[Snyk] Upgrade stellar-sdk from 10.4.1 to 12.0.0

[OKEAMAH]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade stellar-sdk from 10.4.1 to 12.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 18 versions ahead of your current version.

• The recommended version was released on 24 days ago.

Release notes

Package name: stellar-sdk

• 12.0.0 - 2024-05-02
• 12.0.0-rc.3 - 2024-05-15
• 12.0.0-rc.2 - 2024-05-07
• 12.0.0-rc.1 - 2024-05-02
• 11.3.0 - 2024-03-20
  

  Added

  • Introduces an entire suite of helpers to assist with interacting with smart contracts (#929):
    • ContractClient: generate a class from the contract specification where each Rust contract method gets a matching method in this class. Each method returns an AssembledTransaction that can be used to modify, simulate, decode results, and possibly sign, & submit the transaction.
    • AssembledTransaction: used to wrap a transaction-under-construction and provide high-level interfaces to the most common workflows, while still providing access to low-level transaction manipulation.
    • SentTransaction: transaction sent to the Soroban network, in two steps - initial submission and waiting for it to finalize to get the result (retried with exponential backoff)

  Fixed

  • Upgrade underlying dependencies, including @ stellar/js-xdr which should broaden compatibility to pre-ES2016 environments (#932, #930).
  • SorobanRpc.Server will no longer use array-based passing to invoke JSON-RPC methods (#924).

  Full Changelog: v11.2.2...v11.3.0

• 11.2.2 - 2024-02-12
  

  Fixed

  • @ stellar/stellar-base has been upgraded to its latest major version (#918, see v11.0.0 for release notes).
  • Event streaming tests now pass on Node 20, which seems to have tighter conformance to the spec (#917).

  Full Changelog: v11.2.1...v11.2.2

• 11.2.1 - 2024-01-23
  

  Fixed

  • An unnecessary dependency has been removed which was causing a TypeScript error in certain environments (#912).
  • Dependencies have been upgraded (see [email protected] for release notes, #913).
• 11.2.0 - 2024-01-11
  

  Added

  • Support for the new, optional diagnosticEventsXdr field on the SorobanRpc.Server.sendTransaction method. The raw field will be present when using the _sendTransaction method, while the normal method will have an already-parsed diagnosticEvents: xdr.DiagnosticEvent[] field, instead (#905).
  • A new exported interface SorobanRpc.Api.EventResponse so that developers can type-check individual events (#904).

  Updated

  • Dependencies have been updated to their latest versions (#906, #908).
• 11.1.0 - 2023-12-15
  

  Added

  • SorobanRpc.Server.simulateTransaction now supports an optional addlResources parameter to allow users to specify additional resources that they want to include in a simulation (#896).
  • ContractSpec now has a jsonSchema() method to generate a JSON Schema for a particular contract specification (#889).

  Fixed

  • All dependencies have been updated to their latest versions, including stellar-base to v10.0.1 which included a small patch (#897).

  New Contributors

  • @ willemneal made their first contribution in #889

  Full Changelog: v11.0.1...v11.1.0

• 11.0.1 - 2023-12-08
  

  This is a hotfix on the major v11 release, see that for the full release notes.

  Fixed

  • SorobanRpc.Server.getEvents uses the correct type for the start ledger (#890).
• 11.0.0 - 2023-12-07
  

  This is the stable Protocol 20 release.

  v11.0.0: Protocol 20, Soroban!

  Breaking Changes

  • The package has been renamed: it is now @ stellar/stellar-sdk.
  • The new minimum version is Node 18.
  • The soroban-client library (stellar/js-soroban-client) has been merged into this package, causing significant breaking changes in the module structure (#860):
    • The namespaces have changed to move each server-dependent component into its own module. Shared components (e.g. TransactionBuilder) are still in the top level, Horizon-specific interactions are in the Horizon namespace (i.e. Server is now Horizon.Server), and new Soroban RPC interactions are in the SorobanRpc namespace.
    • There is a detailed migration guide available to outline both the literal (i.e. necessary code changes) and philosophical (i.e. how to find certain functionality) changes needed to adapt to this merge.
  • The SorobanRpc.Server.prepareTransaction and SorobanRpc.assembleTransaction methods no longer need an optional networkPassphrase parameter, because it is implicitly part of the transaction already (#870).
  • Certain effects have been renamed to align better with the "tense" that other structures have (#844):
    • DepositLiquidityEffect -> LiquidityPoolDeposited
    • WithdrawLiquidityEffect -> LiquidityPoolWithdrew
    • LiquidityPoolTradeEffect -> LiquidityPoolTrade
    • LiquidityPoolCreatedEffect -> LiquidityPoolCreated
    • LiquidityPoolRevokedEffect -> LiquidityPoolRevoked
    • LiquidityPoolRemovedEffect -> LiquidityPoolRemoved

