Releases: dfinity/sdk
0.15.0
DFX
fix: added https://icp-api.io to the default Content-Security-Policy header
Existing projects will need to change this value in .ic-assets.json or .ic-assets.json5 to include https://icp-api.io
All projects will need to redeploy.
fix: access to raw assets is now enabled by default
The default value for allow_raw_access is now true. This means that by default, the frontend canister will no longer restrict the access of traffic to the <canister-id>.raw.icp0.io domain, and will no longer automatically redirect all requests to the certified domain (<canister-id>.icp0.io), unless configured explicitly.
Note that existing projects that specify "allow_raw_access": false in .ic-assets.json5 will need to change or remove this value manually in order to allow raw access.
feat!: Removed dfx nns and dfx sns commands
Both have now been turned into the dfx extensions. In order to obtain them, please run dfx extension install nns and dfx extension install sns respectively. After the installation, you can use them as you did before: dfx nns ..., and dfx sns ....
chore: add --use-old-metering flag
The use-old-metering flag enables old metering in replica. The new metering is enabled in the starter by default, so this flag is to compare the default new metering with the old one.
The flag is temporary and will be removed in a few months.
feat!: Removed dfx replica and dfx bootstrap commands
Use dfx start instead. If you have a good reason why we should keep these commands, please contribute to the discussion at https://github.com/dfinity/sdk/discussions/3163
fix: Wait for new module hash when installing wallet
A previous change made dfx wait after installing a canister until the replica updated its reported module hash, but this change did not affect wallets. Now dfx waits for wallets too, to eliminate a class of wallet installation errors.
fix: Ctrl-C right after dfx start will hang for minutes and panics
Early break out from actors starting procedure.
feat: can disable the warnings about using an unencrypted identity on mainnet
It's now possible to suppress warnings of this form:
WARN: The <identity> identity is not stored securely. Do not use it to control a lot of cycles/ICP. Create a new identity with `dfx identity new` and use it in mainnet-facing commands with the `--identity` flag
To do so, export the environment variable DFX_WARNING with the value -mainnet_plaintext_identity.
export DFX_WARNING="-mainnet_plaintext_identity"Note that this can be combined to also disable the dfx version check warning:
export DFX_WARNING="-version_check,-mainnet_plaintext_identity"fix!: restrict dfx identity new to safe characters
New identities like dfx identity new my/identity or dfx identity new 'my identity' can easily lead to problems, either for dfx internals or for usability.
New identities are now restricted to the characters ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz.-_@0123456789.
Existing identities are not affected by this change.
Frontend canister
NOTE: We've re-enabled response verification v2 in the asset canister.
fix: return asset certificate for cert v1 even if encoding does not match
For certification v1, if none of the requested encoding are certified but another encoding is certified, then the frontend canister once again returns the certificatie even though the response hash won't match.
This allows the verifying side to try to transform the response such that it matches the response hash.
For example, if only the encoding gzip is requested but the identity encoding is certified, the gzip encoding is returned with the certificate for the identity encoding.
The verifying side can then unzip the response and will have a valid certificate for the identity response.
fix: Certification for aliasing updates on asset deletion
Best explained by an example: Two assets exist with aliasing enabled: /content and /content.html. Usually, when requesting /content, /content.html is served because it has aliasing enabled.
But in this scenario, because /content exists, it overwrites the alias and /content is served when requesting the path /content.
When the file /content is deleted, /content is once again a valid alias of /content.html.
Previously, the alias of /content.html was not properly updated in the certification tree, making /content inaccessible.
fix: 404 response is now certified for certification v2
Certification v2 allows certifying arbitrary responses. If the requested file does not exist, and the fallback file (/index.html) does not exist either,
the frontend canister serves a HTTP 404 response. This response was previously not certified.
fix!: The CreateAsset batch operation now fails if the asset already exists
Previously, the operation was a no-op if the content type matched, but ignored other, possibly different, asset properties. Now, it fails with an error.
fix!: http_request_streaming_callback and get_chunk now require the sha256 parameter to be set
The http_request_streaming_callback() and get_chunk() methods use the sha256 parameter to ensure that the chunks they return are part of the same asset contents returned by the initial call. This parameter is now required to be Some(hash).
