Releases: onflow/cadence
v1.0.3
What's Changed
π Bug Fixes
- [v1.0] Port internal #284 by @turbolent in #3684
Other Changes
- Merge
release/v1.0.2
tov1.0
by @github-actions in #3655
Full Changelog: v1.0.2...v1.0.3
v1.0.2
What's Changed
π Bug Fixes
- [v1.0] Port security fixes by @turbolent in #3653
Other Changes
- Merge
release/v1.0.1
tov1.0
by @github-actions in #3605
Full Changelog: v1.0.1...v1.0.2
v1.2.1
What's Changed
π Improvements
- Resolve location of imported values by @turbolent in #3634
π Documentation
Other Changes
- Re-enable and update the Source Compatiblity Suite GitHub action by @turbolent in #3632
- Merge
release/v1.2.0
tomaster
by @github-actions in #3633
Full Changelog: v1.2.0...v1.2.1
v1.2.0
What's Changed
Other Changes
- Merge
release/v1.1.0
tomaster
by @github-actions in #3628 - Move Crypto contract on-chain by @turbolent in #3619
- Cleanup outdated FT/NFT related contract codes and tests by @SupunS in #3630
Full Changelog: v1.1.0...v1.2.0
v1.1.0
What's Changed
π₯ Go API Breaking Chance
β Features
- Add Type.address and Type.contractName by @turbolent in #3570
π Improvements
- Unwrap optionals with dynamic cast by @RZhang05 in #3580
- Always return parser errors gracefully by @SupunS in #3578
- Improve
result
variable by @turbolent in #3589
π Bug Fixes
- Fix CI: Flow CLI is 1.0 now by @turbolent in #3573
- Fix the version update check by @turbolent in #3572
- Change index expression's start position by @RZhang05 in #3575
- Fix cadence-parser npm package by @turbolent in #3555
- Always report errors against the new program during contract update validation by @SupunS in #3582
- Prevent migration tests from using out-of-sync data by @fxamacker in #3597
π§ͺ Testing
- Add tests for exporting interface type by @SupunS in #3576
- Add tests for enum usage as transaction parameters by @RZhang05 in #3581
- Add test for circular resources by @SupunS in #3586
Other Changes
- Merge
release/v1.0.0-preview.52
tomaster
by @github-actions in #3563 - add staged contracts report 2024-09-02 by @zhangchiqing in #3564
- update statecommitment for migration mainnet Sep 2 by @zhangchiqing in #3565
- Clean up roadmap by @turbolent in #3567
- Bring changelog up-to-date by @turbolent in #3568
- Add Crescendo migration report for mainnet24 by @j1010001 in #3571
- Fix storage explorer: Update dependencies, update API usage by @turbolent in #3566
- Bump atree from v0.8.0-rc.6 to v0.8.0 by @fxamacker in #3583
- Merge v1.0 into master by @turbolent in #3593
- Merge v1.0 into master by @SupunS in #3604
- Split
value.go
into multiple files by @SupunS in #3609 - Explain the reason for support parsing legacy restricted types by @SupunS in #3614
- Remove legacy content by @SupunS in #3622
- Move tests under
runtime
totests
directory by @SupunS in #3621 - Update source compatibility suite for latest cadence v1.0.1 by @RZhang05 in #3616
- Fix storage explorer by @turbolent in #3627
Full Changelog: v1.0.1...v1.1.0
v1.0.1
What's Changed
π Bug Fixes
- Port bug fixes from internal repo by @SupunS in #3600
- Prevent leaving unreferenced slabs in storage while updating dictionary with enum key by @fxamacker in #3602
- Fix invocation boxing by @turbolent in #3601
Other Changes
Full Changelog: v1.0.0...v1.0.1
v1.0.0
We are excited to announce the release of Cadence v1.0! π
Starting with this release, there will be no more planned breaking changes going forward! π
Reflecting two years of work since the last major milestone in 2022, v0.24 (Secure Cadence), and the culmination of five years of work since the inception of Cadence in 2019, Cadence 1.0 is a milestone marking several significant enhancements. This release introduces full forward compatibility, enhanced composability through Attachments, and significant performance improvements.
