Skip to content

0.23.0

Compare
Choose a tag to compare
@github-actions github-actions released this 04 Sep 16:28
· 97 commits to master since this release
993ae6d

fix: relax content security policy for sveltekit starter

We had to roll back part of the increased default security policy for the sveltekit starter due to the framework's use of inline scripts

feat: Add canister snapshots

The new dfx canister snapshot command can be used to create, apply, and delete snapshots of stopped canisters.

feat: PocketIC HTTP gateway

icx-proxy's HTTP gateway has been replaced with PocketIC's. (This does not impact the meaning of --pocketic in dfx start.)

feat: Enable threshold schnorr signatures for Ed25519

Schnorr signature signing for Ed25519 is now enabled.
A test key id Ed25519:dfx_test_key is ready to be used by locally created canisters.

feat: Added settings_digest field to the network-id file

feat: install extensions using the catalog

dfx extension install now locates extensions using the
extension catalog.
This can be overridden with the --catalog-url parameter.

Dependencies

Replica

Updated replica to elected commit 3d0b3f10417fc6708e8b5d844a0bac5e86f3e17d.
This incorporates the following executed proposals:

feat: generate .env files for Motoko canisters

feat: support "security_policy" and "disable_security_policy_warning" in .ic-assets.json5

This change has an accompanying migration guide. Please see the 0.23.0 migration guide for instructions on how to adapt your project to this feature.

It is now possible to specify a "security_policy" field in .ic-assets.json5 for asset configurations.
Valid options are "disabled", "standard", and "hardened".
The security policy provides a set of standard headers to make frontends more secure.
Headers manually specified in the "headers" field take precedence over the security policy headers.

If "security_policy" is not specified or "disabled" is set, then no headers are added. If "security_policy" is not set at all, a warning is displayed that there is no security policy set.

If "standard" is specified, a set of security headers is added to the asset. The headers can be displayed with dfx info security-policy.
It is a set of security headers that will work for most dapps. A warning is displayed that the headers could be hardened.

If "hardened" is set, the same headers as with "standard" are added.
The asset sync expects that improved headers are set that would improve security where appropriate.
If no custom headers are present the asset sync will fail with an error.

All warnings regarding security policies can be disabled with ``"disable_security_policy_warning": true`. It needs to be set per asset.

The standard/hardened security policy headers can be seen with dfx info security-policy.
It also contains a lot of suggestions on how to harden the policy.

Updated the starter projects to use "security_policy" instead of including the whole security policy by defining individual headers.

feat: dfx info security-policy

Shows the headers that get applied to assets that are configured to "security_policy": "standard" or "security_policy": "hardened" in .ic-assets.json5.
Produces output that can be directly pasted into a .json5 document.

feat: dfx extension install <url to extension.json>

It's now possible for dfx extension install to install an extension from
somewhere other than https://github.com/dfinity/dfx-extensions, by passing
a URL to an extension.json file rather than an extension name.

For example, these are equivalent:

dfx extension install nns
dfx extension install https://raw.githubusercontent.com/dfinity/dfx-extensions/main/extensions/nns/extension.json

This update also adds the optional field download_url_template to extension.json,
which dfx will use to locate an extension release archive.

fix: dfx extension install no longer reports an error if the extension is already installed

However, if a version is specified with --version, and the installed version is different,
then dfx extension install will still report an error.

fix: dfx ledger create-canister sets controller properly

A recent hotfix to the CMC changed how the arguments to notify_create_canister need to be passed.
dfx now again properly calls that function.

feat: display replica port in dfx start

This replaces the dashboard link, which is now shown only in verbose mode. This should hopefully be less confusing for new users.

feat!: add crate field to dfx.json

It is now possible to specify a particular crate within a Rust package to use for a canister module, using the crate field.
This enables specifying crates with different names than the package. In a few cases these were previously auto-detected
by dfx, you will need to add this field if you were using such a setup.

feat: the --wallet parameter now accepts an identity name

The --wallet parameter can now be either a principal or the name of an identity.

If the name of an identity, dfx looks up the associated wallet's principal.

This means --wallet <name> is the equivalent of --wallet $(dfx identity get-wallet --identity <name>).

fix: display error cause of some http-related errors

Some commands that download http resources, for example dfx extension install, will
once again display any error cause.

chore: remove the deprecated --use-old-metering flag