For http_request() and http_request_streaming_callback(), there should be no change: all callers of http_request_streaming_callback() are expected to pass the entire token returned by http_request(), which includes the sha256 parameter.
Any callers of get_chunk() should make sure to always pass the sha256 value returned by the get() method. It will always be present.
Dependencies
Motoko
Updated Motoko to 0.9.7
Updated candid to 0.9.0
Candid UI
- Module hash: b9173bb25dabe5e2b736a8f2816e68fba14ca72132f5485ce7b8f16a85737a17
- #3260
- #3252
- dfinity/candid#449
- dfinity/candid#453
Frontend canister
- Module hash: e20be8df2c392937a6ae0f70d20ff23b75e8c71d9085a8b8bb438b8c2d4eafe5
- #3337
- #3298
- #3256
- #3252
- #3249
- #3212
- #3227
Replica
Updated replica to elected commit cabe2ae3ca115b1a3f24d75814d4f8e317b2964d.
This incorporates the following executed proposals:
0.15.0-beta.6
DFX
fix: added https://icp-api.io to the default Content-Security-Policy header
Existing projects will need to change this value in .ic-assets.json or .ic-assets.json5 to include https://icp-api.io
All projects will need to redeploy.
fix: access to raw assets is now enabled by default
The default value for allow_raw_access is now true. This means that by default, the frontend canister will no longer restrict the access of traffic to the <canister-id>.raw.icp0.io domain, and will no longer automatically redirect all requests to the certified domain (<canister-id>.icp0.io), unless configured explicitly.
Note that existing projects that specify "allow_raw_access": false in .ic-assets.json5 will need to change or remove this value manually in order to allow raw access.
feat!: Removed dfx nns and dfx sns commands
Both have now been turned into the dfx extensions. In order to obtain them, please run dfx extension install nns and dfx extension install sns respectively. After the installation, you can use them as you did before: dfx nns ..., and dfx sns ....
chore: add --use-old-metering flag
The use-old-metering flag enables old metering in replica. The new metering is enabled in the starter by default, so this flag is to compare the default new metering with the old one.
The flag is temporary and will be removed in a few months.
feat!: Removed dfx replica and dfx bootstrap commands
Use dfx start instead. If you have a good reason why we should keep these commands, please contribute to the discussion at https://github.com/dfinity/sdk/discussions/3163
fix: Wait for new module hash when installing wallet
A previous change made dfx wait after installing a canister until the replica updated its reported module hash, but this change did not affect wallets. Now dfx waits for wallets too, to eliminate a class of wallet installation errors.
fix: Ctrl-C right after dfx start will hang for minutes and panics
Early break out from actors starting procedure.
feat: can disable the warnings about using an unencrypted identity on mainnet
It's now possible to suppress warnings of this form:
WARN: The <identity> identity is not stored securely. Do not use it to control a lot of cycles/ICP. Create a new identity with `dfx identity new` and use it in mainnet-facing commands with the `--identity` flag
To do so, export the environment variable DFX_WARNING with the value -mainnet_plaintext_identity.
export DFX_WARNING="-mainnet_plaintext_identity"Note that this can be combined to also disable the dfx version check warning:
export DFX_WARNING="-version_check,-mainnet_plaintext_identity"fix!: restrict dfx identity new to safe characters
New identities like dfx identity new my/identity or dfx identity new 'my identity' can easily lead to problems, either for dfx internals or for usability.
New identities are now restricted to the characters ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz.-_@0123456789.
Existing identities are not affected by this change.
Frontend canister
NOTE: We've re-enabled response verification v2 in the asset canister.
fix: return asset certificate for cert v1 even if encoding does not match
For certification v1, if none of the requested encoding are certified but another encoding is certified, then the frontend canister once again returns the certificatie even though the response hash won't match.
This allows the verifying side to try to transform the response such that it matches the response hash.
For example, if only the encoding gzip is requested but the identity encoding is certified, the gzip encoding is returned with the certificate for the identity encoding.
The verifying side can then unzip the response and will have a valid certificate for the identity response.
fix: Certification for aliasing updates on asset deletion
Best explained by an example: Two assets exist with aliasing enabled: /content and /content.html. Usually, when requesting /content, /content.html is served because it has aliasing enabled.