We would like to thank all contributors and community members for their great feedback and amazing contributions β this would have not been possible without you! π
To learn more, visit https://flow.com/upgrade/crescendo/cadence-1.
π« New features
Attachments
Attachments allow developers to extend a struct or resource type (even one that they did not declare) with new functionality and data, without requiring the original author of the type to plan or account for it.
This feature allows developers to easily build on and extend any existing application, significantly improving the composability story of Cadence.
Entitlements and Safe Downcasting
In Cadence 1.0, access control has improved significantly.
Previously, Cadenceβs main access-control mechanism, restricted reference types, has been a source of confusion and mistakes for contract developers. Additionally, references could not be downcast, leading to ergonomic issues.
Access control is now handled using a new feature called Entitlements. A reference can now be βentitledβ to certain facets of an object.
References can now always be down-casted, the standalone auth
modifier is not necessary anymore, and got removed.
Entitled Account Access
Previously, access to accounts was granted wholesale: Users would sign a transaction, authorizing the code of the transaction to perform any kind of operation, for example, write to storage, but also add keys or contracts.
Users had to trust that a transaction would only perform supposed access, e.g. storage access to withdraw tokens, but still had to grant full access, which would allow the transaction to perform other operations.
Dapp developers who require users to sign transactions are now able to request the minimum amount of access to perform the intended operation, i.e. developers are able to follow the principle of least privilege (PoLA).
With the introduction of entitlements, this access is now expressed using entitlements and references.
Access to administrative account operations, such as writing to storage, adding keys, or adding contracts, is now gated by both coarse grained entitlements (e.g. Storage
, which grants access to all storage related functions, and Keys
, which grants access to all key management functions), as well as fine-grained entitlements (e.g. SaveValue
to save a value to storage, or AddKey
to add a new key to the account).
Transactions can now request the particular entitlements necessary to perform the operations in the transaction.
View Functions
View functions allow developers to improve the reliability and safety of their programs, and helps them to reason about the effects of their and the programs of others.
Developers can mark their functions as view
, which disallows the function from performing state changes. That also makes the intent of functions clear to other programmers, as it allows them to distinguish between functions that change state and ones that do not.
Interface Inheritance
Previously, interfaces could not inherit from other interfaces, which required developers to repeat code. Interface inheritance allows code abstraction and code reuse.
Interfaces can now inherit from other interfaces of the same kind. This makes it easier for developers to structure their conformances and reduces a lot of redundant code.
Capability Controllers
Cadence encourages a capability-based security model. Capabilities are themselves a new concept that most Cadence programmers need to understand.
The existing linking-based capability API has been replaced by a more powerful and easier to use API based on the notion of Capability Controllers. The new API makes the creation of new and the revocation of existing capabilities simpler.
External Mutation Safety
External Mutation Safety prevents a common safety foot-gun, unintentionally granting mutable access to nested data.
The mutability of containers (updating a field of a composite value, key of a map, or index of an array) through references has changed: When a field/element is accessed through a reference, a reference to the accessed inner object is returned, instead of the actual object. These returned references are unauthorized by default, and the author of the object (struct/resource/etc.) can control what operations are permitted on these returned references by using entitlements and entitlement mappings.
Event Definition And Emission In Interfaces
Contract interfaces may now define event types, and these events can be emitted from function conditions and default implementations in those contract interfaces.
Force Destruction of Resources
All resources are now guaranteed to be destroyable.
It was previously possible to panic in the body of a resource or attachmentβs destroy
method, effectively preventing the destruction or removal of that resource from an account. This could be used as an attack vector by handing people undesirable resources or hydrating resources to make them extremely large or otherwise contain undesirable content.
Contracts may no longer define destroy
functions on their resources, and are no longer required to explicitly handle the destruction of resource fields. These will instead be implicitly
destroyed whenever a resource is destroyed.
Additionally, developers may define a ResourceDestroyed
event which will be emitted whenever a resource of that type is destroyed.