  Added

  • New effects have been added to support Protocol 20 (Soroban) (#842):
    • ContractCredited occurs when a Stellar asset moves into its corresponding Stellar Asset Contract instance
    • ContractDebited occurs when a Stellar asset moves out of its corresponding Stellar Asset Contract instance
  • Asset stat records (ServerApi.AssetRecord) contain two new fields to support the Protocol 20 (Soroban) release (#841):
    • num_contracts - the integer quantity of contracts that hold this asset
    • contracts_amount - the total units of that asset held by contracts
  • New operation responses (#845):
    • invokeHostFunction: see Horizon.InvokeHostFunctionOperationResponse
    • bumpFootprintExpiration: see Horizon.BumpFootprintExpirationOperationResponse
    • restoreFootprint: see Horizon.RestoreFootprintOperationResponse
    • You can refer to the actual definitions for details, but the gist of the schemas is below:

  interface InvokeHostFunctionOperationResponse {
    function: string;
    parameters: {
      value: string;
      type: string;
    }[];
    address: string;
    salt: string;
    asset_balance_changes: {
      type: string;
      from: string;
      to: string;
      amount: string;
    }[];
  }
  interface BumpFootprintExpirationOperationResponse {
    ledgersToExpire: string;
  }
  interface RestoreFootprintOperationResponse {};

  Updated

  • Build system has been overhauled to support Webpack 5 (#814).
  • stellar-base has been updated to its corresponding overhaul (#818).
  • Bundle size has decreased by dropping unnecessary dependencies (lodash: #822, es6-promise: #823, polyfills: #825, detect-node: #831).
  • Dependencies have been updated to their latest versions (#825, #827).
  • The stellar-base library has been upgraded to support the latest Protocol 20 XDR schema and all Soroban functionality (#861).

  Fixed

  • Missing fields have been added to certain API responses (#801 and #797).
  • Some effect definitions that were missing have been added (#842):
    • ClaimableBalanceClawedBack is now defined
    • type EffectRecord now has all of the effect types
  • The PaymentCallBuilder was incorrectly indicating that it would return a collection of Payment records, while in reality it can return a handful of "payment-like" records (#885).

  New Contributors

  • @ jhuntbach-bc made their first contribution in #801
  • @ kknownymouss made their first contribution in #797
  • @ criadoperez made their first contribution in #853
  • @ IgorShadurin made their first contribution in #879

  Full Changelog: v10.4.1...v11.0.0

• 11.0.0-beta.6 - 2023-11-03
  

  Fixed

  • The stellar-base library has been upgraded to beta.4 which contains a bugfix for large sequence numbers (#877).
  • The SorobanRpc.Server.getTransaction() method will now return the full response when encountering a FAILED transaction result (#872).
  • The SorobanRpc.Server.getEvents() method will correctly parse the event value (which is an xdr.ScVal rather than an xdr.DiagnosticEvent, see the modified SorobanRpc.Api.EventResponse.value; #876).

  Full Changelog: v10.4.1...v11.0.0-beta.5

• 11.0.0-beta.5 - 2023-10-25
  

  v11.0.0-beta.5

  Breaking Changes

  • The soroban-client library (stellar/js-soroban-client) has been merged into this package, causing significant breaking changes in the module structure (#860):
    • The namespaces have changed to move each server-dependent component into its own module. Shared components (e.g. TransactionBuilder) are still in the top level, Horizon-specific interactions are in the Horizon namespace (i.e. Server is now Horizon.Server), and new Soroban RPC interactions are in the SorobanRpc namespace.
    • There is a detailed migration guide available to outline both the literal (i.e. necessary code changes) and philosophical (i.e. how to find certain functionality) changes needed to adapt to this merge.
  • The SorobanRpc.Server.prepareTransaction and SorobanRpc.assembleTransaction methods no longer need an optional networkPassphrase parameter, because it is implicitly part of the transaction already (#870).

  Full Changelog: v10.4.1...v11.0.0-beta.5

• 11.0.0-beta.4 - 2023-10-05
  

  Fixed

  • The stellar-base dependency has been pinned to a specific version to avoid incorrect semver resolution (#867).
• 11.0.0-beta.3 - 2023-09-19
• 11.0.0-beta.2 - 2023-09-15
• 11.0.0-beta.1 - 2023-07-12
• 11.0.0-beta.0 - 2023-04-21
• 10.4.1 - 2022-12-15

from stellar-sdk GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.