v1.5.7

What's Changed

• fix(sol-macro): prevent direct String usage in expanded code by @klkvr in #1076
• chore: release 1.5.7 by @klkvr in #1077

Full Changelog: v1.5.6...v1.5.7

alloy-core v1.5.6

What's Changed

• chore(deps): bump fixed-cache by @DaniPopes in #1073

Full Changelog: v1.5.5...v1.5.6

alloy-core v1.5.5

What's Changed

• chore: enable alloy-rlp MSRV features by @DaniPopes in #1068
• chore(deps): bump breakings by @DaniPopes in #1069
• feat(primitives): add flatten extensions by @DaniPopes in #1070
• test: use checked methods in Signed tests for cranelift compat by @DaniPopes in #1071
• test: speed up Miri tests by @DaniPopes in #1072

Full Changelog: v1.5.4...v1.5.5

alloy-core v1.5.4

What's Changed

• ci: fix rkyv miri breakage by @DaniPopes in #1066
• chore(sol-macro): use sha3 by @DaniPopes in #1064
• perf(primitives): remove unnecessary keccak cache length hash computation by @DaniPopes in #1065
• perf(primitives): use keccak_asm::Keccak256::digest by @DaniPopes in #1067

Full Changelog: v1.5.3...v1.5.4

alloy-core v1.5.3

What's Changed

• chore(deps): run cargo shear by @DaniPopes in #1055
• chore(primitives): switch default keccak to sha3 by @DaniPopes in #1057
• perf(primitives): always enable 'sha3/asm' feature by @DaniPopes in #1058
• feat(primitives): FixedBytes: schemars::JsonSchema by @aatifsyed in #1059
• chore: allow bincode advisory in deny.toml by @mattsse in #1060
• ci: update to tempoxyz by @DaniPopes in #1062

New Contributors

• @aatifsyed made their first contribution in #1059

Full Changelog: v1.5.2...v1.5.3

alloy-core v1.5.2

What's Changed

• perf(primitives): always use FxHash for Fb* by @DaniPopes in #1054

Full Changelog: v1.5.1...v1.5.2

alloy-core v1.5.1

What's Changed

• feat(primitives): add U256Map by @DaniPopes in #1052
• feat: extract cache to a separate crate by @DaniPopes in #1053

Full Changelog: v1.5.0...v1.5.1

alloy-core v1.5.0

What's Changed

• chore: clippy by @DaniPopes in #1037
• feat: add Bloom::accrue_logs method by @mattsse in #1039
• docs: document allow(unexpected_cfgs) for wrap_fixed_bytes by @DaniPopes in #1043
• feat(primitives): add Signature::as_rsy method by @mablr in #1041
• chore(doc): Complete alloy-dyn-abi readme by @Pana in #1044
• feat(primitives): add keccak256_cached by @DaniPopes in #1046
• chore: rm all deprecations by @DaniPopes in #1048
• feat(primitives): Add UintTryTo trait for Signed type by @AurelienFT in #1029
• fix(primitives): cache keccaks up to 88 bytes by @DaniPopes in #1049
• feat: add keccak256_uncached by @DaniPopes in #1050
• feat: add rapidhash to available hashers by @DaniPopes in #1051

New Contributors

• @Pana made their first contribution in #1044

Full Changelog: v1.4.1...v1.5.0

alloy-core v1.4.1

Security

Patched: DoS vulnerability on alloy_dyn_abi::TypedData hashing

An uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData could lead to a denial-of-service (DoS) via eip712_signing_hash().

Software with high availability requirements such as network services may be particularly impacted. If in use, external auto-restarting mechanisms can partially mitigate the availability issues unless repeated attacks are possible.

The vulnerability was patched by adding a check to ensure the element is not empty before accessing its first element; an error is returned if it is empty. The fix is included in version v1.4.1 and backported to v0.8.26.

See: GHSA-pgp9-98jm-wwq2

What's Changed

• chore: remove feature(doc_auto_cfg) by @DaniPopes in #1019
• feat(primitives): Add Borsh support for TxKind by @mablr in #1022
• feat: Add Sqlx Traits for Bytes Type by @Arvmor in #1020
• chore: fix docs, typos by @DaniPopes in #1023
• feat(sol-macro): add transient storage keyword support by @AurelienFT in #1026
• feat: gate 60 tuple impls behind 'more-tuple-impls' feature flag by @DaniPopes in #1027
• chore: remove some inlines by @DaniPopes in #1028
• refactor(dyn-abi): clean up Resolver by @DaniPopes in #1030

New Contributors

• @AurelienFT made their first contribution in #1026

Full Changelog: v1.4.0...v1.4.1

alloy-core v0.8.26

Security

Patched: DoS vulnerability on alloy_dyn_abi::TypedData hashing

An uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData could lead to a denial-of-service (DoS) via eip712_signing_hash().

Software with high availability requirements such as network services may be particularly impacted. If in use, external auto-restarting mechanisms can partially mitigate the availability issues unless repeated attacks are possible.

The vulnerability was patched by adding a check to ensure the element is not empty before accessing its first element; an error is returned if it is empty. The fix is included in version v1.4.1 and backported to v0.8.26.

See: GHSA-pgp9-98jm-wwq2

Full Changelog: v0.8.25...v0.8.26