But in this scenario, because /content exists, it overwrites the alias and /content is served when requesting the path /content.
When the file /content is deleted, /content is once again a valid alias of /content.html.
Previously, the alias of /content.html was not properly updated in the certification tree, making /content inaccessible.
fix: 404 response is now certified for certification v2
Certification v2 allows certifying arbitrary responses. If the requested file does not exist, and the fallback file (/index.html) does not exist either,
the frontend canister serves a HTTP 404 response. This response was previously not certified.
fix!: The CreateAsset batch operation now fails if the asset already exists
Previously, the operation was a no-op if the content type matched, but ignored other, possibly different, asset properties. Now, it fails with an error.
fix!: http_request_streaming_callback and get_chunk now require the sha256 parameter to be set
The http_request_streaming_callback() and get_chunk() methods use the sha256 parameter to ensure that the chunks they return are part of the same asset contents returned by the initial call. This parameter is now required to be Some(hash).
For http_request() and http_request_streaming_callback(), there should be no change: all callers of http_request_streaming_callback() are expected to pass the entire token returned by http_request(), which includes the sha256 parameter.
Any callers of get_chunk() should make sure to always pass the sha256 value returned by the get() method. It will always be present.
Dependencies
Motoko
Updated Motoko to 0.9.7
Updated candid to 0.9.0
Candid UI
- Module hash: b9173bb25dabe5e2b736a8f2816e68fba14ca72132f5485ce7b8f16a85737a17
- #3260
- #3252
- dfinity/candid#449
- dfinity/candid#453
Frontend canister
- Module hash: e20be8df2c392937a6ae0f70d20ff23b75e8c71d9085a8b8bb438b8c2d4eafe5
- #3337
- #3298
- #3256
- #3252
- #3249
- #3212
- #3227
Replica
Updated replica to elected commit cabe2ae3ca115b1a3f24d75814d4f8e317b2964d.
This incorporates the following executed proposals:
0.15.0-beta.5
DFX
fix: added https://icp-api.io to the default Content-Security-Policy header
Existing projects will need to change this value in .ic-assets.json or .ic-assets.json5 to include https://icp-api.io
All projects will need to redeploy.
fix: access to raw assets is now enabled by default
The default value for allow_raw_access is now true. This means that by default, the frontend canister will no longer restrict the access of traffic to the <canister-id>.raw.icp0.io domain, and will no longer automatically redirect all requests to the certified domain (<canister-id>.icp0.io), unless configured explicitly.
Note that existing projects that specify "allow_raw_access": false in .ic-assets.json5 will need to change or remove this value manually in order to allow raw access.
feat!: Removed dfx nns and dfx sns commands
Both have now been turned into the dfx extensions. In order to obtain them, please run dfx extension install nns and dfx extension install sns respectively. After the installation, you can use them as you did before: dfx nns ..., and dfx sns ....
chore: add --use-old-metering flag
The use-old-metering flag enables old metering in replica. The new metering is enabled in the starter by default, so this flag is to compare the default new metering with the old one.
The flag is temporary and will be removed in a few months.
feat!: Removed dfx replica and dfx bootstrap commands
Use dfx start instead. If you have a good reason why we should keep these commands, please contribute to the discussion at https://github.com/dfinity/sdk/discussions/3163
fix: Wait for new module hash when installing wallet
A previous change made dfx wait after installing a canister until the replica updated its reported module hash, but this change did not affect wallets. Now dfx waits for wallets too, to eliminate a class of wallet installation errors.
fix: Ctrl-C right after dfx start will hang for minutes and panics
Early break out from actors starting procedure.
feat: can disable the warnings about using an unencrypted identity on mainnet
It's now possible to suppress warnings of this form:
WARN: The <identity> identity is not stored securely. Do not use it to control a lot of cycles/ICP. Create a new identity with `dfx identity new` and use it in mainnet-facing commands with the `--identity` flag
To do so, export the environment variable DFX_WARNING with the value -mainnet_plaintext_identity.
export DFX_WARNING="-mainnet_plaintext_identity"Note that this can be combined to also disable the dfx version check warning:
export DFX_WARNING="-version_check,-mainnet_plaintext_identity"fix!: restrict dfx identity new to safe characters
New identities like dfx identity new my/identity or dfx identity new 'my identity' can easily lead to problems, either for dfx internals or for usability.
