Bump o1js from 0.17.0 to 1.5.0 in /packages/frontend

[dependabot]

Bumps o1js from 0.17.0 to 1.5.0.

Changelog

Sourced from o1js's changelog.

1.5.0 - 2024-07-09

Breaking changes

• Fixed a vulnerability in OffchainState where it didn't store the IndexedMerkleTree length onchain and left it unconstrained o1-labs/o1js#1676

Added

• A warning about the current reducer API limitations, as well as a mention of active work to mitigate them was added to doc comments and examples o1-labs/o1js#1728
• ForeignField-based representation of scalars via ScalarField o1-labs/o1js#1705
• Introduced new V2 methods for nullifier operations: isUnusedV2(), assertUnusedV2(), and setUsedV2() o1-labs/o1js#1715
• Experimental.BatchReducer to reduce actions in batches o1-labs/o1js#1676
  • Avoids the account update limit
  • Handles arbitrary numbers of pending actions thanks to recursive validation of the next batch
• Add conditional versions of all preconditions: .requireEqualsIf() o1-labs/o1js#1676
• AccountUpdate.createIf() to conditionally add an account update to the current transaction o1-labs/o1js#1676
• IndexedMerkleMap.setIf() to set a key-value pair conditionally o1-labs/o1js#1676
• Provable.assertEqualIf() to conditionally assert that two values are equal o1-labs/o1js#1676
• Add offchainState.setContractClass() which enables us to declare the connected contract at the top level, without creating a contract instance o1-labs/o1js#1676
  • This is enough to call offchainState.compile()
• More low-level methods to interact with MerkleList o1-labs/o1js#1676
  • popIfUnsafe(), toArrayUnconstrained() and lengthUnconstrained()

Changed

• Improve error message when o1js global state is accessed in an invalid way o1-labs/o1js#1676
• Start developing an internal framework for local zkapp testing o1-labs/o1js#1676
• Internally upgrade o1js to TypeScript 5.4 o1-labs/o1js#1676

Deprecated

• Deprecated Nullifier.isUnused(), Nullifier.assertUnused(), and Nullifier.setUsed() methods o1-labs/o1js#1715
• createEcdsa, createForeignCurve, ForeignCurve and EcdsaSignature deprecated in favor of V2 versions due to a security vulnerability found in the current implementation o1-labs/o1js#1703
• Deprecate AccountUpdate.defaultAccountUpdate() in favor of AccountUpdate.default() o1-labs/o1js#1676

Fixed

• Fix reversed order of account updates when using TokenContract.approveAccountUpdates() o1-labs/o1js#1722
• Fixed the static check() method in Struct classes to properly handle inheritance, preventing issues with under-constrained circuits. Added error handling to avoid using Struct directly as a field type. o1-labs/o1js#1707
• Fixed that Option could not be used as @state or event o1-labs/o1js#1736

1.4.0 - 2024-06-25

Added

• SHA256 low-level API exposed via Gadgets.SHA256. o1-labs/o1js#1689 @​Shigoto-dev19
• Added the option to specify custom feature flags for sided loaded proofs in the DynamicProof class. o1-labs/o1js#1688
  • Feature flags are required to tell Pickles what proof structure it should expect when side loading dynamic proofs and verification keys.
  • FeatureFlags is now exported and provides a set of helper functions to compute feature flags correctly.

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #805.