Skip to content

Releases: solana-labs/solana-web3.js

v1.95.8

03 Dec 23:22
52e144a
Compare
Choose a tag to compare

1.95.8 (2024-12-03)

Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots, that handle private keys directly. This issue should not affect non-custodial wallets, as they generally do not expose private keys during transactions. This is not an issue with the Solana protocol itself, but with a specific JavaScript client library and only appears to affect projects that directly handle private keys and that updated within the window of 3:20pm UTC and 8:25pm UTC on Tuesday, December 2, 2024.

These two unauthorized versions (1.95.6 and 1.95.7) were caught within hours and have since been unpublished.

We are asking all Solana app developers to upgrade to version 1.95.8. Developers pinned to latest should also upgrade to 1.95.8.

Developers that suspect they might be compromised should rotate any suspect authority keys, including multisigs, program authorities, server keypairs, and so on.

v1.95.5

20 Nov 19:37
526ce5f
Compare
Choose a tag to compare

1.95.5 (2024-11-20)

Bug Fixes

  • added programId field in TokenBalance type (#3592) (526ce5f)

v2.0.0

07 Nov 22:02
630683b
Compare
Choose a tag to compare
v2.0.0 Pre-release
Pre-release

v2.0.0 (2024-11-07)

Today we have dropped the Release Candidate label from @solana/web3.js v2.0.0. We now recommend it for general use.

Read more in this blog post.

The New web3.js - Release Candidate `rc.4`

05 Nov 17:22
5f041ec
Compare
Choose a tag to compare

v2.0.0-rc.4 (2024-11-05)

This version fixes a bug with program error decoding that we introduced in Release Candidate 2. We now expect this, Release Candidate 4, to be the final version before tagging version 2.0 of @solana/web3.js. Please submit any final bug reports before Thursday, November 7th by filing a GitHub Issue.

To install the Release Candidate:

npm install --save @solana/web3.js@rc
  • Try the runnable examples in the examples/ directory to get a feel for the API.
  • Use the example dApp at https://solana-labs.github.io/solana-web3.js/example/ – source available here – for an example of how to build transactions with the new web3.js for use with wallets.
  • Install TypeScript clients for on-chain programs like System and Token, then build a useful application or backend service.

Changelog since Release Candidate rc.3

  • #3519 2798061 Thanks @lorisleiva! - Accept bigints in RPC error factories, fixing functions such as isProgramError

The New web3.js - Release Candidate `rc.3`

31 Oct 17:52
82ee350
Compare
Choose a tag to compare

v2.0.0-rc.3 (2024-10-31)

This version fixes a bug with RPC subscriptions that we introduced in Release Candidate 2. We now expect this, Release Candidate 3, to be the final version before tagging version 2.0 of @solana/web3.js. Please submit any final bug reports before Thursday, November 7th by filing a GitHub Issue.

To install the Release Candidate:

npm install --save @solana/web3.js@rc
  • Try the runnable examples in the examples/ directory to get a feel for the API.
  • Use the example dApp at https://solana-labs.github.io/solana-web3.js/example/ – source available here – for an example of how to build transactions with the new web3.js for use with wallets.
  • Install TypeScript clients for on-chain programs like System and Token, then build a useful application or backend service.

Changelog since Release Candidate rc.2

  • #3507 45df702 Thanks @mcintyre94! - Fixed a bug where the subcription server's response would not be detected, because of a mismatch in the format of the id. Now all RPC message ids are strings, for avoidance of doubt.

The New web3.js - Release Candidate `rc.2`

31 Oct 08:07
06a71d0
Compare
Choose a tag to compare

v2.0.0-rc.2 (2024-10-31)

We expect this to be the final release candidate version before tagging version 2.0 of @solana/web3.js. Please submit any final bug reports before Thursday, November 7th by filing a GitHub Issue.

To install the Release Candidate:

npm install --save @solana/web3.js@rc
  • Try the runnable examples in the examples/ directory to get a feel for the API.
  • Use the example dApp at https://solana-labs.github.io/solana-web3.js/example/ – source available here – for an example of how to build transactions with the new web3.js for use with wallets.
  • Install TypeScript clients for on-chain programs like System and Token, then build a useful application or backend service.

Changelog since Release Candidate rc.1

  • #3213 3fc388f Thanks @mcintyre94! - Clean up SolanaRpcApi: no longer extend RpcApiMethods + remove export

  • #3137 fd72c2e Thanks @mcintyre94! - The build is now compatible with the Vercel Edge runtime and Cloudflare Workers through the addition of edge-light and workerd to the package exports.