New identities are now restricted to the characters ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz.-_@0123456789.
Existing identities are not affected by this change.
Frontend canister
NOTE: We've re-enabled response verification v2 in the asset canister.
fix: return asset certificate for cert v1 even if encoding does not match
For certification v1, if none of the requested encoding are certified but another encoding is certified, then the frontend canister once again returns the certificatie even though the response hash won't match.
This allows the verifying side to try to transform the response such that it matches the response hash.
For example, if only the encoding gzip is requested but the identity encoding is certified, the gzip encoding is returned with the certificate for the identity encoding.
The verifying side can then unzip the response and will have a valid certificate for the identity response.
fix: Certification for aliasing updates on asset deletion
Best explained by an example: Two assets exist with aliasing enabled: /content and /content.html. Usually, when requesting /content, /content.html is served because it has aliasing enabled.
But in this scenario, because /content exists, it overwrites the alias and /content is served when requesting the path /content.
When the file /content is deleted, /content is once again a valid alias of /content.html.
Previously, the alias of /content.html was not properly updated in the certification tree, making /content inaccessible.
fix: 404 response is now certified for certification v2
Certification v2 allows certifying arbitrary responses. If the requested file does not exist, and the fallback file (/index.html) does not exist either,
the frontend canister serves a HTTP 404 response. This response was previously not certified.
fix!: The CreateAsset batch operation now fails if the asset already exists
Previously, the operation was a no-op if the content type matched, but ignored other, possibly different, asset properties. Now, it fails with an error.
fix!: http_request_streaming_callback and get_chunk now require the sha256 parameter to be set
The http_request_streaming_callback() and get_chunk() methods use the sha256 parameter to ensure that the chunks they return are part of the same asset contents returned by the initial call. This parameter is now required to be Some(hash).
For http_request() and http_request_streaming_callback(), there should be no change: all callers of http_request_streaming_callback() are expected to pass the entire token returned by http_request(), which includes the sha256 parameter.
Any callers of get_chunk() should make sure to always pass the sha256 value returned by the get() method. It will always be present.
Dependencies
Motoko
Updated Motoko to 0.9.7
Updated candid to 0.9.0
Candid UI
- Module hash: b9173bb25dabe5e2b736a8f2816e68fba14ca72132f5485ce7b8f16a85737a17
- #3260
- #3252
- dfinity/candid#449
- dfinity/candid#453
Frontend canister
- Module hash: e20be8df2c392937a6ae0f70d20ff23b75e8c71d9085a8b8bb438b8c2d4eafe5
- #3337
- #3298
- #3256
- #3252
- #3249
- #3212
- #3227
Replica
Updated replica to release candidate b9949229021c8801c03b38d73d53a9dfb14d5f60.
This incorporates the following open proposals:
This incorporates the following executed proposals:
0.14.4
DFX
fix: added https://icp-api.io to the default Content-Security-Policy header
Existing projects will need to change this value in .ic-assets.json or .ic-assets.json5 to include https://icp-api.io
All projects will need to redeploy.
fix: access to raw assets is now enabled by default
The default value for allow_raw_access is now true. This means that by default, the frontend canister will no longer restrict the access of traffic to the <canister-id>.raw.icp0.io domain, and will no longer automatically redirect all requests to the certified domain (<canister-id>.icp0.io), unless configured explicitly.
Note that existing projects that specify "allow_raw_access": false in .ic-assets.json5 will need to change or remove this value manually in order to allow raw access.
Dependencies
Updated candid to 0.9.0
Updated cdk-rs to 0.10.0
Frontend canister
- Module hash: d5c324fea6b0f8eaa9feede10b342b098f7cf64682e168e58fa2ca2bf028b96f
- #3327
0.14.4-beta.0
DFX
fix: added https://icp-api.io to the default Content-Security-Policy header
Existing projects will need to change this value in .ic-assets.json or .ic-assets.json5 to include https://icp-api.io
All projects will need to redeploy.
fix: access to raw assets is now enabled by default
The default value for allow_raw_access is now true. This means that by default, the frontend canister will no longer restrict the access of traffic to the <canister-id>.raw.icp0.io domain, and will no longer automatically redirect all requests to the certified domain (<canister-id>.icp0.io), unless configured explicitly.