Inlined and Deduplicated Storage
Cadence uses the Atree library for storing objects. Cadence 1.0 integrates Atree v0.8.0, which inlines and deduplicates stored data, which significantly reduces the amount of data stored and memory need. On Flow Testnet, this reduced memory usage by ~1/2 without sacrificing speed.
For more information, visit the release page https://github.com/onflow/atree/releases/tag/v0.8.0
β‘ Breaking Improvements
Many of the improvements of Cadence 1.0 fundamentally change how Cadence works and how it is used. That also means it was necessary to break existing code to release this version, which guarantees stability (no more planned breaking changes) going forward.
As breaking changes are simply no longer acceptable after Cadence 1.0, we used this last chance to fix and improve Cadence, ensuring it delivers on its promise of being a language that provides security and safety, while also enabling composability and simplicity.
We appreciate that updating existing code can be challenging for developers. However, we believe these improvements are worthwhile, as they make Cadence development significantly more powerful and efficient, enabling developers to write and deploy immutable contracts.
The improvements were intentionally bundled into one release to avoid breaking Cadence programs multiple times.
References to Resource-Kinded Values Get Invalidated When the Referenced Values Are Moved
References are now invalidated if the referenced resource is moved after the reference was taken. The reference is invalidated upon the first move, regardless of the origin and the destination.
Previously, when a reference is taken to a resource, that reference remains valid even if the resource was moved, for example when created and moved into an account, or moved from one account into another.
In other words, references to resources stayed alive forever. This could be a potential safety foot-gun, where one could gain/give/retain unintended access to resources through references.
Conditions No Longer Allow State Changes
In the current version of Cadence, pre-conditions and post-conditions may perform state changes, e.g. by calling a function that performs a mutation. This may result in unexpected behavior, which might lead to bugs.
To make conditions predictable, they are no longer allowed to perform state changes.
Pre-conditions and post-conditions are now considered view
contexts, meaning that any operations that would be prevented inside of a view
function are also not permitted in a pre-condition or post-condition.
This is to prevent underhanded code wherein a user modifies global or contract state inside of a condition, where they are meant to simply be asserting properties of that state.
Semantics for Variables in For-Loop Statements Got Improved
The behavior of for-in
loops improved, so that a new iteration variable is introduced for each iteration.
Previously, the iteration variable of for-in
loops was re-assigned on each iteration.
Even though this is a common behavior in many programming languages, it is surprising behavior and a source of bugs.
The behavior was improved to the often assumed/expected behavior of a new iteration variable being introduced for each iteration, which reduces the likelihood for a bug.
Restricted Types Got Replaced with Intersection Types
With the improvements to access control enabled by entitlements and safe down-casting, the restricted type feature is redundant.
...
v1.0.0-preview.52
What's Changed
π Improvements
- Improve address decoding error by @turbolent in #3560
π Bug Fixes
- Handle unmigrated path capabilities and path links in Account.capabilities functions by @turbolent in #3562
π§ͺ Testing
- Add contract-update test for removing a field from nested resource by @SupunS in #3559
- Add test for modifying events during contract updates by @SupunS in #3561
Other Changes
- Merge
release/v1.0.0-preview.51
tomaster
by @github-actions in #3558
Full Changelog: v1.0.0-preview.51...v1.0.0-preview.52
v1.0.0-preview.51
What's Changed
β Features
- Add sema.Access.QualifiedKeyword by @turbolent in #3552
π Bug Fixes
- Fix Cadence Parser NPM Package by @bluesign in #3551
- Fix contract update error when old program has errors by @turbolent in #3554
π§ͺ Testing
- Add regression tests for nil-coalescing bug by @turbolent in #3553
- Smoke test update of enum key in dictionary by @turbolent in #3556
π Documentation
Other Changes
- Merge
release/v1.0.0-preview.50
tomaster
by @github-actions in #3549
Full Changelog: v1.0.0-preview.50...v1.0.0-preview.51
v1.0.0-preview.50
What's Changed
π Bug Fixes
- Fix program recovery by @turbolent in #3548
π Documentation
Other Changes
- Merge
release/v1.0.0-preview.49
tomaster
by @github-actions in #3545
Full Changelog: v1.0.0-preview.49...v1.0.0-preview.50