#628):

    • TransactionCallBuilder.forClaimableBalance(): builds a query to /claimable_balances/:id/transactions/
    • OperationCallBuilder.forClaimableBalance(): builds a query to /claimable_balances/:id/operations/

  • Added support for new stat fields on the /assets endpoint [(#628)](stellar/js-stellar-sdk#628):

    • accounts - a breakdown of accounts using this asset by authorization type
    • balances - a breakdown of balances by account authorization type
    • num_claimable_balances - the number of pending claimable balances
    • claimable_balances_amount - the total balance of pending claimable balances

  • Added types for all Effects supported as an enum, and moved Trade, Asset, Offer, and Account types to separate files [(#635)](stellar/js-stellar-sdk#635).

Update

  • Upgraded js-stellar-base package to version ^5.2.1 from ^5.1.0, refer to its release notes for more [(#639)](stellar/js-stellar-sdk#639):

    • opt-in support for muxed accounts (SEP-23)
    • exposing the AuthClawbackEnabled flag to Typescript to complete Protocol 17 support
    • fixing a public key parsing regression

  • Exposed more Protocol 17 (CAP-35) operations [(#633)](stellar/js-stellar-sdk#633):

    • The /accounts endpoint now resolves the flags.auth_clawback_enabled field.
    • The operation responses for clawback, clawbackClaimableBalance, and setTrustLineFlags are now defined.
    • The operation response for setOptions has been updated to show auth_clawback_enabled.

v8.1.1

Fix

  • PROTOCOL 17 SUPPORT: Upgraded js-stellar-base package to version ^5.1.0 from ^5.0.0 to expose the Typescript hints for CAP-35 operations [(#629)](stellar/js-stellar-sdk#629).

A summary of the changes introduced by Protocol 17 (to the base library and the SDK) is as follows:

  • New operations: ClawbackOp, ClawbackClaimableBalanceOp, and SetTrustLineFlagsOp
  • Deprecations: SetTrustLineFlagsOp now supercedes the old AllowTrustOp
  • New effects: trustline_flags_updated and claimable_balance_clawed_back
  • Deprecations: trustline_flags_updated supercedes the old trustline_authorized, trustline_authorized_to_maintain_liabilities, and trustline_deauthorized effects

... (truncated)

Changelog

Sourced from stellar-sdk's changelog.

v8.2.3

Fix

  • Fix server signature verification in Utils.readChallengeTx. The function was not verifying the server account had signed the challenge transaction.

v8.2.2

Fix

v8.2.1

Fix

v8.2.0

Add

  • Added support for querying the relevant transactions and operations for a claimable balance [(#628)](stellar/js-stellar-sdk#628):

    • TransactionCallBuilder.forClaimableBalance(): builds a query to /claimable_balances/:id/transactions/
    • OperationCallBuilder.forClaimableBalance(): builds a query to /claimable_balances/:id/operations/

  • Added support for new stat fields on the /assets endpoint [(#628)](stellar/js-stellar-sdk#628):

    • accounts - a breakdown of accounts using this asset by authorization type
    • balances - a breakdown of balances by account authorization type
    • num_claimable_balances - the number of pending claimable balances
    • claimable_balances_amount - the total balance of pending claimable balances

  • Added types for all Effects supported as an enum, and moved Trade, Asset, Offer, and Account types to separate files [(#635)](stellar/js-stellar-sdk#635).

Update

  • Upgraded js-stellar-base package to version ^5.2.1 from ^5.1.0, refer to its release notes for more [(#639)](stellar/js-stellar-sdk#639):

    • opt-in support for muxed accounts (SEP-23)
    • exposing the AuthClawbackEnabled flag to Typescript to complete Protocol 17 support
    • fixing a public key parsing regression

  • Exposed more Protocol 17 (CAP-35) operations [(#633)](stellar/js-stellar-sdk#633):

    • The /accounts endpoint now resolves the flags.auth_clawback_enabled field.
    • The operation responses for clawback, clawbackClaimableBalance, and setTrustLineFlags are now defined.
    • The operation response for setOptions has been updated to show auth_clawback_enabled.

v8.1.1

Fix

  • Upgraded js-stellar-base package to version ^5.1.0 from ^5.0.0 to expose the Typescript hints for CAP-35 operations [(#629)](stellar/js-stellar-sdk#629).

... (truncated)

Commits
  • 6f0bb88 Merge pull request from GHSA-6cgh-hjpw-q3gq
  • ac46a8d Release v8.2.2 (#656)
  • 428a5c5 Make AccountResponse conform to the StellarBase.Account interface. (#655)
  • fad208d Bump version and CHANGELOG for v8.2.1 release. (#654)
  • d278ea3 Remove defunct c query param, now that horizon sends cache-control headers (#...
  • eac8519 Update version for v8.2.0 (#650)
  • 72634e5 Bump only the js-stellar-base integrity (#648)
  • b1e09d4 Fix broken links to js-stellar-base repo in release instructions (#647)
  • a7aed3f Updates CHANGELOG with more details since latest release. (#639)
  • e6c622e Provide types for effects (closes #299).
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/satoshipay/solar/network/alerts).
dependabot[bot] commented 3 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.