Note that existing projects that specify "allow_raw_access": false in .ic-assets.json5 will need to change or remove this value manually in order to allow raw access.
Dependencies
Updated candid to 0.9.0
Updated cdk-rs to 0.10.0
Frontend canister
- Module hash: d5c324fea6b0f8eaa9feede10b342b098f7cf64682e168e58fa2ca2bf028b96f
- #3327
0.15.0-ext.0
fix(ci): checkout repo to get the hash of `rust-toolchain.toml` file …
0.15.0-beta.4
DFX
feat!: Removed dfx nns and dfx sns commands
Both have now been turned into the dfx extensions. In order to obtain them, please run dfx extension install nns and dfx extension install sns respectively. After the installation, you can use them as you did before: dfx nns ..., and dfx sns ....
feat!: Removed dfx replica and dfx bootstrap commands
Use dfx start instead. If you have a good reason why we should keep these commands, please contribute to the discussion at https://github.com/dfinity/sdk/discussions/3163
fix: Wait for new module hash when installing wallet
A previous change made dfx wait after installing a canister until the replica updated its reported module hash, but this change did not affect wallets. Now dfx waits for wallets too, to eliminate a class of wallet installation errors.
fix: Ctrl-C right after dfx start will hang for minutes and panics
Early break out from actors starting procedure.
feat: can disable the warnings about using an unencrypted identity on mainnet
It's now possible to suppress warnings of this form:
WARN: The <identity> identity is not stored securely. Do not use it to control a lot of cycles/ICP. Create a new identity with `dfx identity new` and use it in mainnet-facing commands with the `--identity` flag
To do so, export the environment variable DFX_WARNING with the value -mainnet_plaintext_identity.
export DFX_WARNING="-mainnet_plaintext_identity"Note that this can be combined to also disable the dfx version check warning:
export DFX_WARNING="-version_check,-mainnet_plaintext_identity"fix!: restrict dfx identity new to safe characters
New identities like dfx identity new my/identity or dfx identity new 'my identity' can easily lead to problems, either for dfx internals or for usability.
New identities are now restricted to the characters ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz.-_@0123456789.
Existing identities are not affected by this change.
Frontend canister
NOTE: We've re-enabled response verification v2 in the asset canister.
fix: return asset certificate for cert v1 even if encoding does not match
For certification v1, if none of the requested encoding are certified but another encoding is certified, then the frontend canister once again returns the certificatie even though the response hash won't match.
This allows the verifying side to try to transform the response such that it matches the response hash.
For example, if only the encoding gzip is requested but the identity encoding is certified, the gzip encoding is returned with the certificate for the identity encoding.
The verifying side can then unzip the response and will have a valid certificate for the identity response.
fix: Certification for aliasing updates on asset deletion
Best explained by an example: Two assets exist with aliasing enabled: /content and /content.html. Usually, when requesting /content, /content.html is served because it has aliasing enabled.
But in this scenario, because /content exists, it overwrites the alias and /content is served when requesting the path /content.
When the file /content is deleted, /content is once again a valid alias of /content.html.
Previously, the alias of /content.html was not properly updated in the certification tree, making /content inaccessible.
fix: 404 response is now certified for certification v2
Certification v2 allows certifying arbitrary responses. If the requested file does not exist, and the fallback file (/index.html) does not exist either,
the frontend canister serves a HTTP 404 response. This response was previously not certified.
fix!: The CreateAsset batch operation now fails if the asset already exists
Previously, the operation was a no-op if the content type matched, but ignored other, possibly different, asset properties. Now, it fails with an error.
fix!: http_request_streaming_callback and get_chunk now require the sha256 parameter to be set
The http_request_streaming_callback() and get_chunk() methods use the sha256 parameter to ensure that the chunks they return are part of the same asset contents returned by the initial call. This parameter is now required to be Some(hash).
