v15.0.1: Protocol 26

v15.0.1: Protocol 26

Breaking Changes

• XDR has been upgraded to support Protocol 26, please refer to the @stellar/stellar-base release notes for details and other breaking changes.

Fixed

• Sanitize identifiers and escape string literals in generated TypeScript bindings to prevent code injection via malicious contract spec names. sanitizeIdentifier now strips non-identifier characters, and a new escapeStringLiteral helper escapes quotes and newlines in string contexts (#1345).
• AssembledTransaction.fromXDR() and fromJSON() now validate that the deserialized transaction targets the expected contract, rejecting mismatched contract IDs and non-invokeContract operations. (#1349).
• Pin exact version on axios dependency (#1365)

Contributors

• @quietbits, @Ryang-21, @Shaptic

Full Changelog: v14.6.1...v15.0.1

v14.6.1

v14.6.1

Fixed

• Fix assembleTransaction double-counting the resource fee when the input transaction already has Soroban data attached (e.g. when re-assembling a previously simulated transaction) (#1343).
• Removed adding resourceFee in rpc.assembleTransaction as it's now handled by TransactionBuilder.build() (#1343).

Full Changelog: v14.6.0...v14.6.1

v14.6.0

v14.6.0

Added

• Upgraded underlying @stellar/stellar-base library to include its new features and fixes (release notes).

Full Changelog: v14.5.0...v14.6.0

v14.5.0

v14.5.0

Added

• Introduced CLI functionality for generating smart contract bindings (#1287).
• Added BindingGeneration class for parsing contract specs into fully typed TypeScript libraries for calling contract methods (#1287).
• Introduced rpc.Server.fundAddress that supports funding contract and account addresses via Friendbot (#1314).
• Updated the StellarToml interface with SEP 45 fields WEB_AUTH_FOR_CONTRACTS_ENDPOINT and WEB_AUTH_CONTRACT_ID (#1326).

Fixed

• X-App-Name and X-App-Version headers are now included when using CallBuilder.stream() (#1317).
• CallBuilder now correctly uses the configured server URL for all requests, including pagination and linked resources. Previously, URLs returned by Horizon in _links would bypass reverse proxies (#1318).

Deprecated

• rpc.Server.requestAirdrop is deprecated in favor of rpc.Server.fundAddress (#1314).

Contributors

@ElliotFriend, @leighmcculloch, @Ryang-21, @wpalmeri made their first contribution in #1321, and @joaquinsoza made their first contribution in #1314

Full Changelog: v14.4.3...v14.5.0

v14.4.3

v14.4.3

Fixed

• Upgraded underlying @stellar/stellar-base library to include its fixes (release notes).

v14.4.2

v14.4.2

Fixed

• Fixed package installation for Windows environments (#1306)

Full Changelog: v14.4.1...v14.4.2

v14.4.1

v14.4.1

Fixed

• Set Api.GetEventsRequest.endLedger to be optional to align with RPC behavior (#1304)
• Added back Typepoint and marked it deprecated in favor of Timepoint (#1303)

Contributors

• @mootz12 , @Ryang-21

Full Changelog: v14.4.0...v14.4.1

v14.4.0

v14.4.0

Added

• Introduced an rpc.Server.getAssetBalance() helper to fetch asset balances both for contracts and accounts (#1286).
• rpc.Api.BalanceResponse now can include a revocable field in its balanceEntry for when trustlines are fetched (#1286).
• Added Timepoint and Duration support to Spec (#1288)
• Api.GetHealthResponse interface now includes latestLedger, ledgerRetentionWindow, and oldestLedger fields (#1297).
• Added publicKey, signTransaction, and signAuthEntry as optional fields to contract.MethodOptions (#1293).

Fixed

• Api.RawEventResponse.topics is now optional to reflect topicless events (#1292).
• parseRawEvents correctly checks if Api.RawEventResponse.topics is undefined (#1292).
• Remove WebAssembly usage in favor of manual wasm parsing (#1300).
• Fixed URL contamination in Horizon.Server methods (#1296).

Contributors

• @chadoh, @corymsmith, @Shaptic, @Ryang-2, @mootz12 made their first contribution in #1288

Full Changelog: v14.3.3...v14.4.0

v14.3.3

v14.3.3

Added

• Spec.nativeToScVal supports parsing Muxed Address(#1274),

Contributors

• @alberto-crossmint made their first contribution in #1274, @jeesunikim

Full Changelog: v14.3.2...v14.3.3

v14.3.2

v14.3.2

Added

• AssembledTransaction.sign() throws an error if publicKey was not provided when instantiated (#1269).

Fixed

• The underlying stellar-base library has been upgraded, refer to its release notes for more updates (#1273).
• A missing dependency definition may have caused issues in certain build environments (#1272).

Contributors

• @corymsmith made their first contribution in #1272, @Ryang-21

Full Changelog: v14.3.1...v14.3.2