  • #3251 Thanks @ryoid! - isAddress() no longer throws despite that the input might be unparseable as a base-58 string. Now, it correctly, simply, returns false.

  • #3361 441fa3a Thanks @steveluscher! - Fixed a bug where calls to isEd25519CurveSupported() might have resulted in uncaught rejections bubbling up through the app, in cases where Ed25519 is not supported

  • #3134 38faba0 Thanks @buffalojoec! - Change unix timestamp type to bigint with an unsafe label

  • #3128 0158b31 Thanks @lorisleiva! - Fix missing export in @solana/keys package. This means, the getPublicKeyFromPrivateKey function is now properly exported.

  • #3407 10b08ac Thanks @lorisleiva! - Use RpcRequest, RpcResponse and their transformers in RPC Subscriptions packages

    This change makes the RPC and RPC Subscriptions architecture more consistent by using the same RpcRequest and RpcResponse types and transformers as the basis for handling user requests (RPC calls or subscriptions) and returning responses to them.

    See the following PRs for more details:

  • #3453 bafefed Thanks @mcintyre94! - Rename decodeTransactionMessage to decompileTransactionMessageFetchingLookupTables

  • #3290 2368163 Thanks @mcintyre94! - Throw an error if a transaction fails when being simulated to estimate CUs

  • #3145 1c25dd4 Thanks @lorisleiva! - Rename RpcResponse type to RpcResponseData to make room for a new RpcResponse type

  • #3213 3fc388f Thanks @mcintyre94! - Clean up SolanaRpcApi: no longer extend RpcApiMethods + remove export

  • #3454 1fde4b1 Thanks @mcintyre94! - Correct type of replacementBlockhash in simulateTransaction

  • #3456 0245265 Thanks @lorisleiva! - Remove UnsafeBeyond2Pow53Minus1 type suffixes

  • #3150 a705413 Thanks @lorisleiva! - Make RpcApi use new RpcRequestTransformer and RpcResponseTransformer

  • #3202 bf07a60 Thanks @disco-infinex! - PerformanceSample return type field numNonVoteTransaction corrected to numNonVoteTransactions

  • #3161 9dfca45 Thanks @lorisleiva! - Add getIntegerOverflowRequestTransformer, getBigIntDowncastRequestTransformer and getTreeWalkerRequestTransformer helpers

  • #3134 38faba0 Thanks @buffalojoec! - Change unix timestamp type to bigint with an unsafe label

  • #3148 e1cb697 Thanks @lorisleiva! - Make RpcTransport return new RpcReponse type instead of parsed JSON data

  • #3201 02cefa7 Thanks @lorisleiva! - Update the response type of the getClusterNodes RPC method

  • #3098 2f541b6 Thanks @buffalojoec! - Update program accounts filters for programAccounts query

  • #3221 6b43588 Thanks @lorisleiva! - Add new isJsonRpcPayload helper method

  • c8e6e71 Thanks @steveluscher! - We refactored the lower levels of the subscriptions API entirely.

    Previously, all layers of the subscriptions implementation, from the WebSocket transport to the API that developers use, dealt in AsyncIterables. These are notoriously difficult to code in such a way that expresses all of the ways in which a subscription might be cancelled or error out. Very slight omissions of care could open memory leaks that would bring down the simplest of apps. The new subscriptions infra in Release Candidate 2 deals with event-based subscriptions all the way up to the highest level API, at which point the subscription is vended to the application as an AsyncIterable.

    This has eliminated several classes of memory leak and has made it easier to implement higher-level transports (like the autopinger and the subscription coalescer). Additionally, this update introduces a new channel pool implementation that opens new WebSocket connections when existing ones become ‘full.’ Lastly, performance in the new implementation has been improved through a new demultiplexing utility that can separate message events into several channels based on arbitrary criteria, meaning you can apply transforms to the message right at the source, and vend subscriptions to downstream consumers that care only about one particular kind of message...

Read more

v1.95.4

17 Oct 21:02
e345937
Compare
Choose a tag to compare

1.95.4 (2024-10-17)

Bug Fixes

  • log JSON-RPC subscription errors to the console (#3392) (e345937)

v1.95.3

21 Aug 00:30
16f145d
Compare
Choose a tag to compare

1.95.3 (2024-08-21)

Bug Fixes

The New web3.js - Release Candidate `rc.1`

09 Aug 18:26
b7aa3f6
Compare
Choose a tag to compare

v2.0.0-rc.1 (2024-08-09)

Since we published the first Release Candidate of @solana/web3.js@2.0.0 your feedback has helped us to catch bugs that we missed during development. A special thank you today to @WilfredAlmeida the reports that led to the fixes in this, updated Release Candidate rc.1.