For http_request() and http_request_streaming_callback(), there should be no change: all callers of http_request_streaming_callback() are expected to pass the entire token returned by http_request(), which includes the sha256 parameter.
Any callers of get_chunk() should make sure to always pass the sha256 value returned by the get() method. It will always be present.
Dependencies
Motoko
Updated Motoko to 0.9.7
Updated candid to 0.9.0
Candid UI
- Module hash: b9173bb25dabe5e2b736a8f2816e68fba14ca72132f5485ce7b8f16a85737a17
- #3260
- #3252
- dfinity/candid#449
- dfinity/candid#453
Frontend canister
- Module hash: d9142d47813d851f5c86f0d780b8c8851aae6d910e486b3a2a698de0bb40c99b
- #3298
- #3256
- #3252
- #3249
- #3212
- #3227
Replica
Updated replica to elected commit f8f59f896499f2fef394d8321116f83351c59aa8.
This incorporates the following executed proposals:
0.15.0-beta.3
DFX
feat!: Removed dfx nns and dfx sns commands
Both have now been turned into the dfx extensions. In order to obtain them, please run dfx extension install nns and dfx extension install sns respectively. After the installation, you can use them as you did before: dfx nns ..., and dfx sns ....
feat!: Removed dfx replica and dfx bootstrap commands
Use dfx start instead. If you have a good reason why we should keep these commands, please contribute to the discussion at https://github.com/dfinity/sdk/discussions/3163
fix: Wait for new module hash when installing wallet
A previous change made dfx wait after installing a canister until the replica updated its reported module hash, but this change did not affect wallets. Now dfx waits for wallets too, to eliminate a class of wallet installation errors.
fix: Ctrl-C right after dfx start will hang for minutes and panics
Early break out from actors starting procedure.
feat: can disable the warnings about using an unencrypted identity on mainnet
It's now possible to suppress warnings of this form:
WARN: The <identity> identity is not stored securely. Do not use it to control a lot of cycles/ICP. Create a new identity with `dfx identity new` and use it in mainnet-facing commands with the `--identity` flag
To do so, export the environment variable DFX_WARNING with the value -mainnet_plaintext_identity.
export DFX_WARNING="-mainnet_plaintext_identity"Note that this can be combined to also disable the dfx version check warning:
export DFX_WARNING="-version_check,-mainnet_plaintext_identity"fix!: restrict dfx identity new to safe characters
New identities like dfx identity new my/identity or dfx identity new 'my identity' can easily lead to problems, either for dfx internals or for usability.
New identities are now restricted to the characters ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz.-_@0123456789.
Existing identities are not affected by this change.
Frontend canister
NOTE: We've re-enabled response verification v2 in the asset canister.
fix: Certification for aliasing updates on asset deletion
Best explained by an example: Two assets exist with aliasing enabled: /content and /content.html. Usually, when requesting /content, /content.html is served because it has aliasing enabled.
But in this scenario, because /content exists, it overwrites the alias and /content is served when requesting the path /content.
When the file /content is deleted, /content is once again a valid alias of /content.html.
Previously, the alias of /content.html was not properly updated in the certification tree, making /content inaccessible.
fix: 404 response is now certified for certification v2
Certification v2 allows certifying arbitrary responses. If the requested file does not exist, and the fallback file (/index.html) does not exist either,
the frontend canister serves a HTTP 404 response. This response was previously not certified.
fix!: The CreateAsset batch operation now fails if the asset already exists
Previously, the operation was a no-op if the content type matched, but ignored other, possibly different, asset properties. Now, it fails with an error.
fix!: http_request_streaming_callback and get_chunk now require the sha256 parameter to be set
The http_request_streaming_callback() and get_chunk() methods use the sha256 parameter to ensure that the chunks they return are part of the same asset contents returned by the initial call. This parameter is now required to be Some(hash).
For http_request() and http_request_streaming_callback(), there should be no change: all callers of http_request_streaming_callback() are expected to pass the entire token returned by http_request(), which includes the sha256 parameter.
Any callers of get_chunk() should make sure to always pass the sha256 value returned by the get() method. It will always be present.
