Fix server signature verification in Utils.readChallengeTx. The function was not verifying the server account had signed the challenge transaction. Refer to the advisory for more details.
v8.2.2
Fix
Fixes a breaking bug introduced in v8.2.0 in which AccountResponse no longer conformed to the StellarBase.Account interface, which was updated in stellar-base@v5.2.0 [(#655)](stellar/js-stellar-sdk#655).
v8.2.1
Fix
A defunct query paramater (?c=[...]) has been removed now that Horizon properly sends Cache-Control headers [(#652)](stellar/js-stellar-sdk#652).
v8.2.0
Add
Added support for querying the relevant transactions and operations for a claimable balance [(#628)](stellar/js-stellar-sdk#628):
TransactionCallBuilder.forClaimableBalance(): builds a query to /claimable_balances/:id/transactions/
OperationCallBuilder.forClaimableBalance(): builds a query to /claimable_balances/:id/operations/
accounts - a breakdown of accounts using this asset by authorization type
balances - a breakdown of balances by account authorization type
num_claimable_balances - the number of pending claimable balances
claimable_balances_amount - the total balance of pending claimable balances
Added types for all Effects supported as an enum, and moved Trade, Asset, Offer, and Account types to separate files [(#635)](stellar/js-stellar-sdk#635).
The /accounts endpoint now resolves the flags.auth_clawback_enabled field.
The operation responses for clawback, clawbackClaimableBalance, and setTrustLineFlags are now defined.
The operation response for setOptions has been updated to show auth_clawback_enabled.
v8.1.1
Fix
PROTOCOL 17 SUPPORT: Upgraded js-stellar-base package to version ^5.1.0 from ^5.0.0 to expose the Typescript hints for CAP-35 operations [(#629)](stellar/js-stellar-sdk#629).
A summary of the changes introduced by Protocol 17 (to the base library and the SDK) is as follows:
New operations: ClawbackOp, ClawbackClaimableBalanceOp, and SetTrustLineFlagsOp
Deprecations: SetTrustLineFlagsOp now supercedes the old AllowTrustOp
New effects: trustline_flags_updated and claimable_balance_clawed_back
Deprecations: trustline_flags_updated supercedes the old trustline_authorized, trustline_authorized_to_maintain_liabilities, and trustline_deauthorized effects
Fixes a breaking bug introduced in v8.2.0 in which AccountResponse no longer conformed to the StellarBase.Account interface, which was updated in stellar-base@v5.2.0 [(#655)](stellar/js-stellar-sdk#655).
accounts - a breakdown of accounts using this asset by authorization type
balances - a breakdown of balances by account authorization type
num_claimable_balances - the number of pending claimable balances
claimable_balances_amount - the total balance of pending claimable balances
Added types for all Effects supported as an enum, and moved Trade, Asset, Offer, and Account types to separate files [(#635)](stellar/js-stellar-sdk#635).
Upgraded js-stellar-base package to version ^5.1.0 from ^5.0.0 to expose the Typescript hints for CAP-35 operations [(#629)](stellar/js-stellar-sdk#629).
... (truncated)
Commits
6f0bb88 Merge pull request from GHSA-6cgh-hjpw-q3gq
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/stellar/kelp/network/alerts).
Bumps stellar-sdk from 3.3.0 to 8.2.3.
Release notes
Sourced from stellar-sdk's releases.
... (truncated)
Changelog
Sourced from stellar-sdk's changelog.
... (truncated)
Commits
6f0bb88Merge pull request from GHSA-6cgh-hjpw-q3gqac46a8dRelease v8.2.2 (#656)428a5c5Make AccountResponse conform to the StellarBase.Account interface. (#655)fad208dBump version and CHANGELOG for v8.2.1 release. (#654)d278ea3Remove defunct c query param, now that horizon sends cache-control headers (#...eac8519Update version for v8.2.0 (#650)72634e5Bump only the js-stellar-base integrity (#648)b1e09d4Fix broken links to js-stellar-base repo in release instructions (#647)a7aed3fUpdates CHANGELOG with more details since latest release. (#639)e6c622eProvide types for effects (closes #299).Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/stellar/kelp/network/alerts).