Release/2.0.0

[CassioMG]

Release notes - Typescript Wallet SDK - 2.0.0

BREAKING CHANGES

• Minimum Node.js version bumped from 18 to 20 (Upgrade stellar-sdk and make signing key required #233)
• Upgraded @stellar/stellar-sdk from 13.0.0-beta.1 to 14.5.0 (Upgrade stellar-sdk and make signing key required #233)
• serverSigningKey is now required for SEP-10 authentication (Upgrade stellar-sdk and make signing key required #233)
• RecoveryServer.signingKey is now required in the type definition (Upgrade stellar-sdk and make signing key required #233)

Added

• MissingSigningKeyError — thrown when anchor's stellar.toml does not contain a SIGNING_KEY (Upgrade stellar-sdk and make signing key required #233)
• ChallengeValidationFailedError and NetworkPassphraseMismatchError error classes for clearer SEP-10 error handling (Upgrade stellar-sdk and make signing key required #233)

Removed

• Local readChallengeTx fallback function (Upgrade stellar-sdk and make signing key required #233)

Release notes - Typescript Wallet SDK Key Manager - 2.0.0

BREAKING CHANGES

• Minimum Node.js version bumped from 18 to 20 (Upgrade stellar-sdk and make signing key required #233)
• Upgraded @stellar/stellar-sdk from 13.0.0-beta.1 to 14.5.0 (Upgrade stellar-sdk and make signing key required #233)

Changed

• SEP-10 challenge validation errors now throw plain Error instead of InvalidChallengeError (upstream SDK change) (Upgrade stellar-sdk and make signing key required #233)

Release notes - Typescript Wallet SDK Soroban - 2.0.0

BREAKING CHANGES

• Minimum Node.js version bumped from 18 to 20 (Upgrade stellar-sdk and make signing key required #233)
• Upgraded @stellar/stellar-sdk from 13.0.0-beta.1 to 14.5.0 (Upgrade stellar-sdk and make signing key required #233)

Fixed

• Fixed XDR type compatibility for SDK v14 — replaced StrKey.encodeContract(contractId()) with Address.fromScAddress() to handle Hash type change from Buffer to Opaque[] (Upgrade stellar-sdk and make signing key required #233)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​stellar/​stellar-sdk@​13.0.0-beta.1 ⏵ 14.5.0	+1		+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		License policy violation: npm @stellar/stellar-sdk Location: Package overview From: @stellar/typescript-wallet-sdk-km/package.json → npm/@stellar/stellar-sdk@14.5.0 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@stellar/stellar-sdk@14.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: npm sha.js under BSD-3-Clause AND MIT Location: Package overview From: ? → npm/@stellar/stellar-sdk@14.5.0 → npm/sha.js@2.4.12 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/sha.js@2.4.12. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report