Dependencies
Motoko
Updated Motoko to 0.9.7
Updated candid to 0.9.0
Candid UI
- Module hash: b9173bb25dabe5e2b736a8f2816e68fba14ca72132f5485ce7b8f16a85737a17
- #3260
- #3252
- dfinity/candid#449
- dfinity/candid#453
Frontend canister
- Module hash: 88d1e5795d29debc1ff56fa0696dcb3adfa67f82fe2739d1aa644263838174b9
- #3256
- #3252
- #3249
- #3212
- #3227
Replica
Updated replica to elected commit f8f59f896499f2fef394d8321116f83351c59aa8.
This incorporates the following executed proposals:
0.15.0-beta.2
DFX
feat!: Removed dfx nns and dfx sns commands
Both have now been turned into the dfx extensions. In order to obtain them, please run dfx extension install nns and dfx extension install sns respectively. After the installation, you can use them as you did before: dfx nns ..., and dfx sns ....
feat!: Removed dfx replica and dfx bootstrap commands
Use dfx start instead. If you have a good reason why we should keep these commands, please contribute to the discussion at https://github.com/dfinity/sdk/discussions/3163
fix: Wait for new module hash when installing wallet
A previous change made dfx wait after installing a canister until the replica updated its reported module hash, but this change did not affect wallets. Now dfx waits for wallets too, to eliminate a class of wallet installation errors.
fix: Ctrl-C right after dfx start will hang for minutes and panics
Early break out from actors starting procedure.
feat: can disable the warnings about using an unencrypted identity on mainnet
It's now possible to suppress warnings of this form:
WARN: The <identity> identity is not stored securely. Do not use it to control a lot of cycles/ICP. Create a new identity with `dfx identity new` and use it in mainnet-facing commands with the `--identity` flag
To do so, export the environment variable DFX_WARNING with the value -mainnet_plaintext_identity.
export DFX_WARNING="-mainnet_plaintext_identity"Note that this can be combined to also disable the dfx version check warning:
export DFX_WARNING="-version_check,-mainnet_plaintext_identity"fix!: restrict dfx identity new to safe characters
New identities like dfx identity new my/identity or dfx identity new 'my identity' can easily lead to problems, either for dfx internals or for usability.
New identities are now restricted to the characters ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz.-_@0123456789.
Existing identities are not affected by this change.
Frontend canister
NOTE: We've re-enabled response verification v2 in the asset canister.
fix: Certification for aliasing updates on asset deletion
Best explained by an example: Two assets exist with aliasing enabled: /content and /content.html. Usually, when requesting /content, /content.html is served because it has aliasing enabled.
But in this scenario, because /content exists, it overwrites the alias and /content is served when requesting the path /content.
When the file /content is deleted, /content is once again a valid alias of /content.html.
Previously, the alias of /content.html was not properly updated in the certification tree, making /content inaccessible.
fix: 404 response is now certified for certification v2
Certification v2 allows certifying arbitrary responses. If the requested file does not exist, and the fallback file (/index.html) does not exist either,
the frontend canister serves a HTTP 404 response. This response was previously not certified.
fix!: The CreateAsset batch operation now fails if the asset already exists
Previously, the operation was a no-op if the content type matched, but ignored other, possibly different, asset properties. Now, it fails with an error.
fix!: http_request_streaming_callback and get_chunk now require the sha256 parameter to be set
The http_request_streaming_callback() and get_chunk() methods use the sha256 parameter to ensure that the chunks they return are part of the same asset contents returned by the initial call. This parameter is now required to be Some(hash).
For http_request() and http_request_streaming_callback(), there should be no change: all callers of http_request_streaming_callback() are expected to pass the entire token returned by http_request(), which includes the sha256 parameter.
Any callers of get_chunk() should make sure to always pass the sha256 value returned by the get() method. It will always be present.
Dependencies
Motoko
Updated Motoko to 0.9.7
Updated candid to 0.9.0
Candid UI
- Module hash: b9173bb25dabe5e2b736a8f2816e68fba14ca72132f5485ce7b8f16a85737a17
- #3260
- #3252
- dfinity/candid#449
- dfinity/candid#453
Frontend canister
- Module hash: 88d1e5795d29debc1ff56fa0696dcb3adfa67f82fe2739d1aa644263838174b9
- #3256
- #3252
- #3249
- #3212
- #3227
Replica
Updated replica to elected commit 9c89622231301daf93528aa3b64b4d1ec4657680.
