chore(deps): bump midnight-zswap from ledger-6.1.0-alpha.3 to ledger-7.0.0

[dependabot]

Bumps midnight-zswap from ledger-6.1.0-alpha.3 to ledger-7.0.0.

Release notes

Sourced from midnight-zswap's releases.

Ledger 7.0.0 Release Notes

Version: 7.0.0 Date: 2025-01-27

High-level summary

Ledger 7.0.0 is a major release that switches to the Midnight Structured Reference String (SRS) with midnight-zk 1.0, and adds the new addCalls endpoint for transcript partitioning with zswap components. This release includes breaking changes to ZK key material, and completely disables treasury access. Multiple security audit fixes and critical bug fixes are included.

Audience

This release note is critical for developers who:

• Build applications using the Ledger WASM bindings

What changed (Summary of updates)

• Switched to Midnight SRS and midnight-zk 1.0
• Introduced addCalls endpoint for transcript partitioning with zswap components
• Changed pricing structure to use overall cost with dimension weightings
• Completely disabled treasury access
• Fixed multiple critical bugs including token type computation, contract balancing
• Applied security audit fixes from Least Authority

New features

addCalls Endpoint for Transcript Partitioning

Description: New endpoint that enables transcript partitioning with zswap components via addCalls. Allows creating offers without knowing the target segment or re-stating values in deltas. Automatically recomputes binding randomness for transactions on modifications in WASM, making transaction edits more robust.

---

WASM: Circuit k-value Computation

Description: Ability to compute the k value of a circuit in WASM bindings of ZKIR, including tests against protocol circuits for ZKIR v2.

---

Fee Safety Margin Functions

Description: Exposed functions for computing maximum price adjustment and safety margins for fees, covering upward adjustment for n blocks.

New features requiring configuration updates

Midnight SRS & midnight-zk 1.0

Required Updates:

• Update to midnight-zk 1.0 dependency
• Regenerate proofs using the new Midnight SRS

... (truncated)

Changelog

Sourced from midnight-zswap's changelog.

All notable changes to ledger, ledger-wasm and proof-server are being tracked here starting with 3.0.0-alpha.3. These packages are tracked together, with zswap being tracked in Changelog Zswap.

Change Log

7.0.0

• breaking: pull in breaking proof-system changes
• breaking: disable system transactions accessing the treasury until treasury governance is in place
• fix: bug in JS handling of undefined returned by a ProvingProvider's check method.
• feat: add replayEventsWithChanges on ZswapLocalState and DustLocalState, returning ZswapLocalStateWithChanges and DustLocalStateWithChanges with ZswapStateChanges and DustStateChanges (received and spent coins or UTXOs per event). Exposed via wasm.
• fix: fix non-determinism in processing smart-contract GC.

6.2.0

• Remove special-casing of validation behaviour depending on the test-utilities feature being present.
• Change ledger DustSpendError::BackingNightNotFound, ZswapPreimageEvidence::Ciphertext, EventDetails::ParamChange, and ContractAction::Deploy enum variants to now hold their data values on the heap (to reduce Enum sizes), i.e. these variants are now defined as BackingNightNotFound(Box<QualifiedDustOutput>), Ciphertext(Box<CoinCiphertext>), ParamChange(Sp<LedgerParameters, D>) and Deploy(Sp<ContractDeploy<D>, D>) respectively.
• Change ledger-wasm ZswapTransientTypes::UnprovenTransient enum variant to now hold its data value on the heap (to reduce Enum size), i.e. this variant is now defined as: UnprovenTransient(Box<zswap::Transient<ProofPreimage, InMemoryDB>>).
• fix: correctly rehash generation Merkle tree on cNgD processing.
• Pulled in updates to midnight-zk
• bugfix: various fixes for ClaimRewardsTransaction
• bugfix: updated pricing structure w/ overall cost and dimension weightings
• addressed audit issues:
  • bugfix: zeroizes witness/key material more reliably
  • bugfix: rejects identity ciphertext challenges
  • bugfix: Correctly use >= instead of > during modulus reduction. p = 0 mod p!
  • bugfix: An accross-the-board package update resolves the vulnerable tracing-subscriber instance.
  • breaking: improved domain seperators across the board
• breaking: Update midnight-zk to 5.0.2
• feat: Transcript partitioning with zswap components via addCalls

6.1.0

• breaking: feat: Add real cost model
  • dummy prefixes of cost model/limits changed to initial prefix
  • Costs are now given in different dimensions instead of a single gas cost
  • Costs are reasonably calibrated, although measurements are not final
  • post_block_update now takes block fullness as an input, and adjust pricing accordingly
• fix: Fix accounting issue in Pedersen check that prevented contracts from minting shielded tokens.
• fix: proof server now correctly fetches Dust keys on startup
• fix: proof server no longer crashes if trying to fetch keys from within a worker thread
• fix: allow disabling time-to-dismiss check as part of fee computation for balancing

... (truncated)

Commits

• 8f2ed5c chore: update ledger-wasm docs
• 32cfd38 bump versions
• cbd57bb chore: update onchain-runtime-wasm docs
• 4176421 chore: update ledger-wasm docs
• 006bc9c clippy
• 220464b bumped versions for onchain runtime stack
• 1ff31cd Merge branch 'tkerber/fix-non-determinism' into alexshielded/prepare-ledger-7...
• b59715e version bumbs
• a537563 chore: update zkir-wasm docs
• 92f0958 chore: update onchain-runtime-wasm docs
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dependabot]

Dependabot can't resolve your Rust dependency files. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't resolve your Rust dependency files. Because of this, Dependabot cannot update this pull request.