Also new in this release are handy tools that help you load key pairs and to derive public CryptoKey instances from private CryptoKey instances.

To install the Release Candidate:

npm install --save @solana/web3.js@rc
  • Try the runnable examples in the examples/ directory to get a feel for the API.
  • Use the example dApp at https://solana-labs.github.io/solana-web3.js/example/ – source available here – for an example of how to build transactions with the new web3.js for use with wallets.
  • Install TypeScript clients for on-chain programs like System and Token, then build a useful application or backend service.

Before the general release of web3.js, shortly before Breakpoint 2024 in September, we want to collect as much feedback as possible from you. If you find a bug, are missing a feature, or would like an API modified, file a GitHub Issue.

Changelog since Release Candidate rc.0

  • #3050 7d310f6 Thanks @lorisleiva! - Add a createKeyPairFromPrivateKeyBytes helper that creates a keypair from the 32-byte private key bytes.

    import { createKeyPairFromPrivateKeyBytes } from '@solana/keys';
    
    const { privateKey, publicKey } = await createKeyPairFromPrivateKeyBytes(new Uint8Array([...]));
  • #3049 f9a8446 Thanks @lorisleiva! - Add a getPublicKeyFromPrivateKey helper that, given an extractable CryptoKey private key, gets the corresponding public key as a CryptoKey.

    import { createPrivateKeyFromBytes, getPublicKeyFromPrivateKey } from '@solana/keys';
    
    const privateKey = await createPrivateKeyFromBytes(new Uint8Array([...]), true);
    
    const publicKey = await getPublicKeyFromPrivateKey(privateKey);
    const extractablePublicKey = await getPublicKeyFromPrivateKey(privateKey, true);
  • #3051 1ad523d Thanks @lorisleiva! - Add a createKeyPairSignerFromPrivateKeyBytes helper that compose createKeyPairFromPrivateKeyBytes and createSignerFromKeyPair.

  • #3071 b4bf318 Thanks @steveluscher! - Created a helper that you can use to race two or more promises without having to worry about them leaking memory

  • #3070 f2bb4e8 Thanks @steveluscher! - Created a package for dealing with JavaScript Promises, and copied the implementation of getAbortablePromise into it

  • #3072 c122c75 Thanks @steveluscher! - Fixed a memory leak with transaction confirmation and subscriptions

The New web3.js - Release Candidate

31 Jul 23:15
5a20ed0
Compare
Choose a tag to compare
Pre-release

v2.0.0-rc.0 (2024-07-31)

This is an open invitation to test out what we intend to release as v2.0. Your feedback in these final moments before release will help us catch any bugs and rough edges that we missed during development.

To install the Release Candidate:

npm install --save @solana/web3.js@rc
  • Try the runnable examples in the examples/ directory to get a feel for the API.
  • Use the example dApp at https://solana-labs.github.io/solana-web3.js/example/ – source available here – for an example of how to build transactions with the new web3.js for use with wallets.
  • Install TypeScript clients for on-chain programs like System and Token, then build a useful application or backend service.

Before the general release of web3.js, shortly before Breakpoint 2024 in September, we want to collect as much feedback as possible from you. If you find a bug, are missing a feature, or would like an API modified, file a GitHub Issue.

Changelog since Technology Preview 4

  • #2907 677a9c4 Thanks @steveluscher! - __DEV__ mode will now be the default if you don't set process.env.NODE_ENV at all. This means fewer people ‘accidentally’ finding themselves in production mode with minified error messages.
  • #2905 56fde06 Thanks @steveluscher! - Fixed the type of config on getComputeUnitEstimateForTransactionMessage. It is now optional and does not include transactionMessage.
  • #2968 9239e6e Thanks @lorisleiva! - Tighten return type of isProgramError
  • #2928 bac3747 Thanks @steveluscher! - Added a useSignIn hook that, given a UiWallet or UiWalletAccount, returns a function that you can call to trigger a wallet's ‘Sign In With Solana’ feature.
  • #2950 29821df Thanks @mcintyre94! - Refactor rpc-spec to remove requirement for transports to implement parts of JSON RPC spec
  • #2910 42a70f4 Thanks @Jac0xb! - Fixed a bug where the RPC would fail to throw errors in the event that you configured it with an AbortSignal
  • #2969 419c12e Thanks @mcintyre94! - Add a function to replace accounts in a transaction message using lookup tables
  • #2905 56fde06 Thanks @steveluscher! - Fixed the type of config on getComputeUnitEstimateForTransactionMessage. It is now optional and does not include transactionMessage.