This incorporates the following executed proposals:
0.15.0-beta.1
DFX
feat!: Removed dfx nns and dfx sns commands
Both have now been turned into the dfx extensions. In order to obtain them, please run dfx extension install nns and dfx extension install sns respectively. After the installation, you can use them as you did before: dfx nns ..., and dfx sns ....
feat!: Removed dfx replica and dfx bootstrap commands
Use dfx start instead. If you have a good reason why we should keep these commands, please contribute to the discussion at https://github.com/dfinity/sdk/discussions/3163
fix: Wait for new module hash when installing wallet
A previous change made dfx wait after installing a canister until the replica updated its reported module hash, but this change did not affect wallets. Now dfx waits for wallets too, to eliminate a class of wallet installation errors.
fix: Ctrl-C right after dfx start will hang for minutes and panics
Early break out from actors starting procedure.
feat: can disable the warnings about using an unencrypted identity on mainnet
It's now possible to suppress warnings of this form:
WARN: The <identity> identity is not stored securely. Do not use it to control a lot of cycles/ICP. Create a new identity with `dfx identity new` and use it in mainnet-facing commands with the `--identity` flag
To do so, export the environment variable DFX_WARNING with the value -mainnet_plaintext_identity.
export DFX_WARNING="-mainnet_plaintext_identity"Note that this can be combined to also disable the dfx version check warning:
export DFX_WARNING="-version_check,-mainnet_plaintext_identity"fix!: restrict dfx identity new to safe characters
New identities like dfx identity new my/identity or dfx identity new 'my identity' can easily lead to problems, either for dfx internals or for usability.
New identities are now restricted to the characters ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz.-_@0123456789.
Existing identities are not affected by this change.
Frontend canister
NOTE: We've re-enabled response verification v2 in the asset canister.
fix: Certification for aliasing updates on asset deletion
Best explained by an example: Two assets exist with aliasing enabled: /content and /content.html. Usually, when requesting /content, /content.html is served because it has aliasing enabled.
But in this scenario, because /content exists, it overwrites the alias and /content is served when requesting the path /content.
When the file /content is deleted, /content is once again a valid alias of /content.html.
Previously, the alias of /content.html was not properly updated in the certification tree, making /content inaccessible.
fix: 404 response is now certified for certification v2
Certification v2 allows certifying arbitrary responses. If the requested file does not exist, and the fallback file (/index.html) does not exist either,
the frontend canister serves a HTTP 404 response. This response was previously not certified.
fix!: The CreateAsset batch operation now fails if the asset already exists
Previously, the operation was a no-op if the content type matched, but ignored other, possibly different, asset properties. Now, it fails with an error.
fix!: http_request_streaming_callback and get_chunk now require the sha256 parameter to be set
The http_request_streaming_callback() and get_chunk() methods use the sha256 parameter to ensure that the chunks they return are part of the same asset contents returned by the initial call. This parameter is now required to be Some(hash).
For http_request() and http_request_streaming_callback(), there should be no change: all callers of http_request_streaming_callback() are expected to pass the entire token returned by http_request(), which includes the sha256 parameter.
Any callers of get_chunk() should make sure to always pass the sha256 value returned by the get() method. It will always be present.
Dependencies
Motoko
Updated Motoko to 0.9.7
Updated candid to 0.9.0
Candid UI
- Module hash: b9173bb25dabe5e2b736a8f2816e68fba14ca72132f5485ce7b8f16a85737a17
- #3260
- #3252
- dfinity/candid#449
- dfinity/candid#453
Frontend canister
- Module hash: 88d1e5795d29debc1ff56fa0696dcb3adfa67f82fe2739d1aa644263838174b9
- #3256
- #3252
- #3249
- #3212
- #3227
Replica
Updated replica to elected commit 0062aec2efc16d6e4cadb2cd1052aaabbc9f6e48.
This incorporates the following elected proposals: