diff --git a/Cargo.lock b/Cargo.lock index 54b34e7..c1e59ab 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -79,7 +79,7 @@ dependencies = [ [[package]] name = "aptos-sdk" -version = "0.3.0" +version = "0.4.0" dependencies = [ "anyhow", "aptos-bcs", @@ -115,7 +115,7 @@ dependencies = [ [[package]] name = "aptos-sdk-macros" -version = "0.1.0" +version = "0.2.0" dependencies = [ "aptos-sdk", "proc-macro2", diff --git a/Cargo.toml b/Cargo.toml index 908940c..5c1eeec 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -29,8 +29,8 @@ rust-version = "1.90.0" [workspace.dependencies] # Internal crate dependencies. # Please do not add any test features here: they should be declared by the individual crate. -aptos-sdk = { path = "crates/aptos-sdk" } -aptos-sdk-macros = { version = "0.1.0", path = "crates/aptos-sdk-macros" } +aptos-sdk = { version = "0.4.0", path = "crates/aptos-sdk" } +aptos-sdk-macros = { version = "0.2.0", path = "crates/aptos-sdk-macros" } # External crate dependencies. # Please do not add any test features here: they should be declared by the individual crate. diff --git a/crates/aptos-sdk-macros/CHANGELOG.md b/crates/aptos-sdk-macros/CHANGELOG.md new file mode 100644 index 0000000..c8c08d0 --- /dev/null +++ b/crates/aptos-sdk-macros/CHANGELOG.md @@ -0,0 +1,32 @@ +# Changelog + +All notable changes to `aptos-sdk-macros` will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [unreleased] + +## [0.2.0] - 2026-02-25 + +### Security +- Made path traversal check in `aptos_contract_file!` non-bypassable via path canonicalization +- Added input validation for Rust identifiers generated from Move ABI to prevent panics on malformed input +- Added Rust keyword detection with automatic raw identifier (`r#`) fallback + +### Changed +- Updated generated code to use `const-hex` instead of `hex` crate (aligns with aptos-sdk 0.4.0) +- Removed unused `extra-traits` feature from `syn` dependency +- Configured `docs.rs` publishing metadata + +## [0.1.0] - 2026-01-06 + +### Added +- `aptos_contract!` procedural macro for inline ABI-based contract bindings +- `aptos_contract_file!` procedural macro for file-based ABI contract bindings +- Type-safe Rust code generation from Move module ABIs +- Support for entry functions, view functions, and struct definitions +- Move-to-Rust type mapping (primitives, vectors, options, objects) + +[0.2.0]: https://github.com/aptos-labs/aptos-rust-sdk/releases/tag/macros-v0.2.0 +[0.1.0]: https://github.com/aptos-labs/aptos-rust-sdk/releases/tag/macros-v0.1.0 diff --git a/crates/aptos-sdk-macros/Cargo.toml b/crates/aptos-sdk-macros/Cargo.toml index a2162fb..369827e 100644 --- a/crates/aptos-sdk-macros/Cargo.toml +++ b/crates/aptos-sdk-macros/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "aptos-sdk-macros" -version = "0.1.0" +version = "0.2.0" description = "Procedural macros for type-safe Aptos contract bindings" authors.workspace = true edition = "2024" diff --git a/crates/aptos-sdk/CHANGELOG.md b/crates/aptos-sdk/CHANGELOG.md index 1925fe5..e6898e6 100644 --- a/crates/aptos-sdk/CHANGELOG.md +++ b/crates/aptos-sdk/CHANGELOG.md @@ -7,9 +7,30 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [unreleased] +## [0.4.0] - 2026-02-25 + +### Security +- Comprehensive security audit remediating 21 findings across the SDK +- Second-pass audit fixes across crypto, keyless, and API client modules +- Enforced low-S normalization for ECDSA (secp256k1/secp256r1) signatures to match aptos-core +- Hardened keyless account JWT verification +- Improved input validation across API clients and codegen + ### Changed -- Upgraded `reqwest` to v0.13 -- Use `const-hex` crate instead of `hex` +- Upgraded `reqwest` from v0.12 to v0.13 +- Replaced `hex` crate with `const-hex` for improved performance +- Removed `async-trait` dependency in favor of native async trait support +- Audited and cleaned up dependency tree +- Bumped `keccak` from 0.1.5 to 0.1.6 +- Improved dependency feature selection for reduced compile times +- Configured `docs.rs` metadata for release builds + +### Fixed +- Resolved rustdoc warnings breaking CI documentation check +- Fixed clippy `needless_borrows_for_generic_args` warnings + +### Performance +- Reduced allocations and lock overhead in hot paths ### Removed - Unnecessary feature-flags @@ -88,5 +109,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - This SDK is independent of `aptos-core` for faster compilation - Minimum Supported Rust Version (MSRV): 1.90 -[0.1.0]: https://github.com/aptos-labs/aptos-rust-sdk/releases/tag/v0.1.0 +[0.4.0]: https://github.com/aptos-labs/aptos-rust-sdk/releases/tag/sdk-v0.4.0 +[0.1.0]: https://github.com/aptos-labs/aptos-rust-sdk/releases/tag/sdk-v0.1.0 diff --git a/crates/aptos-sdk/Cargo.toml b/crates/aptos-sdk/Cargo.toml index c162a3e..c81e2ca 100644 --- a/crates/aptos-sdk/Cargo.toml +++ b/crates/aptos-sdk/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "aptos-sdk" -version = "0.3.0" +version = "0.4.0" description = "A user-friendly, idiomatic Rust SDK for the Aptos blockchain" authors.workspace = true edition.workspace = true